Introduction to OpenSSL Jing Dalhousie University.

Slides:



Advertisements
Similar presentations
Network Security: Lab#2 J. H. Wang Apr. 28, 2011.
Advertisements

Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.
SSL Implementation Guide Onno W. Purbo
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.
Cryptography and Network Security
Presented by Fengmei Zou Date: Feb. 10, 2000 The Secure Sockets Layer (SSL) Protocol.
SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.
Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.
Securing Network Communication. 2 Security Issues in Communication Privacy  Anyone can see content Integrity  Someone might alter content Authentication.
1 Secure HTTP Herng-Yow Chen. 2 Outline When digest authentication is not strong enough? How a more complicated technology secures HTTP transactions from.
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
An Introduction to Security Concepts and Public Key Infrastructure (PKI) Mary Thompson.
Java Security Model Lab#1 I. Omaima Al-Matrafi. Safety features built into the JVM Type-safe reference casting Structured memory access (no pointer arithmetic)
LAB#2 JAVA SECURITY OVERVIEW Prepared by: I.Raniah Alghamdi.
Cryptography and Network Security Chapter 17
Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Chapter 8 Web Security.
Customizing X.509 Certificate Fields Charles D. Short CS526 – S2008 University of Colorado, Colorado Springs Dr. C. Edward Chow 5/5/2008CDS - UCCS CS526.
Seguridad en Sistemas de Información Francisco Rodríguez Henríquez SSL/TLS: An Introduction.
TLS/SSL Review. Transport Layer Security A 30-second history Secure Sockets Layer was developed by Netscape in 1994 as a protocol which permitted persistent.
Presented By: Atish Baul Module: CSYM020, Internet Security Course: MSc Internet Computing.
Apache Security with SSL Using FreeBSD SANOG VI IP Services Workshop July 18, 2005 Hervey Allen Network Startup Resource Center.
PKI Processing with OpenSSL Rodney Thayer
Secure Sockets Layer (SSL) Fred Schank Kevin Wetter.
SSL Technology Overview and Troubleshooting Tips.
Announcement Final exam: Wed, June 9, 9:30-11:18 Scope: materials after RSA (but you need to know RSA) Open books, open notes. Calculators allowed. 1.
JSSE API University of Palestine Eng. Wisam Zaqoot April 2010.
Network Security. An Introduction to Cryptography The encryption model (for a symmetric-key cipher).
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,
Securing Data at the Application Layer Planning Authenticity and Integrity of Transmitted Data Planning Encryption of Transmitted Data.
Secure Socket Layer (SSL)
Behzad Akbari Spring 2012 (These slides are based on lecture slides by Lawrie Brown)
Onno W. Purbo openssl Onno W. Purbo
1 TCP/IP Applications. 2 NNTP: Network News Transport Protocol NNTP is a TCP/IP protocol based upon text strings sent bidirectionally over 7 bit ASCII.
1 Apache. 2 Module - Apache ♦ Overview This module focuses on configuring and customizing Apache web server. Apache is a commonly used Hypertext Transfer.
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
1 Apache and Virtual Sites and SSL Dorcas Muthoni.
Introduction to Secure Sockets Layer (SSL) Protocol Based on:
Cryptography and Network Security (CS435) Part Fourteen (Web Security)
Web Security : Secure Socket Layer Secure Electronic Transaction.
Cryptography and Network Security (SSL)
TLS/SSL - How and Why PCI Flags it but why do we care? By: MadHat Unspecific.
Data Encryption using SSL Topic 5, Chapter 15 Network Programming Kansas State University at Salina.
Chapter 8 – Network Security Two main topics Cryptographic algorithms and mechanisms Firewalls Chapter may be hard to understand if you don’t have some.
Washington System Center © 2005 IBM Corporation August 25, 2005 RDS Training Secure Socket Layer (SSL) Overview z/Series Security (Mary Sweat, Greg Boyd)
INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.
Web Security Web now widely used by business, government, individuals but Internet & Web are vulnerable have a variety of threats – integrity – confidentiality.
Electronic Mail Security Prepared by Dr. Lamiaa Elshenawy
Encryption protocols Monil Adhikari. What is SSL / TLS? Transport Layer Security protocol, ver 1.0 De facto standard for Internet security “The primary.
1 Chapter 7 WEB Security. 2 Outline Web Security Considerations Secure Socket Layer (SSL) and Transport Layer Security (TLS) Secure Electronic Transaction.
Mar 28, 2003Mårten Trolin1 This lecture Certificates and key management Non-interactive protocols –PGP SSL/TLS –Introduction –Phases –Commands.
Network Security: Lab#2 J. H. Wang Oct. 9, Objectives To learn to use message digests –MD5 To learn to use secure hash functions –SHA-1, SHA-2 To.
INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.
Chapter 7 : Web Security Lecture #1-Week 12 Dr.Khalid Dr. Mohannad Information Security CIT 460 Information Security Dr.Khalid Dr. Mohannad 1.
@Yuan Xue CS 285 Network Security Secure Socket Layer Yuan Xue Fall 2013.
Cryptography CSS 329 Lecture 13:SSL.
SSL Implementation Guide
The Secure Sockets Layer (SSL) Protocol
Transport Layer Security (TLS)
Unit 8 Network Security.
Presentation transcript:

Introduction to OpenSSL Jing Dalhousie University

Overview What is OpenSSL SSL Protocol Command-Line Interface Application Programming Interface Problems with OpenSSL Summary

What is OpenSSL The OpenSSL Project is a collaborative effort to develop a robust, commercial- grade, fully featured, and Open Source toolkit implementing the SSL_v2/v3 and TLS_v1 protocols as well as a full-strength general purpose cryptography library.

What is OpenSSL – Cont. The OpenSSL Project is managed by a worldwide community of volunteers that use the Internet to communicate, plan, and develop the toolkit and its related documentation.

What is OpenSSL – Cont. OpenSSL is based on the excellent SSLeay library developed by Eric A. Young and Tim J. Hudson. The current versions are 0.9.7c (AES Algorithm) and 0.9.6k-engine, which supports hardware accelerators for encryption and decryption.

What is OpenSSL – Cont. Features: –Open Source –Fully Functional Implementation –Cross-Platform (Unix & Windows) –Command-Line Interface (openssl command) –Application Programming Interface (C/C++, Perl, PHP & Python)

SSL Protocol The primary goal of the SSL (Secure Sockets Layer) Protocol and its successor - TLS (Transport Layer Security) Protocol is to provide privacy and reliability between two communicating applications.

SSL Protocol – Cont. It is composed of two layers: –SSL Record Protocol It is used for the transmission of bulk data. –SSL Handshake Protocol It is used to establish the secure connection for data transfer.

SSL Protocol – Cont. Handshake –Negotiate the cipher suite –Authenticate the server –Authenticate the client (Optional) –Generate the session keys –Establish a secure connection

SSL Protocol – Cont. More detail information can be found from: –SSL Protocol –TLS Protocol

Command-Line Interface Functionality –Creation of RSA, DSA & DH key pairs –Creation of X509 Certificates, CSRs & CRLs –Calculation of Message Digests –Encryption & Decryption with Ciphers –SSL/TLS Client & Server Tests –Handling of S/MIME signed and/or encrypted mails

Command-Line Interface – Cont. Example 1 – Secure Apache Web Server with mod_ssl & OpenSSL Example 2 – S/MIME

Secure Apache Web Server with mod_ssl & OpenSSL Generate the Root Certificate Generate the CSR (Certificate Signing Request) Sign the CSR Generate the PKCS12 Modify the Apache Configuration File

Generate The Root Certificate –openssl req -x509 -days newkey rsa:1024 -md5 -out ca.crt -keyout ca.key -config.\openssl.cnf

Generate The CSR –openssl req -newkey rsa:1024 -out mec.csr - keyout mec.key -config.\openssl.cnf -reqexts v3_req

Sign The CSR –openssl x509 -req -in mec.csr -extfile.\openssl.cnf -extensions usr_cert -CA ca.crt - CAkey ca.key -CAcreateserial -sha1 -days out mec.crt

Generate The PKCS12 –openssl pkcs12 -export -out mec.p12 -in mec.crt -inkey mec.key -certfile ca.crt

Modify The Apache Configuration File The Apache Configuration File – httpd.conf LoadModule ssl_module modules/libssl.so AddModule mod_ssl.c SSLEngine off SSLSessionCache dbm:logs/ssl_cache SSLSessionCacheTimeout 300 Listen 80 Listen 443

Modify The Apache Configuration File – Cont. Deny from all SSLEngine on SSLCertificateFile “conf/ssl.crt/mec.crt” SSLCertificateKeyFile “conf/ssl.key/mec.key” SSLCACertificateFile “conf/ssl.crt/ca.crt”

Modify The Apache Configuration File – Cont. SSLVerifyClient require SSLRequire %{SSL_CLIENT_S_DN_CN} eq “Administrator”

S/MIME –Sign openssl smime -sign -in m.txt -out sign_clear.eml - signer jingli.pem –Verify openssl smime -verify -in sign_clear.eml -signer jingli.pem -CAfile ca.crt

S/MIME – Cont. –Encrypt openssl smime -encrypt -des3 -in m.txt -out encrypt.eml jingli.crt –Decrypt openssl smime -decrypt -in encrypt.eml -recip jingli.pem –Sign & Encrypt openssl smime -sign -in m.txt -text -signer jingli.pem | openssl smime -encrypt -des3 -out sign_encrypt.eml jingli.pem

Application Programming Interface libssl.a or libssl.so –Implementation of SSL_v2/3 & TLS_v1 libcrypto.a or libcrypto.so –Ciphers (AES, DES, RC2/4, Blowfish, IDEA) –Digests (MD5, SHA-1, MDC2) –Public Keys (RSA, DSA, DH) –X509s (ASN.1 DER & PEM) –Others (BIO, BASE64)

Application Programming Interface – Cont. OpenSSL’s libraries are also used by other tools, such as OpenCA, OpenSSH, to implement secure transmission of data Using SSL Proxy, arbitrary socket connections can be secured by SSL

Problems with OpenSSL It is powerful, but is not easy for use Non object-oriented Be lack of documents, especially for APIs Problems with shared libraries in some platforms

Summary OpenSSL is an Open Source toolkit implementing SSL/TLS & Cryptography It has a command-line interface & an application programming interface There are a lot of tools using OpenSSL’s libraries to secure data or establish secure connections

References OpenSSL – SSL – TLS – Apache – mod_ssl – Network Security with OpenSSL by Pravir Chandra, Matt Messier & John Viega Applied Cryptography by Bruce Schneier

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.