Presentation is loading. Please wait.

Presentation is loading. Please wait.

Introduction to OpenSSL Jing Dalhousie University.

Published byTatum Lady Modified over 9 years ago

Similar presentations

Presentation on theme: "Introduction to OpenSSL Jing Dalhousie University."— Presentation transcript:

1 Introduction to OpenSSL Jing Li @ Dalhousie University

2 Overview What is OpenSSL SSL Protocol Command-Line Interface Application Programming Interface Problems with OpenSSL Summary

3 What is OpenSSL The OpenSSL Project is a collaborative effort to develop a robust, commercial- grade, fully featured, and Open Source toolkit implementing the SSL_v2/v3 and TLS_v1 protocols as well as a full-strength general purpose cryptography library.

4 What is OpenSSL – Cont. The OpenSSL Project is managed by a worldwide community of volunteers that use the Internet to communicate, plan, and develop the toolkit and its related documentation.

5 What is OpenSSL – Cont. OpenSSL is based on the excellent SSLeay library developed by Eric A. Young and Tim J. Hudson. The current versions are 0.9.7c (AES Algorithm) and 0.9.6k-engine, which supports hardware accelerators for encryption and decryption.

6 What is OpenSSL – Cont. Features: –Open Source –Fully Functional Implementation –Cross-Platform (Unix & Windows) –Command-Line Interface (openssl command) –Application Programming Interface (C/C++, Perl, PHP & Python)

7

8 SSL Protocol The primary goal of the SSL (Secure Sockets Layer) Protocol and its successor - TLS (Transport Layer Security) Protocol is to provide privacy and reliability between two communicating applications.

9 SSL Protocol – Cont. It is composed of two layers: –SSL Record Protocol It is used for the transmission of bulk data. –SSL Handshake Protocol It is used to establish the secure connection for data transfer.

10 SSL Protocol – Cont. Handshake –Negotiate the cipher suite –Authenticate the server –Authenticate the client (Optional) –Generate the session keys –Establish a secure connection

11 SSL Protocol – Cont. More detail information can be found from: –SSL Protocol v3 @ http://www.netscape.com/eng/ssl3/draft302.txt –TLS Protocol v1 @ http://www.ietf.org/rfc/rfc2246.txt

12 Command-Line Interface Functionality –Creation of RSA, DSA & DH key pairs –Creation of X509 Certificates, CSRs & CRLs –Calculation of Message Digests –Encryption & Decryption with Ciphers –SSL/TLS Client & Server Tests –Handling of S/MIME signed and/or encrypted mails

13 Command-Line Interface – Cont. Example 1 – Secure Apache Web Server with mod_ssl & OpenSSL Example 2 – S/MIME

14 Secure Apache Web Server with mod_ssl & OpenSSL Generate the Root Certificate Generate the CSR (Certificate Signing Request) Sign the CSR Generate the PKCS12 Modify the Apache Configuration File

15 Generate The Root Certificate –openssl req -x509 -days 2922 -newkey rsa:1024 -md5 -out ca.crt -keyout ca.key -config.\openssl.cnf

16 Generate The CSR –openssl req -newkey rsa:1024 -out mec.csr - keyout mec.key -config.\openssl.cnf -reqexts v3_req

17 Sign The CSR –openssl x509 -req -in mec.csr -extfile.\openssl.cnf -extensions usr_cert -CA ca.crt - CAkey ca.key -CAcreateserial -sha1 -days 1461 -out mec.crt

18 Generate The PKCS12 –openssl pkcs12 -export -out mec.p12 -in mec.crt -inkey mec.key -certfile ca.crt

19 Modify The Apache Configuration File The Apache Configuration File – httpd.conf LoadModule ssl_module modules/libssl.so AddModule mod_ssl.c SSLEngine off SSLSessionCache dbm:logs/ssl_cache SSLSessionCacheTimeout 300 Listen 80 Listen 443

20 Modify The Apache Configuration File – Cont. Deny from all SSLEngine on SSLCertificateFile “conf/ssl.crt/mec.crt” SSLCertificateKeyFile “conf/ssl.key/mec.key” SSLCACertificateFile “conf/ssl.crt/ca.crt”

21 Modify The Apache Configuration File – Cont. SSLVerifyClient require SSLRequire %{SSL_CLIENT_S_DN_CN} eq “Administrator”

22 S/MIME –Sign openssl smime -sign -in m.txt -out sign_clear.eml - signer jingli.pem –Verify openssl smime -verify -in sign_clear.eml -signer jingli.pem -CAfile ca.crt

23 S/MIME – Cont. –Encrypt openssl smime -encrypt -des3 -in m.txt -out encrypt.eml jingli.crt –Decrypt openssl smime -decrypt -in encrypt.eml -recip jingli.pem –Sign & Encrypt openssl smime -sign -in m.txt -text -signer jingli.pem | openssl smime -encrypt -des3 -out sign_encrypt.eml jingli.pem

24 Application Programming Interface libssl.a or libssl.so –Implementation of SSL_v2/3 & TLS_v1 libcrypto.a or libcrypto.so –Ciphers (AES, DES, RC2/4, Blowfish, IDEA) –Digests (MD5, SHA-1, MDC2) –Public Keys (RSA, DSA, DH) –X509s (ASN.1 DER & PEM) –Others (BIO, BASE64)

25 Application Programming Interface – Cont. OpenSSL’s libraries are also used by other tools, such as OpenCA, OpenSSH, to implement secure transmission of data Using SSL Proxy, arbitrary socket connections can be secured by SSL

26 Problems with OpenSSL It is powerful, but is not easy for use Non object-oriented Be lack of documents, especially for APIs Problems with shared libraries in some platforms

27 Summary OpenSSL is an Open Source toolkit implementing SSL/TLS & Cryptography It has a command-line interface & an application programming interface There are a lot of tools using OpenSSL’s libraries to secure data or establish secure connections

28 References OpenSSL – http://www.openssl.org SSL – http://www.netscape.com/eng/ssl3/draft302.txt TLS – http://www.ietf.org/rfc/rfc2246.txt Apache – http://www.apache.org mod_ssl – http://www.modssl.org Network Security with OpenSSL by Pravir Chandra, Matt Messier & John Viega Applied Cryptography by Bruce Schneier

Download ppt "Introduction to OpenSSL Jing Dalhousie University."

Similar presentations

Network Security: Lab#2 J. H. Wang Apr. 28, 2011.

Network Security: Lab#2 J. H. Wang Apr. 28, 2011.
Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.

Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.
SSL Implementation Guide Onno W. Purbo

SSL Implementation Guide Onno W. Purbo
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
TLS. 14.1 Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.

TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.
Cryptography and Network Security

Cryptography and Network Security
Presented by Fengmei Zou Date: Feb. 10, 2000 The Secure Sockets Layer (SSL) Protocol.

Presented by Fengmei Zou Date: Feb. 10, 2000 The Secure Sockets Layer (SSL) Protocol.
SSL CS772 Fall 2011. Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)

Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.

An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.
Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.

Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.
Securing Network Communication. 2 Security Issues in Communication Privacy  Anyone can see content Integrity  Someone might alter content Authentication.

Securing Network Communication. 2 Security Issues in Communication Privacy  Anyone can see content Integrity  Someone might alter content Authentication.
1 Secure HTTP Herng-Yow Chen. 2 Outline When digest authentication is not strong enough? How a more complicated technology secures HTTP transactions from.

1 Secure HTTP Herng-Yow Chen. 2 Outline When digest authentication is not strong enough? How a more complicated technology secures HTTP transactions from.
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.

Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
An Introduction to Security Concepts and Public Key Infrastructure (PKI) Mary Thompson.

An Introduction to Security Concepts and Public Key Infrastructure (PKI) Mary Thompson.
Java Security Model Lab#1 I. Omaima Al-Matrafi. Safety features built into the JVM Type-safe reference casting Structured memory access (no pointer arithmetic)

Java Security Model Lab#1 I. Omaima Al-Matrafi. Safety features built into the JVM Type-safe reference casting Structured memory access (no pointer arithmetic)
LAB#2 JAVA SECURITY OVERVIEW Prepared by: I.Raniah Alghamdi.

LAB#2 JAVA SECURITY OVERVIEW Prepared by: I.Raniah Alghamdi.
Cryptography and Network Security Chapter 17

Cryptography and Network Security Chapter 17
Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Similar presentations

Ads by Google