SlideShare ist ein Scribd-Unternehmen logo

Openssl

Als KEY, PDF herunterladen
P
psychesnet Hsieh
BildungTechnologie
1 von 29
SSL Brief Introduction 2012-03-27 Eric
Outline The basic of SSL OpenSSL part1: Overview of the API OpenSSL part2: Echo client OpenSSL part3: Echo server
The basic of SSL SSL is an acronym that stands for Secure Sockets Layer. The data is encrypted before it even leaves your computer, and is decrypted only once it reached its intended destination.
The basic of SSL
The basic of SSL private key #openssl genrsa -out privkey.pem 2048 local sign CSR #openssl req -new -key privkey.pem -out cert.csr (Certificate Signing Request) CA sign public key #openssl req -new -x509 -days 3650 -key privkey.pem -out cacert.pem
The basic of SSL
Overview of the API Headers and initialization /* OpenSSL headers */ #include "openssl/bio.h" #include "openssl/ssl.h" #include "openssl/err.h" /* Initializing OpenSSL */ SSL_library_init(); SSL_load_error_strings(); ERR_load_BIO_strings(); OpenSSL_add_all_algorithms();
Overview of the API OpenSSL uses an abstraction library called BIO to handle communication of various kinds, including files and sockets, both secure and not.
Overview of the API Setting up an unsecured connection BIO *bio = BIO_new_connect("hostname:port"); if(bio == NULL) { /* Handle the failure */ } if(BIO_do_connect(bio) <= 0) { /* Handle failed connection */ }
Overview of the API Reading and Writing data int x = BIO_read(bio, buf, len); if(BIO_write(bio, buf, len) <= 0) if(x == 0) { { if(! BIO_should_retry(bio)) /* Handle closed connection */ { } /* Handle failed write here */ else if(x < 0) } { if(! BIO_should_retry(bio)) /* Do something to handle the retry */ { } /* Handle failed read here */ } /* Do something to handle the retry */ }
Overview of the API Closing the connection /* To reuse the connection, use this line */ BIO_reset(bio); /* To free it from memory, use this line */ BIO_free_all(bio);
Overview of the API Setting up a secure connection We need SSL_CTX to hold the SSL information. SSL_CTX be created by SSL_CTX_new with SSL method(SSLv3_client_method()).
Overview of the API Setting up for a secure connection //client side SSL_CTX * ctx = SSL_CTX_new(SSLv3_client_method()); SSL * ssl; //server side SSL_CTX * ctx = SSL_CTX_new(SSLv3_server_method()); SSL * ssl;
Overview of the API Loading the trust certificate store if(! SSL_CTX_load_verify_locations(ctx, "/path/to/TrustStore.pem", NULL)) { /* Handle failed load here */ }
Overview of the API Creating the connection SSL_MODE_AUTO_RETRY flag. With this option set, if the server suddenly wants a new handshake, OpenSSL handles it in the background. Without this option, any read or write operation will return an error if the server wants a new handshake, setting the retry flag in the process. BIO *bio = BIO_new_ssl_connect(ctx); BIO_get_ssl(bio, & ssl); SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY); BIO_set_conn_hostname(bio, “172.19.151.101:9999”); BIO_do_connect(bio) //checking if a cerificate is valid if(SSL_get_verify_result(ssl) != X509_V_OK) { /* Handle the failed verification */ }
Overview of the API connect, read, write and close all same with insecure connection. but we need to free ctx structure. SSL_CTX_free(ctx);
How to printf error info printf("Error: %sn", ERR_reason_error_string(ERR_get_err or()));
Echo client See sample code~
Echo server load a server certificate SSL_CTX_use_certificate(SSL_CTX *, X509 *) SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, unsigned char *d); SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type); loading a private key SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey); SSL_CTX_use_PrivateKey_ASN1(int pk, SSL_CTX *ctx, unsigned char *d, long len); SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type); SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa); SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, unsigned char *d, long len); SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type);
Echo server Setting up the BIO object of server side BIO *bio = BIO_new_ssl(ctx, 0); if(bio == NULL) 0 is server side, { /* Handle failure here */ 1 is client side } /* Here, ssl is an SSL* (see Part 1) */ BIO_get_ssl(bio, &ssl); SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY);
Echo server Setting up the accept BIO abio, is the accept BIO, the one that will accept incoming connections. BIO *abio = BIO_new_accept("4422"); BIO_set_accept_bios(abio, bio);
Echo server Now to sit and wait /* First call to set up for accepting incoming connections... */ if(BIO_do_accept(abio) <= 0) { /* Handle fail here */ } /* Second call to actually wait */ if(BIO_do_accept(abio) <= 0) { /* Handle fail here */ } /* Any other call will cause it to wait automatically */
Echo server Popping the connection to talk BIO *out = BIO_pop(abio); if(BIO_do_handshake(out) <= 0) { /* Handle fail here */ }
Echo server What is (secure) handshake The opening handshake on a connection starts with the client basically saying "Hello" to the server.
Echo server The hello message -- which is what it's called in the specification SSL version number Randomly generated data Cipher settings(encryption algorithm) Anything else needed for communication
Echo server The server responds back with its own hello message containing the server's security parameters, the same type of information as the client provided.
Echo server See sample code~
Thanks a lot.
Home work today implement SSL client and say hello to my SSLSever. implement SSL Server.

Empfohlen

OpenSSL
OpenSSLOpenSSL
OpenSSL
Timbal Mayank
 
File security system
File security systemFile security system
File security system
ÁŠHÍŸÂ ŹÂBÊÊÑ
 
Pgp
PgpPgp
Pgp
precy02
 
Secure Your Encryption with HSM
Secure Your Encryption with HSMSecure Your Encryption with HSM
Secure Your Encryption with HSM
Narudom Roongsiriwong, CISSP
 
Passwords#14 - mimikatz
Passwords#14 - mimikatzPasswords#14 - mimikatz
Passwords#14 - mimikatz
Benjamin Delpy
 
Block Cipher
Block CipherBlock Cipher
Block Cipher
Brandon Byungyong Jo
 
RSA algorithm
RSA algorithmRSA algorithm
RSA algorithm
Arpana shree
 
0wn-premises: Bypassing Microsoft Defender for Identity
0wn-premises: Bypassing Microsoft Defender for Identity0wn-premises: Bypassing Microsoft Defender for Identity
0wn-premises: Bypassing Microsoft Defender for Identity
Nikhil Mittal
 

Empfohlen

OpenSSL
OpenSSLOpenSSL
OpenSSL
Timbal Mayank
 
File security system
File security systemFile security system
File security system
ÁŠHÍŸÂ ŹÂBÊÊÑ
 
Pgp
PgpPgp
Pgp
precy02
 
Secure Your Encryption with HSM
Secure Your Encryption with HSMSecure Your Encryption with HSM
Secure Your Encryption with HSM
Narudom Roongsiriwong, CISSP
 
Passwords#14 - mimikatz
Passwords#14 - mimikatzPasswords#14 - mimikatz
Passwords#14 - mimikatz
Benjamin Delpy
 
Block Cipher
Block CipherBlock Cipher
Block Cipher
Brandon Byungyong Jo
 
RSA algorithm
RSA algorithmRSA algorithm
RSA algorithm
Arpana shree
 
0wn-premises: Bypassing Microsoft Defender for Identity
0wn-premises: Bypassing Microsoft Defender for Identity0wn-premises: Bypassing Microsoft Defender for Identity
0wn-premises: Bypassing Microsoft Defender for Identity
Nikhil Mittal
 
Cryptography
CryptographyCryptography
Cryptography
Jens Patel
 
Key management.ppt
Key management.pptKey management.ppt
Key management.ppt
Sou Jana
 
Ch18
Ch18Ch18
Ch18
Joe Christensen
 
Https presentation
Https presentationHttps presentation
Https presentation
patel jatin
 
CNIT 129S: 12: Attacking Users: Cross-Site Scripting (Part 1 of 2)
CNIT 129S: 12: Attacking Users: Cross-Site Scripting (Part 1 of 2)CNIT 129S: 12: Attacking Users: Cross-Site Scripting (Part 1 of 2)
CNIT 129S: 12: Attacking Users: Cross-Site Scripting (Part 1 of 2)
Sam Bowne
 
Authenticated Encryption Gcm Ccm
Authenticated Encryption Gcm CcmAuthenticated Encryption Gcm Ccm
Authenticated Encryption Gcm Ccm
Vittorio Giovara
 
SSL/TLS
SSL/TLSSSL/TLS
SSL/TLS
Dr Anjan Krishnamurthy
 
Key management
Key managementKey management
Key management
Brandon Byungyong Jo
 
Hunting for Credentials Dumping in Windows Environment
Hunting for Credentials Dumping in Windows EnvironmentHunting for Credentials Dumping in Windows Environment
Hunting for Credentials Dumping in Windows Environment
Teymur Kheirkhabarov
 
Cryptography
CryptographyCryptography
Cryptography
IGZ Software house
 
RSA Algorithm - Public Key Cryptography
RSA Algorithm - Public Key CryptographyRSA Algorithm - Public Key Cryptography
RSA Algorithm - Public Key Cryptography
Md. Shafiul Alam Sagor
 
Cryptography
CryptographyCryptography
Cryptography
Suhepi Saputri
 
Transposition Cipher
Transposition CipherTransposition Cipher
Transposition Cipher
daniyalqureshi712
 
Key management
Key managementKey management
Key management
Sujata Regoti
 
Secret key cryptography
Secret key cryptographySecret key cryptography
Secret key cryptography
Prabhat Goel
 
Waf bypassing Techniques
Waf bypassing TechniquesWaf bypassing Techniques
Waf bypassing Techniques
Avinash Thapa
 
Evading Microsoft ATA for Active Directory Domination
Evading Microsoft ATA for Active Directory DominationEvading Microsoft ATA for Active Directory Domination
Evading Microsoft ATA for Active Directory Domination
Nikhil Mittal
 
Introduction To PKI Technology
Introduction To PKI TechnologyIntroduction To PKI Technology
Introduction To PKI Technology
Sylvain Maret
 
Elementary cryptography
Elementary cryptographyElementary cryptography
Elementary cryptography
G Prachi
 
Principles of public key cryptography and its Uses
Principles of public key cryptography and its UsesPrinciples of public key cryptography and its Uses
Principles of public key cryptography and its Uses
Mohsin Ali
 
Echo Summit 2016 Powerpoint final
Echo Summit 2016 Powerpoint final Echo Summit 2016 Powerpoint final
Echo Summit 2016 Powerpoint final
Jennifer Wheeler
 
Checking... wave quest
Checking... wave questChecking... wave quest
Checking... wave quest
Sells Middle School
 

Weitere ähnliche Inhalte

Was ist angesagt?

Was ist angesagt? (20)

Cryptography
CryptographyCryptography
Cryptography
 
Key management.ppt
Key management.pptKey management.ppt
Key management.ppt
 
Ch18
Ch18Ch18
Ch18
 
Https presentation
Https presentationHttps presentation
Https presentation
 
CNIT 129S: 12: Attacking Users: Cross-Site Scripting (Part 1 of 2)
CNIT 129S: 12: Attacking Users: Cross-Site Scripting (Part 1 of 2)CNIT 129S: 12: Attacking Users: Cross-Site Scripting (Part 1 of 2)
CNIT 129S: 12: Attacking Users: Cross-Site Scripting (Part 1 of 2)
 
Authenticated Encryption Gcm Ccm
Authenticated Encryption Gcm CcmAuthenticated Encryption Gcm Ccm
Authenticated Encryption Gcm Ccm
 
SSL/TLS
SSL/TLSSSL/TLS
SSL/TLS
 
Key management
Key managementKey management
Key management
 
Hunting for Credentials Dumping in Windows Environment
Hunting for Credentials Dumping in Windows EnvironmentHunting for Credentials Dumping in Windows Environment
Hunting for Credentials Dumping in Windows Environment
 
Cryptography
CryptographyCryptography
Cryptography
 
RSA Algorithm - Public Key Cryptography
RSA Algorithm - Public Key CryptographyRSA Algorithm - Public Key Cryptography
RSA Algorithm - Public Key Cryptography
 
Cryptography
CryptographyCryptography
Cryptography
 
Transposition Cipher
Transposition CipherTransposition Cipher
Transposition Cipher
 
Key management
Key managementKey management
Key management
 
Secret key cryptography
Secret key cryptographySecret key cryptography
Secret key cryptography
 
Waf bypassing Techniques
Waf bypassing TechniquesWaf bypassing Techniques
Waf bypassing Techniques
 
Evading Microsoft ATA for Active Directory Domination
Evading Microsoft ATA for Active Directory DominationEvading Microsoft ATA for Active Directory Domination
Evading Microsoft ATA for Active Directory Domination
 
Introduction To PKI Technology
Introduction To PKI TechnologyIntroduction To PKI Technology
Introduction To PKI Technology
 
Elementary cryptography
Elementary cryptographyElementary cryptography
Elementary cryptography
 
Principles of public key cryptography and its Uses
Principles of public key cryptography and its UsesPrinciples of public key cryptography and its Uses
Principles of public key cryptography and its Uses
 

Andere mochten auch

Echo Summit 2016 Powerpoint final
Echo Summit 2016 Powerpoint final Echo Summit 2016 Powerpoint final
Echo Summit 2016 Powerpoint final
Jennifer Wheeler
 
Programs for Operating System
Programs for Operating SystemPrograms for Operating System
Programs for Operating System
LPU
 
ipv6 introduction & environment buildup
ipv6 introduction & environment buildupipv6 introduction & environment buildup
ipv6 introduction & environment buildup
psychesnet Hsieh
 

Andere mochten auch (20)

Echo Summit 2016 Powerpoint final
Echo Summit 2016 Powerpoint final Echo Summit 2016 Powerpoint final
Echo Summit 2016 Powerpoint final
 
Checking... wave quest
Checking... wave questChecking... wave quest
Checking... wave quest
 
Form validation server side
Form validation server side Form validation server side
Form validation server side
 
Isup
IsupIsup
Isup
 
Checksum explaination
Checksum explainationChecksum explaination
Checksum explaination
 
Checksum 101
Checksum 101Checksum 101
Checksum 101
 
Lab2
Lab2Lab2
Lab2
 
work order of logic laboratory
work order of logic laboratory work order of logic laboratory
work order of logic laboratory
 
Bozorgmeh os lab
Bozorgmeh os labBozorgmeh os lab
Bozorgmeh os lab
 
Gun make
Gun makeGun make
Gun make
 
Programs for Operating System
Programs for Operating SystemPrograms for Operating System
Programs for Operating System
 
Os file
Os fileOs file
Os file
 
OS tutoring #1
OS tutoring #1OS tutoring #1
OS tutoring #1
 
Lab manual operating system [cs 502 rgpv] (usefulsearch.org) (useful search)
Lab manual operating system [cs 502 rgpv] (usefulsearch.org) (useful search)Lab manual operating system [cs 502 rgpv] (usefulsearch.org) (useful search)
Lab manual operating system [cs 502 rgpv] (usefulsearch.org) (useful search)
 
Os lab file c programs
Os lab file c programsOs lab file c programs
Os lab file c programs
 
O.s. lab all_experimets
O.s. lab all_experimetsO.s. lab all_experimets
O.s. lab all_experimets
 
FFmpeg
FFmpegFFmpeg
FFmpeg
 
Ooad lab manual
Ooad lab manualOoad lab manual
Ooad lab manual
 
Ooad lab manual(original)
Ooad lab manual(original)Ooad lab manual(original)
Ooad lab manual(original)
 
ipv6 introduction & environment buildup
ipv6 introduction & environment buildupipv6 introduction & environment buildup
ipv6 introduction & environment buildup
 

Ähnlich wie Openssl

Secureerasurecodebasedcloudstoragesystemwithsecuredataforwarding
Secureerasurecodebasedcloudstoragesystemwithsecuredataforwarding Secureerasurecodebasedcloudstoragesystemwithsecuredataforwarding
Secureerasurecodebasedcloudstoragesystemwithsecuredataforwarding
kadalisrikanth
 
Nodejs 프로그래밍 ch.3
Nodejs 프로그래밍 ch.3Nodejs 프로그래밍 ch.3
Nodejs 프로그래밍 ch.3
HyeonSeok Choi
 
PCI Security Requirements - secure coding
PCI Security Requirements - secure codingPCI Security Requirements - secure coding
PCI Security Requirements - secure coding
Haitham Raik
 
Iss letcure 7_8
Iss letcure 7_8Iss letcure 7_8
Iss letcure 7_8
Ali Habeeb
 
finalprojtemplatev5finalprojtemplate.gitignore# Ignore the b
finalprojtemplatev5finalprojtemplate.gitignore# Ignore the bfinalprojtemplatev5finalprojtemplate.gitignore# Ignore the b
finalprojtemplatev5finalprojtemplate.gitignore# Ignore the b
ChereCheek752
 
Efficient HTTP Apis
Efficient HTTP ApisEfficient HTTP Apis
Efficient HTTP Apis
Adrian Cole
 

Ähnlich wie Openssl (20)

OpenSSL Basic Function Call Flow
OpenSSL Basic Function Call FlowOpenSSL Basic Function Call Flow
OpenSSL Basic Function Call Flow
 
OpenSSL programming (still somewhat initial version)
OpenSSL programming (still somewhat initial version)OpenSSL programming (still somewhat initial version)
OpenSSL programming (still somewhat initial version)
 
Secure erasure code based cloud storage system with secure data forwarding
Secure erasure code based cloud storage system with secure data forwardingSecure erasure code based cloud storage system with secure data forwarding
Secure erasure code based cloud storage system with secure data forwarding
 
OWASP San Diego Training Presentation
OWASP San Diego Training PresentationOWASP San Diego Training Presentation
OWASP San Diego Training Presentation
 
Ato2019 weave-services-istio
Ato2019 weave-services-istioAto2019 weave-services-istio
Ato2019 weave-services-istio
 
All Things Open 2019 weave-services-istio
All Things Open 2019 weave-services-istioAll Things Open 2019 weave-services-istio
All Things Open 2019 weave-services-istio
 
Weave Your Microservices with Istio
Weave Your Microservices with IstioWeave Your Microservices with Istio
Weave Your Microservices with Istio
 
Secureerasurecodebasedcloudstoragesystemwithsecuredataforwarding
Secureerasurecodebasedcloudstoragesystemwithsecuredataforwarding Secureerasurecodebasedcloudstoragesystemwithsecuredataforwarding
Secureerasurecodebasedcloudstoragesystemwithsecuredataforwarding
 
神に近づくx/net/context (Finding God with x/net/context)
神に近づくx/net/context (Finding God with x/net/context)神に近づくx/net/context (Finding God with x/net/context)
神に近づくx/net/context (Finding God with x/net/context)
 
Security enforcement of Java Microservices with Apiman & Keycloak
Security enforcement of Java Microservices with Apiman & KeycloakSecurity enforcement of Java Microservices with Apiman & Keycloak
Security enforcement of Java Microservices with Apiman & Keycloak
 
Nodejs 프로그래밍 ch.3
Nodejs 프로그래밍 ch.3Nodejs 프로그래밍 ch.3
Nodejs 프로그래밍 ch.3
 
Ejb examples
Ejb examplesEjb examples
Ejb examples
 
maxbox starter72 multilanguage coding
maxbox starter72 multilanguage codingmaxbox starter72 multilanguage coding
maxbox starter72 multilanguage coding
 
PCI Security Requirements - secure coding
PCI Security Requirements - secure codingPCI Security Requirements - secure coding
PCI Security Requirements - secure coding
 
Tech Webinar: AUMENTARE LA SCALABILITÀ DELLE WEB APP CON SERVLET 3.1 ASYNC I/O
Tech Webinar: AUMENTARE LA SCALABILITÀ DELLE WEB APP CON SERVLET 3.1 ASYNC I/OTech Webinar: AUMENTARE LA SCALABILITÀ DELLE WEB APP CON SERVLET 3.1 ASYNC I/O
Tech Webinar: AUMENTARE LA SCALABILITÀ DELLE WEB APP CON SERVLET 3.1 ASYNC I/O
 
OSGi Enterprise R6 specs are out! - David Bosschaert & Carsten Ziegeler
OSGi Enterprise R6 specs are out! - David Bosschaert & Carsten ZiegelerOSGi Enterprise R6 specs are out! - David Bosschaert & Carsten Ziegeler
OSGi Enterprise R6 specs are out! - David Bosschaert & Carsten Ziegeler
 
Iss letcure 7_8
Iss letcure 7_8Iss letcure 7_8
Iss letcure 7_8
 
File Transfer Through Sockets
File Transfer Through SocketsFile Transfer Through Sockets
File Transfer Through Sockets
 
finalprojtemplatev5finalprojtemplate.gitignore# Ignore the b
finalprojtemplatev5finalprojtemplate.gitignore# Ignore the bfinalprojtemplatev5finalprojtemplate.gitignore# Ignore the b
finalprojtemplatev5finalprojtemplate.gitignore# Ignore the b
 
Efficient HTTP Apis
Efficient HTTP ApisEfficient HTTP Apis
Efficient HTTP Apis
 

Kürzlich hochgeladen

Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
kauryashika82
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
PECB
 
Making and Justifying Mathematical Decisions.pdf
Making and Justifying Mathematical Decisions.pdfMaking and Justifying Mathematical Decisions.pdf
Making and Justifying Mathematical Decisions.pdf
Chris Hunter
 
The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptx
heathfieldcps1
 

Kürzlich hochgeladen (20)

Micro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdfMicro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdf
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
 
Unit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptxUnit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptx
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
 
psychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docxpsychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docx
 
Role Of Transgenic Animal In Target Validation-1.pptx
Role Of Transgenic Animal In Target Validation-1.pptxRole Of Transgenic Animal In Target Validation-1.pptx
Role Of Transgenic Animal In Target Validation-1.pptx
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy Consulting
 
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptxINDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104
 
On National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsOn National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan Fellows
 
Making and Justifying Mathematical Decisions.pdf
Making and Justifying Mathematical Decisions.pdfMaking and Justifying Mathematical Decisions.pdf
Making and Justifying Mathematical Decisions.pdf
 
Python Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxPython Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docx
 
The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptx
 
Sociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning ExhibitSociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning Exhibit
 
General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...
 
Food Chain and Food Web (Ecosystem) EVS, B. Pharmacy 1st Year, Sem-II
Food Chain and Food Web (Ecosystem) EVS, B. Pharmacy 1st Year, Sem-IIFood Chain and Food Web (Ecosystem) EVS, B. Pharmacy 1st Year, Sem-II
Food Chain and Food Web (Ecosystem) EVS, B. Pharmacy 1st Year, Sem-II
 
Energy Resources. ( B. Pharmacy, 1st Year, Sem-II) Natural Resources
Energy Resources. ( B. Pharmacy, 1st Year, Sem-II) Natural ResourcesEnergy Resources. ( B. Pharmacy, 1st Year, Sem-II) Natural Resources
Energy Resources. ( B. Pharmacy, 1st Year, Sem-II) Natural Resources
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdf
 

Openssl

  • 1. SSL Brief Introduction 2012-03-27 Eric
  • 2. Outline The basic of SSL OpenSSL part1: Overview of the API OpenSSL part2: Echo client OpenSSL part3: Echo server
  • 3. The basic of SSL SSL is an acronym that stands for Secure Sockets Layer. The data is encrypted before it even leaves your computer, and is decrypted only once it reached its intended destination.
  • 5. The basic of SSL private key #openssl genrsa -out privkey.pem 2048 local sign CSR #openssl req -new -key privkey.pem -out cert.csr (Certificate Signing Request) CA sign public key #openssl req -new -x509 -days 3650 -key privkey.pem -out cacert.pem
  • 7. Overview of the API Headers and initialization /* OpenSSL headers */ #include "openssl/bio.h" #include "openssl/ssl.h" #include "openssl/err.h" /* Initializing OpenSSL */ SSL_library_init(); SSL_load_error_strings(); ERR_load_BIO_strings(); OpenSSL_add_all_algorithms();
  • 8. Overview of the API OpenSSL uses an abstraction library called BIO to handle communication of various kinds, including files and sockets, both secure and not.
  • 9. Overview of the API Setting up an unsecured connection BIO *bio = BIO_new_connect("hostname:port"); if(bio == NULL) { /* Handle the failure */ } if(BIO_do_connect(bio) <= 0) { /* Handle failed connection */ }
  • 10. Overview of the API Reading and Writing data int x = BIO_read(bio, buf, len); if(BIO_write(bio, buf, len) <= 0) if(x == 0) { { if(! BIO_should_retry(bio)) /* Handle closed connection */ { } /* Handle failed write here */ else if(x < 0) } { if(! BIO_should_retry(bio)) /* Do something to handle the retry */ { } /* Handle failed read here */ } /* Do something to handle the retry */ }
  • 11. Overview of the API Closing the connection /* To reuse the connection, use this line */ BIO_reset(bio); /* To free it from memory, use this line */ BIO_free_all(bio);
  • 12. Overview of the API Setting up a secure connection We need SSL_CTX to hold the SSL information. SSL_CTX be created by SSL_CTX_new with SSL method(SSLv3_client_method()).
  • 13. Overview of the API Setting up for a secure connection //client side SSL_CTX * ctx = SSL_CTX_new(SSLv3_client_method()); SSL * ssl; //server side SSL_CTX * ctx = SSL_CTX_new(SSLv3_server_method()); SSL * ssl;
  • 14. Overview of the API Loading the trust certificate store if(! SSL_CTX_load_verify_locations(ctx, "/path/to/TrustStore.pem", NULL)) { /* Handle failed load here */ }
  • 15. Overview of the API Creating the connection SSL_MODE_AUTO_RETRY flag. With this option set, if the server suddenly wants a new handshake, OpenSSL handles it in the background. Without this option, any read or write operation will return an error if the server wants a new handshake, setting the retry flag in the process. BIO *bio = BIO_new_ssl_connect(ctx); BIO_get_ssl(bio, & ssl); SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY); BIO_set_conn_hostname(bio, “172.19.151.101:9999”); BIO_do_connect(bio) //checking if a cerificate is valid if(SSL_get_verify_result(ssl) != X509_V_OK) { /* Handle the failed verification */ }
  • 16. Overview of the API connect, read, write and close all same with insecure connection. but we need to free ctx structure. SSL_CTX_free(ctx);
  • 17. How to printf error info printf("Error: %sn", ERR_reason_error_string(ERR_get_err or()));
  • 18. Echo client See sample code~
  • 19. Echo server load a server certificate SSL_CTX_use_certificate(SSL_CTX *, X509 *) SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, unsigned char *d); SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type); loading a private key SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey); SSL_CTX_use_PrivateKey_ASN1(int pk, SSL_CTX *ctx, unsigned char *d, long len); SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type); SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa); SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, unsigned char *d, long len); SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type);
  • 20. Echo server Setting up the BIO object of server side BIO *bio = BIO_new_ssl(ctx, 0); if(bio == NULL) 0 is server side, { /* Handle failure here */ 1 is client side } /* Here, ssl is an SSL* (see Part 1) */ BIO_get_ssl(bio, &ssl); SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY);
  • 21. Echo server Setting up the accept BIO abio, is the accept BIO, the one that will accept incoming connections. BIO *abio = BIO_new_accept("4422"); BIO_set_accept_bios(abio, bio);
  • 22. Echo server Now to sit and wait /* First call to set up for accepting incoming connections... */ if(BIO_do_accept(abio) <= 0) { /* Handle fail here */ } /* Second call to actually wait */ if(BIO_do_accept(abio) <= 0) { /* Handle fail here */ } /* Any other call will cause it to wait automatically */
  • 23. Echo server Popping the connection to talk BIO *out = BIO_pop(abio); if(BIO_do_handshake(out) <= 0) { /* Handle fail here */ }
  • 24. Echo server What is (secure) handshake The opening handshake on a connection starts with the client basically saying "Hello" to the server.
  • 25. Echo server The hello message -- which is what it's called in the specification SSL version number Randomly generated data Cipher settings(encryption algorithm) Anything else needed for communication
  • 26. Echo server The server responds back with its own hello message containing the server's security parameters, the same type of information as the client provided.
  • 29. Home work today implement SSL client and say hello to my SSLSever. implement SSL Server.

Hinweis der Redaktion

  1. \n
  2. \n
  3. \n
  4. \n
  5. \n
  6. \n
  7. \n
  8. \n
  9. \n
  10. \n
  11. \n
  12. \n
  13. \n
  14. \n
  15. \n
  16. \n
  17. \n
  18. \n
  19. \n
  20. \n
  21. \n
  22. \n
  23. \n
  24. \n
  25. \n
  26. \n
  27. \n
  28. \n
  29. \n