安装openssl
# tar –zxvf openssl
# cd openssl
# ./config --prefix=/usr/local/openssl
# make
# make install
<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />

 

加密解密

传统加密(对称加密)
openssl enc –ciphername( 加密算法 ) –k password (口令) –in file (被加密的算法) -out (输出文件) file
解密
openssl enc –ciphername –k password  -d –in file -out file

 

加密算法有: base64,des,des3,rc2,rc5,aes256

 

例如:
/bin/openssl enc –des3 –k boobooke –in pt.txt –out ct.bin                 // 加密

 

/bin/openssl enc –des3 –d  –k boobooke –in ct.bin –out pt1.txt        // 解密

 

 

非对称加密

 

Generate the private/public key
Openssl genrsa –out file 1024      
例如:
Openssl genrsa –out priv.key 1024              // rsa 算法生成私钥 (priv.key)         

 

Openssl rsa –in file –pubout
例如:                  
Openssl rsa –in priv.key –pubout>pub.key          // 用私钥 priv.key 生成公钥 , 并重定向到 pub.key 这个文件里面

 

Encrypt the file with public key
Openssl rsautl –in file –out file –inkey file –pubin –encrypt
例如:
Openssl rsautl –in test.txt –out test.bin –inkey pub.key –pubin –encrypt           // 利用公钥文件( pub.key )对 text.txt 文件进行加密,生成加密后的文件 text.bin

 

Decrypt the file the private key
Openssl rsautl –in file –out file –inkey file –decrypt
例如:
Openssl rsautl –in text.bin –out text1.txt –inkey priv.key –decrypt            // 利用私钥 priv.key 对公钥加密的 text.bin 进行加密的文件进行解密,生成解密后的文件是 text1.txt

 

 

Use openssl sign/verify functions(数字签名)

 

Generate the private/public key
生成密钥对
Openssl genrsa –out file 1024      
Openssl rsa –in file –pubout

 

Sign the file with the private key
Openssl rsautl –in file –out file –inkey file –sign
例如:
Openssl rsatul –in test.txt –out test.sig –inkey priv.key –sign             // 利用私钥对 test.txt 进行加密也就是签名
Openssl rsautl –in file –out file –inkey file –pubin –verify
例如:
Openssl rsautl –in test.sig –out test2.txt –inkey pub.key –pubin –verify // 利用公钥对私钥加密后的文件( test.sig )进行解密或是认证

 

Hash functionshash函数)……MD5 SHA1

作用:主要是验证文件的完整性,没有被别人篡改!
Generate the md5 hash result
Openssl dgst –md5 file
Md5sum file
例如:
Openssl dgst –md5 openssl.tar.gz         // 生成 MD5
Md5sum openssl.tar.gz

 

Generate the sha1 hash result
Openssl dgst –sha1file
Sha1sum file
例如:
Openssl –dgst –sha1 openssl.tar.gz              // 生成 sha1

 

Install apache

Configure the environment
tar –zxvf httpd-2.0.63.tar.gz
cd httpd-2.0.63
./configure –prefix=/usr/local/apache –enable-ssl –with-ssl=/usr/local/openssl
make
make install

 

Configure ssl in apache

openssl req -new -x509 -days 30 -keyout server.key -out server.crt -subj '/CN=Test Only Certifiecate'
或者
Openssl req –new –x509 –days 365 –sha1 –nodes –newkey rsa:1024 keyout server.key –out server.crt –subj ‘/O=Seccure/OU=Seccure Labs/CN=www.secdemo.com’

 

Cpy the .key and .crt file to the proper directory         // 一般都是存放在 apache conf 目录下面,具体存放路径是在 apache 的配置文件中定义的

 

Vi httpd.conf
<IfModule mod_ssl.c>
    Include conf/ssl.conf                   //ssl 的配置文件被包含在 conf/ssl.conf
</IfModule>

 

Vi conf/ssl.conf

 

SSLCertificateKeyFile /usr/local/apache/conf/ssl.crt/server.key          //server.key 存放路径
SSLCertificateFile /usr/local/apache/conf/ssl.crt/server.crt                //server.crt 存放路径

 

Apache2.2 直接启动 apache 服务就可以启动 SSL
Apache2.0 启动 ssl apachectl startssl                                           // 端口号为 443 端口

 

 

Vi conf/ssl.conf
<Directory />
 SSLRequireSSL                                                     // 此目录只允许使用 https 协议访问
</Directory>

 

<Directory /usr/local/apache/htdocs/ssldemo>           
SSLRequireSSL    
</Directory>                                               //ssldemo这个目录必须使用https协议访
                               问,应为利用ssl安全访问存在着密钥的
                               加密解密以及传送,所以访问会很慢,所
                               以一般都是把一些需要中到https协议访
                               访问的程序放在一个目录中,而其他的站
                               点依然用http协议访问