Home Page Icon
Home Page
Table of Contents for
Demystifying Cryptography with OpenSSL 3.0
Close
Demystifying Cryptography with OpenSSL 3.0
by Alexei Khlebnikov, Jarle Adolfsen
Demystifying Cryptography with OpenSSL 3.0
Demystifying Cryptography with OpenSSL 3.0
Foreword
Contributors
About the author
About the reviewer
Preface
Part 1: Introduction
Chapter 1: OpenSSL and Other SSL/TLS Libraries
Part 2: Symmetric Cryptography
Chapter 2: Symmetric Encryption and Decryption
Chapter 3: Message Digests
Chapter 4: MAC and HMAC
Chapter 5: Derivation of an Encryption Key from a Password
Part 3: Asymmetric Cryptography and Certificates
Chapter 6: Asymmetric Encryption and Decryption
Chapter 7: Digital Signatures and Their Verification
Chapter 8: X.509 Certificates and PKI
Part 4: TLS Connections and Secure Communication
Chapter 9: Establishing TLS Connections and Sending Data over Them
Chapter 10: Using X.509 Certificates in TLS
Chapter 11: Special Usages of TLS
Part 5: Running a Mini-CA
Chapter 12: Running a Mini-CA
Index
Other Books You May Enjoy
Search in book...
Toggle Font Controls
Playlists
Add To
Create new playlist
Name your new playlist
Playlist description (optional)
Cancel
Create playlist
Sign In
Email address
Password
Forgot Password?
Create account
Login
or
Continue with Facebook
Continue with Google
Sign Up
Full Name
Email address
Confirm Email Address
Password
Login
Create account
or
Continue with Facebook
Continue with Google
Prev
Previous Chapter
Demystifying Cryptography with OpenSSL 3.0
Next
Next Chapter
Preface
Table of Contents
Prefacexv
Who this book is for
What this book covers
To get the most out of this book
Download the example code files
Download the color images
Conventions used
Get in touch
Share Your Thoughts
Part 1: Introduction
1
OpenSSL and Other SSL/TLS Libraries3
What is OpenSSL?
The history of OpenSSL
What’s new in OpenSSL 3.0?
Comparing OpenSSL with GnuTLS
Comparing OpenSSL with NSS
Comparing OpenSSL with Botan
Comparing OpenSSL with lightweight TLS libraries
Comparing OpenSSL with LibreSSL
Comparing OpenSSL with BoringSSL
Summary
Part 2: Symmetric Cryptography
2
Symmetric Encryption and Decryption15
Technical requirements
Understanding symmetric encryption
An overview of the symmetric ciphers supported by OpenSSL
Comparing block ciphers and stream ciphers
Understanding symmetric cipher security
How many bits of security is enough?
Reviewing the AES cipher
Reviewing DES and 3DES ciphers
Reviewing the RC4 cipher
Reviewing the ChaCha20 cipher
Reviewing other symmetric ciphers supported by OpenSSL
Block cipher modes of operation
Reviewing the Electronic Code Book mode
Reviewing CBC mode
Reviewing CTR mode
Reviewing GCM
Reviewing AES-GCM-SIV
Other block cipher operation modes
Choosing the block cipher operation mode
Padding for block ciphers
How to generate a symmetric encryption key
Downloading and installing OpenSSL
How to encrypt and decrypt with AES on the command line
Initializing and uninitializing OpenSSL library
How to compile and link with OpenSSL
How to encrypt with AES programmatically
Implementing the encryption program
Running the encrypt program
How to decrypt with AES programmatically
Implementing the decrypt program
Running the decrypt program
Summary
3
Message Digests55
Technical requirements
What are message digests and cryptographic hash functions?
Why are message digests needed?
Data integrity verification
Basis for HMAC
Digital signatures
Network protocols
Password verification
Content identifier
Blockchain and cryptocurrencies
Proof-of-work
Assessing the security of cryptographic hash functions
Overview of the cryptographic hash functions supported by OpenSSL
Reviewing the SHA-2 family of hash functions
Reviewing the SHA-3 family of hash functions
Reviewing the SHA-1 and SHA-0 hash functions
Reviewing the MD family of hash functions
Reviewing the BLAKE2 family of hash functions
Reviewing less popular hash functions supported by OpenSSL
Which cryptographic hash function should you choose?
How to calculate a message digest on the command line
How to calculate the message digest programmatically
Implementing the digest program
Running the digest program
Summary
4
MAC and HMAC71
Technical requirements
What is a MAC?
Understanding MAC function security
HMAC – a hash-based MAC
MAC, encryption, and the Cryptographic Doom Principle
How to calculate HMAC on the command line
How to calculate HMAC programmatically
Implementing the hmac program
Running the hmac program
Summary
5
Derivation of an Encryption Key from a Password83
Technical requirements
Understanding the differences between a password and an encryption key
What is a key derivation function?
Overview of key derivation functions supported by OpenSSL
Deriving a key from a password on the command line
Deriving a key from a password programmatically
Implementing the kdf program
Running the kdf program
Summary
Part 3: Asymmetric Cryptography and Certificates
6
Asymmetric Encryption and Decryption95
Technical requirements
Understanding asymmetric encryption
Understanding a Man in the Middle attack
Meeting in person
Verifying a key fingerprint over the phone
Key splitting
Signing the key by a trusted third party
What kind of asymmetric encryption is available in OpenSSL?
Understanding a session key
Understanding RSA security
How to generate an RSA keypair
How to encrypt and decrypt with RSA on the command line
How to encrypt with RSA programmatically
Implementing the rsa-encrypt program
Running the rsa-encrypt program
Understanding the OpenSSL error queue
How to decrypt with RSA programmatically
Implementing the rsa-decrypt program
Running the rsa-decrypt program
Summary
7
Digital Signatures and Their Verification119
Technical requirements
Understanding digital signatures
Difference between digital signatures and MACs
Overview of digital signature algorithms supported by OpenSSL
Reviewing RSA
Reviewing DSA
Reviewing ECDSA
Reviewing EdDSA
Reviewing SM2
Which digital signature algorithm should you choose?
How to generate an elliptic curve keypair
How to sign and verify a signature on the command line
How to sign programmatically
Implementing the ec-sign program
Running the ec-sign program
How to verify a signature programmatically
Implementing the ec-verify program
Running the ec-verify program
Summary
8
X.509 Certificates and PKI137
Technical requirements
What is an X.509 certificate?
Understanding certificate signing chains
How are X.509 certificates issued?
What are X509v3 extensions?
Understanding X.509 Public Key Infrastructure
How to generate a self-signed certificate
How to generate a non-self-signed certificate
How to verify a certificate on the command line
How to verify a certificate programmatically
Implementing the x509-verify program
Running the x509-verify program
Summary
Part 4: TLS Connections and Secure Communication
9
Establishing TLS Connections and Sending Data over Them163
Technical requirements
Understanding the TLS protocol
Understanding a TLS handshake
What happens after the TLS handshake?
The history of the TLS protocol
Establishing a TLS client connection on the command line
Preparing certificates for a TLS server connection
Accepting a TLS server connection on the command line
Understanding OpenSSL BIOs
Establishing a TLS client connection programmatically
Implementing the tls-client program
Running the tls-client program
Accepting a TLS server connection programmatically
Implementing the tls-server program
Running the tls-server program
Summary
10
Using X.509 Certificates in TLS193
Technical requirements
Custom verification of peer certificates in C programs
Registering the verification callback
Implementing the verification callback
Running the program
Using Certificate Revocation Lists in C programs
Registering the CRL lookup callback
Implementing the CRL lookup callback
Implementing the function for downloading a CRL from a distribution point
Implementing the function for downloading a CRL from an HTTP URL
Running the program
Using the Online Certificate Status Protocol
Understanding the Online Certificate Status Protocol
Using OCSP on the command line
Using OCSP in C programs
Using TLS client certificates
Generating TLS client certificates
Packaging client certificates into PKCS #12 container files
Requesting and verifying a TLS client certificate on the server side programmatically
Establishing a TLS client connection with a client certificate programmatically
Summary
11
Special Usages of TLS243
Technical requirements
Understanding TLS certificate pinning
Using TLS certificate pinning
Changing the run_tls_client() function
Implementing the cert_verify_callback() function
Running the tls-cert-pinning program
Understanding blocking and non-blocking sockets
Using TLS on non-blocking sockets
Changing the run_tls_client() function
Running the tls-client-non-blocking program
Understanding TLS on non-standard sockets
Using TLS on non-standard sockets
Implementing the service_bios() function
Reimplementing the run_tls_client() function
Running the tls-client-memory-bio program
Summary
Part 5: Running a Mini-CA
12
Running a Mini-CA279
Technical requirements
Understanding the openssl ca subcommand
Generating a root CA certificate
Generating an intermediate CA certificate
Generating a certificate for a web server
Generating a certificate for a web and email client
Revoking certificates and generating CRLs
Providing certificate revocation status via OCSP
Summary
Index305
Other Books You May Enjoy318
Add Highlight
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click
here
login for view all page.
Day Mode
Cloud Mode
Night Mode
Reset