SlideShare uma empresa Scribd logo

Openssl

Transferir como KEY, PDF
P
psychesnet Hsieh
EducaçãoTecnologia
1 de 29
SSL Brief Introduction 2012-03-27 Eric
Outline The basic of SSL OpenSSL part1: Overview of the API OpenSSL part2: Echo client OpenSSL part3: Echo server
The basic of SSL SSL is an acronym that stands for Secure Sockets Layer. The data is encrypted before it even leaves your computer, and is decrypted only once it reached its intended destination.
The basic of SSL
The basic of SSL private key #openssl genrsa -out privkey.pem 2048 local sign CSR #openssl req -new -key privkey.pem -out cert.csr (Certificate Signing Request) CA sign public key #openssl req -new -x509 -days 3650 -key privkey.pem -out cacert.pem
The basic of SSL
Overview of the API Headers and initialization /* OpenSSL headers */ #include "openssl/bio.h" #include "openssl/ssl.h" #include "openssl/err.h" /* Initializing OpenSSL */ SSL_library_init(); SSL_load_error_strings(); ERR_load_BIO_strings(); OpenSSL_add_all_algorithms();
Overview of the API OpenSSL uses an abstraction library called BIO to handle communication of various kinds, including files and sockets, both secure and not.
Overview of the API Setting up an unsecured connection BIO *bio = BIO_new_connect("hostname:port"); if(bio == NULL) { /* Handle the failure */ } if(BIO_do_connect(bio) <= 0) { /* Handle failed connection */ }
Overview of the API Reading and Writing data int x = BIO_read(bio, buf, len); if(BIO_write(bio, buf, len) <= 0) if(x == 0) { { if(! BIO_should_retry(bio)) /* Handle closed connection */ { } /* Handle failed write here */ else if(x < 0) } { if(! BIO_should_retry(bio)) /* Do something to handle the retry */ { } /* Handle failed read here */ } /* Do something to handle the retry */ }
Overview of the API Closing the connection /* To reuse the connection, use this line */ BIO_reset(bio); /* To free it from memory, use this line */ BIO_free_all(bio);
Overview of the API Setting up a secure connection We need SSL_CTX to hold the SSL information. SSL_CTX be created by SSL_CTX_new with SSL method(SSLv3_client_method()).
Overview of the API Setting up for a secure connection //client side SSL_CTX * ctx = SSL_CTX_new(SSLv3_client_method()); SSL * ssl; //server side SSL_CTX * ctx = SSL_CTX_new(SSLv3_server_method()); SSL * ssl;
Overview of the API Loading the trust certificate store if(! SSL_CTX_load_verify_locations(ctx, "/path/to/TrustStore.pem", NULL)) { /* Handle failed load here */ }
Overview of the API Creating the connection SSL_MODE_AUTO_RETRY flag. With this option set, if the server suddenly wants a new handshake, OpenSSL handles it in the background. Without this option, any read or write operation will return an error if the server wants a new handshake, setting the retry flag in the process. BIO *bio = BIO_new_ssl_connect(ctx); BIO_get_ssl(bio, & ssl); SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY); BIO_set_conn_hostname(bio, “172.19.151.101:9999”); BIO_do_connect(bio) //checking if a cerificate is valid if(SSL_get_verify_result(ssl) != X509_V_OK) { /* Handle the failed verification */ }
Overview of the API connect, read, write and close all same with insecure connection. but we need to free ctx structure. SSL_CTX_free(ctx);
How to printf error info printf("Error: %sn", ERR_reason_error_string(ERR_get_err or()));
Echo client See sample code~
Echo server load a server certificate SSL_CTX_use_certificate(SSL_CTX *, X509 *) SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, unsigned char *d); SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type); loading a private key SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey); SSL_CTX_use_PrivateKey_ASN1(int pk, SSL_CTX *ctx, unsigned char *d, long len); SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type); SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa); SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, unsigned char *d, long len); SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type);
Echo server Setting up the BIO object of server side BIO *bio = BIO_new_ssl(ctx, 0); if(bio == NULL) 0 is server side, { /* Handle failure here */ 1 is client side } /* Here, ssl is an SSL* (see Part 1) */ BIO_get_ssl(bio, &ssl); SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY);
Echo server Setting up the accept BIO abio, is the accept BIO, the one that will accept incoming connections. BIO *abio = BIO_new_accept("4422"); BIO_set_accept_bios(abio, bio);
Echo server Now to sit and wait /* First call to set up for accepting incoming connections... */ if(BIO_do_accept(abio) <= 0) { /* Handle fail here */ } /* Second call to actually wait */ if(BIO_do_accept(abio) <= 0) { /* Handle fail here */ } /* Any other call will cause it to wait automatically */
Echo server Popping the connection to talk BIO *out = BIO_pop(abio); if(BIO_do_handshake(out) <= 0) { /* Handle fail here */ }
Echo server What is (secure) handshake The opening handshake on a connection starts with the client basically saying "Hello" to the server.
Echo server The hello message -- which is what it's called in the specification SSL version number Randomly generated data Cipher settings(encryption algorithm) Anything else needed for communication
Echo server The server responds back with its own hello message containing the server's security parameters, the same type of information as the client provided.
Echo server See sample code~
Thanks a lot.
Home work today implement SSL client and say hello to my SSLSever. implement SSL Server.

Recomendados

Rc4
Rc4Rc4
Rc4
Amjad Rehman
 
IPSec VPN & IPSec Protocols
IPSec VPN & IPSec Protocols IPSec VPN & IPSec Protocols
IPSec VPN & IPSec Protocols
NetProtocol Xpert
 
13 asymmetric key cryptography
13 asymmetric key cryptography13 asymmetric key cryptography
13 asymmetric key cryptography
drewz lin
 
Port Security
Port SecurityPort Security
Port Security
NetProtocol Xpert
 
Secure shell ppt
Secure shell pptSecure shell ppt
Secure shell ppt
sravya raju
 
IPSec and VPN
IPSec and VPNIPSec and VPN
IPSec and VPN
Abdullaziz Tagawy
 
NTP Project Presentation
NTP Project PresentationNTP Project Presentation
NTP Project Presentation
Andrew McGarry
 
Ipsec
IpsecIpsec
Ipsec
Rupesh Mishra
 

Recomendados

Rc4
Rc4Rc4
Rc4
Amjad Rehman
 
IPSec VPN & IPSec Protocols
IPSec VPN & IPSec Protocols IPSec VPN & IPSec Protocols
IPSec VPN & IPSec Protocols
NetProtocol Xpert
 
13 asymmetric key cryptography
13 asymmetric key cryptography13 asymmetric key cryptography
13 asymmetric key cryptography
drewz lin
 
Port Security
Port SecurityPort Security
Port Security
NetProtocol Xpert
 
Secure shell ppt
Secure shell pptSecure shell ppt
Secure shell ppt
sravya raju
 
IPSec and VPN
IPSec and VPNIPSec and VPN
IPSec and VPN
Abdullaziz Tagawy
 
NTP Project Presentation
NTP Project PresentationNTP Project Presentation
NTP Project Presentation
Andrew McGarry
 
Ipsec
IpsecIpsec
Ipsec
Rupesh Mishra
 
Self-Signed SSL Versus Trusted CA Signed SSL Certificate
Self-Signed SSL Versus Trusted CA Signed SSL CertificateSelf-Signed SSL Versus Trusted CA Signed SSL Certificate
Self-Signed SSL Versus Trusted CA Signed SSL Certificate
CheapSSLsecurity
 
DHCP Snooping
DHCP SnoopingDHCP Snooping
DHCP Snooping
NetProtocol Xpert
 
Internet Key Exchange Protocol
Internet Key Exchange ProtocolInternet Key Exchange Protocol
Internet Key Exchange Protocol
Prateek Singh Bapna
 
SSL Communication and Mutual Authentication
SSL Communication and Mutual AuthenticationSSL Communication and Mutual Authentication
SSL Communication and Mutual Authentication
Cleo
 
SSL Secure socket layer
SSL Secure socket layerSSL Secure socket layer
SSL Secure socket layer
Ahmed Elnaggar
 
Introduction to SSH
Introduction to SSHIntroduction to SSH
Introduction to SSH
Hemant Shah
 
Kerberos
KerberosKerberos
Kerberos
Sudeep Shouche
 
Vpn presentation
Vpn presentationVpn presentation
Vpn presentation
Kuldeep Padhiyar
 
SSL/TLS Handshake
SSL/TLS HandshakeSSL/TLS Handshake
SSL/TLS Handshake
Arpit Agarwal
 
Secure Socket Layer
Secure Socket LayerSecure Socket Layer
Secure Socket Layer
Pina Parmar
 
Transport Layer Security
Transport Layer Security Transport Layer Security
Transport Layer Security
Ibrahiem Mohammed
 
Ssl https
Ssl httpsSsl https
Ssl https
Andrada Boldis
 
12 symmetric key cryptography
12 symmetric key cryptography12 symmetric key cryptography
12 symmetric key cryptography
drewz lin
 
Secure Socket Layer (SSL)
Secure Socket Layer (SSL)Secure Socket Layer (SSL)
Secure Socket Layer (SSL)
amanchaurasia
 
Kerberos
KerberosKerberos
Kerberos
Rahul Pundir
 
Security services and mechanisms
Security services and mechanismsSecurity services and mechanisms
Security services and mechanisms
Rajapriya82
 
Dynamic Routing IGRP
Dynamic Routing IGRPDynamic Routing IGRP
Dynamic Routing IGRP
Kishore Kumar
 
SSL And TLS
SSL And TLS SSL And TLS
SSL And TLS
Ghanshyam Patel
 
OAuth 2.0 Security Reinforced
OAuth 2.0 Security ReinforcedOAuth 2.0 Security Reinforced
OAuth 2.0 Security Reinforced
Torsten Lodderstedt
 
Wpa2 psk security measure
Wpa2 psk security measureWpa2 psk security measure
Wpa2 psk security measure
Shivam Singh
 
Echo Summit 2016 Powerpoint final
Echo Summit 2016 Powerpoint final Echo Summit 2016 Powerpoint final
Echo Summit 2016 Powerpoint final
Jennifer Wheeler
 
Checking... wave quest
Checking... wave questChecking... wave quest
Checking... wave quest
Sells Middle School
 

Mais conteúdo relacionado

Mais procurados

SSL Secure socket layer
SSL Secure socket layerSSL Secure socket layer
SSL Secure socket layer
Ahmed Elnaggar
 
Introduction to SSH
Introduction to SSHIntroduction to SSH
Introduction to SSH
Hemant Shah
 
12 symmetric key cryptography
12 symmetric key cryptography12 symmetric key cryptography
12 symmetric key cryptography
drewz lin
 
Dynamic Routing IGRP
Dynamic Routing IGRPDynamic Routing IGRP
Dynamic Routing IGRP
Kishore Kumar
 
OAuth 2.0 Security Reinforced
OAuth 2.0 Security ReinforcedOAuth 2.0 Security Reinforced
OAuth 2.0 Security Reinforced
Torsten Lodderstedt
 

Mais procurados (20)

Self-Signed SSL Versus Trusted CA Signed SSL Certificate
Self-Signed SSL Versus Trusted CA Signed SSL CertificateSelf-Signed SSL Versus Trusted CA Signed SSL Certificate
Self-Signed SSL Versus Trusted CA Signed SSL Certificate
 
DHCP Snooping
DHCP SnoopingDHCP Snooping
DHCP Snooping
 
Internet Key Exchange Protocol
Internet Key Exchange ProtocolInternet Key Exchange Protocol
Internet Key Exchange Protocol
 
SSL Communication and Mutual Authentication
SSL Communication and Mutual AuthenticationSSL Communication and Mutual Authentication
SSL Communication and Mutual Authentication
 
SSL Secure socket layer
SSL Secure socket layerSSL Secure socket layer
SSL Secure socket layer
 
Introduction to SSH
Introduction to SSHIntroduction to SSH
Introduction to SSH
 
Kerberos
KerberosKerberos
Kerberos
 
Vpn presentation
Vpn presentationVpn presentation
Vpn presentation
 
SSL/TLS Handshake
SSL/TLS HandshakeSSL/TLS Handshake
SSL/TLS Handshake
 
Secure Socket Layer
Secure Socket LayerSecure Socket Layer
Secure Socket Layer
 
Transport Layer Security
Transport Layer Security Transport Layer Security
Transport Layer Security
 
Ssl https
Ssl httpsSsl https
Ssl https
 
12 symmetric key cryptography
12 symmetric key cryptography12 symmetric key cryptography
12 symmetric key cryptography
 
Secure Socket Layer (SSL)
Secure Socket Layer (SSL)Secure Socket Layer (SSL)
Secure Socket Layer (SSL)
 
Kerberos
KerberosKerberos
Kerberos
 
Security services and mechanisms
Security services and mechanismsSecurity services and mechanisms
Security services and mechanisms
 
Dynamic Routing IGRP
Dynamic Routing IGRPDynamic Routing IGRP
Dynamic Routing IGRP
 
SSL And TLS
SSL And TLS SSL And TLS
SSL And TLS
 
OAuth 2.0 Security Reinforced
OAuth 2.0 Security ReinforcedOAuth 2.0 Security Reinforced
OAuth 2.0 Security Reinforced
 
Wpa2 psk security measure
Wpa2 psk security measureWpa2 psk security measure
Wpa2 psk security measure
 

Destaque

Echo Summit 2016 Powerpoint final
Echo Summit 2016 Powerpoint final Echo Summit 2016 Powerpoint final
Echo Summit 2016 Powerpoint final
Jennifer Wheeler
 
Programs for Operating System
Programs for Operating SystemPrograms for Operating System
Programs for Operating System
LPU
 
ipv6 introduction & environment buildup
ipv6 introduction & environment buildupipv6 introduction & environment buildup
ipv6 introduction & environment buildup
psychesnet Hsieh
 

Destaque (20)

Echo Summit 2016 Powerpoint final
Echo Summit 2016 Powerpoint final Echo Summit 2016 Powerpoint final
Echo Summit 2016 Powerpoint final
 
Checking... wave quest
Checking... wave questChecking... wave quest
Checking... wave quest
 
Form validation server side
Form validation server side Form validation server side
Form validation server side
 
Isup
IsupIsup
Isup
 
Checksum explaination
Checksum explainationChecksum explaination
Checksum explaination
 
Checksum 101
Checksum 101Checksum 101
Checksum 101
 
Lab2
Lab2Lab2
Lab2
 
work order of logic laboratory
work order of logic laboratory work order of logic laboratory
work order of logic laboratory
 
Bozorgmeh os lab
Bozorgmeh os labBozorgmeh os lab
Bozorgmeh os lab
 
Gun make
Gun makeGun make
Gun make
 
Programs for Operating System
Programs for Operating SystemPrograms for Operating System
Programs for Operating System
 
Os file
Os fileOs file
Os file
 
OS tutoring #1
OS tutoring #1OS tutoring #1
OS tutoring #1
 
Lab manual operating system [cs 502 rgpv] (usefulsearch.org) (useful search)
Lab manual operating system [cs 502 rgpv] (usefulsearch.org) (useful search)Lab manual operating system [cs 502 rgpv] (usefulsearch.org) (useful search)
Lab manual operating system [cs 502 rgpv] (usefulsearch.org) (useful search)
 
Os lab file c programs
Os lab file c programsOs lab file c programs
Os lab file c programs
 
O.s. lab all_experimets
O.s. lab all_experimetsO.s. lab all_experimets
O.s. lab all_experimets
 
FFmpeg
FFmpegFFmpeg
FFmpeg
 
Ooad lab manual
Ooad lab manualOoad lab manual
Ooad lab manual
 
Ooad lab manual(original)
Ooad lab manual(original)Ooad lab manual(original)
Ooad lab manual(original)
 
ipv6 introduction & environment buildup
ipv6 introduction & environment buildupipv6 introduction & environment buildup
ipv6 introduction & environment buildup
 

Semelhante a Openssl

Secureerasurecodebasedcloudstoragesystemwithsecuredataforwarding
Secureerasurecodebasedcloudstoragesystemwithsecuredataforwarding Secureerasurecodebasedcloudstoragesystemwithsecuredataforwarding
Secureerasurecodebasedcloudstoragesystemwithsecuredataforwarding
kadalisrikanth
 
Nodejs 프로그래밍 ch.3
Nodejs 프로그래밍 ch.3Nodejs 프로그래밍 ch.3
Nodejs 프로그래밍 ch.3
HyeonSeok Choi
 
PCI Security Requirements - secure coding
PCI Security Requirements - secure codingPCI Security Requirements - secure coding
PCI Security Requirements - secure coding
Haitham Raik
 
Iss letcure 7_8
Iss letcure 7_8Iss letcure 7_8
Iss letcure 7_8
Ali Habeeb
 
finalprojtemplatev5finalprojtemplate.gitignore# Ignore the b
finalprojtemplatev5finalprojtemplate.gitignore# Ignore the bfinalprojtemplatev5finalprojtemplate.gitignore# Ignore the b
finalprojtemplatev5finalprojtemplate.gitignore# Ignore the b
ChereCheek752
 
Efficient HTTP Apis
Efficient HTTP ApisEfficient HTTP Apis
Efficient HTTP Apis
Adrian Cole
 

Semelhante a Openssl (20)

OpenSSL Basic Function Call Flow
OpenSSL Basic Function Call FlowOpenSSL Basic Function Call Flow
OpenSSL Basic Function Call Flow
 
OpenSSL programming (still somewhat initial version)
OpenSSL programming (still somewhat initial version)OpenSSL programming (still somewhat initial version)
OpenSSL programming (still somewhat initial version)
 
Secure erasure code based cloud storage system with secure data forwarding
Secure erasure code based cloud storage system with secure data forwardingSecure erasure code based cloud storage system with secure data forwarding
Secure erasure code based cloud storage system with secure data forwarding
 
OWASP San Diego Training Presentation
OWASP San Diego Training PresentationOWASP San Diego Training Presentation
OWASP San Diego Training Presentation
 
Ato2019 weave-services-istio
Ato2019 weave-services-istioAto2019 weave-services-istio
Ato2019 weave-services-istio
 
All Things Open 2019 weave-services-istio
All Things Open 2019 weave-services-istioAll Things Open 2019 weave-services-istio
All Things Open 2019 weave-services-istio
 
Weave Your Microservices with Istio
Weave Your Microservices with IstioWeave Your Microservices with Istio
Weave Your Microservices with Istio
 
Secureerasurecodebasedcloudstoragesystemwithsecuredataforwarding
Secureerasurecodebasedcloudstoragesystemwithsecuredataforwarding Secureerasurecodebasedcloudstoragesystemwithsecuredataforwarding
Secureerasurecodebasedcloudstoragesystemwithsecuredataforwarding
 
神に近づくx/net/context (Finding God with x/net/context)
神に近づくx/net/context (Finding God with x/net/context)神に近づくx/net/context (Finding God with x/net/context)
神に近づくx/net/context (Finding God with x/net/context)
 
Security enforcement of Java Microservices with Apiman & Keycloak
Security enforcement of Java Microservices with Apiman & KeycloakSecurity enforcement of Java Microservices with Apiman & Keycloak
Security enforcement of Java Microservices with Apiman & Keycloak
 
Nodejs 프로그래밍 ch.3
Nodejs 프로그래밍 ch.3Nodejs 프로그래밍 ch.3
Nodejs 프로그래밍 ch.3
 
Ejb examples
Ejb examplesEjb examples
Ejb examples
 
maxbox starter72 multilanguage coding
maxbox starter72 multilanguage codingmaxbox starter72 multilanguage coding
maxbox starter72 multilanguage coding
 
PCI Security Requirements - secure coding
PCI Security Requirements - secure codingPCI Security Requirements - secure coding
PCI Security Requirements - secure coding
 
Tech Webinar: AUMENTARE LA SCALABILITÀ DELLE WEB APP CON SERVLET 3.1 ASYNC I/O
Tech Webinar: AUMENTARE LA SCALABILITÀ DELLE WEB APP CON SERVLET 3.1 ASYNC I/OTech Webinar: AUMENTARE LA SCALABILITÀ DELLE WEB APP CON SERVLET 3.1 ASYNC I/O
Tech Webinar: AUMENTARE LA SCALABILITÀ DELLE WEB APP CON SERVLET 3.1 ASYNC I/O
 
OSGi Enterprise R6 specs are out! - David Bosschaert & Carsten Ziegeler
OSGi Enterprise R6 specs are out! - David Bosschaert & Carsten ZiegelerOSGi Enterprise R6 specs are out! - David Bosschaert & Carsten Ziegeler
OSGi Enterprise R6 specs are out! - David Bosschaert & Carsten Ziegeler
 
Iss letcure 7_8
Iss letcure 7_8Iss letcure 7_8
Iss letcure 7_8
 
File Transfer Through Sockets
File Transfer Through SocketsFile Transfer Through Sockets
File Transfer Through Sockets
 
finalprojtemplatev5finalprojtemplate.gitignore# Ignore the b
finalprojtemplatev5finalprojtemplate.gitignore# Ignore the bfinalprojtemplatev5finalprojtemplate.gitignore# Ignore the b
finalprojtemplatev5finalprojtemplate.gitignore# Ignore the b
 
Efficient HTTP Apis
Efficient HTTP ApisEfficient HTTP Apis
Efficient HTTP Apis
 

Último

1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
QucHHunhnh
 
Seal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxSeal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptx
negromaestrong
 
An Overview of Mutual Funds Bcom Project.pdf
An Overview of Mutual Funds Bcom Project.pdfAn Overview of Mutual Funds Bcom Project.pdf
An Overview of Mutual Funds Bcom Project.pdf
SanaAli374401
 

Último (20)

Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..
 
How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
 
Seal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxSeal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptx
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
 
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy Consulting
 
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
 
Unit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptxUnit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptx
 
SECOND SEMESTER TOPIC COVERAGE SY 2023-2024 Trends, Networks, and Critical Th...
SECOND SEMESTER TOPIC COVERAGE SY 2023-2024 Trends, Networks, and Critical Th...SECOND SEMESTER TOPIC COVERAGE SY 2023-2024 Trends, Networks, and Critical Th...
SECOND SEMESTER TOPIC COVERAGE SY 2023-2024 Trends, Networks, and Critical Th...
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across Sectors
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
 
Unit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptxUnit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptx
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impact
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdf
 
An Overview of Mutual Funds Bcom Project.pdf
An Overview of Mutual Funds Bcom Project.pdfAn Overview of Mutual Funds Bcom Project.pdf
An Overview of Mutual Funds Bcom Project.pdf
 
PROCESS RECORDING FORMAT.docx
PROCESS RECORDING FORMAT.docxPROCESS RECORDING FORMAT.docx
PROCESS RECORDING FORMAT.docx
 
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
 
fourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writingfourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writing
 
This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.
 

Openssl

  • 1. SSL Brief Introduction 2012-03-27 Eric
  • 2. Outline The basic of SSL OpenSSL part1: Overview of the API OpenSSL part2: Echo client OpenSSL part3: Echo server
  • 3. The basic of SSL SSL is an acronym that stands for Secure Sockets Layer. The data is encrypted before it even leaves your computer, and is decrypted only once it reached its intended destination.
  • 5. The basic of SSL private key #openssl genrsa -out privkey.pem 2048 local sign CSR #openssl req -new -key privkey.pem -out cert.csr (Certificate Signing Request) CA sign public key #openssl req -new -x509 -days 3650 -key privkey.pem -out cacert.pem
  • 7. Overview of the API Headers and initialization /* OpenSSL headers */ #include "openssl/bio.h" #include "openssl/ssl.h" #include "openssl/err.h" /* Initializing OpenSSL */ SSL_library_init(); SSL_load_error_strings(); ERR_load_BIO_strings(); OpenSSL_add_all_algorithms();
  • 8. Overview of the API OpenSSL uses an abstraction library called BIO to handle communication of various kinds, including files and sockets, both secure and not.
  • 9. Overview of the API Setting up an unsecured connection BIO *bio = BIO_new_connect("hostname:port"); if(bio == NULL) { /* Handle the failure */ } if(BIO_do_connect(bio) <= 0) { /* Handle failed connection */ }
  • 10. Overview of the API Reading and Writing data int x = BIO_read(bio, buf, len); if(BIO_write(bio, buf, len) <= 0) if(x == 0) { { if(! BIO_should_retry(bio)) /* Handle closed connection */ { } /* Handle failed write here */ else if(x < 0) } { if(! BIO_should_retry(bio)) /* Do something to handle the retry */ { } /* Handle failed read here */ } /* Do something to handle the retry */ }
  • 11. Overview of the API Closing the connection /* To reuse the connection, use this line */ BIO_reset(bio); /* To free it from memory, use this line */ BIO_free_all(bio);
  • 12. Overview of the API Setting up a secure connection We need SSL_CTX to hold the SSL information. SSL_CTX be created by SSL_CTX_new with SSL method(SSLv3_client_method()).
  • 13. Overview of the API Setting up for a secure connection //client side SSL_CTX * ctx = SSL_CTX_new(SSLv3_client_method()); SSL * ssl; //server side SSL_CTX * ctx = SSL_CTX_new(SSLv3_server_method()); SSL * ssl;
  • 14. Overview of the API Loading the trust certificate store if(! SSL_CTX_load_verify_locations(ctx, "/path/to/TrustStore.pem", NULL)) { /* Handle failed load here */ }
  • 15. Overview of the API Creating the connection SSL_MODE_AUTO_RETRY flag. With this option set, if the server suddenly wants a new handshake, OpenSSL handles it in the background. Without this option, any read or write operation will return an error if the server wants a new handshake, setting the retry flag in the process. BIO *bio = BIO_new_ssl_connect(ctx); BIO_get_ssl(bio, & ssl); SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY); BIO_set_conn_hostname(bio, “172.19.151.101:9999”); BIO_do_connect(bio) //checking if a cerificate is valid if(SSL_get_verify_result(ssl) != X509_V_OK) { /* Handle the failed verification */ }
  • 16. Overview of the API connect, read, write and close all same with insecure connection. but we need to free ctx structure. SSL_CTX_free(ctx);
  • 17. How to printf error info printf("Error: %sn", ERR_reason_error_string(ERR_get_err or()));
  • 18. Echo client See sample code~
  • 19. Echo server load a server certificate SSL_CTX_use_certificate(SSL_CTX *, X509 *) SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, unsigned char *d); SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type); loading a private key SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey); SSL_CTX_use_PrivateKey_ASN1(int pk, SSL_CTX *ctx, unsigned char *d, long len); SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type); SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa); SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, unsigned char *d, long len); SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type);
  • 20. Echo server Setting up the BIO object of server side BIO *bio = BIO_new_ssl(ctx, 0); if(bio == NULL) 0 is server side, { /* Handle failure here */ 1 is client side } /* Here, ssl is an SSL* (see Part 1) */ BIO_get_ssl(bio, &ssl); SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY);
  • 21. Echo server Setting up the accept BIO abio, is the accept BIO, the one that will accept incoming connections. BIO *abio = BIO_new_accept("4422"); BIO_set_accept_bios(abio, bio);
  • 22. Echo server Now to sit and wait /* First call to set up for accepting incoming connections... */ if(BIO_do_accept(abio) <= 0) { /* Handle fail here */ } /* Second call to actually wait */ if(BIO_do_accept(abio) <= 0) { /* Handle fail here */ } /* Any other call will cause it to wait automatically */
  • 23. Echo server Popping the connection to talk BIO *out = BIO_pop(abio); if(BIO_do_handshake(out) <= 0) { /* Handle fail here */ }
  • 24. Echo server What is (secure) handshake The opening handshake on a connection starts with the client basically saying "Hello" to the server.
  • 25. Echo server The hello message -- which is what it's called in the specification SSL version number Randomly generated data Cipher settings(encryption algorithm) Anything else needed for communication
  • 26. Echo server The server responds back with its own hello message containing the server's security parameters, the same type of information as the client provided.
  • 29. Home work today implement SSL client and say hello to my SSLSever. implement SSL Server.

Notas do Editor

  1. \n
  2. \n
  3. \n
  4. \n
  5. \n
  6. \n
  7. \n
  8. \n
  9. \n
  10. \n
  11. \n
  12. \n
  13. \n
  14. \n
  15. \n
  16. \n
  17. \n
  18. \n
  19. \n
  20. \n
  21. \n
  22. \n
  23. \n
  24. \n
  25. \n
  26. \n
  27. \n
  28. \n
  29. \n