•  Print this page
    Print this page

OpenSSL
 
 
The OpenSSL Project has developed a open source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security TLS (v1) protocols as well as a full-strength general purpose cryptography library.

OpenSSL is based on the SSLeay library developed by Eric A. Young and Tim J. Hudson. The OpenSSL toolkit is licensed under an Apache-style licence, which basically means that you are free to get and use it for commercial and non-commercial purposes subject to some simple license conditions.

The OpenSSL toolkit can be used to generate the keys that a web server (e.g. Apache) needs to encrypt the data sent between the client (browser) and the web server.
A simple overview of this process can be found here below:
  • A client browser connects to the Apache HTTP server via a Web request.

  • The browser asks to start a secure session with the server.

  • The server returns the site's certificate (= mobilefish.com_cert.pem) which also includes the server public key.

  • The browser analyzes the certificate and informs the user about its validity (e.g., was it issued by a recognized, trusted certificate authority?).

  • The browser creates a session key, which is encrypted with the server's public key, which is then sent to the server. This public or asymmetric key is generally 1024 bits. Much stronger public keys of 2048 bits could be provided but, perhaps for performance reasons, these are not in general use.

  • The server then decrypts this information using its private key (mobilefish.com_key.pem).

  • Both the browser and the server now are using the same session key. This is a symmetric key used to encrypt and decrypt data exchanged by the browser and server. Browsers and servers usually negotiate the strongest mutually supported session. This means that if the user's browser and your Web server both support 128-bit SSL sessions, a 128-bit session is established. If the user's browser only supports 40-bit SSL sessions, then a 40-bit session is established even if your Web server supports 128-bit sessions.

More information about the OpenSSL Project can be found at:
http://www.openssl.org

The latest OpenSSL version (no binary distributions) can be downloaded from:
http://www.openssl.org/source/

Links to OpenSSL binary distributions can be found at:
http://www.openssl.org/related/binaries.html

Quick guides







Cryptography abbreviations



AbbreviationDescription
AES Advanced Encryption Standard.
Is a private key algorithm and is also known as the Rijndael algorithm. It is a 128-bit block cipher with key lengths of 128, 192, or 256 bits.
ASN.1 Abstract Syntax Notation One

Abstract Syntax Notation One (ASN.1) defines the syntax of information data. It defines a number of simple data types and specifies a notation for referencing these types and for specifying values of these types. The ASN.1 notations can be applied whenever it is necessary to define the abstract syntax of information without constraining in any way how the information is encoded for transmission.
BER Basic Encoding Rules

BER is one of the many ASN.1 encoding rules. These are sets of rules used to transform data specified in the ASN.1 language into a standard format that can be decoded on any system that has a decoder based on the same set of rules. Different encoding rules can be applied to a given ASN.1 definition. The choice of encoding rules used is an option of the protocol designer.

The ASN.1 encoding rules currently standardized are:
  • Basic Encoding Rules (BER)
  • Distinguished Encoding Rules (DER)
  • Canonical Encoding Rules (CER)
  • Packed Encoding Rules (PER)
  • XML Encoding Rules (XER)
  • Extended XML Encoding Rules (E-XER)
Blowfish Is a private key algorithm.
Is a block cipher with variable key lengths from 32 to 448 bits (in multiples of 8).
CA Certification Authority.
CER Canonical Encoding Rules

CER is a specialized form of BER that is similar to DER, but is meant for use with messages so huge that it is easiest to start encoding them before their entire value is fully available. CER is rarely used, as the industry has locked onto DER as the preferred means of encoding values for use in secure exchanges.

See BER for more information.
CertPath API Java Certification Path API
CRL Certificate Revocation List.
CRR Certificate Revocation Request.
CSR Certificate Signing Request.
DCA Deligate Certificate Authority.
DER Distinguished Encoding Rules.

DER is a specialized form of BER that is used in security-conscious applications.

See BER for more information.
DES Data Encryption Standard

Is a private key algorithm. It is a 56-bit block cipher.
DESede Is a private key algorithm.
DESede runs the plaintext through the DES algorithm three times, with two keys, giving an effective key strength of 112 bits. DESede is sometimes known as TripleDES: Triple DES Encryption.
DH See Diffie-Hellman
Diffie-Hellman Asymmetric Key Algorithm
DSA Digital Signature Algorithm

Can be used for digital signatures, but not for encryption of the message itself.
ICE Interworking Public Key Certification Infrastructure for Europe
IDEA International Data Encryption Algorthm
JAAS Java Authentication and Authorization Service
JCA Java Cryptographic Architecture

JCA is the basic cryptographic architecture in Java.
J2SE 1.4 includes a reference implementation of JCA along with a default JCE provider from Sun. JCA includes Java classes for digital signature, message digest and other associated services.
JCE Java Cryptography Extension

It is a set of packages that provide a framework and implementations for encryption, decryption, key generation and agreement, and Message Authentication Code (MAC) algorithms.
JGSS Java General Security Service
JSSE Java Secure Sockets Extension.

The Java Secure Socket Extension (JSSE) is a set of Java packages that enable secure Internet communications. It implements a Java version of SSL (Secure Sockets Layer) and TLS (Transport Layer Security) protocols and includes functionality for data encryption, server authentication, message integrity, and optional client authentication.

JSSE 1.0.3_xx is an optional package for use with J2SE 1.3.1. JSSE has been integrated into J2SE 1.4.x
HMAC Hashed Message Authentication Code
MAC Message Authentication Code
MD2, MD5 Message Digest
PBE Password Based Encryption

It is a private key algorithm used in combination with a variety of message digest and private key algorithms.
PEM Privacy Enhanced Mail

PEM is specified in IETF RFCs 1421-1424.
Those documents can be found at www.ietf.org
The PEM format is often used for encoding certificates and keys in ASCII.
PFX Personal Information Exchange

All Windows operating systems define the extensions .pfx and .p12 as Personal Information Exchange, or PKCS #12, file types.
PGP Pretty Good Privacy
PKCS Public Key Cryptography Standards

The PKCS standards are issued by RSA and can be found at: http://www.rsasecurity.com/rsalabs
  • PKCS #1: RSA Cryptography Standard
  • PKCS #3: Diffie-Hellman Key Agreement Standard
  • PKCS #5: Password-Based Cryptography Standard
  • PKCS #6: Extended-Certificate Syntax Standard
  • PKCS #7: Cryptographic Message Syntax Standard
  • PKCS #8: Private-Key Information Syntax Standard
  • PKCS #9: Selected Attribute Types
  • PKCS #10: Certification Request Syntax Standard
  • PKCS #11: Cryptographic Token Interface Standard
  • PKCS #12: Personal Information Exchange Syntax Standard
  • PKCS #13: Elliptic Curve Cryptography Standard
  • PKCS #15: Cryptographic Token Information Format Standard
PKE Public key encryption

Public key encryption (PKE) uses a system of two keys:
  • a private key, which only you use (and of course protect with a well-chosen, carefully protected passphrase); and
  • a public key, which other people use. Public keys are often stored on public key servers.
PKI Public-Key Infrastructure
PKIX Public-Key Infrastructure on X.509 basis
PRNG Pseudo Random Number Generator

SHA1PRNG is an implementation of the PRNG algorithm.
PVK Microsoft private key

PVK is a Microsoft specific file format and is used to store private keys for code signing in various Microsoft products.
RC2, RC4, RC5 It is a private key algorithm from the company RSA Security.
RSA Named after the initial letters of its three inventors: Ron Rivest, Fiat Shamir, Leonard Adleman)
Is a asymmetric key algorithm.
SHA Secure Hash Algorithm
S/MIME Secure/Multipurpose Internet Mail Extentions
SSL Secure Sockets Layer
TripleDES See DESede.
TSP Time Stamp Protocol API
X.509 X509 format - defined by the IETF (Internet Engineering Task Force).
It binds a public key to a name and can be shared with other public key-based software e.g. Netscape, Internet Explorer. Often used for digitally signed certificates.

More information can be found at: http://www.ietf.org/rfc/rfc3280.txt