Тестирование OpenSSL
Содержание
- 1 Требования
- 2 Методика тестирования
- 2.1 Запуск программы
- 2.2 Проверка списка шифров
- 2.3 Проверка скорости работы
- 2.4 Проверка производительности сетевого соединения
- 2.5 Генерация самоподписанного сертификата
- 2.6 Проверка самоподписанного сертификата
- 2.7 Экспорт и импорт сертификата PKCS#12
- 2.8 Подключение к безопасному SMPT серверу используя STARTTLS
- 2.9 Создание дайджестов MD5 или SHA1 или SHA256
- 2.10 Шифровка и расшифровка файлов
- 2.11 Генерация ключа RSA
- 2.12 Генерация ключа DSA
- 2.13 Генерация ключа на основе эллиптических кривых (elliptic curve key)
- 2.14 Генерация хэша паролей
- 2.15 Генерация md5 хэша паролей
- 2.16 Генерация случайных данных и кодирование в base64
- 2.17 Проверка в Thunderbird
- 2.18 Проверить работу OpenVPN
Требования
- Запуск программы
- Проверка списка шифров
- Проверка скорости работы
- Проверка шифорвани/дешифрования
Методика тестирования
Запуск программы
openssl help
Будет что-то типа этого:
Standard commands asn1parse ca ciphers cms crl crl2pkcs7 dgst dh dhparam dsa dsaparam ec ecparam enc engine errstr gendh gendsa genpkey genrsa nseq ocsp passwd pkcs12 pkcs7 pkcs8 pkey pkeyparam pkeyutl prime rand req rsa rsautl s_client s_server s_time sess_id smime speed spkac srp ts verify version x509 Message Digest commands (see the `dgst' command for more details) md4 md5 mdc2 rmd160 sha sha1 Cipher commands (see the `enc' command for more details) aes-128-cbc aes-128-ecb aes-192-cbc aes-192-ecb aes-256-cbc aes-256-ecb base64 bf bf-cbc bf-cfb bf-ecb bf-ofb camellia-128-cbc camellia-128-ecb camellia-192-cbc camellia-192-ecb camellia-256-cbc camellia-256-ecb cast cast-cbc cast5-cbc cast5-cfb cast5-ecb cast5-ofb des des-cbc des-cfb des-ecb des-ede des-ede-cbc des-ede-cfb des-ede-ofb des-ede3 des-ede3-cbc des-ede3-cfb des-ede3-ofb des-ofb des3 desx rc2 rc2-40-cbc rc2-64-cbc rc2-cbc rc2-cfb rc2-ecb rc2-ofb rc4 rc4-40 seed seed-cbc seed-cfb seed-ecb seed-ofb zlib
Проверка списка шифров
openssl ciphers -v
Должен быть вывод типа этого:
ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(256) Mac=AEAD ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA384 ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA384 ECDHE-RSA-AES256-SHA SSLv3 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA1 ECDHE-ECDSA-AES256-SHA SSLv3 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA1 SRP-DSS-AES-256-CBC-SHA SSLv3 Kx=SRP Au=DSS Enc=AES(256) Mac=SHA1 SRP-RSA-AES-256-CBC-SHA SSLv3 Kx=SRP Au=RSA Enc=AES(256) Mac=SHA1 DHE-DSS-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=DSS Enc=AESGCM(256) Mac=AEAD DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(256) Mac=AEAD DHE-RSA-AES256-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(256) Mac=SHA256 DHE-DSS-AES256-SHA256 TLSv1.2 Kx=DH Au=DSS Enc=AES(256) Mac=SHA256 DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256) Mac=SHA1 DHE-DSS-AES256-SHA SSLv3 Kx=DH Au=DSS Enc=AES(256) Mac=SHA1 DHE-RSA-CAMELLIA256-SHA SSLv3 Kx=DH Au=RSA Enc=Camellia(256) Mac=SHA1 DHE-DSS-CAMELLIA256-SHA SSLv3 Kx=DH Au=DSS Enc=Camellia(256) Mac=SHA1 ECDH-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AESGCM(256) Mac=AEAD ECDH-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AESGCM(256) Mac=AEAD ECDH-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AES(256) Mac=SHA384 .... и т.д.
Проверка скорости работы
Проверка скорости всех шифров
openssl speed
Должен быть вывод типа этого:
Doing mdc2 for 3s on 16 size blocks: 3203104 mdc2's in 3.00s Doing mdc2 for 3s on 64 size blocks: 870480 mdc2's in 2.99s Doing mdc2 for 3s on 256 size blocks: 221549 mdc2's in 3.00s Doing mdc2 for 3s on 1024 size blocks: 55868 mdc2's in 3.00s Doing mdc2 for 3s on 8192 size blocks: 6989 mdc2's in 3.00s Doing md4 for 3s on 16 size blocks: 16443886 md4's in 3.00s Doing md4 for 3s on 64 size blocks: 12977338 md4's in 2.99s и т.д. в конце будет: OpenSSL 1.0.1g 7 Apr 2014 built on: Tue Apr 8 08:12:11 UTC 2014 options:bn(64,64) rc4(16x,int) des(idx,cisc,16,int) aes(partial) blowfish(idx) compiler: gcc -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -m64 -DL_ENDIAN -DTERMIO -O2 -Wa,--compress-debug-sections -gdwarf-4 -fvar-tracking-assignments -frecord-gcc-switches -Wstrict-aliasing=2 -pipe -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fstack-protector --param=ssp-buffer-size=4 -fstack-protector-all -fPIC -Wa,--noexecstack -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes md2 0.00 0.00 0.00 0.00 0.00 mdc2 17083.22k 18632.35k 18905.51k 19069.61k 19084.63k md4 87700.73k 277775.80k 666977.11k 1036371.29k 1234001.92k md5 65450.45k 195258.07k 437420.12k 633808.21k 722823.85k hmac(md5) 52915.47k 166665.45k 399380.05k 612077.23k 726097.92k sha1 75226.38k 214932.27k 467843.24k 666501.80k 790941.71k rmd160 44840.98k 109123.02k 201458.43k 257328.81k 278315.01k rc4 476106.36k 759786.49k 856876.29k 893728.77k 893610.67k des cbc 76239.62k 78657.66k 79191.38k 79768.92k 79684.32k des ede3 29658.66k 29988.91k 30131.71k 30309.72k 30362.46k idea cbc 0.00 0.00 0.00 0.00 0.00 seed cbc 84688.63k 84874.62k 84379.90k 84440.06k 84497.75k rc2 cbc 51093.28k 52310.58k 52247.38k 52355.75k 52371.46k rc5-32/12 cbc 0.00 0.00 0.00 0.00 0.00 blowfish cbc 128812.61k 141237.34k 143156.48k 144067.24k 144293.89k cast cbc 118788.45k 126648.62k 127602.09k 127636.82k 127956.31k aes-128 cbc 136747.89k 149776.55k 152540.33k 154374.14k 155165.80k aes-192 cbc 116154.55k 125157.33k 127230.55k 128775.02k 128871.08k aes-256 cbc 101846.26k 107468.86k 108819.37k 110071.78k 110354.43k camellia-128 cbc 107505.78k 162412.20k 184006.40k 190420.16k 192378.20k camellia-192 cbc 92936.50k 126664.81k 138734.85k 143406.92k 144069.97k и т.д.
Проверка скорости одного шифра используя 2 ядра
openssl speed rsa -multi 2
где rsa - метод шифрования (выбирайте любой)
где 2 - количество используемых ядер вашего процессора
Должен быть вывод типа этого:
Forked child 0 Forked child 1 +DTP:512:private:rsa:10 +DTP:512:private:rsa:10 +R1:208476:512:10.00 +DTP:512:public:rsa:10 +R1:209377:512:10.00 +DTP:512:public:rsa:10 +R2:2406972:512:10.00 +R2:2414246:512:10.00 +DTP:1024:private:rsa:10 +DTP:1024:private:rsa:10 +R1:66278:1024:10.00 и т.д. в конце: sign verify sign/s verify/s rsa 512 bits 0.000024s 0.000002s 41666.7 500000.0 rsa 1024 bits 0.000076s 0.000005s 13245.0 181818.2 rsa 2048 bits 0.000555s 0.000017s 1800.2 57142.9 rsa 4096 bits 0.004003s 0.000063s 249.8 15748.0
Проверка производительности сетевого соединения
openssl s_time -connect remote.host:443
Где remote.host - может быть любой mail сервер. Например mail.rosalab.ru или mail.google.com
Должен быть вывод типа этого c mail.rosalab.ru:
openssl s_time -connect mail.rosalab.ru:443 Вывод: No CIPHER specified Collecting connection statistics for 30 seconds tttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttt tttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttt tttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttt tttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttt tttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttt ttttttttttttttttttttttttttttttttt 543 connections in 0.99s; 548.48 connections/user sec, bytes read 0 543 connections in 31 real seconds, 0 bytes read per connection Now timing with session id reuse. starting rrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr rrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr rrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr rrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr rrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr rrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr 1267 connections in 0.48s; 2639.58 connections/user sec, bytes read 0 1267 connections in 31 real seconds, 0 bytes read per connection
Аналогично протестируем , только используя SSLv3 и сильное шифрование.
openssl s_time -connect mail.rosalab.ru:443 -ssl3 -cipher HIGH
Вывод будет примерно таким:
Collecting connection statistics for 30 seconds 3333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333 3333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333 3333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333 3333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333 3333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333 33333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333 646 connections in 1.01s; 639.60 connections/user sec, bytes read 0 646 connections in 31 real seconds, 0 bytes read per connection Now timing with session id reuse. starting rrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr rrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr rrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr rrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr rrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr rrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr rrrrrrrrrrrrrrrrrr 1371 connections in 0.28s; 4896.43 connections/user sec, bytes read 0 1371 connections in 31 real seconds, 0 bytes read per connection
Генерация самоподписанного сертификата
openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout mykey.pem -out mycert.pem
Надо будет ответить на несколько вопросов.
Должен быть вывод типа этого:
Generating a 1024 bit RSA private key ....................................................++++++ ................................................................++++++ writing new private key to 'mykey.pem' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:ru State or Province Name (full name) [Default Province]: Locality Name (eg, city) [Default City]: Organization Name (eg, company) [Default Company Ltd]:MyHome Organizational Unit Name (eg, section) []:HomeMy Common Name (e.g. server FQDN or YOUR name) []:DiDiDi Email Address []:pppppppppprrrrrrr@gmail.com
Проверка самоподписанного сертификата
openssl x509 -text -in mycert.pem
Должен быть вывод типа этого:
Certificate: Data: Version: 3 (0x2) Serial Number: 10238835739306285545 (0x8e17a6db72ecd9e9) Signature Algorithm: sha1WithRSAEncryption Issuer: C=ru, ST=Default Province, L=Default City, O=MyHome, OU=HomeMy, CN=DiDi/emailAddress=pppppppppp@gmail.com Validity Not Before: Apr 8 20:31:15 2014 GMT Not After : Apr 8 20:31:15 2015 GMT Subject: C=ru, ST=Default Province, L=Default City, O=MyHome, OU=HomeMy, CN=DiDi/emailAddress=pppppppppp@gmail.com Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (1024 bit) Modulus: 00:c3:c0:59:e8:9e:1c:67:c5:75:26:1c:57:db:ba: a1:b7:f4:8e:a0:88:db:3d:0c:c8:cb:39:57:6b:01: 89:b1:38:fa:84:e1:5a:fe:c1:d0:b8:c0:dd:b8:21: c9:f3:b2:6a:aa:6c:d9:04:8b:fb:ff:7c:8d:d7:17: 2a:62:3c:8d:a6:70:4d:20:31:41:05:6e:61:f9:fc: c6:b3:5d:97:37:72:e9:f7:22:1a:19:4e:11:07:db: 15:e8:53:43:7b:04:36:b9:26:87:13:fe:82:a8:bc: b2:37:26:07:72:e5:0f:21:a0:03:32:4b:9f:dd:5b: be:34:ea:15:36:da:28:59:3d Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: 68:D5:A7:CC:79:2A:9B:15:49:DF:9D:E3:5A:C0:55:C4:7B:F3:8B:BB X509v3 Authority Key Identifier: keyid:68:D5:A7:CC:79:2A:9B:15:49:DF:9D:E3:5A:C0:55:C4:7B:F3:8B:BB X509v3 Basic Constraints: CA:TRUE Signature Algorithm: sha1WithRSAEncryption 6d:c8:8e:a0:8c:06:72:7a:7c:43:ee:d0:93:0f:99:fd:6a:62: 4b:0d:59:50:7f:a6:58:93:c6:66:62:89:10:89:7b:0b:e7:e2: c5:ac:40:01:29:57:b4:d5:c7:c3:a6:89:ad:28:0b:fd:e4:5f: cb:0c:78:6e:65:31:ef:ab:f3:8d:17:8d:f4:35:40:b5:1c:4a: cf:01:3f:a1:3d:cd:83:06:f9:35:6f:c9:a1:7a:92:3b:5f:bc: 45:12:4f:d1:c9:1c:af:2f:e9:58:54:a5:a0:f2:cc:44:8a:73: ee:18:4d:fe:0a:c2:87:ca:ef:1e:8b:93:43:0c:34:5a:6d:dd: 41:46 -----BEGIN CERTIFICATE----- MIIC+jCCAmOgAwIBAgIJAI4Xptty7NnpMA0GCSqGSIb3DQEBBQUAMIGVMQswCQYD VQQGEwJydTEZMBcGA1UECAwQRGVmYXVsdCBQcm92aW5jZTEVMBMGA1UEBwwMRGVm YXVsdCBDaXR5MQ8wDQYDVQQKDAZNeUhvbWUxDzANBgNVBAsMBkhvbWVNeTENMAsG A1UEAwwERGlEaTEjMCEGCSqGSIb3DQEJARYUcHBwcHBwcHBwcEBnbWFpbC5jb20w и т.д. .......
Экспорт и импорт сертификата PKCS#12
openssl pkcs12 -export -out mycert.pfx -in mycert.pem -inkey mykey.pem -name "My Certificate"
Надо будет ввести любой пароль (придумать).
Должен быть вывод типа этого:
# openssl pkcs12 -export -out mycert.pfx -in mycert.pem -inkey mykey.pem -name "My Certificate" Enter Export Password: Verifying - Enter Export Password:
У вас должен появится файл mycert.pfx.
Чтобы импортировать сертификат PKCS#12 сделаем следующее:
openssl pkcs12 -in mycert.pfx -out mycert1.pem
надо будет ввести пароль, созданный при экспроте.
Примерный вывод будет таким:
# openssl pkcs12 -in mycert.pfx -out mycert1.pem Enter Import Password: MAC verified OK Enter PEM pass phrase:
Подключение к безопасному SMPT серверу используя STARTTLS
openssl s_client -connect remote.host:567 -starttls smtp
где remote.host - любой mail сервер, например mail.rosalab.ru
Должен быть вывод типа этого с mail.rosalab.ru:
CONNECTED(00000003) depth=0 C = US, ST = N/A, O = Zimbra Collaboration Suite, OU = Zimbra Collaboration Suite, CN = collab.rosalab.ru verify error:num=20:unable to get local issuer certificate verify return:1 depth=0 C = US, ST = N/A, O = Zimbra Collaboration Suite, OU = Zimbra Collaboration Suite, CN = collab.rosalab.ru verify error:num=27:certificate not trusted verify return:1 depth=0 C = US, ST = N/A, O = Zimbra Collaboration Suite, OU = Zimbra Collaboration Suite, CN = collab.rosalab.ru verify error:num=21:unable to verify the first certificate verify return:1 --- Certificate chain 0 s:/C=US/ST=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=collab.rosalab.ru i:/C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=collab.rosalab.ru --- Server certificate -----BEGIN CERTIFICATE----- MIICpjCCAg+gAwIBAgIFE4BweZEwDQYJKoZIhvcNAQEEBQAwgY8xCzAJBgNVBAYT AlVTMQwwCgYDVQQIEwNOL0ExDDAKBgNVBAcTA04vQTEjMCEGA1UEChMaWmltYnJh IENvbGxhYm9yYXRpb24gU3VpdGUxIzAhBgNVBAsTGlppbWJyYSBDb2xsYWJvcmF0 aW9uIFN1aXRlMRowGAYDVQQDExFjb2xsYWIucm9zYWxhYi5ydTAeFw0xMzEwMDIw ... и т.д. Dpsl8xnVenm6HyAwiRI8jo2D88FbS8VeH3sZhSswpIR/lurSIqqMCwGTa/ul40PY fg1grCuF5YqmVw== -----END CERTIFICATE----- subject=/C=US/ST=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=collab.rosalab.ru issuer=/C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=collab.rosalab.ru --- No client certificate CA names sent --- SSL handshake has read 1607 bytes and written 750 bytes --- New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA Server public key is 1024 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1 Cipher : DHE-RSA-AES256-SHA Session-ID: 71A7623DBD916ED0BA0F8997........и т.д....9D9133B29BE7C6BAF6BD1B7 Session-ID-ctx: Master-Key: 48BFFCF6FBFE3C53BFE51C818B6E43F17CB5.........и т.д....67104648A4DCF4745A7B98FAB8FE546396F04D Key-Arg : None PSK identity: None PSK identity hint: None SRP username: None TLS session ticket: 0000 - df 8e 52 79 84 a8 11 d7-6a 15 fc 76 34 29 ea d3 ..Ry....j..v4).. 0010 - 6a f6 88 08 46 ae 4f c4-33 34 a1 f1 1b 43 0c 8f j...F.O.34...C.. 0020 - 31 20 fd a7 f7 11 46 a1-c8 83 37 91 2c d6 61 ff 1 ....F...7.,.a. 0030 - 2e b4 d4 26 56 2a 2d 9b-b0 2e 7f d3 11 50 b8 f1 ...&V*-......P.. ... и т.д. 0070 - aa 1c 93 23 3f e7 da c4-fb 06 0e d4 f5 47 0f cd ...#?........G.. 0080 - 58 bf 95 c1 49 5e 3d 20-92 11 0a a0 e9 9c df e4 X...I^= ........ 0090 - 9f 8c a3 65 72 59 5e 02-ba c2 84 ef eb 83 03 27 ...erY^........' Start Time: 1396990390 Timeout : 300 (sec) Verify return code: 21 (unable to verify the first certificate) --- 250 DSN
Создание дайджестов MD5 или SHA1 или SHA256
Дайджесты md5 аналогичны программе md5sum
openssl dgst -md5 filename
где filename - имя вайла любого.
Должен быть вывод типа этого:
# openssl dgst -md5 ./111.ps MD5(./111.ps)= 99b0a50e616cefe34e3638428f3635ac
Для sha1 пишем вместо md5 - sha1. Для sha256 пишем sha256.
Должен быть вывод типа этого:
# openssl dgst -sha1 ./111.ps SHA1(./111.ps)= f02a4fbb6afbf2b96e47bdf984bcf8433aae6bc5 # openssl dgst -sha256 ./111.ps SHA256(./111.ps)= 64fc3a952f756c04c53e5f10bcfe458649aa2b5c5f5242d82f55f71402b7434a
Шифровка и расшифровка файлов
Шифрование файла на примере использования метода aes-256-cbc
openssl enc -aes-256-cbc -salt -in file.txt -out file.txt.enc
где file.txt - входящий, шифруемый файл
где file.txt.enc - полученный зашифрованный новый файл
Должен быть вывод типа этого:
# openssl enc -aes-256-cbc -salt -in ./111.ps -out ./111.ps.enc enter aes-256-cbc encryption password: Verifying - enter aes-256-cbc encryption password:
Расшифровка нашего файла:
openssl enc -d -aes-256-cbc -in file.txt.enc -out file.txt
openssl enc -d -aes-256-cbc -in ./111.ps.enc -out ./111-1.ps enter aes-256-cbc decryption password:
Генерация ключа RSA
openssl genrsa -out mykey-rsa.pem 1024
В примере генерируем ключ RSA длиной 1024 бита.
Должен быть вывод типа этого:
# openssl genrsa -out mykey-rsa.pem 1024 Generating RSA private key, 1024 bit long modulus .++++++ .....................................++++++ e is 65537 (0x10001)
Генерация ключа DSA
openssl dsaparam -noout -out mydsakey.pem -genkey 1024
Должен быть вывод типа этого:
# openssl dsaparam -noout -out mykey-dsa.pem -genkey 1024 Generating DSA parameters, 1024 bit long prime This could take some time .....................................................+..+.................+........+...+...........+..+..+.......+.+..+....+++++++++++++++++++++++++++++++++++++++++++++++++++* ......+........+.........+++++++++++++++++++++++++++++++++++++++++++++++++++*
Генерация ключа на основе эллиптических кривых (elliptic curve key)
openssl ecparam -out mykey-es.pem -name prime256v1 -genkey
Генерация хэша паролей
openssl passwd MyPassw
Должен быть вывод типа этого:
# openssl passwd MyPassw GevppLNoluuCw
Генерация md5 хэша паролей
openssl passwd -1 MyPassw
Должен быть вывод типа этого:
# openssl passwd -1 MyPassw $1$ihJC0F0V$I5yhW1cj.XfGZt2fLssyi/
Генерация случайных данных и кодирование в base64
Выдаем 128 случайных байт на консоль и кодируем в base64
openssl rand -base64 128
Должен быть вывод типа этого:
# openssl rand -base64 128 24h9qWQfrjfUzzwvz0XheASG+gRif/I5fwY0oIZXXDHEorqZmePAwRZjssk+Cn8R GRUVExysZuA95lXb605VAxLjL0gYXy15hi23KiGoCJ23a3UxD52k8wLf/B1zjeNq lnbSvbe763I8o+pXn4TPOdLtzjaAq+ZbJS9olrx2b1E=
Запись сулчайных 1024 байта в файл и кодирование base64
Должен быть вывод типа этого:
openssl rand -out random-data.bin -base64 1024 Смотрим файлик: # cat ./random-data.bin 7+pVjg1QEOHb5BH/8L3b0b6cka0WrKp26qpCulrpIRSm7XHaCyGo+QDDHJxhQDYk 8vC/qP8WNQ+RNjk5aKVr6f5NAFGIPZVsBnB65mE3OICPxzUT/jAoHwNKLu4JKQrI 7umof+eCkYFAqww6mZb9hufBRcgf/WD1ud+Vyz1iDK04R36gvGkpt43kxjmAwim/ 8teorcVEIcYyCfAmCtAGyrz0TMxCFLz61eKLunYMu1wAODXaJfhg4zOC7Hbjo9Lk jsxCIWxHCjOCF1WEyj+fr2+HMnoBLV1ResZhqIEKtqbwQ3mMt+WTgN1fnRJ/1MCf UN77sgdEEFSsY5ErwVHzD9+yaNz6CstwiW7OvNJNjbyZwacYK6eUhplQ32+hAqgZ xvxmTd2+nGHzm6G5keVKtzxqDuIWlyp38YMMXaxf5A/Cteo52rkMBMPAfF9deIb/ xzfpy0bIHVfhfKjBdIKFsjfdiQIIDqSL1OOKtEEMN1KTRhz0PqoEVskIeo+pl4NZ wEAdI+deyxduy/BJPDgcGGHxvmEZi8r035WK67EyP5iF2XlfBeaxdMpRJc3rfELi h6AbcTGlMTCY5pmFJFA6rwsmstZ7sFyVB9dW8XuQ0TmVXEGtGLOfBsnmxXkubl15 hT5/Ky8HU9VkWe26+A3mkQj07iNemouQlCPTtzxdC4j6fKH0cKjYFewMYh6Lcp/c SukZX+mHVnlkf8c3E24CKL5m2UXO5isZU0mvCCaJRA+oZBbEKjoR8CzQJBsvPqG8 GwGiqNRnYcjvuqY11XeYZk7Bh/qBVOmkIBpeZjTljyFKoypLbweAG9FdE7G1ORJ4 b9x4k6pOMAmRnXwj+/6qH9+4muHY89bHYowh7HG8SYHEBpMBxvgqqasQFWofYFlS ygUSEgopnqbsBlrpgHIyCXQnqwjKPw3/SmRaHNyjq37iT5sIcj74tIwVXGDNaPg3 Dlra5AaOWwZnLWgpfRj4IdKZ3hnnFQSjovkT9BxiJxbkkcZmlMpwzAxPBDiZsrnE HXtLP2rO46o3wDgueeO0XAjDLTiZnnQkYI747rIJL7ZJen0FpW+MzJAU7O5XQBIa jnXXClbqzgxX1zYllnQLwGsB5TL3p+dNPZkyU8OOUAMZyv4Hp8QVQJ6TV2y8nzub MhSkpzm3kVySc/P0vlzbNaCiaRuB8SAF9KYxrp5JNK3866omwDLuAQzMncWh1qlH V9TatskQvq8NXC0/Q9qM5Rk1F+BIzU4o0TsWfH3hWus5ln4wcIUxvtkO29De36MS phvZlzfM3H+ZjZAAeE1sHLG6waSAm68+ADd5w1tBO6aOGjCMdtW6e4O5e88mbE9a D73/DsQSVJqh3KoXDjddpg==
Проверка в Thunderbird
Запустить Thunderbird. И соединится с серверами по разными методами шифрования.
Так же отправить и получить различные файлы. Прсомотреть сырой код писем с аттачами.
Проверить работу OpenVPN
Если есть такая возможность, то проверить работу с OpenVPN