Network Security with OpenSSL By Pravir Chandra, Matt Messier, John Viega Publisher : O'Reilly Pub Date : June 2002 ISBN : 0-596-00270-X Table of Pages : 384 Contents OpenSSL is a popular and effective open source version of SSL/TLS, the most widely used protocol for secure network communications. The only guide available on the subject, Network Security with OpenSSLdetails the challenges in securing network communications, and shows you how to use OpenSSL tools to best meet those challenges. Focused on the practical, this book provides only the information that is necessary to use OpenSSL safely and effectively. Y L F M A E T Team-Fly® Table of Content Table of Content......................................................................................................ii Dedication.............................................................................................................vi Preface....................................................................................................................vii About This Book .............................................................................................. viii Conventions Used in This Book........................................................................x Comments and Questions ................................................................................xi Acknowledgments..............................................................................................xi Chapter 1. Introduction...........................................................................................1 1.1 Cryptography for the Rest of Us.................................................................1 1.2 Overview of SSL...........................................................................................8 1.3 Problems with SSL.....................................................................................10 1.4 What SSL Doesn't Do Well .......................................................................16 1.5 OpenSSL Basics.........................................................................................17 1.6 Securing Third-Party Software .................................................................18 Chapter 2. Command-Line Interface..................................................................23 2.1 The Basics...................................................................................................23 2.2 Message Digest Algorithms ......................................................................25 2.3 Symmetric Ciphers.....................................................................................27 2.4 Public Key Cryptography...........................................................................28 2.5 S/MIME.........................................................................................................32 2.6 Passwords and Passphrases ...................................................................33 2.7 Seeding the Pseudorandom Number Generator...................................35 Chapter 3. Public Key Infrastructure (PKI)........................................................37 3.1 Certificates...................................................................................................37 3.2 Obtaining a Certificate ...............................................................................44 3.3 Setting Up a Certification Authority..........................................................47 Chapter 4. Support Infrastructure.......................................................................60 4.1 Multithread Support....................................................................................60 4.2 Internal Error Handling...............................................................................66 4.3 Abstract Input/Output.................................................................................70 4.4 Random Number Generation ...................................................................80 4.5 Arbitrary Precision Math ............................................................................85 4.6 Using Engines.............................................................................................91 Chapter 5. SSL/TLS Programming.....................................................................93 5.1 Programming with SSL..............................................................................93 5.2 Advanced Programming with SSL.........................................................125 Chapter 6. Symmetric Cryptography................................................................143 6.1 Concepts in Symmetric Cryptography...................................................143 6.2 Encrypting with the EVP API ..................................................................145 6.3 General Recommendations ....................................................................161 Chapter 7. Hashes and MACs ..........................................................................162 7.1 Overview of Hashes and MACs .............................................................162 7.2 Hashing with the EVP API.......................................................................163 7.3 Using MACs...............................................................................................168 7.4 Secure HTTP Cookies.............................................................................179 Chapter 8. Public Key Algorithms.....................................................................184 ii 8.1 When to Use Public Key Cryptography.................................................184 8.2 Diffie-Hellman............................................................................................185 8.2 Diffie-Hellman............................................................................................190 8.3 Digital Signature Algorithm (DSA)..........................................................195 8.4 RSA.............................................................................................................200 8.5 The EVP Public Key Interface ................................................................205 8.6 Encoding and Decoding Objects............................................................213 Chapter 9. OpenSSL in Other Languages ......................................................220 9.1 Net::SSLeay for Perl ................................................................................220 9.2 M2Crypto for Python ................................................................................225 9.3 OpenSSL Support in PHP.......................................................................233 Chapter 10. Advanced Programming Topics..................................................241 10.1 Object Stacks..........................................................................................241 10.2 Configuration Files .................................................................................242 10.3 X.509 ........................................................................................................245 10.4 PKCS#7 and S/MIME ............................................................................259 10.5 PKCS#12.................................................................................................268 Appendix A. Command-Line Reference..........................................................270 asn1parse............................................................................................................270 ca........................................................................................................................271 ciphers................................................................................................................277 crl .......................................................................................................................277 crl2pkcs7............................................................................................................279 dgst.....................................................................................................................280 dhparam..............................................................................................................281 dsa ......................................................................................................................282 dsaparam ............................................................................................................284 enc......................................................................................................................285 errstr ...................................................................................................................287 gendsa ................................................................................................................287 genrsa .................................................................................................................288 nseq ....................................................................................................................289 passwd................................................................................................................289 pkcs7 ..................................................................................................................290 pkcs8 ..................................................................................................................291 pkcs12 ................................................................................................................293