OpenSSL is a kind of software library which finds its applications in various fields to ensure the security of communications over the network of Internet. Therefore, it protects the useful information from getting eavesdropped by any third-party involvement or malicious use. OpenSSL is used widely by the networks worldwide to ensure the safety of the information over various websites.
In other words, OpenSSL enc is, basically an implementation of the open-source kind of the TLS and the SSL protocols. OpenSSL is defined as the open-source cryptography library wherein the core library is written using the C programming language and is, therefore, used for the implementation of the cryptographic functions.
How OpenSSL Came into Light?
The OpenSSL project which was aimed at the invention of the set of encryption tools for free to be used on the Internet, came into existence in 1998. It was founded on the foundation laid by Eric Andrew Young and Tim Hudson. Its formulation was then carried forward by another project management team among which Stephen Henson is the lead developer.
In today’s time, the OpenSSL enc is present globally on the server end and has several client tools. For the testing and the certificate management of this system, command-line tools are also being used. The browsers which initially used the traditional libraries are also changing as Google is going to migrate Chrome onto its own OpenSSL enc which would be known as the ‘BoringSSL’. The OpenSSL enc has been provided dual-license under SSLeay and OpenSSL licenses.
Getting Started with OpenSSL enc
It will be quite easy to start with OpenSSL enc if you are working on the Unix platforms as OpenSSL comes virtually inbuilt within the Unix system. However, it is imperative to have the latest version to ensure the proper functioning. For the Windows users, they have to download the binaries which might get complicated. For instance, if someone needs the OpenSSL for just the command-line utilities, the main page of the OpenSSL provides the links to the ‘Shining Light Productions’ to offer the Windows binaries. It is also important to be careful while downloading or using the binaries such that they are not mixed together. Otherwise, this might result in the system crash. To ensure that best approach is by using a single bundle of programs which might include everything needed by you.
Determination of the OpenSSL Configuration and Version
Before beginning to work on anything, it is important to analyze the version of the OpenSSL enc that is being used. For instance, for the version information ‘openssl version’ for the Ubuntu 12.04 LTS, the command should be:
$ openssl version
OpenSSL 1.0.1 12 Dec 2016
When the user is writing this command, there is transition taking place from OpenSSL 0.9.x to OpenSSL 1.0.x. the version 1.0.1 is the first version which supports TLS 1.1 and TLS 1.2. Therefore, is holds immense significance.
How to Build OpenSSL?
Many users must be using the supplied version of OpenSSL enc, yet these must be upgraded. For instance, your system could get stuck with OpenSSL 0.9.x not in support of the new version of the TLS and will not have the right features needed for your use. Hence, it becomes necessary to download the latest version of the OpenSSL enc which can be done by following the link:
$ wget http://www.openssl.org/source/openssl-1.0.1p.tar.gz
The nest step involves the configuration of the OpenSSL enc before compiling it.
Examining the Available Commands
OpenSSL is basically a cryptographic toolkit which comprises of several utilities. The various standard commands of OpenSSL includes the following:
- asn1parse
- crl
- ecparam
- enc
- ca
- ciphers
- cms
- dh
- ec
- speed
- verify
- ts
- prime
- gendsa
- gendh
- dhparam
- version
- engine
- dsparam
- passwd
- pkey
- smime
- genrsa
- srp
- nseq
- spkac
There are several more commands to be used with OpenSSL. If one wishes to get more information in relation to a particular utility, the ‘man’ command can be used which needs to be followed by the name of the particular utility. For instance, ‘man enc’ would give the detailed information about the OpenSSL enc suites configuration and usage.
How to Build a Trust Store?
OpenSSL does not include any valid trust store certificates which are known as the ‘trust store’ and thus if you are downloading the OpenSSL enc from somewhere, the certificate needs to be found from somewhere else. One way through which it can be achieved is by using the trust store which is in-built to one’s own operating system. However, one demerit offered by this technique is that the in-built trust stores are not always up to date. For a better option, you can try using the Mozilla which has the presence of a robust trust store. Mozilla has the trust store in its source code storage including:
Key and Certificate Management of the OpenSSL
Many users make use of the OpenSSL enc such that they can configure and run a web server which would support SSL. The process consists of these steps:·
- Generation of a private key which is quite strong.
- Creation of the CSR (Certificate Signing Request) and then, sending it to the CA·
- Installation of the CA-provided certificate onto the web server.
Generation of the Key
The primary step in the preparation of the use of the public encryption is the generation of the private key. This includes taking into consideration the following parameters:·
- Key algorithm: OpenSSL enc supports DSA, RSA and ECDSA. For the web servers, everyone can make use of the RSA as the DSA is limited to 1,024 bits and the ECDSA keys are still to be supported by the CAs. ·
- Key size: The default size of the keys might be insecure. Therefore, it is recommended to set the configurations of the key size in an explicit manner. ·
- Passphrase: It’s use is optional, however greatly recommended.