Tuesday, November 3, 2009

Chapter 7: The OpenSSL Library











Chapter 7: The OpenSSL Library



Overview




























URL:




http://www.openssl.org



Primary authors:



Various;originally Eric Young and Tim Hudson



Component type:



C language library, cryptography toolkit including SSL and TLS



License:



OpenSSL, SSLeay



Version profiled:



0.9.7



Dependencies:



None




The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, fully featured, and Open-Source toolkit implementing the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols as well as a full-strength, general-purpose cryptography (crypto) library. A worldwide community of volunteers that use the Internet to communicate, plan, and develop the OpenSSL toolkit and its related documentation manage the project. OpenSSL's functionality breaks down into two libraries: the SSL/TLS library (libssl.a) and the crypto library (libcrypto.a).


Developers most often use the SSL/TLS library, implementing versions 2 and 3 of SSL and version 1 of TLS, to build secure Web transactions via the https protocol. OpenSSL provides a wide range of functionality, including the following:




  • SSL/TLS protocols




  • Symmetric cryptographic operations (ciphers, message digests)




  • Asymmetric cryptographic operations (digital signatures, enveloping)





  • Public Key Infrastructure (PKI), including OCSP, rich X509 certificate support, certificate verification, certificate requests, and CRLs




Due to the overwhelming size of scope of the SSL/TLS library (more than 200 exported functions), this chapter only focuses on the EVP interface of the crypto library. The crypto library is itself large and includes support for ASN.l, PRNG, big numbers, elliptical curves, and more—none of which we will cover in depth here.


The crypto library is extremely useful for building cryptography into applications, and mainstay tools such as ssh, sshd, and isakmpd use it. It offers a wide array of cryptographic functionality in the following key areas:




  • Symmetric ciphers via the EVP_Cipher () interface




  • Asymmetric ciphers via the EVP_Seal () and EVP_Open () interfaces




  • Authentication and hashing via the EVP_Digest() interface




  • Digital signatures via the EVP_Sign () and EVP_Verify () interfaces





Table 7.1 summarizes the supported algorithms that the crypto library supports.







































































Table 7.1: OpenSSL crypto Library Supported Algorithms

SYMMETRIC CIPHERS



ASYMMETRIC CIPHERS



MESSAGE DIGESTS





Blowfish



DSA



HMAC





CAST



DH



MD2





DES



RSA



MD4





IDEA


 

MD5





RC2


 

MPC2





RC4


 

RIPEMD





RC5


 

SHA




  

SHA1












Note 

It is important to note that OpenSSL implements strong cryptography and is therefore subject to import and export restrictions in certain parts of the world, such as those specified by the International Traffic in Aims Regulations (ITAR) restrictions in the United States.
















Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)