Preface

• Who this book is for
• What this book covers
• To get the most out of this book
• Download the example code files
• Download the color images
• Conventions used
• Get in touch
• Share Your Thoughts

1. Part 1: Introduction

2. Chapter 1: OpenSSL and Other SSL/TLS Libraries FREE CHAPTER

• What is OpenSSL?
• The history of OpenSSL
• What’s new in OpenSSL 3.0?
• Comparing OpenSSL with GnuTLS
• Comparing OpenSSL with NSS
• Comparing OpenSSL with Botan
• Comparing OpenSSL with lightweight TLS libraries
• Comparing OpenSSL with LibreSSL
• Comparing OpenSSL with BoringSSL
• Summary

3. Part 2: Symmetric Cryptography

4. Chapter 2: Symmetric Encryption and Decryption

• Technical requirements
• Understanding symmetric encryption
• An overview of the symmetric ciphers supported by OpenSSL
• Block cipher modes of operation
• Padding for block ciphers
• How to generate a symmetric encryption key
• Downloading and installing OpenSSL
• How to encrypt and decrypt with AES on the command line
• Initializing and uninitializing OpenSSL library
• How to compile and link with OpenSSL
• How to encrypt with AES programmatically
• How to decrypt with AES programmatically
• Summary

5. Chapter 3: Message Digests

• Technical requirements
• What are message digests and cryptographic hash functions?
• Why are message digests needed?
• Assessing the security of cryptographic hash functions
• Overview of the cryptographic hash functions supported by OpenSSL
• How to calculate a message digest on the command line
• How to calculate the message digest programmatically
• Summary

6. Chapter 4: MAC and HMAC

• Technical requirements
• What is a MAC?
• Understanding MAC function security
• HMAC – a hash-based MAC
• MAC, encryption, and the Cryptographic Doom Principle
• How to calculate HMAC on the command line
• How to calculate HMAC programmatically
• Summary

7. Chapter 5: Derivation of an Encryption Key from a Password

• Technical requirements
• Understanding the differences between a password and an encryption key
• What is a key derivation function?
• Overview of key derivation functions supported by OpenSSL
• Deriving a key from a password on the command line
• Deriving a key from a password programmatically
• Summary

8. Part 3: Asymmetric Cryptography and Certificates

9. Chapter 6: Asymmetric Encryption and Decryption

• Technical requirements
• Understanding asymmetric encryption
• Understanding a Man in the Middle attack
• What kind of asymmetric encryption is available in OpenSSL?
• Understanding a session key
• Understanding RSA security
• How to generate an RSA keypair
• How to encrypt and decrypt with RSA on the command line
• How to encrypt with RSA programmatically
• Understanding the OpenSSL error queue
• How to decrypt with RSA programmatically
• Summary

10. Chapter 7: Digital Signatures and Their Verification

• Technical requirements
• Understanding digital signatures
• Overview of digital signature algorithms supported by OpenSSL
• How to generate an elliptic curve keypair
• How to sign and verify a signature on the command line
• How to sign programmatically
• How to verify a signature programmatically
• Summary

11. Chapter 8: X.509 Certificates and PKI

• Technical requirements
• What is an X.509 certificate?
• Understanding certificate signing chains
• How are X.509 certificates issued?
• What are X509v3 extensions?
• Understanding X.509 Public Key Infrastructure
• How to generate a self-signed certificate
• How to generate a non-self-signed certificate
• How to verify a certificate on the command line
• How to verify a certificate programmatically
• Summary

12. Part 4: TLS Connections and Secure Communication

13. Chapter 9: Establishing TLS Connections and Sending Data over Them

• Technical requirements
• Understanding the TLS protocol
• The history of the TLS protocol
• Establishing a TLS client connection on the command line
• Preparing certificates for a TLS server connection
• Accepting a TLS server connection on the command line
• Understanding OpenSSL BIOs
• Establishing a TLS client connection programmatically
• Accepting a TLS server connection programmatically
• Summary

14. Chapter 10: Using X.509 Certificates in TLS

• Technical requirements
• Custom verification of peer certificates in C programs
• Using Certificate Revocation Lists in C programs
• Using the Online Certificate Status Protocol
• Using TLS client certificates
• Summary

15. Chapter 11: Special Usages of TLS

• Technical requirements
• Understanding TLS certificate pinning
• Using TLS certificate pinning
• Understanding blocking and non-blocking sockets
• Using TLS on non-blocking sockets
• Understanding TLS on non-standard sockets
• Using TLS on non-standard sockets
• Summary

16. Part 5: Running a Mini-CA

17. Chapter 12: Running a Mini-CA

• Technical requirements
• Understanding the openssl ca subcommand
• Generating a root CA certificate
• Generating an intermediate CA certificate
• Generating a certificate for a web server
• Generating a certificate for a web and email client
• Revoking certificates and generating CRLs
• Providing certificate revocation status via OCSP
• Summary

18. Index

• Why subscribe?

19. Other Books You May Enjoy

• Packt is searching for authors like you