You're reading from Demystifying Cryptography with OpenSSL 3.0 Discover the best techniques to enhance your network security with OpenSSL 3.0

Product type Paperback

Published in Oct 2022

Publisher Packt

ISBN-13 9781800560345

Length 342 pages

Edition 1st Edition

Languages

Tools

Wireshark

Concepts

Cryptography

Author (1):

Alexei Khlebnikov

View More author details

Table of Contents (20) Chapters

Preface

1. Part 1: Introduction

2. Chapter 1: OpenSSL and Other SSL/TLS Libraries FREE CHAPTER

3. Part 2: Symmetric Cryptography

4. Chapter 2: Symmetric Encryption and Decryption

5. Chapter 3: Message Digests

6. Chapter 4: MAC and HMAC

7. Chapter 5: Derivation of an Encryption Key from a Password

8. Part 3: Asymmetric Cryptography and Certificates

9. Chapter 6: Asymmetric Encryption and Decryption

10. Chapter 7: Digital Signatures and Their Verification

11. Chapter 8: X.509 Certificates and PKI

12. Part 4: TLS Connections and Secure Communication

13. Chapter 9: Establishing TLS Connections and Sending Data over Them

14. Chapter 10: Using X.509 Certificates in TLS

15. Chapter 11: Special Usages of TLS

16. Part 5: Running a Mini-CA

17. Chapter 12: Running a Mini-CA

18. Index

Why subscribe?

19. Other Books You May Enjoy

Packt is searching for authors like you

What this book covers

Chapter 1, OpenSSL and Other SSL/TLS Libraries, will outline what OpenSSL is and what its strengths are and take a look into OpenSSL’s history and at what’s new in OpenSSL 3.0. We will also compare OpenSSL to other SSL/TLS libraries.

Chapter 2, Symmetric Encryption and Decryption, will cover the important concepts in symmetric encryption – ciphers, encryption modes, and padding. We will overview modern ciphers, encryption modes, and padding types and recommend which technology to use in which situation. Usage of these technologies will be illustrated by command-line and C code examples.

Chapter 3, Message Digests, will explore why message digests, also known as cryptographic hashes, are needed and where they are used. We will get an overview of modern cryptographic hash functions that calculate message digests and recommend which hash function to use in which situation. The calculation of message digests will be illustrated by command-line and C code examples.

Chapter 4, MAC and HMAC, will explain why Message Authentication Codes (MACs) are needed and where they are used. Since it’s a popular MAC type, Hash-based MAC (HMAC) will be discussed. We will also learn about how to combine HMAC with encryption and about the Cryptographic Doom Principle. The calculation of HMAC will be illustrated by a code example.

Chapter 5, Derivation of an Encryption Key from a Password, will show why a password itself cannot be used for encryption and why key derivation is needed. We will overview modern key derivation functions and recommend which one to use when. Then, encryption key derivation will be illustrated by command-line and C code examples.

Chapter 6, Asymmetric Encryption and Decryption, will unpack why asymmetric encryption is needed, how it works, and how private and public keys are used to achieve encryption and decryption. Encryption and decryption using RSA will be illustrated by command-line and C code examples.

Chapter 7, Digital Signatures and Their Verification, will clarify why digital signatures are needed and where they are used. We will overview modern digital signature algorithms, such as RSA, ECDSA, and EdDSA, and recommend which digital signature scheme to use in which situation. Digital signing and signature verification will be illustrated by command-line and C code examples.

Chapter 8, X.509 Certificates and PKI, will detail what X.509 certificates are, why they are needed, and where they are used. We will also explain how certificates sign other certificates and how certificate signing chains are formed, as well as what Public Key Infrastructure (PKI) is and how certificate verification is used to verify identities – for example, the identities of websites. The usage of the techniques mentioned will be illustrated by command-line and C code examples.

Chapter 9, Establishing TLS Connections and Sending Data over Them, will break down what the TLS protocol is, why it is needed, and why it is used so widely. We will also learn what the difference between SSL and TLS is. Then, we will learn how to establish and shut down a TLS connection, as well as how to send and receive data over TLS. Working with TLS will be illustrated by command-line and C code examples.

Chapter 10, Using X.509 Certificates in TLS, will elaborate on how to work with X.509 certificates in TLS and why certificates are important for TLS. We will also learn how to verify a remote certificate. Then, we will learn how to further check the certificate validity using a CRL and OCSP. Finally, we will learn how to use a client certificate. Working with certificates will be illustrated by command-line and C code examples.

Chapter 11, Special Usages of TLS, will look into special usages of TLS: TLS pinning, using non-blocking networking mode, and TLS connections over non-standard sockets or special networking layers using OpenSSL Basic Input-Output Objects (BIOs). The usage of the techniques mentioned will be illustrated by C code examples.

Chapter 12, Running a Mini-CA, will instruct you on how to run your own mini-CA in order to control certificates and build PKI into an organization. Running a mini-CA will be illustrated by example configuration files and commands.