Table of Contents Network Security with OpenSSL By Pravir Chandra , Matt Messier, John Viega Publisher : O'Reilly Pub Date : June 2002 ISBN : 0-596-00270-X Pages : 384 OpenSSL is a popular and effective open source version of SSL/TLS, the most widely used protocol for secure network communications. The only guide available on the subject, Network Security with OpenSSLdetails the challenges in securing network communications, and shows you how to use OpenSSL tools to best meet those challenges. Focused on the practical, this book provides only the information that is necessary to use OpenSSL safely and effectively. TEAMFLY Team-Fly ® ii Table of Content Table of Content ii Dedication vi Preface vii About This Book viii Conventions Used in This Book x Comments and Questions xi Acknowledgments xi Chapter 1. Introduction 1 1.1 Cryptography for the Rest of Us 1 1.2 Overview of SSL 8 1.3 Problems with SSL 10 1.4 What SSL Doesn't Do Well 16 1.5 OpenSSL Basics 17 1.6 Securing Third-Party Software 18 Chapter 2. Command-Line Interface 23 2.1 The Basics 23 2.2 Message Digest Algorithms 25 2.3 Symmetric Ciphers 27 2.4 Public Key Cryptography 28 2.5 S/MIME 32 2.6 Passwords and Passphrases 33 2.7 Seeding the Pseudorandom Number Generator 35 Chapter 3. Public Key Infrastructure (PKI) 37 3.1 Certificates 37 3.2 Obtaining a Certificate 44 3.3 Setting Up a Certification Authority 47 Chapter 4. Support Infrastructure 60 4.1 Multithread Support 60 4.2 Internal Error Handling 66 4.3 Abstract Input/Output 70 4.4 Random Number Generation 80 4.5 Arbitrary Precision Math 85 4.6 Using Engines 91 Chapter 5. SSL/TLS Programming 93 5.1 Programming with SSL 93 5.2 Advanced Programming with SSL 125 Chapter 6. Symmetric Cryptography 143 6.1 Concepts in Symmetric Cryptography 143 6.2 Encrypting with the EVP API 145 6.3 General Recommendations 161 Chapter 7. Hashes and MACs 162 7.1 Overview of Hashes and MACs 162 7.2 Hashing with the EVP API 163 7.3 Using MACs 168 7.4 Secure HTTP Cookies 179 Chapter 8. Public Key Algorithms 184 iii 8.1 When to Use Public Key Cryptography 184 8.2 Diffie-Hellman 185 8.2 Diffie-Hellman 190 8.3 Digital Signature Algorithm (DSA) 195 8.4 RSA 200 8.5 The EVP Public Key Interface 205 8.6 Encoding and Decoding Objects 213 Chapter 9. OpenSSL in Other Languages 220 9.1 Net::SSLeay for Perl 220 9.2 M2Crypto for Python 225 9.3 OpenSSL Support in PHP 233 Chapter 10. Advanced Programming Topics 241 10.1 Object Stacks 241 10.2 Configuration Files 242 10.3 X.509 245 10.4 PKCS#7 and S/MIME 259 10.5 PKCS#12 268 Appendix A. Command-Line Reference 270 asn1parse 270 ca 271 ciphers 277 crl 277 crl2pkcs7 279 dgst 280 dhparam 281 dsa 282 dsaparam 284 enc 285 errstr 287 gendsa 287 genrsa 288 nseq 289 passwd 289 pkcs7 290 pkcs8 291 pkcs12 293 rand 296 req 296 rsa 301 rsautl 302 s_client 304 s_server 306 s_time 309 sess_id 311 smime 312 speed 316 spkac 316 verify 317 version 318 x509 319 iv Colophon 326 v Copyright © 2002 O'Reilly & Associates, Inc. All rights reserved. Printed in the United States of America. Published by O'Reilly & Associates, Inc., 1005 Gravenstein Highway North, Sebastopol, CA 95472. O'Reilly & Associates books may be purchased for educational, business, or sales promotional use. Online editions are also available for most titles (http://safari.oreilly.com ). For more information contact our corporate/institutional sales department: 800-998-9938 or corporate@oreilly.com . The O'Reilly logo is a registered trademark of O'Reilly & Associates, Inc. Many of the designations used by manufacturers and sellers to distinguish their products are claimed as trademarks. Where those designations appear in this book, and O'Reilly & Associates, Inc. was aware of a trademark claim, the designations have been printed in caps or initial caps. The association between the image of a group of sea lions and seals and the topic of network security with OpenSSL is a trademark of O'Reilly & Associates, Inc. While every precaution has been taken in the preparation of this book, the publisher and the author(s) assume no responsibility for errors or omissions, or for damages resulting from the use of the information contained herein. vi Dedication To the memory of Arthur J. Zoebelein, former Chief of the Office of Cryptologic Archives and History, National Security Agency vii Preface About This Book Conventions Used in This Book Comments and Questions Acknowledgments viii About This Book The Internet is a dangerous place, more dangerous than most people realize. Many technical people know that it's possible to intercept and modify data on the wire, but few realize how easy it actually is. If an application doesn't properly protect data when it travels an untrusted network, the application is a security disaster waiting to happen. The SSL (Secure Socket Layer) protocol and its successor TLS (Transport Layer Security) can be used to secure applications that need to communicate over a network. OpenSSL is an open source library that implements the SSL and TLS protocols, and is by far the most widely deployed, freely available implementation of these protocols. OpenSSL is fully featured and cross-platform, working on Unix and Windows alike. It's primarily used from C and C++ programs, but you can use it from the command line (see Chapter 1 through Chapter 3) and from other languages such as Python, Perl, and PHP (see Chapter 9 ). In this book, we'll teach developers and administrators how to secure applications with OpenSSL. We won't just show you how to SSL-enable your applications, we'll be sure to introduce you to the most significant risks involved in doing so, and the methods for mitigating those risks. These methods are important; it takes more work to secure an SSL-enabled application than most people think, especially when code needs to run in multithreaded, highly interoperable environments where efficiency is a concern. OpenSSL is more than just a free implementation of SSL. It also includes a general-purpose cryptographic library, which can be useful for situations in which SSL isn't an appropriate solution. Working with cryptography at such a low level can be dangerous, since there are many pitfalls in applying cryptography of which few developers are fully aware. Nonetheless, we do discuss the available functionality for those that wish to use it. Additionally, OpenSSL provides some high- level primitives, such as support for the S/MIME email standard. The bulk of this book describes the OpenSSL library and the many ways to use it. We orient the discussion around working examples, instead of simply providing reference material. We discuss all of the common options OpenSSL users can support, as well as the security implications of each choice. Depending on your needs, you may end up skipping around in this book. For people who want to use OpenSSL from the command line for administrative tasks, everything they need is in the first three chapters. Developers interested in SSL-enabling an application can probably read Chapter 1 , then skip directly to Chapter 5 (though they will have to refer to parts of Chapter 4 to understand all the code). Here's an overview of the book's contents: Chapter 1 This chapter introduces SSL and the OpenSSL library. We give an overview of the biggest security risks involved with deploying the library and discuss how to mitigate them at a high level. We also look at how to use OpenSSL along with Stunnel to secure third-party software, such as POP servers that don't otherwise have built-in SSL support. Chapter 2 Here we discuss how to use basic OpenSSL functionality from the command line, for those who wish to use OpenSSL interactively, call out to it from shell scripts, or interface with it from languages without native OpenSSL support. ix Chapter 3 This chapter explains the basics of Public Key Infrastructure (PKI), especially as it manifests itself in OpenSSL. This chapter is primarily concerned with how to go about getting certificates for use in SSL, S/MIME, and other PKI-dependent cryptography. We also discuss how to manage your own PKI using the OpenSSL command line, if you so choose. Chapter 4 In this chapter, we talk about the various low-level APIs that are most important to OpenSSL. Some of these APIs need to be mastered in order to make full use of the OpenSSL library. Particularly, we lay the foundation for enabling multithreaded application support and performing robust error handling with OpenSSL. Additionally, we discuss the OpenSSL IO API, its randomness API, its arbitrary precision math API, and how to use cryptographic acceleration with the library. Chapter 5 Here we discuss the ins and outs of SSL-enabling applications, particularly with SSLv3 and its successor, TLSv1. We not only cover the basics but also go into some of the more obscure features of these protocols, such as session resumption, which is a tool that can help speed up SSL connection times in some circumstances. Chapter 6 This chapter covers everything you need to know to use OpenSSL's interface to secret- key cryptographic algorithms such as Triple DES, RC4, and AES (the new Advanced Encryption Standard). In addition to covering the standard API, we provide guidelines on selecting algorithms that you should support for your applications, and we explain the basics of these algorithms, including different modes of operation, such as counter mode. Additionally, we talk about how to provide some security for UDP-based traffic, and discuss general considerations for securely integrating symmetric cryptography into your applications. Chapter 7 In this chapter, we discuss how to use nonreversible (one-way) cryptographic hash functions, often called message digest algorithms. We also show how to use Message Authentication Codes (MACs), which can be used to provide data integrity via a shared secret. We show how to apply MACs to ensure that tampering with HTTP cookies will be detected. Chapter 8 Here we talk about the various public key algorithms OpenSSL exports, including Diffie- Hellman key exchange, the Digital Signature Algorithm (DSA), and RSA. Additionally, we discuss how to read and write common storage formats for public keys. Chapter 9 This chapter describes how to use OpenSSL programmatically from Perl using the Net::SSLeay package, from Python using the M2Crypto library, and from PHP. Chapter 10 x In this chapter, we discuss many of the more esoteric parts of the OpenSSL API that are still useful, including the OpenSSL configuration API, creating and using S/MIME email, and performing certificate management programmatically. Appendix A Here we provide a reference to the many options in the OpenSSL command-line interface. Additionally, the book's web site (http://www.opensslbook.com ) contains API reference material that supplements this book. We also give pointers to the official OpenSSL documentation. Note that we do not cover using SSL from Apache. While Apache does use OpenSSL for its cryptography, it provides its own API for configuring everything. Covering that isn't in the scope of this book. Refer to the Apache documentation, or the book Apache: The Definitive Guide by Ben Laurie and Peter Laurie (O'Reilly & Associates). As we finish this book, OpenSSL is at Version 0.9.6c, and 0.9.7 is in feature freeze, though a final release is not expected until well after this book's publication. Additionally, we expect developers to have to interoperate with 0.9.6 for some time. Therefore, we have gone out of our way to support both versions. Usually, our discussion will apply to both 0.9.6 and 0.9.7 releases unless otherwise noted. If there are features that were experimental in 0.9.6 and changed significantly in 0.9.7 (most notably support for hardware acceleration), we tend to explain only the 0.9.7 solution. We've set up a web site at www.opensslbook.com . It contains an up-to-date archive of all the example code used in this book. All the examples have been tested with the appropriate version of OpenSSL on Mac OS X, FreeBSD, Linux, and Windows 2000. They're expected to work portably in any environment that supports OpenSSL. In addition, the web site contains API reference documentation. Because OpenSSL contains literally thousands of functions, we thought it best to offload such documentation to the Web, especially considering that many of the APIs are still evolving. The book's web site also contains links to related secure programming resources and will contain an errata listing of any problems that are found after publication. You can contact the authors by email at authors@opensslbook.com . Conventions Used in This Book The following conventions are used in this book: Italic Used for filenames, directory names, and URLs. It is also used to emphasize new terms and concepts when they are introduced. Constant Width Used for commands, attributes, variables, code examples, and system output. Constant Width Italic [...]... have a version of OpenSSL installed in a well-known place on the system Otherwise, you can explicitly specify the location of OpenSSL when configuring the software OpenSSH is special, because it requires OpenSSL to function However, many other software packages can support OpenSSL as an option MySQL is a great example Simply configure the package with two options, with- openssl and with- vio, and the... supposed to provide the same level of security for data that physical lines provide It is a challenge, because data is transmitted through the air, instead of across a wire WEP was designed by veteran programmers, yet without soliciting the opinions of any professional cryptographers or security protocol developers Although to a seasoned developer with moderate security knowledge the protocol looked... cryptographic key exchange protocol OpenSSL provides the Diffie-Hellman protocol for this purpose, which allows for key agreement without actually divulging the key on the network However, Diffie-Hellman does not guarantee the identity of the party with whom you are exchanging keys Some sort of authentication mechanism is necessary to ensure that you don't accidentally exchange keys with an attacker Right now,... in your path 1.6 Securing Third-Party Software While much of this book focuses on how to use the OpenSSL API to add security to your own applications, you'll often want to use OpenSSL to secure other people's applications Many applications are already built to support OpenSSL For example, OpenSSH uses the OpenSSL cryptography foundation extensively, and requires the library to be present before it can... today's networked world, many applications need security, and cryptography is one of the primary tools for providing that security The primary goals of cryptography, data confidentiality, data integrity, authentication, and non-repudiation (accountability) can be used to thwart numerous types of network- based attacks, including eavesdropping, IP spoofing, connection hijacking, and tampering OpenSSL. .. properly) For purposes of compatibility with existing software in which neither AES nor 3DES are supported, RC4 is of particular interest We don't recommend supporting other algorithms without a good reason For the interested, we discuss cipher selection in Chapter 6 Security is related to the length of the key Longer key lengths are, of course, better To ensure security, you should only use key lengths... essentially large numbers with particular properties Therefore, bit length of keys in public key ciphers aren't directly comparable to symmetric algorithms With public key encryption algorithms, you should use keys of 1,024 bits or more to ensure reasonable security 512-bit keys are probably too weak Anything larger than 2,048 bits may be too slow, and chances are it will not buy security that is much... not get some modified version with a Trojan horse in it Unfortunately, that isn't the case, because there is no secret involved An attacker can replace the archive with a modified version, and replace the checksum with a valid value This is possible because the message digest algorithm is public, and there is no secret information input to it If you share a secret key with the software distributor,... currently supported in SSL and in OpenSSL, is HMAC HMAC can be used with any message digest algorithm 1.1.2.4 Digital signatures For many applications, MACs are not very useful, because they require agreeing on a shared secret It would be nice to be able to authenticate messages without needing to share a secret Public key cryptography makes this possible If Alice signs a message with her secret signing key,... lengths of 1,024 bits or higher to ensure security 1.2 Overview of SSL SSL is currently the most widely deployed security protocol It is the security protocol behind secure HTTP (HTTPS), and thus is responsible for the little lock in the corner of your web browser SSL is capable of securing any protocol that works over TCP An SSL transaction (see Figure 1-3) starts with the client sending a handshake to . available on the subject, Network Security with OpenSSLdetails the challenges in securing network communications, and shows you how to use OpenSSL tools to best. Table of Contents Network Security with OpenSSL By Pravir Chandra , Matt Messier, John Viega Publisher