Slide 1
Excellent Education Program
Innovative Methods of Teaching

Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Cum sociis natoque penatibus et magnis dis parturient.

Slide 2
Learning Through Play
Devoted to the Early Education

Donec quam felis, ultricies nec, pellentesque eu, pretium quis, sem. Nulla consequat massa quis enim.

Slide 2
Learning Through Play
Devoted to the Early Education

Donec quam felis, ultricies nec, pellentesque eu, pretium quis, sem. Nulla consequat massa quis enim.

Slide 2
Learning Through Play
Devoted to the Early Education

Donec quam felis, ultricies nec, pellentesque eu, pretium quis, sem. Nulla consequat massa quis enim.

Slide 2
Learning Through Play
Devoted to the Early Education

Donec quam felis, ultricies nec, pellentesque eu, pretium quis, sem. Nulla consequat massa quis enim.

Slide 3
Learning Through Play
Find a Class for your Children

Aenean leo ligula, porttitor eu, consequat vitae, eleifend ac, enim. Aliquam lorem ante, dapibus in, viverra quis.

previous arrow
next arrow

Complete Referance of Encryption in Linux Security

Spread the Knowledge
  • Introduction to Encryption
  • Using GNU GPG
  • Using SSH
  • Hashing Utilities
  • Using PKI Certificates in Linux

Introduction to Ecryption

  • Linux has built-in ability to encrypt files
  • Protects files in storage
  • Protection during transmission
  • Uses common standard algorithms
  • MD5 & SHA for Hashing
  • 3DES & AES for data encryption
  • Supports many other algorithms as well
  • PKI enabled
  • OS can generate self-signed certificates
  • Can use 3rd party generted certs

Using GNU GPG

  • GNU Privacy Guard comes built-in with most distros
  • Complete implementation of the OpenPGP Internet tandard a described in RFC 2440
  • Most popular personal encryption package
  • Ability to encrypt and digitally sign files
  • Used to send secure email messages
  • Used to encrypt files in storage
  • Uses DSA, EIGamal, 3DES and Twofish as encryption algorithms
  • Many other algorithms also supported
  • Some algorithms not legal for export outside US – obtain from International sites
  • First step is to generate a key pair (one public, one private)
  • Command to generate is ‘gpg –gen-key’
  • Use higher key length – minimum is 768
  • Enter user name and email address – key is generated baed upon this info
  • Enter password that will be used – use complex password rules
  • Export public key so others may exchange data securely with you
  • Other public keys can be imported as well
  • Sign your public keys before issue so others will know they are valid, and only accept signed keys from others
  • Encrypt data to send to others
  • Decrypring involves receiving and converting encrypted file
  • Digitally sign all encrypted files to verify they came from you
  • GPG has both command and GUI utilities
  • Use ‘gpg’ command with various options,performs all encryption/descryption tasks
  • GPG Demonstration

Using Secure Shell

  • Secure Shell(SSH) developed to protect communications
  • Telnet and FTP do not encrypt data; passwords and login info pased as plaintext
  • ‘r’ commands(rlogin, rsh, rcp, and rdist) also insecure
  • SSH developed to take their place and encrypt all data during communications session
  • SSH can also be used over X-windows
  • SSH allows remote login as root to perform system maintenance tasks
  • Several versions available, including SSH Tectia, OpenSSH, F-secure, and Reflection for Secure IT
  • OpenSSH is most popular in Linux distros
  • RSA authentication or conventional password based authentication can be used
  • Secure Shell then opens up a user program or interactive shell
  • Current version of OpenSSH is OpenSSH 8.7/8.7p1
  • SSH uses 2 protocol versions, 1 and 2
  • Version 1 is insecure due to integer overflow vulnerabilities
  • Use SSH implementation with version 2 protocol instead

Hashing Utilities

  • Hashed are produced to ensure file integrity
  • Ensure file has not been altered
  • Slightest alteration changes hash and indicates a file change
  • Hashing is method of verifying installation files and packages, as well as system files
  • Hashing also encrypts password
  • Actual passwords not stored,but hashes are stored
  • User enters password, which is hashed
  • Matching hash from /etc/shadow indicates correct password
  • Linux uses 2 major hashing algorithms
  • SHA(160-bit and higher)
  • MD5(Message Digest version 5) 128-bit
  • SHA is newer and stonger algorithm
  • Available in 160-bit, (SHA-1), 224, 256, and 512-bit versions (SHA-2)
  • Successor to MD5; required for US govt applications under FIPS 180-2
  • SHA2 preferred due to identified collision vulnerabilities in SHA1
  • Built-in Linux SHA utilities include:
  • sha1sum: computes and checks message digest(hash) for file
  • dgst: older utility that computes hashes using sha1 or md5
  • MD5 is older(but still widely used) hashing algorithm
  • Developed by Ron Rivest and replaced earlier algorithm MD4
  • 128-bit strength algorithm
  • Discovered to be vulnerable due to collision problems
  • MD5 utilities include:
  • md5sum: computes or checks hash value of file
  • md5crypt: encrypts a password for use in Grub boot loader

Using PKI Certificates in Linux

  • Linux has built-in ability to use and generate digital certificates
  • Used for variety of purposes:
  • Secure trasactions, web site verification, user authentication, and software sigining
  • Linux can use trusted certificates from 3rd parties
  • Can self-generate its own certifictes
  • Use ‘genkey’ command to generate SSL certificates and cert requests

Latest posts by Amardeep Dubey (see all)