Complete Referance of Encryption in Linux Security

• Introduction to Encryption
• Using GNU GPG
• Using SSH
• Hashing Utilities
• Using PKI Certificates in Linux

Introduction to Ecryption

• Linux has built-in ability to encrypt files
• Protects files in storage
• Protection during transmission
• Uses common standard algorithms
• MD5 & SHA for Hashing
• 3DES & AES for data encryption
• Supports many other algorithms as well
• PKI enabled
• OS can generate self-signed certificates
• Can use 3rd party generted certs

Using GNU GPG

• GNU Privacy Guard comes built-in with most distros
• Complete implementation of the OpenPGP Internet tandard a described in RFC 2440
• Most popular personal encryption package
• Ability to encrypt and digitally sign files
• Used to send secure email messages
• Used to encrypt files in storage
• Uses DSA, EIGamal, 3DES and Twofish as encryption algorithms
• Many other algorithms also supported
• Some algorithms not legal for export outside US – obtain from International sites
• First step is to generate a key pair (one public, one private)
• Command to generate is ‘gpg –gen-key’
• Use higher key length – minimum is 768
• Enter user name and email address – key is generated baed upon this info
• Enter password that will be used – use complex password rules
• Export public key so others may exchange data securely with you
• Other public keys can be imported as well
• Sign your public keys before issue so others will know they are valid, and only accept signed keys from others
• Encrypt data to send to others
• Decrypring involves receiving and converting encrypted file
• Digitally sign all encrypted files to verify they came from you
• GPG has both command and GUI utilities
• Use ‘gpg’ command with various options,performs all encryption/descryption tasks
• GPG Demonstration

Using Secure Shell

• Secure Shell(SSH) developed to protect communications
• Telnet and FTP do not encrypt data; passwords and login info pased as plaintext
• ‘r’ commands(rlogin, rsh, rcp, and rdist) also insecure
• SSH developed to take their place and encrypt all data during communications session
• SSH can also be used over X-windows
• SSH allows remote login as root to perform system maintenance tasks
• Several versions available, including SSH Tectia, OpenSSH, F-secure, and Reflection for Secure IT
• OpenSSH is most popular in Linux distros
• RSA authentication or conventional password based authentication can be used
• Secure Shell then opens up a user program or interactive shell
• Current version of OpenSSH is OpenSSH 8.7/8.7p1
• SSH uses 2 protocol versions, 1 and 2
• Version 1 is insecure due to integer overflow vulnerabilities
• Use SSH implementation with version 2 protocol instead

Hashing Utilities

• Hashed are produced to ensure file integrity
• Ensure file has not been altered
• Slightest alteration changes hash and indicates a file change
• Hashing is method of verifying installation files and packages, as well as system files
• Hashing also encrypts password
• Actual passwords not stored,but hashes are stored
• User enters password, which is hashed
• Matching hash from /etc/shadow indicates correct password
• Linux uses 2 major hashing algorithms
• SHA(160-bit and higher)
• MD5(Message Digest version 5) 128-bit
• SHA is newer and stonger algorithm
• Available in 160-bit, (SHA-1), 224, 256, and 512-bit versions (SHA-2)
• Successor to MD5; required for US govt applications under FIPS 180-2
• SHA2 preferred due to identified collision vulnerabilities in SHA1
• Built-in Linux SHA utilities include:
• sha1sum: computes and checks message digest(hash) for file
• dgst: older utility that computes hashes using sha1 or md5
• MD5 is older(but still widely used) hashing algorithm
• Developed by Ron Rivest and replaced earlier algorithm MD4
• 128-bit strength algorithm
• Discovered to be vulnerable due to collision problems
• MD5 utilities include:
• md5sum: computes or checks hash value of file
• md5crypt: encrypts a password for use in Grub boot loader

Using PKI Certificates in Linux

• Linux has built-in ability to use and generate digital certificates
• Used for variety of purposes:
• Secure trasactions, web site verification, user authentication, and software sigining
• Linux can use trusted certificates from 3rd parties
• Can self-generate its own certifictes
• Use ‘genkey’ command to generate SSL certificates and cert requests

Rajesh Kumar

I’m a DevOps/SRE/DevSecOps/Cloud Expert passionate about sharing knowledge and experiences. I have worked at Cotocus. I share tech blog at DevOps School, travel stories at Holiday Landmark, stock market tips at Stocks Mantra, health and fitness guidance at My Medic Plus, product reviews at TrueReviewNow , and SEO strategies at Wizbrand.

Do you want to learn Quantum Computing?

Please find my social handles as below;

Rajesh Kumar Personal Website
Rajesh Kumar at YOUTUBE
Rajesh Kumar at INSTAGRAM
Rajesh Kumar at X
Rajesh Kumar at FACEBOOK
Rajesh Kumar at LINKEDIN
Rajesh Kumar at WIZBRAND

Rajesh Kumar DailyLogs