Upgrade & Secure Your Future with DevOps, SRE, DevSecOps, MLOps!

We spend hours on Instagram and YouTube and waste money on coffee and fast food, but won’t spend 30 minutes a day learning skills to boost our careers.
Master in DevOps, SRE, DevSecOps & MLOps!

Learn from Guru Rajesh Kumar and double your salary in just one year.


Get Started Now!

Linux

Complete Referance of Encryption in Linux Security

September 18, 2021 comments off
  • Introduction to Encryption
  • Using GNU GPG
  • Using SSH
  • Hashing Utilities
  • Using PKI Certificates in Linux

Introduction to Ecryption

  • Linux has built-in ability to encrypt files
  • Protects files in storage
  • Protection during transmission
  • Uses common standard algorithms
  • MD5 & SHA for Hashing
  • 3DES & AES for data encryption
  • Supports many other algorithms as well
  • PKI enabled
  • OS can generate self-signed certificates
  • Can use 3rd party generted certs

Using GNU GPG

  • GNU Privacy Guard comes built-in with most distros
  • Complete implementation of the OpenPGP Internet tandard a described in RFC 2440
  • Most popular personal encryption package
  • Ability to encrypt and digitally sign files
  • Used to send secure email messages
  • Used to encrypt files in storage
  • Uses DSA, EIGamal, 3DES and Twofish as encryption algorithms
  • Many other algorithms also supported
  • Some algorithms not legal for export outside US – obtain from International sites
  • First step is to generate a key pair (one public, one private)
  • Command to generate is ‘gpg –gen-key’
  • Use higher key length – minimum is 768
  • Enter user name and email address – key is generated baed upon this info
  • Enter password that will be used – use complex password rules
  • Export public key so others may exchange data securely with you
  • Other public keys can be imported as well
  • Sign your public keys before issue so others will know they are valid, and only accept signed keys from others
  • Encrypt data to send to others
  • Decrypring involves receiving and converting encrypted file
  • Digitally sign all encrypted files to verify they came from you
  • GPG has both command and GUI utilities
  • Use ‘gpg’ command with various options,performs all encryption/descryption tasks
  • GPG Demonstration

Using Secure Shell

  • Secure Shell(SSH) developed to protect communications
  • Telnet and FTP do not encrypt data; passwords and login info pased as plaintext
  • ‘r’ commands(rlogin, rsh, rcp, and rdist) also insecure
  • SSH developed to take their place and encrypt all data during communications session
  • SSH can also be used over X-windows
  • SSH allows remote login as root to perform system maintenance tasks
  • Several versions available, including SSH Tectia, OpenSSH, F-secure, and Reflection for Secure IT
  • OpenSSH is most popular in Linux distros
  • RSA authentication or conventional password based authentication can be used
  • Secure Shell then opens up a user program or interactive shell
  • Current version of OpenSSH is OpenSSH 8.7/8.7p1
  • SSH uses 2 protocol versions, 1 and 2
  • Version 1 is insecure due to integer overflow vulnerabilities
  • Use SSH implementation with version 2 protocol instead

Hashing Utilities

  • Hashed are produced to ensure file integrity
  • Ensure file has not been altered
  • Slightest alteration changes hash and indicates a file change
  • Hashing is method of verifying installation files and packages, as well as system files
  • Hashing also encrypts password
  • Actual passwords not stored,but hashes are stored
  • User enters password, which is hashed
  • Matching hash from /etc/shadow indicates correct password
  • Linux uses 2 major hashing algorithms
  • SHA(160-bit and higher)
  • MD5(Message Digest version 5) 128-bit
  • SHA is newer and stonger algorithm
  • Available in 160-bit, (SHA-1), 224, 256, and 512-bit versions (SHA-2)
  • Successor to MD5; required for US govt applications under FIPS 180-2
  • SHA2 preferred due to identified collision vulnerabilities in SHA1
  • Built-in Linux SHA utilities include:
  • sha1sum: computes and checks message digest(hash) for file
  • dgst: older utility that computes hashes using sha1 or md5
  • MD5 is older(but still widely used) hashing algorithm
  • Developed by Ron Rivest and replaced earlier algorithm MD4
  • 128-bit strength algorithm
  • Discovered to be vulnerable due to collision problems
  • MD5 utilities include:
  • md5sum: computes or checks hash value of file
  • md5crypt: encrypts a password for use in Grub boot loader

Using PKI Certificates in Linux

  • Linux has built-in ability to use and generate digital certificates
  • Used for variety of purposes:
  • Secure trasactions, web site verification, user authentication, and software sigining
  • Linux can use trusted certificates from 3rd parties
  • Can self-generate its own certifictes
  • Use ‘genkey’ command to generate SSL certificates and cert requests

Certification Courses

DevOpsSchool has introduced a series of professional certification courses designed to enhance your skills and expertise in cutting-edge technologies and methodologies. Whether you are aiming to excel in development, security, or operations, these certifications provide a comprehensive learning experience. Explore the following programs:

DevOps Certification, SRE Certification, and DevSecOps Certification by DevOpsSchool

Explore our DevOps Certification, SRE Certification, and DevSecOps Certification programs at DevOpsSchool. Gain the expertise needed to excel in your career with hands-on training and globally recognized certifications.