{"id":23692,"date":"2021-09-18T12:18:18","date_gmt":"2021-09-18T12:18:18","guid":{"rendered":"https:\/\/www.devopsschool.com\/blog\/?p=23692"},"modified":"2022-04-13T15:56:34","modified_gmt":"2022-04-13T15:56:34","slug":"complete-referance-of-encryption-in-linux-security","status":"publish","type":"post","link":"https:\/\/www.devopsschool.com\/blog\/complete-referance-of-encryption-in-linux-security\/","title":{"rendered":"Complete Referance of Encryption in Linux Security"},"content":{"rendered":"\n<ul class=\"wp-block-list\"><li>I<strong>ntroduction to Encryption<\/strong><\/li><li><strong>Using GNU GPG<\/strong><\/li><li><strong>Using SSH<\/strong><\/li><li><strong>Hashing Utilities<\/strong><\/li><li><strong>Using PKI Certificates in Linux<\/strong><\/li><\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Introduction to Ecryption<\/h2>\n\n\n\n<ul class=\"wp-block-list\"><li>Linux has built-in ability to encrypt files<\/li><li>Protects files in storage<\/li><li>Protection during transmission<\/li><li>Uses common standard algorithms<\/li><li>MD5 &amp; SHA for Hashing<\/li><li>3DES &amp; AES for data encryption<\/li><li>Supports many other algorithms as well<\/li><li>PKI enabled<\/li><li>OS can generate self-signed certificates<\/li><li>Can use 3rd party generted certs<\/li><\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Using GNU GPG<\/h2>\n\n\n\n<ul class=\"wp-block-list\"><li>GNU Privacy Guard comes built-in with most distros<\/li><li>Complete implementation of the OpenPGP Internet tandard a described in RFC 2440<\/li><li>Most popular personal encryption package<\/li><li>Ability to encrypt and digitally sign files<\/li><li>Used to send secure email messages<\/li><li>Used to encrypt files in storage<\/li><li>Uses DSA, EIGamal, 3DES and Twofish as encryption algorithms<\/li><li>Many other algorithms also supported<\/li><li>Some algorithms not legal for export outside US &#8211; obtain from International sites<\/li><li>First step is to generate a key pair (one public, one private)<\/li><li>Command to generate is &#8216;gpg &#8211;gen-key&#8217;<\/li><li>Use higher key length &#8211; minimum is 768<\/li><li>Enter user name and email address &#8211; key is generated baed upon this info<\/li><li>Enter password that will be used &#8211; use complex password rules<\/li><li>Export public key so others may exchange data securely with you<\/li><li>Other public keys can be imported as well<\/li><li>Sign your public keys before issue so others will know they are valid, and only accept signed keys from others<\/li><li>Encrypt data to send to others<\/li><li>Decrypring involves receiving and converting encrypted file<\/li><li>Digitally sign all encrypted files to verify they came from you<\/li><li>GPG has both command and GUI utilities<\/li><li>Use &#8216;gpg&#8217; command with various options,performs all encryption\/descryption tasks<\/li><li>GPG Demonstration<\/li><\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Using Secure Shell<\/h2>\n\n\n\n<ul class=\"wp-block-list\"><li>Secure Shell(SSH) developed to protect communications<\/li><li>Telnet and FTP do not encrypt data; passwords and login info pased as plaintext<\/li><li>&#8216;r&#8217; commands(rlogin, rsh, rcp, and rdist) also insecure<\/li><li>SSH developed to take their place and encrypt all data during communications session<\/li><li>SSH can also be used over X-windows<\/li><li>SSH allows remote login as root to perform system maintenance tasks<\/li><li>Several versions available, including SSH Tectia, OpenSSH, F-secure, and Reflection for Secure IT<\/li><li>OpenSSH is most popular in Linux distros<\/li><li>RSA authentication or conventional password based authentication can be used<\/li><li>Secure Shell then opens up a user program or interactive shell<\/li><li>Current version of OpenSSH is OpenSSH 8.7\/8.7p1<\/li><li>SSH uses 2 protocol versions, 1 and 2<\/li><li>Version 1 is insecure due to integer overflow vulnerabilities<\/li><li>Use SSH implementation with version 2 protocol instead<\/li><\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Hashing Utilities<\/h2>\n\n\n\n<ul class=\"wp-block-list\"><li>Hashed are produced to ensure file integrity<\/li><li>Ensure file has not been altered<\/li><li>Slightest alteration changes hash and indicates a file change<\/li><li>Hashing is method of verifying installation files and packages, as well as system files<\/li><li>Hashing also encrypts password<\/li><li>Actual passwords not stored,but hashes are stored<\/li><li>User enters password, which is hashed<\/li><li>Matching hash from \/etc\/shadow indicates correct password<\/li><li>Linux uses 2 major hashing algorithms<\/li><li>SHA(160-bit and higher)<\/li><li>MD5(Message Digest version 5) 128-bit<\/li><li>SHA is newer and stonger algorithm<\/li><li>Available in 160-bit, (SHA-1), 224, 256, and 512-bit versions (SHA-2)<\/li><li>Successor to MD5; required for US govt applications under FIPS 180-2<\/li><li>SHA2 preferred due to identified collision vulnerabilities in SHA1<\/li><li>Built-in Linux SHA utilities include:<\/li><li><strong>sha1sum:<\/strong> computes and checks message digest(hash) for file<\/li><li><strong>dgst:<\/strong> older utility that computes hashes using sha1 or md5<\/li><li>MD5 is older(but still widely used) hashing algorithm<\/li><li>Developed by Ron Rivest and replaced earlier algorithm MD4<\/li><li>128-bit strength algorithm<\/li><li>Discovered to be vulnerable due to collision problems<\/li><li>MD5 utilities include:<\/li><li><strong>md5sum:<\/strong> computes or checks hash value of file<\/li><li><strong>md5crypt:<\/strong> encrypts a password for use in Grub boot loader<\/li><\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Using PKI Certificates in Linux<\/h2>\n\n\n\n<ul class=\"wp-block-list\"><li>Linux has built-in ability to use and generate digital certificates<\/li><li>Used for variety of purposes:<\/li><li>Secure trasactions, web site verification, user authentication, and software sigining<\/li><li>Linux can use trusted certificates from 3rd parties<\/li><li>Can self-generate its own certifictes<\/li><li>Use &#8216;genkey&#8217; command to generate SSL certificates and cert requests<\/li><\/ul>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Introduction to Encryption Using GNU GPG Using SSH Hashing Utilities Using PKI Certificates in Linux Introduction to Ecryption Linux has built-in ability to encrypt files Protects files in storage Protection&#8230; <\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_joinchat":[],"footnotes":""},"categories":[4957],"tags":[460,7055],"class_list":["post-23692","post","type-post","status-publish","format-standard","hentry","category-linux","tag-linux","tag-linux-security"],"_links":{"self":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/23692","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/comments?post=23692"}],"version-history":[{"count":1,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/23692\/revisions"}],"predecessor-version":[{"id":23693,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/23692\/revisions\/23693"}],"wp:attachment":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/media?parent=23692"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/categories?post=23692"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/tags?post=23692"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}