Welcome!

Linux Containers Authors: Elizabeth White, Liz McMillan, Reinhard Brandstädter, Sujoy Sen, PagerDuty Blog

Related Topics: Cloud Security, Linux Containers, Open Source Cloud

Cloud Security: Tutorial

Tutorial: OpenSSL Command

A solution to many of your security requirements

The OpenSSL is based on SSLeay library developed by Eric A. Young and Tim J. Hudson and licensed under an Apache-style license. OpenSSL has lots of features but I will cover encoding, checksums, encryption, passwords and pass phrases.

Many Linux distributions have OpenSSL as part of the bundled packages and is most likely located in /usr/bin. To find it on your system type:

$ which openssl
/usr/bin/openssl
$ openssl version

OpenSSL 1.0.0a 1 Jun 2010

Versions may vary and currently openssl-1.0.0d Feb 8 is the current version. Most of the examples that are found in this document should work on most versions.

Base64 encoding and decoding can be performed alone or used in conjunction with encryption and decryption. Below we are encoding a file with base64:

$ openssl base64 -in text.txt -out text.3634

Now we are decoding it:

$ openssl base64 -d -in text.3634 -out text.txt

File name extensions are not relevant to OpenSSL and you can drop them.

Encryptions
Encrypt a file with any of the available ciphers:

$ openssl list-cipher-commands

This will list a number of ciphers to use. Now let's encrypt the file using triple DES in CBC “Cipher Block Chaining” mode using a prompted password:

$ openssl des3 -salt -in recept.pdf -out recept.des3

prompted for a password enter it twice. To decrypt the file using the supplied password

$ openssl des3 -d -salt -in recept.des3 -out recept.pdf -k password

enter des-ede3-cbc encryption password:

Verifying – enter des-ede3-cbc encryption password:

You can encrypt a file then base64 encode it using Blowfish in CBC mode using the following comamnd:

$ openssl bf -a -salt -in recept.pdf -out recept.bf

enter bf-cbc encryption password:

Verifying – enter bf-cbc encryption password:

Again the file extensions are not relevant and if you open the file with a gedit it will be a bunch of characters. OpenSSL won't manage the files and file extensions for you, you must specify where you want the outgoing data written. The reason to encrypt then encode and not the other way around is you want to have random data to encrypt and when you encode you are left with no random data. To decrypt us the following command:

$ openssl bf -d -salt -a -in recept001.bf -out recept001.pdf

enter bf-cbc decryption password:

Have strong password is important but like many discover its also difficult to maintain password different for many devices. The goal with password is to make a secret that you can remember but someone else wont know and cant guess. You can generate pass phrases with OpenSSL using this command:

$ openssl rand 20 -base64

This generates a random character that is 20 binary bytes with base64 encoding for a total of 28 characters.

Shadow-style password hash
OpenSSL has the ability for creating encrypted Linux passwords exactly like those make by /bin/passwd. Just enter in the following command:

$ openssl passwd -1 enter-in-text
$1$Av0HxLID$WLFyqVyjJOtqnYfVufpCw0

Every time you enter the above it will produce a different hash, your hash will be different except for the $1$ in front. You can make a hash of your password that you choose without outputting the result to the screen like so:

$ openssl passwd -1

Password:

Verifying – Password

Checksums
A checksum is a way of ensuring that data has not been corrupted, either accidentally or maliciously. OpenSSL uses md5 but the MD5 algorithm suffers from vulnerabilities and should not be used anymore. Instead use the more secure sha1sum (see Figure 1).

Figure 1

Notice the difference in hash output lengths.

OpenSSL is FIPS 140-2 Level 1 validation and is available for government cryptography. The FIPS 140-2 User Guide is available here updated November 21, 2009. This tool is available for use in the enterprise and with a little administration can provide a solution to many of your security requirements.

Let pbnetworks get your pen-test on target

Visit us and learn how http://pbnetworks.net

How secure is your network?

More Stories By David Dodd

David J. Dodd is currently in the United States and holds a current 'Top Secret' DoD Clearance and is available for consulting on various Information Assurance projects. A former U.S. Marine with Avionics background in Electronic Countermeasures Systems. David has given talks at the San Diego Regional Security Conference and SDISSA, is a member of InfraGard, and contributes to Secure our eCity http://securingourecity.org. He works for Xerox as Information Security Officer City of San Diego & pbnetworks Inc. http://pbnetworks.net a Service Disabled Veteran Owned Small Business (SDVOSB) located in San Diego, CA and can be contacted by emailing: dave at pbnetworks.net.

@ThingsExpo Stories
In his keynote at 18th Cloud Expo, Andrew Keys, Co-Founder of ConsenSys Enterprise, will provide an overview of the evolution of the Internet and the Database and the future of their combination – the Blockchain. Andrew Keys is Co-Founder of ConsenSys Enterprise. He comes to ConsenSys Enterprise with capital markets, technology and entrepreneurial experience. Previously, he worked for UBS investment bank in equities analysis. Later, he was responsible for the creation and distribution of life ...
In his session at 18th Cloud Expo, Bruce Swann, Senior Product Marketing Manager at Adobe, will discuss how the Adobe Marketing Cloud can help marketers embrace opportunities for personalized, relevant and real-time customer engagement across offline (direct mail, point of sale, call center) and digital (email, website, SMS, mobile apps, social networks, connected objects). Bruce Swann has more than 15 years of experience working with digital marketing disciplines like web analytics, social med...
What a difference a year makes. Organizations aren’t just talking about IoT possibilities, it is now baked into their core business strategy. With IoT, billions of devices generating data from different companies on different networks around the globe need to interact. From efficiency to better customer insights to completely new business models, IoT will turn traditional business models upside down. In the new customer-centric age, the key to success is delivering critical services and apps wit...
The essence of data analysis involves setting up data pipelines that consist of several operations that are chained together – starting from data collection, data quality checks, data integration, data analysis and data visualization (including the setting up of interaction paths in that visualization). In our opinion, the challenges stem from the technology diversity at each stage of the data pipeline as well as the lack of process around the analysis.
SYS-CON Events announced today that ContentMX, the marketing technology and services company with a singular mission to increase engagement and drive more conversations for enterprise, channel and SMB technology marketers, has been named “Sponsor & Exhibitor Lounge Sponsor” of SYS-CON's 18th Cloud Expo, which will take place on June 7-9, 2016, at the Javits Center in New York City, New York. “CloudExpo is a great opportunity to start a conversation with new prospects, but what happens after the...
SYS-CON Events announced today that 24Notion has been named “Bronze Sponsor” of SYS-CON's 18th Cloud Expo, which will take place on June 7-9, 2016, at the Javits Center in New York, New York. 24Notion is full-service global creative digital marketing, technology and lifestyle agency that combines strategic ideas with customized tactical execution. With a broad understand of the art of traditional marketing, new media, communications and social influence, 24Notion uniquely understands how to con...
The demand for organizations to expand their infrastructure to multiple IT environments like the cloud, on-premise, mobile, bring your own device (BYOD) and the Internet of Things (IoT) continues to grow. As this hybrid infrastructure increases, the challenge to monitor the security of these systems increases in volume and complexity. In his session at 18th Cloud Expo, Stephen Coty, Chief Security Evangelist at Alert Logic, will show how properly configured and managed security architecture can...
When it comes to IoT in the enterprise, namely the commercial building and hospitality markets, a benefit not getting the attention it deserves is energy efficiency, and IoT's direct impact on a cleaner, greener environment when installed in smart buildings. Until now clean technology was offered piecemeal and led with point solutions that require significant systems integration to orchestrate and deploy. There didn't exist a 'top down' approach that can manage and monitor the way a Smart Buildi...
SYS-CON Events announced today BZ Media LLC has been named “Media Sponsor” of SYS-CON's 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. BZ Media LLC is a high-tech media company that produces technical conferences and expositions, and publishes a magazine, newsletters and websites in the software development, SharePoint, mobile development and Commercial Drone markets.
WebRTC is bringing significant change to the communications landscape that will bridge the worlds of web and telephony, making the Internet the new standard for communications. Cloud9 took the road less traveled and used WebRTC to create a downloadable enterprise-grade communications platform that is changing the communication dynamic in the financial sector. In his session at @ThingsExpo, Leo Papadopoulos, CTO of Cloud9, will discuss the importance of WebRTC and how it enables companies to fo...
SYS-CON Events announced today TechTarget has been named “Media Sponsor” of SYS-CON's 18th International Cloud Expo, which will take place on June 7–9, 2016, at the Javits Center in New York City, NY, and the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. TechTarget is the Web’s leading destination for serious technology buyers researching and making enterprise technology decisions. Its extensive global networ...
With major technology companies and startups seriously embracing IoT strategies, now is the perfect time to attend @ThingsExpo 2016 in New York and Silicon Valley. Learn what is going on, contribute to the discussions, and ensure that your enterprise is as "IoT-Ready" as it can be! Internet of @ThingsExpo, taking place Nov 3-5, 2015, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with 17th Cloud Expo and will feature technical sessions from a rock star conference faculty ...
The 19th International Cloud Expo has announced that its Call for Papers is open. Cloud Expo, to be held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA, brings together Cloud Computing, Big Data, Internet of Things, DevOps, Containers, Microservices and WebRTC to one location. With cloud computing driving a higher percentage of enterprise IT budgets every year, it becomes increasingly important to plant your flag in this fast-expanding business opportunity. Submit y...
Internet of @ThingsExpo, taking place November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with the 19th International Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world and ThingsExpo New York Call for Papers is now open.
There are several IoTs: the Industrial Internet, Consumer Wearables, Wearables and Healthcare, Supply Chains, and the movement toward Smart Grids, Cities, Regions, and Nations. There are competing communications standards every step of the way, a bewildering array of sensors and devices, and an entire world of competing data analytics platforms. To some this appears to be chaos. In this power panel at @ThingsExpo, moderated by Conference Chair Roger Strukhoff, panelists will discuss the vast to...
SYS-CON Events announced today that Enzu, a leading provider of cloud hosting solutions, will exhibit at SYS-CON's 18th International Cloud Expo®, which will take place on June 7-9, 2016, at the Javits Center in New York City, NY. Enzu’s mission is to be the leading provider of enterprise cloud solutions worldwide. Enzu enables online businesses to use its IT infrastructure to their competitive advantage. By offering a suite of proven hosting and management services, Enzu wants companies to foc...
Customer experience has become a competitive differentiator for companies, and it’s imperative that brands seamlessly connect the customer journey across all platforms. With the continued explosion of IoT, join us for a look at how to build a winning digital foundation in the connected era – today and in the future. In his session at @ThingsExpo, Chris Nguyen, Group Product Marketing Manager at Adobe, will discuss how to successfully leverage mobile, rapidly deploy content, capture real-time d...
A strange thing is happening along the way to the Internet of Things, namely far too many devices to work with and manage. It has become clear that we'll need much higher efficiency user experiences that can allow us to more easily and scalably work with the thousands of devices that will soon be in each of our lives. Enter the conversational interface revolution, combining bots we can literally talk with, gesture to, and even direct with our thoughts, with embedded artificial intelligence, wh...
IoT generates lots of temporal data. But how do you unlock its value? How do you coordinate the diverse moving parts that must come together when developing your IoT product? What are the key challenges addressed by Data as a Service? How does cloud computing underlie and connect the notions of Digital and DevOps What is the impact of the API economy? What is the business imperative for Cognitive Computing? Get all these questions and hundreds more like them answered at the 18th Cloud Expo...
Whether your IoT service is connecting cars, homes, appliances, wearable, cameras or other devices, one question hangs in the balance – how do you actually make money from this service? The ability to turn your IoT service into profit requires the ability to create a monetization strategy that is flexible, scalable and working for you in real-time. It must be a transparent, smoothly implemented strategy that all stakeholders – from customers to the board – will be able to understand and comprehe...