Labels

Understanding OpenSSL: Understanding Key exchange

Understanding OpenSSL


Table of Content:

  • What is OpenSSL?
  • Making an OpenSSL client
  • Extracting the encryption algorithm
  • Conclusion




What is OpenSSL?

OpenSSL is an Open-Source Cryptographic library that enable secure connection between devices in a network. This enables devices to send data securely over the internet by encrypting the data. 

Some key features that OpenSSL offers are but not limited: Private key generation, Certificate management, data encryption and decryption

Making an OpenSSL Client

To simulate an OpenSSL client, OpenSSL has a toolkit called `s_client` that can be used to connect to a remote server for testing purposes.

Lets connect to a website, cyberstorm.mu:




The output of the command is quite long and has a lot of details. But for our case, we only required a field called "Server Temp Key" on the second screenshot. This field informs us what encryption algorithm is being used to encrypted the current data. Our connection is using `X25519` for more information about this Key exchange, look at my other blog here

Extracting the encryption algorithm

For our use case, we do not need all this data. We only need the key. To extract the data, a tool called `grep` will be used. GREP is a pattern searching utility in Linux that can use regular expression to search a text paragraph.

Command to extract the algorithm:
`openssl s_client cyberstorm.mu:443 | grep 'Server Key Temp' `

NOTE: Make sure that the text inside the GREP, matches the text in the paragraph. 


This is the full output using the GREP command. the ` | ` is the pipe symbol, it enables to redirect the terminal output to grep. Then grep searches in the text parsed then output if the search item is found.

In our case, it highlighted it red. cyberstorm.mu uses the `X25519` Key Exchange.

Conclusion

OpenSSL is a great Open-Source tool that can use to test the data encryption between devices over the internet. In this blog, OpenSSL and GREP were used to extract the algorithm used in the key Exchange.
Labels:

Comments

Post a Comment

Popular Posts