| |
| OpenSSL 0.9.2 31-Dec-1998 |
| |
| Copyright (c) 1998 The OpenSSL Project |
| Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson |
| All rights reserved. |
| |
| .... |
| |
| The OpenSSL Project is a collaborative effort to develop a robust, |
| commercial-grade, fully featured, and Open Source toolkit implementing the |
| Transport Layer Security (TLS v1) and Secure Sockets Layer (SSL v2/v3) |
| protocols with full-strength cryptography world-wide. The project is managed |
| by a worldwide community of volunteers that use the Internet to communicate, |
| plan, and develop the OpenSSL tookit and its related documentation. |
| |
| OpenSSL is based on the excellent SSLeay library developed from Eric A. Young |
| and Tim J. Hudson. The OpenSSL toolkit is licensed under a BSD-style licence, |
| which basically means that you are free to get and use it for commercial and |
| non-commercial purposes. |
| |
| The package includes: |
| |
| libssl.a: |
| Implementation of SSLv2, SSLv3, TLSv1 and the required code to support |
| both SSLv2, SSLv3 and TLSv1 in the one server. |
| |
| libcrypto.a: |
| General encryption and X.509 stuff needed by TLS/SSL but not actually |
| logically part of it. It includes routines for the following: |
| |
| Ciphers |
| libdes - EAY's libdes DES encryption package which has been floating |
| around the net for a few years. It includes 15 |
| 'modes/variations' of DES (1, 2 and 3 key versions of ecb, |
| cbc, cfb and ofb; pcbc and a more general form of cfb and |
| ofb) including desx in cbc mode, a fast crypt(3), and |
| routines to read passwords from the keyboard. |
| RC4 encryption, |
| RC2 encryption - 4 different modes, ecb, cbc, cfb and ofb. |
| Blowfish encryption - 4 different modes, ecb, cbc, cfb and ofb. |
| IDEA encryption - 4 different modes, ecb, cbc, cfb and ofb. |
| |
| Digests |
| MD5 and MD2 message digest algorithms, fast implementations, |
| SHA (SHA-0) and SHA-1 message digest algorithms, |
| MDC2 message digest. A DES based hash that is polular on smart cards. |
| |
| Public Key |
| RSA encryption/decryption/generation. |
| There is no limit on the number of bits. |
| DSA encryption/decryption/generation. |
| There is no limit on the number of bits. |
| Diffie-Hellman key-exchange/key generation. |
| There is no limit on the number of bits. |
| |
| X.509v3 certificates |
| X509 encoding/decoding into/from binary ASN1 and a PEM |
| based ascii-binary encoding which supports encryption with a |
| private key. Program to generate RSA and DSA certificate |
| requests and to generate RSA and DSA certificates. |
| |
| Systems |
| The normal digital envelope routines and base64 encoding. Higher |
| level access to ciphers and digests by name. New ciphers can be |
| loaded at run time. The BIO io system which is a simple non-blocking |
| IO abstraction. Current methods supported are file descriptors, |
| sockets, socket accept, socket connect, memory buffer, buffering, SSL |
| client/server, file pointer, encryption, digest, non-blocking testing |
| and null. |
| |
| Data structures |
| A dynamically growing hashing system |
| A simple stack. |
| A Configuration loader that uses a format similar to MS .ini files. |
| |
| Programs in this package include: |
| |
| enc - a general encryption program that can encrypt/decrypt using |
| one of 17 different cipher/mode combinations. The |
| input/output can also be converted to/from base64 |
| ascii encoding. |
| dgst - a generate message digesting program that will generate |
| message digests for any of md2, md5, sha (sha-0 or sha-1) |
| or mdc2. |
| asn1parse - parse and display the structure of an asn1 encoded |
| binary file. |
| rsa - Manipulate RSA private keys. |
| dsa - Manipulate DSA private keys. |
| dh - Manipulate Diffie-Hellman parameter files. |
| dsaparam- Manipulate and generate DSA parameter files. |
| crl - Manipulate certificate revocation lists. |
| crt2pkcs7- Generate a pkcs7 object containing a crl and a certificate. |
| x509 - Manipulate x509 certificates, self-sign certificates. |
| req - Manipulate PKCS#10 certificate requests and also |
| generate certificate requests. |
| genrsa - Generates an arbitrary sized RSA private key. |
| gendsa - Generates DSA parameters. |
| gendh - Generates a set of Diffie-Hellman parameters, the prime |
| will be a strong prime. |
| ca - Create certificates from PKCS#10 certificate requests. |
| This program also maintains a database of certificates |
| issued. |
| verify - Check x509 certificate signatures. |
| speed - Benchmark OpenSSL's ciphers. |
| s_server- A test SSL server. |
| s_client- A test SSL client. |
| s_time - Benchmark SSL performance of SSL server programs. |
| errstr - Convert from OpenSSL hex error codes to a readable form. |
| nseq - Netscape certificate sequence utility |
| |
| To install this package, read the INSTALL file. |
| For the Microsoft world, read INSTALL.W32 file. |
| |
| For people in the USA, it is possible to compile OpenSSL to use RSA Inc.'s |
| public key library, RSAref. Read doc/ssleay.txt under 'rsaref.doc' on how to |
| build with RSAref. |
| |
| Read the documentation in the doc directory. It is quite rough, but it lists |
| the functions, you will probably have to look at the code to work out how to |
| used them. Look at the example programs. |
| |
