Commonly used to store passwords
    Converts an input string of any length to an output string of fixed length
        One-way:not feasible to get plaintext from hash
        Collision-free:not feasibleto find two strings that hash to the same output
        CRC-32 is not cryptographically secure
    Utilities:sha1sum,md5sum,chsum,openssl dgst
    To hash file see if it changed
        md5sum file    

[root@localhost ~]# vim file
this is a test file
[root@localhost ~]# md5sum file
79cbbfadcab143d2cc839ce5fce1c576  file
[root@localhost ~]# md5sum file
79cbbfadcab143d2cc839ce5fce1c576  file
[root@localhost ~]# md5sum file
79cbbfadcab143d2cc839ce5fce1c576  file

        sha1sum file
        openssl dgst -sha1

2.Message Authentication Codes(消息认证码)
    MAC is used to maintain the integrity of a network communication,preventing message from tampering
        Attacker needs secret key to forge MAC
    MAC funtion uses a shared secret key to generate MAC
        CBC-MAC:use block cipher to construct
            Encrypt the message in CBC mode and use last block
        HMAC:use keyed cryptographic hash
            HMAC(secret key,message)

3.User Authentication
    Cryptographic hash of account password is stored
        By adding random "salt" to password ,two users with the same password will have different password hashes
        MD5-based hash by default,old modified DES version also availble
    System hashes password given to login
    If passwords match,user is authenticated
    Utilities:password,openssl,openssl passwd -1
4.Asymmetric Encryption(非对称加密)
    Public key to encrypt,private key to decrypt
        Public means public,private means private
    Partial solution to key distribution problem
        Can give the public key to everybody
        RSA is limited in the size of the message(<100 bytes)it can encrypt,much slower than symmetric algorithms
        So,it is common to use RSA to transmit a secret symmetric session key securely,and switch to the faster symmetric secret key
    Utilities:gpg openssl rsautl
        Generate RSA key
            openssl genrsa 1024 > secret.key
        Extract public key from secret key
            openssl rsa -puboutn-in secret.key > public.key
        echo 'My secret message .' > tomylove.txt
        Encrypt using public key
            openssl rsautl -encrypt -pubin -inkey public.key -in tomylove.txt -out tomylove.encrypt
        Decrypt using secret key
            openssl rsautl -decrypt -inkey secret.key -in tomylove.enc -out tomylove.txt

[root@localhost ~]# useradd bob
[root@localhost ~]# useradd alice
[root@localhost ~]# su - bob


[bob@localhost ~]$ openssl genrsa 1024 > secret.key
Generating RSA private key, 1024 bit long modulus
e is 65537 (0x10001)


[bob@localhost ~]$ openssl rsa -pubout -in secret.key > public.key
writing RSA key


[root@localhost ~]# su - alice
[alice@localhost ~]$ openssl genrsa 1024 > secret.key
Generating RSA private key, 1024 bit long modulus
e is 65537 (0x10001)
[alice@localhost ~]$ openssl rsa -pubout -in secret.key > public.key
writing RSA key


[alice@localhost ~]$ cp public.key /tmp/alice.pub


[root@localhost ~]# su - bob
[bob@localhost ~]$ openssl rsautl -encrypt -pubin -inkey /tmp/alice.pub -in tomylove.txt -out tomylove.enc
[bob@localhost ~]$ cp tomylove.enc /tmp
[bob@localhost ~]$ su -
[root@localhost ~]# su - alice
[alice@localhost ~]$ openssl rsautl -decrypt -inkey secret.key -in /tmp/tomylove.enc -out tomylove.txt
[alice@localhost ~]$ ll tomylove.txt 
-rw-rw-r--. 1 alice alice 19 Jul 21 23:18 tomylove.txt
[alice@localhost ~]$ cat tomylove.txt 
My secret message。

                    Generate GPG keys
                        pgp --gen-key(RSA encrypt and sign)
                    Export public key
                        gpg --export -a > pulic.key
                    echo 'My secret message.' > tomylove.txt
                    Encrypt using public key
                        gpg -r keyID -e tomylove.txt(you got tomylove.gpg)
                    Import public key
                        gpg --import public.key
                    Decrypt using secret key
                        gpg -r keyID -o tomylove.txt -d tomylove.gpg