OPENSSL 与 IPSEC

发布于 2024-09-24 02:09:45 字数 129 浏览 6 评论 0原文

只是一个非常普遍的问题,但是有人可以告诉我当我使用 openSSL 时 IPSEC 何时能够保护互联网上的数据传输?看来他们俩 正在做同样的事情,只是在网络协议的不同级别上。所以 我不太确定为什么我们需要它们。

为你的帮助干杯

just a very general question, but can somebody tell me when I use openSSL and
when IPSEC to secure data transfer over the internet? It seems both of them
are doing the same, only at different levels of the network protocol. So
I am not absolutely sure why we need both of them.

Cheers for your help

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(3

逆流 2024-10-01 02:09:45

是的,不同级别的网络协议。一种是在操作系统中实现,另一种是在应用程序中实现。

因此,两者都需要的原因是:

  • IPSEC 可以保护所有流量,包括来自不使用加密的应用程序的流量。但是,双方都必须使用支持 IPSEC 的操作系统,并且必须由系统管理员进行配置。

  • SSL 可以保护一个应用程序的流量。它不需要使用特定的操作系统,也不需要管理员访问权限来配置它。

Yes, different levels of the network protocol. One is implemented in the OS and the other in an application.

So the reason that both are needed:

  • IPSEC can secure all traffic including that from applications that don't use encryption. But, both sides must use an OS that supports IPSEC and must be configured by the system administrator.

  • SSL can secure the traffic for one application. It does not need to use a particular OS and it does not need administrator access permissions to configure it.

ま柒月 2024-10-01 02:09:45

伙计,你完全错了……两台机器之间的安全通信需要 IPSEC。

就像您想将数据包发送到另一台机器,但您希望没有人能够确定您正在使用的协议(tcp/udp 等),那么您就使用此 IPSEC。这还不是全部,关于 IPSEC 还有很多值得探索的地方。

openssl 可以说只是一个加密/身份验证函数库。

通过一个小例子就可以理解明显的区别。

假设您想要保护两台机器之间的流量,因此您创建安全加密数据包,将其发送到需要基于安全关联进行解密的其他机器。所有这些都是 IPSEC 协议的一部分。

当在发送机器上加密数据包时,您可能使用了一些 C/Linux 函数来加密数据包。这就是 openssl 发挥作用的地方。

同样,在另一端,当您捕获数据包并提取所需部分时,您可以使用计算机上使用的 openssl 函数对其进行解密。

我尽力解释它......希望它有帮助!如果还有任何疑问请澄清!

You are getting it all wrong buddy...IPSEC is required for a secure communication between two machines.

Like you want to send a packet to other machine but you want that no one could possibly even determine what protocol you are using (tcp/udp.. etc) then you use this IPSEC. and it is not all over there is so much to explore about IPSEC.

openssl is you can say just a encrytion/authentication functions library.

A clear difference could be understood wh a little example.

Suppose you want to secure traffic between two machines so you create secure encrypted packet , send it to other machine there it needs to be decrypted based on security associations.All this is part of IPSEC Protocol.

While when encrypting the packet on your sending machine you may have used some C/Linux functions to encrypt the packet.This is where openssl comes in place.

Similarly on the other end when you will capture the packet and extract the required part then you can decrypt it using openssl function used on your machine.

I tried explaining it with my best ... hope it helped !!! If still you have any doubt do clear !!!

执着的年纪 2024-10-01 02:09:45

IPSec 基于在后台运行的配置文件,并对两台计算机之间的所有数据进行加密。这种加密基于IP对、发起者和响应者(至少这是他们在我的工作场所使用的配置,或多或少符合标准)。两台机器之间的所有 IP 流量都会被加密。流量的类型和内容均未显示。它有自己的封装,封装整个数据包(包括数据包以前具有的所有标头)。然后,数据包在另一端被解封装(如果这是一个词),以获得完整的数据包(而不仅仅是有效负载)。加密可能使用 SSL 提供的加密(例如 OpenSSL)。

另一方面,SSL 会对数据进行加密,然后您就可以用它做任何您想做的事情。您可以将其放在 USB 上,然后将其交给某人,或者只是在本地对其进行加密以防止数据被盗,或者通过互联网或网络发送(在这种情况下,数据包本身不会被加密,只有有效负载,将通过 SSL 加密)。

IPSec is based on a configuration file that runs in the background and encrypts all the data between two machines. This encryption is based on IP pairs, an initiator and a responder (at least that's the configuration they use at my workplace, which more or less conforms to the standards). ALL the IP traffic between the two machines is then encrypted. Neither the type nor the content of the traffic is shown. It has its own encapsulation that encapsulates the WHOLE packet (including all the headers that the packet previously had). The packet is then decapsulated (if that's a word) at the other end to get a fully formed packet (not just the payload). The encryption might be using the encryption provided by SSL (e.g. OpenSSL).

SSL, on the other hand, encrypts the data and then you can do what ever you want with it. You can put it on a USB and then give it to someone or just keep it encrypted locally to prevent data theft or send it over the internet or a network (in which case the packet itself won't be encrypted, only the payload, which will be encrypted by SSL).

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文