2023-12-04 10:02:23 +00:00
---
website:
- https://www.openssl.org
- https://www.libressl.org
obj: application
---
# OpenSSL
OpenSSL is a [cryptography ](../Cryptography/Cryptography.md ) toolkit implementing the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) network protocols and related [cryptography ](../Cryptography/Cryptography.md ) standards required by them.
The openssl program is a command line program for using the various [cryptography ](../Cryptography/Cryptography.md ) functions of OpenSSL's crypto library from the [shell ](cli/Shell.md ). It can be used for:
- Creation and management of private keys, public keys and parameters
- Public key cryptographic operations
- Creation of X.509 certificates, CSRs and CRLs
- Calculation of Message Digests and Message Authentication Codes
- Encryption and Decryption with Ciphers
- SSL/TLS Client and Server Tests
- Handling of S/MIME signed or encrypted mail
- Timestamp requests, generation and verification
## Usage
```shell
openssl [command] [options]
```
### Certificates (`openssl req`, `openssl x509`)
#### Generate a certificate
Usage: `openssl req -x509 -key private_key.pem -out certificate.pem -days 365`
2023-12-13 22:45:40 +00:00
#### Generate a signed certificate
```shell
# Create Certificate Request
openssl req -new -key entity.key -out entity.csr
# Sign with CA
openssl x509 -req -in entity.csr -CA ca.crt -CAkey ca.key -out entity.crt -CAcreateserial
```
2023-12-04 10:02:23 +00:00
#### Show information about a certificate
Usage: `openssl x509 -in certificate.pem -text -noout`
### Digest (`openssl dgst`)
Use digest (hash) functions. (Use `openssl dgst -list` for a list of all available digests)
Usage: `openssl dgst [options] [file]`
#### Options
| Option | Description |
| ------------- | ----------------------------------- |
| `-c` | Print digest with seperating colons |
| `-r` | Print digest in coreutils format |
| `-out <file>` | Output to filename |
| `-hex` | Output as hex |
| `-binary` | Output in binary |
| `-<digest>` | Use \<digest> |
### Encryption (`openssl enc`)
Encrypt and decrypt using ciphers (Use `openssl enc -ciphers` for a list of all available ciphers)
Usage: `openssl enc [options]`
#### Options
| Option | Description |
| --------------- | ----------------------------------------------- |
| `-e` | Do Encryption |
| `-d` | Do Decryption |
| `-<cipher>` | Use \<cipher> |
| `-in <input>` | Input file |
| `-k <val>` | Passphrase |
| `-kfile <file>` | Read passphrase from file |
| `-out <output>` | Output file |
| `-a, -base64` | [Base64 ](../files/Base64.md ) decode/encode data |
| `-pbkdf2` | Use password-based key derivation function 2 |
| `-iter <num>` | Change iterations of `-pbkdf2` |
### [RSA](../Cryptography/RSA.md) (`openssl genrsa`, `openssl rsa`, `openssl pkeyutl`)
#### Generate [RSA](../Cryptography/RSA.md) Private Key (`openssl genrsa`)
```shell
openssl genrsa -out < keyfile > [-< cipher > ] [-verbose] [-quiet] < numbits >
```
The `-<cipher>` option lets you protect the key with a password using the specified cipher algo (See `openssl enc -ciphers` for a list of available ciphers).
#### Generate [RSA](../Cryptography/RSA.md) Public Key (`openssl rsa`)
```shell
openssl rsa -pubout -in < privatekey > [-passin file:< password_file > ] -out < publickey >
```
#### Working with [RSA](../Cryptography/RSA.md) (`openssl pkeyutl`)
```shell
# Sign with Private Key
openssl pkeyutl -sign -in < input > -inkey < private_key > [-passin file:< password_file > ] -out < output > [-digest algo]
# Verify with Public Key
openssl pkeyutl -verify -in < input > -pubin -inkey < public_key > -sigfile < signature_file >
# Encrypt with Public Key
openssl pkeyutl -encrypt -pubin -inkey < public_key > -in < input > -out < output >
# Decrypt with Private Key
openssl pkeyutl -decrypt -inkey < private_key > [-passin file:< password_file > ] -in < input > -out < output >
```
### Password Hash (`openssl passwd`)
Generate hashed passwords
Usage: `openssl passwd [options] [password]`
### Options
| Option | Description |
| ------------ | ------------------------------------------------ |
| `-in infile` | Read passwords from file |
| `-noverify` | Never verify when reading password from terminal |
| `-stdin` | Read passwords from stdin |
| `-salt val` | Use provided salt |
| `-6` | SHA512-based password algorithm |
| `-5` | SHA256-based password algorithm |
| `-apr1` | MD5-based password algorithm, Apache variant |
| `-1` | MD5-based password algorithm |
| `-aixmd5` | AIX MD5-based password algorithm |
### Prime Numbers (`openssl prime`)
Generate and verify prime numbers
Usage: `openssl prime [options] [num]`
#### Options
| Option | Description |
| ------------ | ------------------------------------------------- |
| `-bits +int` | Size of number in bits |
| `-hex` | Hex output |
| `-generate` | Generate a prime |
| `-safe` | When used with `-generate` , generate a safe prime |
### Random Data (`openssl rand`)
Generate random data.
Usage: `openssl rand [options] num`
#### Options
| Option | Description |
| -------------- | ------------------------------------------------------- |
| `-out outfile` | Output file |
| `-base64` | [Base64 ](../files/Base64.md ) encode output |
| `-hex` | Hex encode output |
| `-rand val` | Load the given file(s) into the random number generator |