--- website: - https://www.openssl.org - https://www.libressl.org obj: application --- # OpenSSL OpenSSL is a [cryptography](../Cryptography/Cryptography.md) toolkit implementing the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) network protocols and related [cryptography](../Cryptography/Cryptography.md) standards required by them. The openssl program is a command line program for using the various [cryptography](../Cryptography/Cryptography.md) functions of OpenSSL's crypto library from the [shell](cli/Shell.md). It can be used for: - Creation and management of private keys, public keys and parameters - Public key cryptographic operations - Creation of X.509 certificates, CSRs and CRLs - Calculation of Message Digests and Message Authentication Codes - Encryption and Decryption with Ciphers - SSL/TLS Client and Server Tests - Handling of S/MIME signed or encrypted mail - Timestamp requests, generation and verification ## Usage ```shell openssl [command] [options] ``` ### Certificates (`openssl req`, `openssl x509`) #### Generate a certificate Usage: `openssl req -x509 -key private_key.pem -out certificate.pem -days 365` #refactor -> infos on signed certificates with CAs #### Show information about a certificate Usage: `openssl x509 -in certificate.pem -text -noout` ### Digest (`openssl dgst`) Use digest (hash) functions. (Use `openssl dgst -list` for a list of all available digests) Usage: `openssl dgst [options] [file]` #### Options | Option | Description | | ------------- | ----------------------------------- | | `-c` | Print digest with seperating colons | | `-r` | Print digest in coreutils format | | `-out ` | Output to filename | | `-hex` | Output as hex | | `-binary` | Output in binary | | `-` | Use \ | ### Encryption (`openssl enc`) Encrypt and decrypt using ciphers (Use `openssl enc -ciphers` for a list of all available ciphers) Usage: `openssl enc [options]` #### Options | Option | Description | | --------------- | ----------------------------------------------- | | `-e` | Do Encryption | | `-d` | Do Decryption | | `-` | Use \ | | `-in ` | Input file | | `-k ` | Passphrase | | `-kfile ` | Read passphrase from file | | `-out ` | Output file | | `-a, -base64` | [Base64](../files/Base64.md) decode/encode data | | `-pbkdf2` | Use password-based key derivation function 2 | | `-iter ` | Change iterations of `-pbkdf2` | ### [RSA](../Cryptography/RSA.md) (`openssl genrsa`, `openssl rsa`, `openssl pkeyutl`) #### Generate [RSA](../Cryptography/RSA.md) Private Key (`openssl genrsa`) ```shell openssl genrsa -out [-] [-verbose] [-quiet] ``` The `-` option lets you protect the key with a password using the specified cipher algo (See `openssl enc -ciphers` for a list of available ciphers). #### Generate [RSA](../Cryptography/RSA.md) Public Key (`openssl rsa`) ```shell openssl rsa -pubout -in [-passin file:] -out ``` #### Working with [RSA](../Cryptography/RSA.md) (`openssl pkeyutl`) ```shell # Sign with Private Key openssl pkeyutl -sign -in -inkey [-passin file:] -out [-digest algo] # Verify with Public Key openssl pkeyutl -verify -in -pubin -inkey -sigfile # Encrypt with Public Key openssl pkeyutl -encrypt -pubin -inkey -in -out # Decrypt with Private Key openssl pkeyutl -decrypt -inkey [-passin file:] -in -out ``` ### Password Hash (`openssl passwd`) Generate hashed passwords Usage: `openssl passwd [options] [password]` ### Options | Option | Description | | ------------ | ------------------------------------------------ | | `-in infile` | Read passwords from file | | `-noverify` | Never verify when reading password from terminal | | `-stdin` | Read passwords from stdin | | `-salt val` | Use provided salt | | `-6` | SHA512-based password algorithm | | `-5` | SHA256-based password algorithm | | `-apr1` | MD5-based password algorithm, Apache variant | | `-1` | MD5-based password algorithm | | `-aixmd5` | AIX MD5-based password algorithm | ### Prime Numbers (`openssl prime`) Generate and verify prime numbers Usage: `openssl prime [options] [num]` #### Options | Option | Description | | ------------ | ------------------------------------------------- | | `-bits +int` | Size of number in bits | | `-hex` | Hex output | | `-generate` | Generate a prime | | `-safe` | When used with `-generate`, generate a safe prime | ### Random Data (`openssl rand`) Generate random data. Usage: `openssl rand [options] num` #### Options | Option | Description | | -------------- | ------------------------------------------------------- | | `-out outfile` | Output file | | `-base64` | [Base64](../files/Base64.md) encode output | | `-hex` | Hex encode output | | `-rand val` | Load the given file(s) into the random number generator |