6 KiB
| website | obj | ||
|---|---|---|---|
|
application |
OpenSSL
OpenSSL is a cryptography toolkit implementing the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) network protocols and related cryptography standards required by them.
The openssl program is a command line program for using the various cryptography functions of OpenSSL's crypto library from the shell. It can be used for:
- Creation and management of private keys, public keys and parameters
- Public key cryptographic operations
- Creation of X.509 certificates, CSRs and CRLs
- Calculation of Message Digests and Message Authentication Codes
- Encryption and Decryption with Ciphers
- SSL/TLS Client and Server Tests
- Handling of S/MIME signed or encrypted mail
- Timestamp requests, generation and verification
Usage
openssl [command] [options]
Certificates (openssl req, openssl x509)
Generate a certificate
Usage: openssl req -x509 -key private_key.pem -out certificate.pem -days 365
Generate a signed certificate
# Create Certificate Request
openssl req -new -key entity.key -out entity.csr
# Sign with CA
openssl x509 -req -in entity.csr -CA ca.crt -CAkey ca.key -out entity.crt -CAcreateserial
Show information about a certificate
Usage: openssl x509 -in certificate.pem -text -noout
Digest (openssl dgst)
Use digest (hash) functions. (Use openssl dgst -list for a list of all available digests)
Usage: openssl dgst [options] [file]
Options
| Option | Description |
|---|---|
-c |
Print digest with seperating colons |
-r |
Print digest in coreutils format |
-out <file> |
Output to filename |
-hex |
Output as hex |
-binary |
Output in binary |
-<digest> |
Use <digest> |
Encryption (openssl enc)
Encrypt and decrypt using ciphers (Use openssl enc -ciphers for a list of all available ciphers)
Usage: openssl enc [options]
Options
| Option | Description |
|---|---|
-e |
Do Encryption |
-d |
Do Decryption |
-<cipher> |
Use <cipher> |
-in <input> |
Input file |
-k <val> |
Passphrase |
-kfile <file> |
Read passphrase from file |
-out <output> |
Output file |
-a, -base64 |
Base64 decode/encode data |
-pbkdf2 |
Use password-based key derivation function 2 |
-iter <num> |
Change iterations of -pbkdf2 |
RSA (openssl genrsa, openssl rsa, openssl pkeyutl)
Generate RSA Private Key (openssl genrsa)
openssl genrsa -out <keyfile> [-<cipher>] [-verbose] [-quiet] <numbits>
The -<cipher> option lets you protect the key with a password using the specified cipher algo (See openssl enc -ciphers for a list of available ciphers).
Generate RSA Public Key (openssl rsa)
openssl rsa -pubout -in <privatekey> [-passin file:<password_file>] -out <publickey>
Working with RSA (openssl pkeyutl)
# Sign with Private Key
openssl pkeyutl -sign -in <input> -inkey <private_key> [-passin file:<password_file>] -out <output> [-digest algo]
# Verify with Public Key
openssl pkeyutl -verify -in <input> -pubin -inkey <public_key> -sigfile <signature_file>
# Encrypt with Public Key
openssl pkeyutl -encrypt -pubin -inkey <public_key> -in <input> -out <output>
# Decrypt with Private Key
openssl pkeyutl -decrypt -inkey <private_key> [-passin file:<password_file>] -in <input> -out <output>
Password Hash (openssl passwd)
Generate hashed passwords
Usage: openssl passwd [options] [password]
Options
| Option | Description |
|---|---|
-in infile |
Read passwords from file |
-noverify |
Never verify when reading password from terminal |
-stdin |
Read passwords from stdin |
-salt val |
Use provided salt |
-6 |
SHA512-based password algorithm |
-5 |
SHA256-based password algorithm |
-apr1 |
MD5-based password algorithm, Apache variant |
-1 |
MD5-based password algorithm |
-aixmd5 |
AIX MD5-based password algorithm |
Prime Numbers (openssl prime)
Generate and verify prime numbers
Usage: openssl prime [options] [num]
Options
| Option | Description |
|---|---|
-bits +int |
Size of number in bits |
-hex |
Hex output |
-generate |
Generate a prime |
-safe |
When used with -generate, generate a safe prime |
Random Data (openssl rand)
Generate random data.
Usage: openssl rand [options] num
Options
| Option | Description |
|---|---|
-out outfile |
Output file |
-base64 |
Base64 encode output |
-hex |
Hex encode output |
-rand val |
Load the given file(s) into the random number generator |