jmarya/knowledge
jmarya/knowledge
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
knowledge/technology/cryptography/OpenSSL.md
JMARyA e7a85e5e00
path fix
2024-02-12 15:32:44 +01:00

141 lines
No EOL
6 KiB
Markdown
Raw Permalink Blame History

---
website:
- https://www.openssl.org
- https://www.libressl.org
obj: application
---
# OpenSSL
OpenSSL is a [cryptography](Cryptography.md) toolkit implementing the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) network protocols and related [cryptography](Cryptography.md) standards required by them.
The openssl program is a command line program for using the various [cryptography](Cryptography.md) functions of OpenSSL's crypto library from the [shell](../applications/cli/Shell.md). It can be used for:
- Creation and management of private keys, public keys and parameters
- Public key cryptographic operations
- Creation of X.509 certificates, CSRs and CRLs
- Calculation of Message Digests and Message Authentication Codes
- Encryption and Decryption with Ciphers
- SSL/TLS Client and Server Tests
- Handling of S/MIME signed or encrypted mail
- Timestamp requests, generation and verification
## Usage
```shell
openssl [command] [options]
```
### Certificates (`openssl req`, `openssl x509`)
#### Generate a certificate
Usage: `openssl req -x509 -key private_key.pem -out certificate.pem -days 365`
#### Generate a signed certificate
```shell
# Create Certificate Request
openssl req -new -key entity.key -out entity.csr
# Sign with CA
openssl x509 -req -in entity.csr -CA ca.crt -CAkey ca.key -out entity.crt -CAcreateserial
```
#### Show information about a certificate
Usage: `openssl x509 -in certificate.pem -text -noout`
### Digest (`openssl dgst`)
Use digest (hash) functions. (Use `openssl dgst -list` for a list of all available digests)
Usage: `openssl dgst [options] [file]`
#### Options
| Option | Description |
| ------------- | ----------------------------------- |
| `-c` | Print digest with seperating colons |
| `-r` | Print digest in coreutils format |
| `-out <file>` | Output to filename |
| `-hex` | Output as hex |
| `-binary` | Output in binary |
| `-<digest>` | Use \<digest> |
### Encryption (`openssl enc`)
Encrypt and decrypt using ciphers (Use `openssl enc -ciphers` for a list of all available ciphers)
Usage: `openssl enc [options]`
#### Options
| Option | Description |
| --------------- | ----------------------------------------------- |
| `-e` | Do Encryption |
| `-d` | Do Decryption |
| `-<cipher>` | Use \<cipher> |
| `-in <input>` | Input file |
| `-k <val>` | Passphrase |
| `-kfile <file>` | Read passphrase from file |
| `-out <output>` | Output file |
| `-a, -base64` | [Base64](../files/Base64.md) decode/encode data |
| `-pbkdf2` | Use password-based key derivation function 2 |
| `-iter <num>` | Change iterations of `-pbkdf2` |
### [RSA](RSA.md) (`openssl genrsa`, `openssl rsa`, `openssl pkeyutl`)
#### Generate [RSA](RSA.md) Private Key (`openssl genrsa`)
```shell
openssl genrsa -out <keyfile> [-<cipher>] [-verbose] [-quiet] <numbits>
```
The `-<cipher>` option lets you protect the key with a password using the specified cipher algo (See `openssl enc -ciphers` for a list of available ciphers).
#### Generate [RSA](RSA.md) Public Key (`openssl rsa`)
```shell
openssl rsa -pubout -in <privatekey> [-passin file:<password_file>] -out <publickey>
```
#### Working with [RSA](RSA.md) (`openssl pkeyutl`)
```shell
# Sign with Private Key
openssl pkeyutl -sign -in <input> -inkey <private_key> [-passin file:<password_file>] -out <output> [-digest algo]
# Verify with Public Key
openssl pkeyutl -verify -in <input> -pubin -inkey <public_key> -sigfile <signature_file>
# Encrypt with Public Key
openssl pkeyutl -encrypt -pubin -inkey <public_key> -in <input> -out <output>
# Decrypt with Private Key
openssl pkeyutl -decrypt -inkey <private_key> [-passin file:<password_file>] -in <input> -out <output>
```
### Password Hash (`openssl passwd`)
Generate hashed passwords
Usage: `openssl passwd [options] [password]`
### Options
| Option | Description |
| ------------ | ------------------------------------------------ |
| `-in infile` | Read passwords from file |
| `-noverify` | Never verify when reading password from terminal |
| `-stdin` | Read passwords from stdin |
| `-salt val` | Use provided salt |
| `-6` | SHA512-based password algorithm |
| `-5` | SHA256-based password algorithm |
| `-apr1` | MD5-based password algorithm, Apache variant |
| `-1` | MD5-based password algorithm |
| `-aixmd5` | AIX MD5-based password algorithm |
### Prime Numbers (`openssl prime`)
Generate and verify prime numbers
Usage: `openssl prime [options] [num]`
#### Options
| Option | Description |
| ------------ | ------------------------------------------------- |
| `-bits +int` | Size of number in bits |
| `-hex` | Hex output |
| `-generate` | Generate a prime |
| `-safe` | When used with `-generate`, generate a safe prime |
### Random Data (`openssl rand`)
Generate random data.
Usage: `openssl rand [options] num`
#### Options
| Option | Description |
| -------------- | ------------------------------------------------------- |
| `-out outfile` | Output file |
| `-base64` | [Base64](../files/Base64.md) encode output |
| `-hex` | Hex encode output |
| `-rand val` | Load the given file(s) into the random number generator |
Reference in a new issue View git blame Copy permalink