Editing OpenSSL

Jump to navigation Jump to search

Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.

The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then save the changes below to finish undoing the edit.

Latest revision Your text
Line 1: Line 1:
[[Wikipedia:OpenSSL|OpenSSL]] (1988) is an open source implementation of the [[wikipedia:Transport Layer Security|TSL]] cryptographic protocol, and its now-deprecated predecessor, Secure Sockets Layer ([[SSL]]) protocol.  
+
[[Wikipedia:OpenSSL|OpenSSL]] is an open source implementation of the [[wikipedia:Transport Layer Security|TSL]] cryptographic protocol, and its now-deprecated predecessor, Secure Sockets Layer ([[SSL]]) protocol.  
  
* <code>[[yum install openssl]]</code>
+
== Examples ==
* [[rpmfind.net]]: https://rpmfind.net/linux/rpm2html/search.php?query=openssl
 
  
== CSR Examples ==
+
* '''Generate a new self signed Certificate instead of a [[Certificate Signing Request (CSR)]] '''
 
+
: <code>openssl req -x509 -nodes -days 3650 -newkey [[rsa]]:2048 -keyout private.key -out public.pem</code>
* '''Generate a new '''self signed certificate''' instead of a [[Certificate Signing Request (CSR)]] '''
 
: <code>openssl req -[[x509]] -nodes -days 3650 -newkey [[rsa]]:2048 -keyout private.key -out public.[[pem]]</code>
 
 
::Output a self-signed certificate instead of a certificate request
 
::Output a self-signed certificate instead of a certificate request
 
:::<code>-nodes</code> (short for no DES) do not encrypt private key
 
:::<code>-nodes</code> (short for no DES) do not encrypt private key
 
:::<code>-x509</code> Output a self-signed certificate instead of a certificate request
 
:::<code>-x509</code> Output a self-signed certificate instead of a certificate request
  
* Generate a multi domain self signed certificate, read https://serverfault.com/questions/73689/how-to-create-a-multi-domain-self-signed-certificate-for-apache2
+
* Read [[CSR]]
 +
::<code>openssl req -text -noout -in root.csr</code>
  
  
* Read certificate ([[CRT]])
+
Read certificate (CRT)
:<code>openssl [[x509]] -text -noout -in root.crt</code>
+
* <code>openssl x509 -text -noout -in root.crt</code>
  
* Read [[CSR]]  
+
'''Encrypt and decrypt a file'''<ref>https://unix.stackexchange.com/questions/162960/how-can-i-encrypt-a-file</ref> ([[GPG]] can also be used for encrypting and decrypting files)<br>
:<code>openssl req -text -noout -in root.csr</code>
+
Using aes-256-cbc cypher, You will be prompted for a password when encrypting that has to be used for decrypting.<ref>https://stackoverflow.com/a/31552829</ref>
  
 +
* [[Encrypt]] file (<code>openssl enc</code>): 
 +
:<code>openssl enc -aes-256-cbc -in un_encrypted.data -out encrypted.data</code>
 +
: Use <code>[[file]]</code> command to verify file type.
 +
<pre>
 +
file encrypted.data
 +
encrypted.data: openssl enc'd data with salted password
 +
</pre>
  
== Public keys ==
+
* [[Decrypt]] file (<code>openssl enc -d</code>):
* Generate a [[public key]] from a [[PEM]] private key
+
:<code>openssl enc -d -aes-256-cbc -in encrypted.data -out un_encrypted.data</code>
:<code>openssl [[rsa]] -in mykey.pem -pubout > mykey.pub</code>
 
  
 
== Activities ==
 
== Activities ==
* Generate a [[random]] number: <code>[[openssl rand]] -base64 32</code><ref>https://www.howtogeek.com/howto/30184/10-ways-to-generate-a-random-password-from-the-command-line/</ref>
+
* Generate a [[random]] number: <code>openssl rand -base64 32</code><ref>https://www.howtogeek.com/howto/30184/10-ways-to-generate-a-random-password-from-the-command-line/</ref>
* Save remote [[SSL]] cert as a file:
+
* <code>openssl s_client -showcerts -connect gnupg.org:443</code>
** <code>[[openssl s_client]] -showcerts -connect YOUR_DOMAIN.COM:443</code><ref>https://superuser.com/questions/97201/how-to-save-a-remote-server-ssl-certificate-locally-as-a-file</ref>
+
* [[Encrypt]] a file using aes-256-cbc cypher using <code>[[openssl enc]]</code> command
** <code>openssl s_client -showcerts -connect YOUR_DOMAIN.COM<:443 </dev/null 2>/dev/null | [[openssl x509]] -outform PEM > mycertfile.pem </code>
 
 
 
* [[Encrypt and decrypt files]] using <code>[[openssl enc]]</code>
 
 
 
== Related terms ==
 
* <code>[[ansible-vault]] encrypt|decrypt|view</code>
 
* <code>[[ssh-keygen]]</code>
 
* [[Cypher]]
 
* [[Hash]]
 
* <code>[[openssl (command)]]</code>
 
* [[OpenSSL v3]]
 
 
 
== Vulnerabilities ==
 
 
 
 
 
== Related ==
 
* <code>[[pycrypto]]</code> python library
 
  
 
== See also ==
 
== See also ==
* {{openssl}}
+
* [[Installing a web server/Nginx web server]]
 
* {{openSSL}}
 
* {{openSSL}}
* {{OpenSSH}}  
+
* {{OpenSSH}}
 +
*
 
* {{HTTPS}}
 
* {{HTTPS}}
* {{Encryption}}
+
* [[encfs]]
 +
* [[GPG]]
 +
* <code>[[pbcopy]]</code> [[macOS]] command
 
* {{secrets}}
 
* {{secrets}}
 
* {{RSA}}
 
* {{RSA}}

Please note that all contributions to wikieduonline may be edited, altered, or removed by other contributors. If you do not want your writing to be edited mercilessly, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource (see Wikieduonline:Copyrights for details). Do not submit copyrighted work without permission!

Cancel Editing help (opens in new window)

Templates used on this page:

Retrieved from "https://www.wikieduonline.com/wiki/OpenSSL"

Advertising: