Difference between revisions of "OpenSSL"

From wikieduonline
Jump to navigation Jump to search
Tags: Mobile web edit, Mobile edit
Tags: Mobile web edit, Mobile edit
Line 3: Line 3:
 
== CSR Examples ==
 
== CSR Examples ==
  
* '''Generate a new self signed Certificate instead of a [[Certificate Signing Request (CSR)]] '''
+
* '''Generate a new '''self signed certificate''' instead of a [[Certificate Signing Request (CSR)]] '''
 
: <code>openssl req -[[x509]] -nodes -days 3650 -newkey [[rsa]]:2048 -keyout private.key -out public.[[pem]]</code>
 
: <code>openssl req -[[x509]] -nodes -days 3650 -newkey [[rsa]]:2048 -keyout private.key -out public.[[pem]]</code>
 
::Output a self-signed certificate instead of a certificate request
 
::Output a self-signed certificate instead of a certificate request
 
:::<code>-nodes</code> (short for no DES) do not encrypt private key
 
:::<code>-nodes</code> (short for no DES) do not encrypt private key
 
:::<code>-x509</code> Output a self-signed certificate instead of a certificate request
 
:::<code>-x509</code> Output a self-signed certificate instead of a certificate request
 +
 +
* Generate a multi domain self signed certificate, read https://serverfault.com/questions/73689/how-to-create-a-multi-domain-self-signed-certificate-for-apache2
  
  

Revision as of 08:06, 12 April 2020

OpenSSL (1988) is an open source implementation of the TSL cryptographic protocol, and its now-deprecated predecessor, Secure Sockets Layer (SSL) protocol.

CSR Examples

openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout private.key -out public.pem
Output a self-signed certificate instead of a certificate request
-nodes (short for no DES) do not encrypt private key
-x509 Output a self-signed certificate instead of a certificate request


  • Read certificate (CRT)
openssl x509 -text -noout -in root.crt
openssl req -text -noout -in root.csr

Encryption and decryption of files

Encrypt and decrypt a file[1] (GPG can also be used for encrypting and decrypting files)
Using aes-256-cbc cypher, You will be prompted for a password when encrypting that has to be used for decrypting.[2]

openssl enc -aes-256-cbc -in un_encrypted.data -out encrypted.data
You can use file command to verify file type.
file encrypted.data
encrypted.data: openssl enc'd data with salted password
Encrypt file providing password on the command line, be aware that your password will be store on history of your shell):
openssl aes-256-cbc -a -salt -in twitterpost.txt -out foo.enc -pass file:<( echo -n "someGoodPassword" )
openssl enc -d -aes-256-cbc -in encrypted.data -out un_encrypted.data

Activities

  • Generate a random number: openssl rand -base64 32[3]
  • openssl s_client -showcerts -connect gnupg.org:443
  • Encrypt a file using aes-256-cbc cypher using openssl enc command


Related commands

See also

Text is available under the Creative Commons Attribution-ShareAlike License; additional terms may apply. By using this site, you agree to the Terms of Use and Privacy Policy.

Source: https://en.wikiversity.org/wiki/OpenSSL

Advertising: