Difference between revisions of "OpenSSL"

From wikieduonline
Jump to navigation Jump to search
Tags: Mobile web edit, Mobile edit
 
(28 intermediate revisions by 2 users not shown)
Line 1: Line 1:
 
[[Wikipedia:OpenSSL|OpenSSL]] (1988) is an open source implementation of the [[wikipedia:Transport Layer Security|TSL]] cryptographic protocol, and its now-deprecated predecessor, Secure Sockets Layer ([[SSL]]) protocol.  
 
[[Wikipedia:OpenSSL|OpenSSL]] (1988) is an open source implementation of the [[wikipedia:Transport Layer Security|TSL]] cryptographic protocol, and its now-deprecated predecessor, Secure Sockets Layer ([[SSL]]) protocol.  
 +
 +
* <code>[[yum install openssl]]</code>
 +
* [[rpmfind.net]]: https://rpmfind.net/linux/rpm2html/search.php?query=openssl
  
 
== CSR Examples ==
 
== CSR Examples ==
  
* '''Generate a new self signed Certificate instead of a [[Certificate Signing Request (CSR)]] '''
+
* '''Generate a new '''self signed certificate''' instead of a [[Certificate Signing Request (CSR)]] '''
: <code>openssl req -[[x509]] -nodes -days 3650 -newkey [[rsa]]:2048 -keyout private.key -out public.pem</code>
+
: <code>openssl req -[[x509]] -nodes -days 3650 -newkey [[rsa]]:2048 -keyout private.key -out public.[[pem]]</code>
 
::Output a self-signed certificate instead of a certificate request
 
::Output a self-signed certificate instead of a certificate request
 
:::<code>-nodes</code> (short for no DES) do not encrypt private key
 
:::<code>-nodes</code> (short for no DES) do not encrypt private key
 
:::<code>-x509</code> Output a self-signed certificate instead of a certificate request
 
:::<code>-x509</code> Output a self-signed certificate instead of a certificate request
  
* Read [[CSR]]
+
* Generate a multi domain self signed certificate, read https://serverfault.com/questions/73689/how-to-create-a-multi-domain-self-signed-certificate-for-apache2
:<code>openssl req -text -noout -in root.csr</code>
 
  
  
Line 16: Line 18:
 
:<code>openssl [[x509]] -text -noout -in root.crt</code>
 
:<code>openssl [[x509]] -text -noout -in root.crt</code>
  
== Encryption and decryption of files ==
+
* Read [[CSR]]  
'''Encrypt and decrypt a file'''<ref>https://unix.stackexchange.com/questions/162960/how-can-i-encrypt-a-file</ref> ([[GPG]] can also be used for encrypting and decrypting files)<br>
+
:<code>openssl req -text -noout -in root.csr</code>
Using aes-256-cbc cypher, You will be prompted for a password when encrypting that has to be used for decrypting.<ref>https://stackoverflow.com/a/31552829</ref>
 
  
* [[Encrypt]] file (<code>openssl enc</code>): 
 
:<code>openssl enc -[[aes-256]]-cbc -in un_encrypted.data -out encrypted.data</code>
 
: You can use <code>[[file]]</code> command to verify file type.
 
<pre>
 
file encrypted.data
 
encrypted.data: openssl enc'd data with salted password
 
</pre>
 
: Encrypt file providing password on the command line, be aware that your password will be store on [[history]] of your shell):
 
::<code>openssl aes-256-cbc -a -salt -in twitterpost.txt -out foo.enc -pass file:<( echo -n "someGoodPassword" )</code>
 
  
* [[Decrypt]] file (<code>openssl enc -d</code>):
+
== Public keys ==
:<code>openssl enc -d -aes-256-cbc -in encrypted.data -out un_encrypted.data</code>
+
* Generate a [[public key]] from a [[PEM]] private key
 +
:<code>openssl [[rsa]] -in mykey.pem -pubout > mykey.pub</code>
  
 
== Activities ==
 
== Activities ==
* Generate a [[random]] number: <code>openssl rand -base64 32</code><ref>https://www.howtogeek.com/howto/30184/10-ways-to-generate-a-random-password-from-the-command-line/</ref>
+
* Generate a [[random]] number: <code>[[openssl rand]] -base64 32</code><ref>https://www.howtogeek.com/howto/30184/10-ways-to-generate-a-random-password-from-the-command-line/</ref>
* <code>openssl s_client -showcerts -connect gnupg.org:443</code>
+
* Save remote [[SSL]] cert as a file:
* [[Encrypt]] a file using aes-256-cbc cypher using <code>[[openssl enc]]</code> command
+
** <code>[[openssl s_client]] -showcerts -connect YOUR_DOMAIN.COM:443</code><ref>https://superuser.com/questions/97201/how-to-save-a-remote-server-ssl-certificate-locally-as-a-file</ref>
 +
** <code>openssl s_client -showcerts -connect YOUR_DOMAIN.COM<:443 </dev/null 2>/dev/null | [[openssl x509]] -outform PEM > mycertfile.pem </code>
  
 +
* [[Encrypt and decrypt files]] using <code>[[openssl enc]]</code>
  
== Related commands ==
+
== Related terms ==
 
* <code>[[ansible-vault]] encrypt|decrypt|view</code>
 
* <code>[[ansible-vault]] encrypt|decrypt|view</code>
 +
* <code>[[ssh-keygen]]</code>
 +
* [[Cypher]]
 +
* [[Hash]]
 +
* <code>[[openssl (command)]]</code>
 +
* [[OpenSSL v3]]
 +
 +
== Vulnerabilities ==
 +
 +
 +
== Related ==
 +
* <code>[[pycrypto]]</code> python library
  
 
== See also ==
 
== See also ==
* [[Installing a web server/Nginx web server]]
+
* {{openssl}}
 
* {{openSSL}}
 
* {{openSSL}}
* {{OpenSSH}}
+
* {{OpenSSH}}  
*
 
 
* {{HTTPS}}
 
* {{HTTPS}}
* [[encfs]]
+
* {{Encryption}}
* [[GPG]]
 
* <code>[[pbcopy]]</code> [[macOS]] command
 
 
* {{secrets}}
 
* {{secrets}}
 
* {{RSA}}
 
* {{RSA}}

Latest revision as of 10:32, 17 January 2024

OpenSSL (1988) is an open source implementation of the TSL cryptographic protocol, and its now-deprecated predecessor, Secure Sockets Layer (SSL) protocol.

CSR Examples[edit]

openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout private.key -out public.pem
Output a self-signed certificate instead of a certificate request
-nodes (short for no DES) do not encrypt private key
-x509 Output a self-signed certificate instead of a certificate request


  • Read certificate (CRT)
openssl x509 -text -noout -in root.crt
openssl req -text -noout -in root.csr


Public keys[edit]

openssl rsa -in mykey.pem -pubout > mykey.pub

Activities[edit]

Related terms[edit]

Vulnerabilities[edit]

Related[edit]

See also[edit]

Text is available under the Creative Commons Attribution-ShareAlike License; additional terms may apply. By using this site, you agree to the Terms of Use and Privacy Policy.

Source: https://en.wikiversity.org/wiki/OpenSSL

Advertising: