Difference between revisions of "OpenSSL"
Jump to navigation
Jump to search
| Line 1: | Line 1: | ||
| + | [[Wikipedia:OpenSSL|OpenSSL]] is an open source implementation of the [[w:Transport Layer Security|TSL]] [[Cryptography|cryptographic]] protocol, and its now-deprecated predecessor, Secure Sockets Layer (SSL) protocol. You can perform some basic operations, such us: | ||
| + | '''Generate a new self signed Certificate instead of a CSR ''' | ||
| + | * <code>openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout private.key -out public.pem</code> | ||
| + | Output a self-signed certificate instead of a certificate request | ||
| + | ::<code>-nodes</code> (short for no DES) do not encrypt private key | ||
| + | ::<code>-x509</code> Output a self-signed certificate instead of a certificate request | ||
| + | Read CSR | ||
| + | * <code>openssl req -text -noout -in root.csr</code> | ||
| + | |||
| + | |||
| + | Read certificate (CRT) | ||
| + | * <code>openssl x509 -text -noout -in root.crt</code> | ||
| + | |||
| + | '''Encrypt and decrypt a file'''<ref>https://unix.stackexchange.com/questions/162960/how-can-i-encrypt-a-file</ref> ([[GPG]] can also be used for encrypting and decrypting files)<br> | ||
| + | Using aes-256-cbc cypher, You will be prompted for a password when encrypting that has to be used for decrypting.<ref>https://stackoverflow.com/a/31552829</ref> | ||
| + | * Encrypt file: | ||
| + | :<code>openssl enc -aes-256-cbc -in un_encrypted.data -out encrypted.data</code> | ||
| + | : Use <code>[[file]]</code> command to verify file type. | ||
| + | <pre> | ||
| + | file encrypted.data | ||
| + | encrypted.data: openssl enc'd data with salted password | ||
| + | </pre> | ||
| + | * Decrypt file: | ||
| + | :<code>openssl enc -d -aes-256-cbc -in encrypted.data -out un_encrypted.data</code> | ||
| Line 6: | Line 30: | ||
* Generate a [[random]] number: <code>openssl rand -base64 32</code><ref>https://www.howtogeek.com/howto/30184/10-ways-to-generate-a-random-password-from-the-command-line/</ref> | * Generate a [[random]] number: <code>openssl rand -base64 32</code><ref>https://www.howtogeek.com/howto/30184/10-ways-to-generate-a-random-password-from-the-command-line/</ref> | ||
* <code>openssl s_client -showcerts -connect gnupg.org:443</code> | * <code>openssl s_client -showcerts -connect gnupg.org:443</code> | ||
| + | * Encrypt a file using aes-256-cbc cypher using <code>openssl enc</code> command | ||
== See also == | == See also == | ||
| + | * [[Installing a web server/Nginx web server]] | ||
* {{OpenSSH}} | * {{OpenSSH}} | ||
* <code>[[ansible-vault]]</code> | * <code>[[ansible-vault]]</code> | ||
* {{HTTPS}} | * {{HTTPS}} | ||
| + | * [[encfs]] | ||
| + | * [[GPG]] | ||
| + | * <code>[[pbcopy]]</code> [[macOS]] command | ||
[[Category:Security]] | [[Category:Security]] | ||
[[Category:Cryptography]] | [[Category:Cryptography]] | ||
| + | |||
| + | {{CC license}} | ||
| + | Source: https://en.wikiversity.org/wiki/OpenSSL | ||
Revision as of 09:27, 27 December 2019
OpenSSL is an open source implementation of the TSL cryptographic protocol, and its now-deprecated predecessor, Secure Sockets Layer (SSL) protocol. You can perform some basic operations, such us:
Generate a new self signed Certificate instead of a CSR
openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout private.key -out public.pem
Output a self-signed certificate instead of a certificate request
-nodes(short for no DES) do not encrypt private key-x509Output a self-signed certificate instead of a certificate request
Read CSR
openssl req -text -noout -in root.csr
Read certificate (CRT)
openssl x509 -text -noout -in root.crt
Encrypt and decrypt a file[1] (GPG can also be used for encrypting and decrypting files)
Using aes-256-cbc cypher, You will be prompted for a password when encrypting that has to be used for decrypting.[2]
- Encrypt file:
openssl enc -aes-256-cbc -in un_encrypted.data -out encrypted.data- Use
filecommand to verify file type.
file encrypted.data encrypted.data: openssl enc'd data with salted password
- Decrypt file:
openssl enc -d -aes-256-cbc -in encrypted.data -out un_encrypted.data
Activities
- Generate a random number:
openssl rand -base64 32[3] openssl s_client -showcerts -connect gnupg.org:443- Encrypt a file using aes-256-cbc cypher using
openssl enccommand
See also
- Installing a web server/Nginx web server
- OpenSSH (changelog):
/etc/ssh/sshd_config|/etc/ssh/ssh_config|~/.ssh/|openSSL | sshd logs|sftp|scp|authorized_keys|ssh-keygen|ssh-keyscan|ssh-add|ssh-agent|ssh|Ssh -O stop|ssh-copy-id|CheckHostIP|UseKeychain, OpenSSF ansible-vault- HTTP, HTTP client, HTTP/1.1, HTTP/2, HTTP/3, HTTPS, HSTS CSR, TLS, SSL,
openSSL, WebSockets, WebRTC,ssl_certificateQUIC, HPKP, CT, List of HTTP status codes, URL redirection, Content-type:, Webhook, HTTP headers,--insecure, Axios HTTP client, HTTP cookies, HTTP ETag, Hypertext Transfer Protocol -- HTTP/1.1 - encfs
- GPG
pbcopymacOS command
Text is available under the Creative Commons Attribution-ShareAlike License; additional terms may apply. By using this site, you agree to the Terms of Use and Privacy Policy.
Advertising:
