OpenSSL

OpenSSL (1988) is an open source implementation of the TSL cryptographic protocol, and its now-deprecated predecessor, Secure Sockets Layer (SSL) protocol.

CSR Examples

Generate a new self signed Certificate instead of a Certificate Signing Request (CSR)

openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout private.key -out public.pem

Output a self-signed certificate instead of a certificate request

-nodes (short for no DES) do not encrypt private key

-x509 Output a self-signed certificate instead of a certificate request

Read CSR

openssl req -text -noout -in root.csr

Read certificate (CRT)

openssl x509 -text -noout -in root.crt

Encryption and decryption of files

Encrypt and decrypt a file^[1] (GPG can also be used for encrypting and decrypting files)
Using aes-256-cbc cypher, You will be prompted for a password when encrypting that has to be used for decrypting.^[2]

Encrypt file (openssl enc):

openssl enc -aes-256-cbc -in un_encrypted.data -out encrypted.data

You can use file command to verify file type.

file encrypted.data
encrypted.data: openssl enc'd data with salted password

Encrypt file providing password on the command line, be aware that your password will be store on history of your shell):

openssl aes-256-cbc -a -salt -in twitterpost.txt -out foo.enc -pass file:<( echo -n "someGoodPassword" )

Decrypt file (openssl enc -d):

openssl enc -d -aes-256-cbc -in encrypted.data -out un_encrypted.data

Activities

Generate a random number: openssl rand -base64 32^[3]
openssl s_client -showcerts -connect gnupg.org:443
Encrypt a file using aes-256-cbc cypher using openssl enc command

Related commands

ansible-vault encrypt|decrypt|view

Installing a web server/Nginx web server
OpenSSL: RSA, ECDSA, WolfSSL, AES, Diffie-Hellman (DH) key-exchange, /etc/ssl/openssl.cnf, OpenSSL v3
OpenSSH (changelog): /etc/ssh/sshd_config | /etc/ssh/ssh_config | ~/.ssh/ | openSSL | sshd logs | sftp | scp | authorized_keys | ssh-keygen | ssh-keyscan | ssh-add | ssh-agent | ssh | Ssh -O stop | ssh-copy-id | CheckHostIP | UseKeychain, OpenSSF
HTTP, HTTP client, HTTP/1.1, HTTP/2, HTTP/3, HTTPS, HSTS CSR, TLS, SSL, openSSL, WebSockets, WebRTC, ssl_certificate QUIC, HPKP, CT, List of HTTP status codes, URL redirection, Content-type:, Webhook, HTTP headers, --insecure, Axios HTTP client, HTTP cookies, HTTP ETag, Hypertext Transfer Protocol -- HTTP/1.1
encfs
GPG
pbcopy macOS command
Secrets: Kubernetes secrets, ansible-vault, Hashicorp Vault, AWS Secrets Manager, Google Secret Manager, git-crypt, SOPS: Secrets OPerationS, Google Cloud Secret Manager, GitHub secret scanning alerts
Public-key cryptography: RSA, DSA, ECDSA, EdDSA (Ed25519), AES, RSA Conference, hash, pkeyutl, Signature, key length, Easyrsa, OAEP, Ron Rivest, Adi Shamir, Leonard Adleman
SSL: OpenSSL, LibreSSL, wolfSSL, BoringSSL, SSL pinning, /etc/ssl/certs/, ca-certificates, /etc/ssl/, sslscan2

Text is available under the Creative Commons Attribution-ShareAlike License; additional terms may apply. By using this site, you agree to the Terms of Use and Privacy Policy.

Source: https://en.wikiversity.org/wiki/OpenSSL

[1] ttps://unix.stackexchange.com/questions/162960/how-can-i-encrypt-a-file

[2] ttps://stackoverflow.com/a/31552829

[3] ttps://www.howtogeek.com/howto/30184/10-ways-to-generate-a-random-password-from-the-command-line/

[1]

[2]

[3]

OpenSSL

Contents

CSR Examples

Encryption and decryption of files

Activities

Related commands

See also

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Tools