Difference between revisions of "OpenSSL"

Latest revision as of 10:32, 17 January 2024

OpenSSL (1988) is an open source implementation of the TSL cryptographic protocol, and its now-deprecated predecessor, Secure Sockets Layer (SSL) protocol.

CSR Examples[edit]

Generate a new self signed certificate instead of a Certificate Signing Request (CSR)

openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout private.key -out public.pem

Output a self-signed certificate instead of a certificate request

-nodes (short for no DES) do not encrypt private key

-x509 Output a self-signed certificate instead of a certificate request

Generate a multi domain self signed certificate, read https://serverfault.com/questions/73689/how-to-create-a-multi-domain-self-signed-certificate-for-apache2

Read certificate (CRT)

openssl x509 -text -noout -in root.crt

Read CSR

openssl req -text -noout -in root.csr

Public keys[edit]

Generate a public key from a PEM private key

openssl rsa -in mykey.pem -pubout > mykey.pub

Activities[edit]

Generate a random number: openssl rand -base64 32^[1]
Save remote SSL cert as a file:
- openssl s_client -showcerts -connect YOUR_DOMAIN.COM:443^[2]
- openssl s_client -showcerts -connect YOUR_DOMAIN.COM<:443 </dev/null 2>/dev/null | openssl x509 -outform PEM > mycertfile.pem

Encrypt and decrypt files using openssl enc

Related terms[edit]

Vulnerabilities[edit]

Related[edit]

pycrypto python library

See also[edit]

openssl [ rand | s_client | passwd | openssl req | openssl rsa | openssl genrsa | openssl x509 | openssl ca | openssl verify | openssl ec | openssl dgst | openssl pkcs12 | openssl asn1parse | openssl help | .cer to .pem, openssl version
OpenSSL: RSA, ECDSA, WolfSSL, AES, Diffie-Hellman (DH) key-exchange, /etc/ssl/openssl.cnf, OpenSSL v3
OpenSSH (changelog): /etc/ssh/sshd_config | /etc/ssh/ssh_config | ~/.ssh/ | openSSL | sshd logs | sftp | scp | authorized_keys | ssh-keygen | ssh-keyscan | ssh-add | ssh-agent | ssh | Ssh -O stop | ssh-copy-id | CheckHostIP | UseKeychain, OpenSSF
HTTP, HTTP client, HTTP/1.1, HTTP/2, HTTP/3, HTTPS, HSTS CSR, TLS, SSL, openSSL, WebSockets, WebRTC, ssl_certificate QUIC, HPKP, CT, List of HTTP status codes, URL redirection, Content-type:, Webhook, HTTP headers, --insecure, Axios HTTP client, HTTP cookies, HTTP ETag
Encryption, openssl, ecryptfs, encfs, GPG, PGP, Symantec Encryption Desktop, VeraCrypt, CMEK, BitLocker, OAEP, Cypher
Secrets: Kubernetes secrets, ansible-vault, Hashicorp Vault, AWS Secrets Manager, Google Secret Manager, git-crypt, SOPS: Secrets OPerationS, Google Cloud Secret Manager
Public-key cryptography: RSA, DSA, ECDSA, EdDSA (Ed25519), AES, RSA Conference, hash, pkeyutl, Signature, key length, Easyrsa, OAEP, Ron Rivest, Adi Shamir, Leonard Adleman
SSL: OpenSSL, LibreSSL, wolfSSL, BoringSSL, SSL pinning, /etc/ssl/certs/, ca-certificates, /etc/ssl/, sslscan2

Text is available under the Creative Commons Attribution-ShareAlike License; additional terms may apply. By using this site, you agree to the Terms of Use and Privacy Policy.

Source: https://en.wikiversity.org/wiki/OpenSSL

[1] ttps://www.howtogeek.com/howto/30184/10-ways-to-generate-a-random-password-from-the-command-line/

[2] ttps://superuser.com/questions/97201/how-to-save-a-remote-server-ssl-certificate-locally-as-a-file

[1]

[2]

@@ Line 1: / Line 1: @@
-[[Wikipedia:OpenSSL|OpenSSL]] is an open source implementation of the [[wikipedia:Transport Layer Security|TSL]] cryptographic protocol, and its now-deprecated predecessor, Secure Sockets Layer ([[SSL]]) protocol.
+[[Wikipedia:OpenSSL|OpenSSL]] (1988) is an open source implementation of the [[wikipedia:Transport Layer Security|TSL]] cryptographic protocol, and its now-deprecated predecessor, Secure Sockets Layer ([[SSL]]) protocol.
+* <code>[[yum install openssl]]</code>
+* [[rpmfind.net]]: https://rpmfind.net/linux/rpm2html/search.php?query=openssl
 == CSR Examples ==
-* '''Generate a new self signed Certificate instead of a [[Certificate Signing Request (CSR)]] '''
+* '''Generate a new '''self signed certificate''' instead of a [[Certificate Signing Request (CSR)]] '''
-: <code>openssl req -x509 -nodes -days 3650 -newkey [[rsa]]:2048 -keyout private.key -out public.pem</code>
+: <code>openssl req -[[x509]] -nodes -days 3650 -newkey [[rsa]]:2048 -keyout private.key -out public.[[pem]]</code>
 ::Output a self-signed certificate instead of a certificate request
 :::<code>-nodes</code> (short for no DES) do not encrypt private key
 :::<code>-x509</code> Output a self-signed certificate instead of a certificate request
+* Generate a multi domain self signed certificate, read https://serverfault.com/questions/73689/how-to-create-a-multi-domain-self-signed-certificate-for-apache2
+* Read certificate ([[CRT]])
+:<code>openssl [[x509]] -text -noout -in root.crt</code>
 * Read [[CSR]]
@@ Line 13: / Line 22: @@
-* Read certificate ([[CRT]])
+== Public keys ==
-:<code>openssl x509 -text -noout -in root.crt</code>
+* Generate a [[public key]] from a [[PEM]] private key
+:<code>openssl [[rsa]] -in mykey.pem -pubout > mykey.pub</code>
-== Encryption and decryption of files ==
+== Activities ==
-'''Encrypt and decrypt a file'''<ref>https://unix.stackexchange.com/questions/162960/how-can-i-encrypt-a-file</ref> ([[GPG]] can also be used for encrypting and decrypting files)<br>
+* Generate a [[random]] number: <code>[[openssl rand]] -base64 32</code><ref>https://www.howtogeek.com/howto/30184/10-ways-to-generate-a-random-password-from-the-command-line/</ref>
-Using aes-256-cbc cypher, You will be prompted for a password when encrypting that has to be used for decrypting.<ref>https://stackoverflow.com/a/31552829</ref>
+* Save remote [[SSL]] cert as a file:
+** <code>[[openssl s_client]] -showcerts -connect YOUR_DOMAIN.COM:443</code><ref>https://superuser.com/questions/97201/how-to-save-a-remote-server-ssl-certificate-locally-as-a-file</ref>
+** <code>openssl s_client -showcerts -connect YOUR_DOMAIN.COM<:443 </dev/null 2>/dev/null | [[openssl x509]] -outform PEM > mycertfile.pem </code>
-* [[Encrypt]] file (<code>openssl enc</code>):
+* [[Encrypt and decrypt files]] using <code>[[openssl enc]]</code>
-:<code>openssl enc -[[aes-256]]-cbc -in un_encrypted.data -out encrypted.data</code>
-: You can use <code>[[file]]</code> command to verify file type.
-<pre>
-file encrypted.data
-encrypted.data: openssl enc'd data with salted password
-</pre>
-: Encrypt file providing password on the command line, be aware that your password will be store on [[history]] of your shell):
-::<code>openssl aes-256-cbc -a -salt -in twitterpost.txt -out foo.enc -pass file:<( echo -n "someGoodPassword" )</code>
-* [[Decrypt]] file (<code>openssl enc -d</code>):
+== Related terms ==
-:<code>openssl enc -d -aes-256-cbc -in encrypted.data -out un_encrypted.data</code>
+* <code>[[ansible-vault]] encrypt|decrypt|view</code>
+* <code>[[ssh-keygen]]</code>
+* [[Cypher]]
+* [[Hash]]
+* <code>[[openssl (command)]]</code>
+* [[OpenSSL v3]]
-== Activities ==
+== Vulnerabilities ==
-* Generate a [[random]] number: <code>openssl rand -base64 32</code><ref>https://www.howtogeek.com/howto/30184/10-ways-to-generate-a-random-password-from-the-command-line/</ref>
-* <code>openssl s_client -showcerts -connect gnupg.org:443</code>
-* [[Encrypt]] a file using aes-256-cbc cypher using <code>[[openssl enc]]</code> command
-== Related commands ==
+== Related ==
-* <code>[[ansible vault]]</code>
+* <code>[[pycrypto]]</code> python library
 == See also ==
-* [[Installing a web server/Nginx web server]]
+* {{openssl}}
 * {{openSSL}}
 * {{OpenSSH}}
-*
 * {{HTTPS}}
-* [[encfs]]
+* {{Encryption}}
-* [[GPG]]
-* <code>[[pbcopy]]</code> [[macOS]] command
 * {{secrets}}
 * {{RSA}}

Difference between revisions of "OpenSSL"

Latest revision as of 10:32, 17 January 2024

Contents

CSR Examples[edit]

Public keys[edit]

Activities[edit]

Related terms[edit]

Vulnerabilities[edit]

Related[edit]

See also[edit]

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Tools