List available Ciphers:
openssl ciphers -v
openssl ciphers -v tls1 #only TLS 1 ciphers
openssl ciphers -v tls1.2 #only TLS 1.2 ciphers
openssl list-cypher-commands
openssl ciphers -v 'HIGH' #only good ciphers
Test OpenSSL Speed:
openssl speed
openssl speed rsa #test only rsa
Generate self-signed cert:
openssl req \
-x509 -nodes -days 365 \
-newkey rsa:1024 -keyout mycert.pem -out mycert.pem
OR
openssl req \
-x509 -nodes -days 365 \
-subj '/C=US/ST=Oregon/L=Portland/CN=www.madboa.com' \
-newkey rsa:1024 -keyout mycert.pem -out mycert.pem
MD5 or SHA1 digest of file:
openssl dgst -md5 filename
openssl dgst -sha1 filename
Base64 encode / decode a file:
openssl enc -base64 -in infile.txt #encode to stdout
openssl enc -base64 -in infile.txt -out outfile.txt #encode to a file
echo "encode me" | openssl enc -base64 #encode through a pipe
echo "Zw5jb2RlIGllCg==" | openssl enc -base64 -d #decode through a pipe
Encrypt a file using 256-bit AES in CBC mode
openssl enc -aes-256-cbc -salt -in file.txt -out file.enc
openssl enc -aes-256-cbc -salt -in file.txt \
-out file.enc -pass pass:password
openssl enc -aes-256-cbc -salt -in file.txt \
-out file.enc -pass file:/path/to/passwd.txt
openssl enc -aes-256-cbc -a -salt -in file.txt -out file.enc #base64 for email
Decrypt binary / base64 AES CBC file
openssl enc -d -aes-256-cbc -in file.enc
openssl enc -d -aes-256-cbc -a -in file.enc # decode with base64
Encrypt a file using Triple DES with base64 "ASCII Armor"
openssl enc -e -a -salt -des3 -in file.txt -out file.des3
Decrypt a file encoded with Triple DES and base64 encoded
openssl enc -d -a -in file.des3 -out file.txt
Encrypt a file using Blowfish and base64 encode
openssl enc -e -a -salt -bf -in file.txt -out file.blowfish
Decrypt a file encoded with Blowfish and base64 encoded
openssl enc -d -a -bf -in file.blowfish -out file.txt
Generate an RSA key:
openssl genrsa
openssl genrsa -out mykep.pem 1024
openssl genrsa -des3 -out mykey.pem 1024
Generate a public RSA key:
openssl rsa -in mykey.pem -pubout
Generate a DES key:
openssl dsaparam -noout -out dsakey.pem -genkey 1024
Generate a shadow-style password hash:
openssl passwd -1 MySecret
openssl passwd -1 -salt sXiKzkus MySecret #specific salt
Test for prime number:
openssl prime 11905475924560753
Generate random number:
openssl rand -base64 128 #128 random base64 bits
openssl rand -out random_data.bin 1024 #1024 random binary bits
head -c 32 /dev/urandom | openssl enc -base64 #better entropy
Create an SSL certificate:
openssl genrsa -des3 -out server.key 1024 # create keys
openssl req -new -key server.key -out server.csr # create cert request
cp server.key server.key.org # remove passphrase
openssl rsa -in server.key.org -out server.key
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt # create cert
Decode an SSL Cert:
openssl x509 -in certificate.crt -text -noout
http://www.sslshopper.com/certificate-decoder.html
Encrypt from STDIN to STDOUT with a simple AES password
echo "Plain Text" | openssl enc -aes-256-cbc -a
Decrypt from STDIN to STDOUT with a simple AES password
echo "Cyphertext from above" | openssl enc -aes-256-cbc -d -a
http://www.akadia.com/services/ssh_test_certificate.html
http://www.yatblog.com/2007/02/27/how-to-create-a-ssl-certificate/
http://www.vanemery.com/Linux/Apache/openSSL.html
http://www.madboa.com/geek/openssl/
Tuesday, December 26, 2006
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment