Jay Taylor's notes
back to listing indexMy OpenSSL Cheatsheet « joshdulac.com
[web search]
Original source (joshdulac.com)
Clipped on: 2013-09-11
My OpenSSL Cheatsheet
My collection of common OpenSSL commands over the past year, gathered from several different resources, organized and labeled.
Ciphers
# See the list under the 'Cipher commands' heading
openssl -h
# Or get a long list, one cipher per line
openssl list-cipher-commands
openssl -h
# Or get a long list, one cipher per line
openssl list-cipher-commands
Base64 Encode/Decode
# Send encoded contents of input.txt to stdout
openssl enc -base64 -in input.txt
# Encode input.txt, output contents to output.txt
openssl enc -base64 -in input.txt -out output.txt
# Encode string via CLI, not file I/O
echo -n "encode me" | openssl enc -base64
# Decode string via CLI, not file I/O
echo "decode me" | openssl enc -base64 -d
openssl enc -base64 -in input.txt
# Encode input.txt, output contents to output.txt
openssl enc -base64 -in input.txt -out output.txt
# Encode string via CLI, not file I/O
echo -n "encode me" | openssl enc -base64
# Decode string via CLI, not file I/O
echo "decode me" | openssl enc -base64 -d
Generate an RSA Key
# Default 512-bit key, sent to standard output
openssl genrsa
# 1024-bit key, saved to file named mykey.pem
openssl genrsa -out mykey.pem 1024
# Same as above, but encrypted with a passphrase
openssl genrsa -des3 -out mykey.pem 1024
# Generate a public version of your private RSA key
openssl rsa -in mykey.pem -pubout
# Generates public key by decypting RSA private key with password
openssl rsa -in rsaprivate.pem -passin pass:xyz123 -pubout -out rsapublic.pem
openssl genrsa
# 1024-bit key, saved to file named mykey.pem
openssl genrsa -out mykey.pem 1024
# Same as above, but encrypted with a passphrase
openssl genrsa -des3 -out mykey.pem 1024
# Generate a public version of your private RSA key
openssl rsa -in mykey.pem -pubout
# Generates public key by decypting RSA private key with password
openssl rsa -in rsaprivate.pem -passin pass:xyz123 -pubout -out rsapublic.pem
Generate Certificates
# To make certificates all in one step:
openssl req -new -x509 -nodes -out file.pem -keyout file.pem -days 3650
# Make a certificate request for a CA to sign:
openssl req -newkey rsa:1024 -keyout mycert.key -out mycert.csr -nodes
# To make an RSA key and then use the key to make the certificate signing request:
openssl genrsa -out myfile.key 1024
openssl req -new -key myfile.key -out myfile.csr
# Get a certificate from an SSL server
openssl s_client -connect domain.com:443
# Viewing Certificates
openssl x509 -in ssl.crt-text
# Verify Certificate (should get an OK)
openssl verify cert.pem
openssl req -new -x509 -nodes -out file.pem -keyout file.pem -days 3650
# Make a certificate request for a CA to sign:
openssl req -newkey rsa:1024 -keyout mycert.key -out mycert.csr -nodes
# To make an RSA key and then use the key to make the certificate signing request:
openssl genrsa -out myfile.key 1024
openssl req -new -key myfile.key -out myfile.csr
# Get a certificate from an SSL server
openssl s_client -connect domain.com:443
# Viewing Certificates
openssl x509 -in ssl.crt-text
# Verify Certificate (should get an OK)
openssl verify cert.pem
Digests
# MD5 digest, output to stdout
openssl dgst -md5 filename
(md5sum filename should also work)
# SHA1 digest, output to stdout
openssl dgst -sha1 filename
(sha1sum filename should should also work)
# SHA1 digest of input.txt, output to output.txt
openssl sha1 -out output.txt input.txt
# Signs SHA1 hash of file.txt using RSA private key, output signature to rsasign.bin
openssl sha1 -sign rsaprivate.pem -out rsasign.bin file.txt
# Verifies signature of file.txt from rsasign.bin, using SHA1 & rsapublic.pem
openssl sha1 -verify rsapublic.pem -signature rsasign.bin file.txt
# List all digests
openssl list-message-digest-commands
openssl dgst -md5 filename
(md5sum filename should also work)
# SHA1 digest, output to stdout
openssl dgst -sha1 filename
(sha1sum filename should should also work)
# SHA1 digest of input.txt, output to output.txt
openssl sha1 -out output.txt input.txt
# Signs SHA1 hash of file.txt using RSA private key, output signature to rsasign.bin
openssl sha1 -sign rsaprivate.pem -out rsasign.bin file.txt
# Verifies signature of file.txt from rsasign.bin, using SHA1 & rsapublic.pem
openssl sha1 -verify rsapublic.pem -signature rsasign.bin file.txt
# List all digests
openssl list-message-digest-commands
Print the Contents of a Certificate
#Print a X.509 cert to stdout
openssl x509 -in mpage.pem -text
openssl x509 -in mpage.pem -text
This entry was posted on Tuesday, August 10th, 2010 at 5:39 pm and is filed under Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.