Jay Taylor's notes

back to listing index

My OpenSSL Cheatsheet « joshdulac.com

[web search]
Original source (joshdulac.com)
Tags: ssl encryption security openssl cheatsheet joshdulac.com
Clipped on: 2013-09-11

My OpenSSL Cheatsheet

My collection of common OpenSSL commands over the past year, gathered from several different resources, organized and labeled.


# See the list under the 'Cipher commands' heading
  openssl -h

# Or get a long list, one cipher per line
  openssl list-cipher-commands

Base64 Encode/Decode

# Send encoded contents of input.txt to stdout
  openssl enc -base64 -in input.txt
# Encode input.txt, output contents to output.txt
  openssl enc -base64 -in input.txt -out output.txt
# Encode string via CLI, not file I/O
  echo -n "encode me" | openssl enc -base64
# Decode string via CLI, not file I/O
  echo "decode me" | openssl enc -base64 -d

Generate an RSA Key

# Default 512-bit key, sent to standard output
  openssl genrsa
# 1024-bit key, saved to file named mykey.pem
  openssl genrsa -out mykey.pem 1024
# Same as above, but encrypted with a passphrase
  openssl genrsa -des3 -out mykey.pem 1024
# Generate a public version of your private RSA key
  openssl rsa -in mykey.pem -pubout
# Generates public key by decypting RSA private key with password
  openssl rsa -in rsaprivate.pem -passin pass:xyz123 -pubout -out rsapublic.pem

Generate Certificates

# To make certificates all in one step:
  openssl req -new -x509 -nodes -out file.pem -keyout file.pem -days 3650
# Make a certificate request for a CA to sign:
  openssl req -newkey rsa:1024 -keyout mycert.key -out mycert.csr -nodes
# To make an RSA key and then use the key to make the certificate signing request:
  openssl genrsa -out myfile.key 1024
  openssl req -new -key myfile.key -out myfile.csr
# Get a certificate from an SSL server
  openssl s_client -connect domain.com:443
# Viewing Certificates
  openssl x509 -in ssl.crt-text
# Verify Certificate (should get an OK)
  openssl verify cert.pem


# MD5 digest, output to stdout
  openssl dgst -md5 filename
  (md5sum filename should also work)

# SHA1 digest, output to stdout
  openssl dgst -sha1 filename
  (sha1sum filename should should also work)

# SHA1 digest of input.txt, output to output.txt
  openssl sha1 -out output.txt input.txt

# Signs SHA1 hash of file.txt using RSA private key, output signature to rsasign.bin
  openssl sha1 -sign rsaprivate.pem -out rsasign.bin file.txt
# Verifies signature of file.txt from rsasign.bin, using SHA1 & rsapublic.pem
  openssl sha1 -verify rsapublic.pem -signature rsasign.bin file.txt

# List all digests
  openssl list-message-digest-commands

Print the Contents of a Certificate

#Print a X.509 cert to stdout
  openssl x509 -in mpage.pem -text

This entry was posted on Tuesday, August 10th, 2010 at 5:39 pm and is filed under Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.