Skip to content

Instantly share code, notes, and snippets.

@lee-pai-long

lee-pai-long/memento-openssl.md

Created January 20, 2016 14:24
Show Gist options
  • Save lee-pai-long/2075b27c577796c1c7d7 to your computer and use it in GitHub Desktop.
Save lee-pai-long/2075b27c577796c1c7d7 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
memento-openssl.md

[MEMENTO] OpenSSL

Generate RSA key and protect it with an AES 256 encryption

$  openssl genrsa -aes256 -out ca.key -rand ./ 4096

Create self-signed Root Certificate Authority

$  openssl req -new -x509 -sha256 -days 3650 -key ca.key -out ca.pem
  • Use SHA256 because SHA-1 is vulnerable
  • Using SHA256 requires OpenSSL 0.9.8 +.

Sign certificate with the CA

$  openssl ca -days 3650 -in file.req -out file.pem -notext

View certificate

$  openssl x509 -in file.pem -noout -text

Remove passphrase from private key

$  openssl rsa -in keywithpassphrase.key -out keywithoutpassphrase.key

View certificate MD5 Hash

$  openssl x509 -in cert.crt -noout -fingerprint -md5

Create PKCS12 with the CA

$  openssl pkcs12 -export -in cert.pem -inkey key.pem -certfile ca.pem -out file.p12

Extract the private key from a PKCS12

$  openssl pkcs12 -nocerts -in file.p12 -out file.key

Extract the certificate from a PKCS12

$  openssl pkcs12 -clcerts -nokeys -in file.p12 -out cert.crt

Revoke certificate

$  openssl ca -revoke cert.pem

Create Certificate Revocation List (CRL) for 30 days

$  openssl ca -gencrl -out crl.pem -crldays 30

View CRL

$  openssl crl -in crl.pem -text

Encrypt file

$  openssl enc -aes256 -e -salt -in file.txt -out file_encrypted.txt

Decrypt file

$ openssl enc -aes256 -d -in file_encrypted.txt -out filedecrypted.txt

Create public key from private key

$  openssl rsa -in privatekey.pem -pubout -out publickey.pem

Encrypt file with public key

$  openssl rsautl -encrypt -pubin -inkey publickey.pem -in file.txt -out file_encrypted.txt

Decrypt file with private key

$  openssl rsautl -decrypt -inkey privatekey.pem -in file_encrypted.txt -out file.txt

Sign file with private key

$  openssl rsautl -sign -inkey privatekey.pem -in file.txt -out signfile.txt

Verify signature with public key

$  openssl rsautl -verify -pubin -inkey publickey.pem -in signfile.txt -out file.txt

Encrypt SMIME mail with certificate

$  openssl smime -encrypt -aes256 -in mail.eml -out encrypted_mail.eml cert.crt

Decrypt SMIME mail with certificate

$  openssl smime -decrypt -in encrypted_mail.eml -recip cert.pem -inkey key.pem -out mail.eml

Sign SMIME mail

$  openssl smime -sign -in mail.eml -signer cert.pem -inkey key.pem -out signedmail.eml

Verify SMIME mail signature

$  openssl smime -verify -in signedmail.eml -out mail.eml
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment