Last active
December 11, 2022 09:58
-
-
Save placek/a0fea1b8f637e2bef357 to your computer and use it in GitHub Desktop.
OpenSSL cheat sheet
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# openssl version | |
openssl version | |
# openssl commands | |
openssl list-standard-commands | |
# ca - create certificate authorities | |
# dgst - compute hash functions | |
# enc - encrypt/decrypt using secret key algorithms (it is possible to generate using a password or directly a secret key stored in a file) | |
# genrsa - generate a pair of public/private key for the RSA algorithm | |
# password - generation of “hashed passwords” | |
# pkcs12 - manage information according to the PKCS #12 standard | |
# pkcs7 - manage information according to the PKCS #7 standard | |
# rand - Generation of pseudo-random bit strings | |
# rsa - RSA data management | |
# rsautl - To encrypt/decrypt or sign/verify signature with RSA | |
# verify - Checkings for X509 | |
# x509 - Data managing for X509 | |
# encode with base64 | |
cat document.txt | openssl enc -base64 -e | |
# decode with base64 | |
cat document.txt | openssl enc -base64 -d | |
# cipher file simetrically | |
cat document.txt | openssl enc -des -e -k myPassword -out document.txt.sec | |
# in human readable format | |
cat document.txt | openssl enc -des -base64 -e -k myPassword -out document.txt.sec | |
# uncipher | |
cat document.txt.sec | openssl enc -des -d -k myPassword | |
# compress with zlib | |
cat document.txt | openssl zlib -e | |
# uncompress with zlib | |
cat document.txt | openssl zlib -d | |
# hash with sha256 | |
cat document.txt | openssl dgst -sha256 | |
# separated with colon | |
cat document.txt | openssl dgst -sha256 -c | |
# in coreutils format | |
cat document.txt | openssl dgst -sha256 -r | |
# as a binary file | |
cat document.txt | openssl dgst -sha256 -binary | |
# generate private EC key | |
openssl ecparam -name secp256k1 -genkey -noout -out privkey.pem | |
# generate corresponding EC public key | |
openssl ec -in privkey.pem -pubout -out pubkey.pem | |
# signing | |
openssl dgst -sha256 -sign privkey.pem -out document.txt.sig document.txt | |
# verifing signature | |
openssl dgst -sha256 -verify pubkey.pem -signature document.txt.sig document.txt | |
# generate private RSA key | |
openssl genrsa -des3 -out privkey.pem 4096 | |
# generate public RSA key | |
openssl rsa -in privkey.pem -pubout -out pubkey.pem | |
# encrypt file | |
openssl rsautl -encrypt -pubin -inkey pubkey.pem -in document.txt -out document.txt.sec | |
# decrypt file | |
openssl rsautl -decrypt -inkey privkey.pem -in document.txt.sec | |
# signing | |
openssl dgst -sha256 -sign privkey.pem -out document.txt.sig document.txt | |
# verifing signature | |
openssl dgst -sha256 -verify pubkey.pem -signature document.txt.sig document.txt | |
# convert ssh privkey to openssl pem privkey | |
openssl rsa -in ~/.ssh/id_rsa -outform pem -out id_rsa.pem |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment