Created
September 18, 2023 17:28
-
-
Save vkosuri/dbc5f375c6a461b49d0cc3022b045d0d to your computer and use it in GitHub Desktop.
Exploring OpenSSL Bash Script for Enhanced Security
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Function to display usage instructions | |
| usage() { | |
| echo "Usage: $0 <operation> [options]" | |
| echo "Operations:" | |
| echo " genca - Generate a CA certificate and output public key, private key, and CSR." | |
| echo " genec - Generate an EC key and certificate." | |
| echo " genrsa - Generate an RSA key and certificate." | |
| echo " genpkcs12 - Generate a PKCS#12 (.pfx) file from a private key and certificate." | |
| echo " der2pem - Convert a DER file to PEM format." | |
| echo " pem2der - Convert a PEM file to DER format." | |
| echo " encrypt - Encrypt a file with AES-256-CBC encryption." | |
| echo " hashfile - Create a SHA-256 hash of a file." | |
| echo " gen-self-signed - Generate a self-signed certificate." | |
| exit 1 | |
| } | |
| # Check for the correct number of arguments | |
| if [ $# -lt 1 ]; then | |
| usage | |
| fi | |
| # Perform the selected operation based on the command line argument | |
| case "$1" in | |
| genca) | |
| if [ $# -ne 5 ]; then | |
| echo "Usage: $0 genca <output_prefix> <common_name> <country_code> <san>" | |
| exit 1 | |
| fi | |
| output_prefix="$2" | |
| common_name="$3" | |
| country_code="$4" | |
| san="$5" | |
| # Create a configuration file for the CA certificate | |
| cat > ca-config.cnf << EOF | |
| [req] | |
| default_bits = 2048 | |
| prompt = no | |
| distinguished_name = dn | |
| [dn] | |
| C = ${country_code} | |
| CN = ${common_name} | |
| EOF | |
| # Generate the CA private key | |
| openssl genpkey -algorithm RSA -out "${output_prefix}_private.pem" | |
| # Generate the CA self-signed certificate with extensions | |
| openssl req -new -x509 -key "${output_prefix}_private.pem" -out "${output_prefix}_public.pem" -config ca-config.cnf -extensions v3_ca -subj "/C=${country_code}/CN=${common_name}/SAN=${san}" | |
| # Clean up the temporary configuration file | |
| rm -f ca-config.cnf | |
| ;; | |
| genec) | |
| if [ $# -ne 2 ]; then | |
| echo "Usage: $0 genec <output_prefix>" | |
| exit 1 | |
| fi | |
| output_prefix="$2" | |
| openssl ecparam -genkey -name secp256k1 -out "${output_prefix}_private.pem" | |
| openssl req -new -key "${output_prefix}_private.pem" -out "${output_prefix}_cert.csr" | |
| openssl req -x509 -key "${output_prefix}_private.pem" -in "${output_prefix}_cert.csr" -out "${output_prefix}_public.pem" | |
| ;; | |
| genrsa) | |
| if [ $# -ne 2 ]; then | |
| echo "Usage: $0 genrsa <output_prefix>" | |
| exit 1 | |
| fi | |
| output_prefix="$2" | |
| openssl genrsa -out "${output_prefix}_private.pem" 2048 | |
| openssl req -new -key "${output_prefix}_private.pem" -out "${output_prefix}_cert.csr" | |
| openssl req -x509 -key "${output_prefix}_private.pem" -in "${output_prefix}_cert.csr" -out "${output_prefix}_public.pem" | |
| ;; | |
| genpkcs12) | |
| if [ $# -ne 4 ]; then | |
| echo "Usage: $0 genpkcs12 <private_key> <certificate> <output_pfx>" | |
| exit 1 | |
| fi | |
| private_key="$2" | |
| certificate="$3" | |
| output_pfx="$4" | |
| openssl pkcs12 -export -out "${output_pfx}" -inkey "${private_key}" -in "${certificate}" | |
| ;; | |
| der2pem) | |
| if [ $# -ne 3 ]; then | |
| echo "Usage: $0 der2pem <input_der> <output_pem>" | |
| exit 1 | |
| fi | |
| input_der="$2" | |
| output_pem="$3" | |
| openssl x509 -inform der -in "${input_der}" -out "${output_pem}" | |
| ;; | |
| pem2der) | |
| if [ $# -ne 3 ]; then | |
| echo "Usage: $0 pem2der <input_pem> <output_der>" | |
| exit 1 | |
| fi | |
| input_pem="$2" | |
| output_der="$3" | |
| openssl x509 -outform der -in "${input_pem}" -out "${output_der}" | |
| ;; | |
| encrypt) | |
| if [ $# -ne 4 ]; then | |
| echo "Usage: $0 encrypt <input_file> <output_file>" | |
| exit 1 | |
| fi | |
| input_file="$2" | |
| output_file="$3" | |
| openssl enc -aes-256-cbc -salt -in "${input_file}" -out "${output_file}" | |
| ;; | |
| hashfile) | |
| if [ $# -ne 3 ]; then | |
| echo "Usage: $0 hashfile <input_file> <output_hash_file>" | |
| exit 1 | |
| fi | |
| input_file="$2" | |
| output_hash_file="$3" | |
| openssl dgst -sha256 -out "${output_hash_file}" "${input_file}" | |
| ;; | |
| gen-self-signed) | |
| if [ $# -ne 2 ]; then | |
| echo "Usage: $0 gen-self-signed <output_prefix>" | |
| exit 1 | |
| fi | |
| output_prefix="$2" | |
| openssl req -new -x509 -keyout "${output_prefix}_private.pem" -out "${output_prefix}_public.pem" | |
| openssl req -new -keyout "${output_prefix}_private.pem" -out "${output_prefix}_csr.pem" | |
| ;; | |
| *) | |
| usage | |
| ;; | |
| esac | |
| echo "Operation completed." |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment