1/20/2016 - 2:24 PM

memento-openssl.md

Rendered
Source

[MEMENTO] OpenSSL

Generate RSA key and protect it with an AES 256 encryption

$  openssl genrsa -aes256 -out ca.key -rand ./ 4096

Create self-signed Root Certificate Authority

$  openssl req -new -x509 -sha256 -days 3650 -key ca.key -out ca.pem

Use SHA256 because SHA-1 is vulnerable
Using SHA256 requires OpenSSL 0.9.8 +.

Sign certificate with the CA

$  openssl ca -days 3650 -in file.req -out file.pem -notext

View certificate

$  openssl x509 -in file.pem -noout -text

Remove passphrase from private key

$  openssl rsa -in keywithpassphrase.key -out keywithoutpassphrase.key

View certificate MD5 Hash

$  openssl x509 -in cert.crt -noout -fingerprint -md5

Create PKCS12 with the CA

$  openssl pkcs12 -export -in cert.pem -inkey key.pem -certfile ca.pem -out file.p12

Extract the private key from a PKCS12

$  openssl pkcs12 -nocerts -in file.p12 -out file.key

Extract the certificate from a PKCS12

$  openssl pkcs12 -clcerts -nokeys -in file.p12 -out cert.crt

Revoke certificate

$  openssl ca -revoke cert.pem

Create Certificate Revocation List (CRL) for 30 days

$  openssl ca -gencrl -out crl.pem -crldays 30

View CRL

$  openssl crl -in crl.pem -text

Encrypt file

$  openssl enc -aes256 -e -salt -in file.txt -out file_encrypted.txt

Decrypt file

$ openssl enc -aes256 -d -in file_encrypted.txt -out filedecrypted.txt

Create public key from private key

$  openssl rsa -in privatekey.pem -pubout -out publickey.pem

Encrypt file with public key

$  openssl rsautl -encrypt -pubin -inkey publickey.pem -in file.txt -out file_encrypted.txt

Decrypt file with private key

$  openssl rsautl -decrypt -inkey privatekey.pem -in file_encrypted.txt -out file.txt

Sign file with private key

$  openssl rsautl -sign -inkey privatekey.pem -in file.txt -out signfile.txt

Verify signature with public key

$  openssl rsautl -verify -pubin -inkey publickey.pem -in signfile.txt -out file.txt

Encrypt SMIME mail with certificate

$  openssl smime -encrypt -aes256 -in mail.eml -out encrypted_mail.eml cert.crt

Decrypt SMIME mail with certificate

$  openssl smime -decrypt -in encrypted_mail.eml -recip cert.pem -inkey key.pem -out mail.eml

Sign SMIME mail

$  openssl smime -sign -in mail.eml -signer cert.pem -inkey key.pem -out signedmail.eml

Verify SMIME mail signature

$  openssl smime -verify -in signedmail.eml -out mail.eml

Cacher is the code snippet organizer for pro developers

We empower you and your team to get more done, faster

memento-openssl.md

[MEMENTO] OpenSSL

Generate RSA key and protect it with an AES 256 encryption

Create self-signed Root Certificate Authority

Sign certificate with the CA

View certificate

Remove passphrase from private key

View certificate MD5 Hash

Create PKCS12 with the CA

Extract the private key from a PKCS12

Extract the certificate from a PKCS12

Revoke certificate

Create Certificate Revocation List (CRL) for 30 days

View CRL

Encrypt file

Decrypt file

Create public key from private key

Encrypt file with public key

Decrypt file with private key

Sign file with private key

Verify signature with public key

Encrypt SMIME mail with certificate

Decrypt SMIME mail with certificate

Sign SMIME mail

Verify SMIME mail signature