OpenSSL Commands Ciphers Base64 Encode/Decode

OpenSSL Commands

Ciphers

# See the list under the 'Cipher commands' heading

openssl -h

# Or get a long list, one cipher per line

openssl list-cipher-commands

Base64 Encode/Decode

# Send encoded contents of input.txt to stdout

openssl enc -base64 -in input.txt

# Encode input.txt, output contents to output.txt

openssl enc -base64 -in input.txt -out output.txt

# Encode string via CLI, not file I/O

echo -n "encode me" | openssl enc -base64

# Decode string via CLI, not file I/O

echo "decode me" | openssl enc -base64 �Cd

Generate an RSA Key

# Default 512-bit key, sent to standard output

openssl genrsa

# 1024-bit key, saved to file named mykey.pem

openssl genrsa -out mykey.pem 1024

# Same as above, but encrypted with a passphrase

openssl genrsa -des3 -out mykey.pem 1024

# Generate a public version of your private RSA key (Remove passphrase from a key)

openssl rsa -in mykey.pem �Cout mykey-without-passphrase.pem

# Generates public key by decypting RSA private key with password

openssl rsa -in rsaprivate.pem -passin pass:xyz123 -pubout -out rsapublic.pem

Checking

#Check a Certificate Signing Request (CSR)

openssl req -text -noout -verify -in CSR.csr

#Check a private key

openssl rsa -in privateKey.key �Ccheck

#Check a certificate

openssl x509 -in certificate.crt -text �Cnoout

#Check a PKCS#12 file (.pfx or .p12)

openssl pkcs12 -info -in keyStore.p12

Generate Certificates

# To make certificates all in one step:

openssl req -new -x509 -nodes -out file.pem -keyout file.pem -days 3650

# Make a certificate request for a CA to sign (create self-signed cert/key):

openssl req -new �Cx509 -newkey rsa:2048 -days 365 -nodes -keyout

privKey.key

-out server.csr

? Generate a new private key and Certificate Signing Request

openssl req -out CSR.csr -new -newkey rsa:2048 -nodes -keyout

privateKey.key

#Generate

?a

?certificate

?signing

?request

?(CSR)

?for

?an

?existing

?private

?key

?

?

openssl req �Cnew -out CSR.csr -key privateKey.key

#Generate a certificate signing request based on an existing certificate

openssl x509 -x509toreq -in certificate.crt -out CSR.csr -signkey

privateKey.key

# To make an RSA key and then use the key to make the certificate signing request:

openssl genrsa -out myfile.key 1024

openssl req -new -key myfile.key -out myfile.csr

# Get a certificate from an SSL server

openssl s_client -connect :443

# Viewing Certificates

openssl x509 -in ssl.crt-text

#View the details of a certificate signing request with OpenSSL

openssl req -noout -text -in server.csr

# Verify Certificate (should get an OK)

openssl verify cert.pem

#verify a server cert against a CA

openssl verify -CApath /path/to/ca/ /path/to/cert/cert.pem

Sign Certificates

#Sign a Certificate Signing Request using a CA config file

openssl

?ca

?-?�\config

?ca.conf

?-?�\notext

?-?�\out

?certificate.pem.crt

?-?�\infiles

?certificate-?�\

request.txt

?

Convert Certificates

#Convert a DER file (.crt .cer .der) to PEM

openssl x509 -inform der -in certificate.cer -out certificate.pem

#Convert a PEM file to DER

openssl x509 -outform der -in certificate.pem -out certificate.der

#Convert a PKCS#12 file (.pfx .p12) containing a private key and certificates to PEM

openssl pkcs12 -in keyStore.pfx -out keyStore.pem -nodes

You can add -nocerts to only output the private key or add -nokeys to only output the certificates.

#Convert a PEM certificate file and a private key to PKCS#12 (.pfx .p12)

openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in

certificate.crt -certfile CACert.crt

Digests

# MD5 digest, output to stdout

openssl dgst -md5 filename

(md5sum filename should also work)

# SHA1 digest, output to stdout

openssl dgst -sha1 filename

(sha1sum filename should should also work)

# SHA1 digest of input.txt, output to output.txt

openssl sha1 -out output.txt input.txt

# Signs SHA1 hash of file.txt using RSA private key, output signature to rsasign.bin

openssl sha1 -sign rsaprivate.pem -out rsasign.bin file.txt

# Verifies signature of file.txt from rsasign.bin, using SHA1 & rsapublic.pem

openssl sha1 -verify rsapublic.pem -signature rsasign.bin file.txt

# List all digests

openssl list-message-digest-commands

Print the Contents of a Certificate

#Print a X.509 cert to stdout

openssl x509 -in mpage.pem -text

?

?

................
................

In order to avoid copyright disputes, this page is only a partial summary.

To fulfill the demand for quickly locating and searching documents.

It is intelligent file search solution for home and business.

Literature Lottery

OpenSSL Commands Ciphers Base64 Encode/Decode

To fulfill the demand for quickly locating and searching documents.

Related download

Related searches

OpenSSL Commands Ciphers Base64 Encode/Decode

Convert pfx to base64

To fulfill the demand for quickly locating and searching documents.

Related download

Related searches