Docsity
Log inSign up
Docsity
Prepare for your exams
Prepare for your exams

Study with the several resources on Docsity

Earn points to download
Earn points to download

Earn points by helping other students or get them with a premium plan

Guidelines and tips
Guidelines and tips
Sell on Docsity
Sell on Docsity
Log inSign up

Prepare for your exams

Study with the several resources on Docsity

Find documents

Prepare for your exams with the study notes shared by other students like you on Docsity

Search Store documents

The best documents sold by students who completed their studies

Search through all study resources
Docsity AINEW

Summarize your documents, ask them questions, convert them into quizzes and concept maps

Explore questions

Clear up your doubts by reading the answers to questions asked by your fellow students

Earn points to download

Earn points by helping other students or get them with a premium plan

Share documents
download point icon20 Points

For each uploaded document

Answer questions
download point icon5 Points

For each given answer (max 1 per day)

All the ways to get free points
Get points immediately

Choose a premium plan with all the points you need

Study Opportunities

Choose your next study program

Get in touch with the best universities in the world. Search through thousands of universities and official partners

Community

Ask the community

Ask the community for help and clear up your study doubts

University Rankings

Discover the best universities in your country according to Docsity users

Free resources

Our save-the-student-ebooks!

Download our free guides on studying techniques, anxiety management strategies, and thesis advice from Docsity tutors

From our blog

Exams and Study
Go to the blog

OpenSSL Cheat Sheet: Digital Signature and Certificates, Cheat Sheet of Software Engineering

Babson CollegeSoftware Engineering

This document contains a quick overview on the OpenSSL, the cryptography library that provides an open source implementation of the Secure Sockets Layer (SSL) and Transport Layer Security (TLS)

Typology: Cheat Sheet

2019/2020

Uploaded on 10/23/2020

lovefool
lovefool 🇬🇧

4.5

(21)

293 documents

1 / 4

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
OpenSSL Cheat Sheet
by Alberto González (albertx) via cheatography.com/122237/cs/22629/
BASICS
Checking version
openssl version -a
How fast it runs on the system using four CPU cores and testing RSA
algorithm
openssl speed -multi 4 rsa
Get basic help
openssl help
Generate 20 random bytes and show them on screen
openssl rand -hex 20
ENCODING / DECODING
Encoding a file using Base64
openssl base64 -in file.data
Encoding some text using Base64
echo -n "some text" | openssl base64
Base64 decode a file with output to another file
openssl base64 -d -in encoded.data -ou t decoded.data
WORKING WITH HASHES
List digest algorithms available
openssl list -digest-algorithms
Hash a file using SHA256
openssl dgst -sha256 file.data
Hash a file using SHA256 with its output in binary form (no output
hex encoding)
No ASCII or encoded characters will be printed out to the console,
just pure bytes. You can append ' | xxd'
openssl dgst -binary -sha256 file.data
Hash text using SHA3-512
echo -n "some text" | openssl dgst -sha3-512
Create HMAC - SHA384 of a file using a specific key in bytes
openssl dgst -SHA384 -mac HMAC -ma copt hexkey:369bd7d655
file.data
Create HMAC - SHA512 of some text
echo -n "some text" | openssl dgst -mac HMAC -macopt
hexkey:369bd7d655 -sha512
ASYMMETRIC ENCRYPTION
List elliptic curves available
openssl ecparam -list_curves
Create 4096 bits RSA public-private key pair
openssl genrsa -out pub_priv.key 4096
Display detailed private key information
openssl rsa -text -in pub_priv.key -noou t
Encrypt public-private key pair using AES-256 a lgorithm
openssl rsa -in pub_priv.key -out encryp ted.key -aes256
Remove keys file encryption and save them to another file
openssl rsa -in encrypted.key -out clearte xt.key
Copy the public key of the public-private key pair file to another file
openssl rsa -in pub_priv.key -RSAPublic Key_out -out
pubkey.key
Encrypt a file using RSA public key
openssl rsautl -encrypt -inkey pubkey.ke y -pubin -in
cleartext.file -out ciphertext.file
Decrypt a file using RSA private key
openssl rsautl -decrypt -inkey pub_priv.k ey -in ciphertext.file -
out decrypted.file
Create private key using the P-224 elliptic curve
openssl ecparam -name secp224k1 -gen key -out ecpriv.key
Encrypt private key using 3DES algorithm
openssl ec -in ecP384priv.key -des3 -out ecP384priv_enc.key
SYMMETRIC ENCRYPTION
List all supported symmetric encryption ciphers
openssl enc -list
Encrypt a file using an ASCII encoded password provided and AES-
128-ECB algorithm
openssl enc -aes-128-ecb -in cleartext.file -out ciphertext.file -
pass pass:thisisthepassword
Encrypt a file using a specific encryption key (K) p rovided as hex
digits
openssl enc -aes-128-ecb -in cleartext.file -out ciphertext.file -K
1881807b2d1b3d22f14e9ec52563d981 -nosalt
By Alberto González (albertx)
cheatography.com/albertx/
albertx.mx/blog/
Published 25th May, 2020.
Last updated 27th July, 2020.
Page 1 of 4.
Sponsored by CrosswordCheats.com
Learn to solve cryptic crosswords!
http://crosswordcheats.com
pf3
pf4

Partial preview of the text

Download OpenSSL Cheat Sheet: Digital Signature and Certificates and more Cheat Sheet Software Engineering in PDF only on Docsity!

by Alberto González (albertx) via cheatography.com/122237/cs/22629/

BASICS

Checking version openssl version -a How fast it runs on the system using four CPU cores and testing RSA algorithm openssl speed -multi 4 rsa Get basic help openssl help Generate 20 random bytes and show them on screen openssl rand -hex 20 ENCODING / DECODING Encoding a file using Base openssl base64 -in file.data Encoding some text using Base echo -n "some text" | openssl base Base64 decode a file with output to another file openssl base64 -d -in encoded.data -out decoded.data WORKING WITH HASHES List digest algorithms available openssl list -digest-algorithms Hash a file using SHA openssl dgst -sha256 file.data Hash a file using SHA256 with its output in binary form (no output hex encoding) No ASCII or encoded characters will be printed out to the console, just pure bytes. You can append ' | xxd' openssl dgst -binary -sha256 file.data Hash text using SHA3- echo -n "some text" | openssl dgst -sha3- 512 Create HMAC - SHA384 of a file using a specific key in bytes openssl dgst -SHA384 -mac HMAC -macopt hexkey:369bd7d file.data Create HMAC - SHA512 of some text echo -n "some text" | openssl dgst -mac HMAC -macopt hexkey:369bd7d655 -sha

ASYMMETRIC ENCRYPTION

List elliptic curves available openssl ecparam -list_curves Create 4096 bits RSA public-private key pair openssl genrsa -out pub_priv.key 4096 Display detailed private key information openssl rsa -text -in pub_priv.key -noout Encrypt public-private key pair using AES-256 algorithm openssl rsa -in pub_priv.key -out encrypted.key -aes Remove keys file encryption and save them to another file openssl rsa -in encrypted.key -out cleartext.key Copy the public key of the public-private key pair file to another file openssl rsa -in pub_priv.key -RSAPublicKey_out -out pubkey.key Encrypt a file using RSA public key openssl rsautl -encrypt -inkey pubkey.key -pubin -in cleartext.file -out ciphertext.file Decrypt a file using RSA private key openssl rsautl -decrypt -inkey pub_priv.key -in ciphertext.file - out decrypted.file Create private key using the P-224 elliptic curve openssl ecparam -name secp224k1 -genkey -out ecpriv.key Encrypt private key using 3DES algorithm openssl ec -in ecP384priv.key -des3 -out ecP384priv_enc.key SYMMETRIC ENCRYPTION List all supported symmetric encryption ciphers openssl enc -list Encrypt a file using an ASCII encoded password provided and AES- 128-ECB algorithm openssl enc -aes-128-ecb -in cleartext.file -out ciphertext.file - pass pass:thisisthepassword Encrypt a file using a specific encryption key (K) provided as hex digits openssl enc -aes-128-ecb -in cleartext.file -out ciphertext.file -K 1881807b2d1b3d22f14e9ec52563d981 -nosalt By Alberto González (albertx) cheatography.com/albertx/ Published 25th May, 2020. Last updated 27th July, 2020. Sponsored by CrosswordCheats.com Learn to solve cryptic crosswords!

by Alberto González (albertx) via cheatography.com/122237/cs/22629/

SYMMETRIC ENCRYPTION (cont) Encrypt a file using ARIA 256 in CBC block cipher mode using a specified encryption key (K:256 bits) and initialization vector (iv:128 bits) openssl enc -aria-256-cbc -in cleartext.file -out ciphertext.file -K f92d2e986b7a2a01683b4c40d0cbcf6feaa669ef2bb5ec3a25ce85d9548291c -iv 470bc29762496046882b61ecee68e07c -nosalt Encrypt a file using Camellia 192 algorithm in COUNTER block cipher mode with key and iv provided openssl enc -camellia-192-ctr -in cleartext.file -out ciphertext.file -K 6c7a1b3487d28d3bf444186d7c529b48d67dd6206c7a1b34 -iv 470bc29762496046882b61ecee68e07c DIGITAL SIGNATURES Generate DSA parameters for the private key. 2048 bits length openssl dsaparam -out dsaparam.pem 2048 Generate DSA public-private key for signing documents and protect it using AES128 algorithm openssl gendsa -out dsaprivatekey.pem -aes-128-cbc dsaparam.pem Copy the public key of the DSA public-private key file to another file openssl dsa -in dsaprivatekey.pem -pubout -out dsapublickey.pem To print out the contents of a DSA key pair file openssl dsa -in dsaprivatekey.pem -text -noout Signing the sha-256 hash of a file using RSA private key openssl dgst -sha256 -sign rsakey.key -out signature.data document.pdf Signing the sha3-512 hash of a file using DSA private key openssl pkeyutl -sign -pkeyopt digest:sha3-512 -in document.docx -inkey dsaprivatekey.pem -out signature.data Verify DSA signature openssl pkeyutl -verify -sigfile dsasignature.data -inkey dsakey.pem -in document.docx Create a private key using P-384 Elliptic Curve openssl ecparam -name secp384r1 -genkey -out ecP384priv.key Encrypt private key using 3DES algorithm openssl ec -in ecP384priv.key -des3 -out ecP384priv_enc.key DIGITAL SIGNATURES (cont) Sign a PDF file using Elliptic Curves with the generated key openssl pkeyutl -sign -inkey ecP384priv_enc.key - pkeyopt digest:sha3-512 -in document.pdf -out signature.data Verify the file's signature. If it's ok you must receive "Signature Verified Successfully" openssl pkeyutl -verify -in document.pdf -sigfile signature.data -inkey ecP384priv_enc.key DIGITAL CERTIFICATES Generating a CSR file and a 4096 bits RSA key pair openssl req -newkey rsa:4096 -keyout private.key -out request.csr Display Certificate Signing Request ( CSR ) content openssl req -text -noout -in request.csr Display the public key contained in the CSR file openssl req -pubkey -noout -in request.csr Creating a Certificate Signing Request ( CSR ) using an existing private key. This can be useful when you need to renew the public digital certificate without changing the private key. openssl req -new -key private.key -out request.csr Create EC P384 curve parameters file to generate a CSR using Elliptic Curves in the next step. openssl genpkey -genparam -algorithm EC -out EC_params.pem -pkeyopt ec_paramgen_curve:secp384r1 -pkeyopt ec_param_enc:named_curve Create a CSR file using Elliptic Curve P384 parameters file created in the previous step. Instead of using RSA keys. openssl req -newkey ec:EC_params.pem -keyout EC_P384_priv.key -out EC_request.csr Create a self-signed certificate, a new 2048 bits RSA key pair with one year of validity openssl req -newkey rsa:2048 -nodes -keyout priv.key -x509 -days 365 -out cert.crt By Alberto González (albertx) cheatography.com/albertx/ Published 25th May, 2020. Last updated 27th July, 2020. Sponsored by CrosswordCheats.com Learn to solve cryptic crosswords!

by Alberto González (albertx) via cheatography.com/122237/cs/22629/

SIMPLE CA CONFIGURATION FILE ( openssl.cnf ) [ ca ] default_ca = CA_default [ CA_default ] dir = ./personalCA database = $dir/index.txt new_certs_dir = $dir/newcerts certificate = $dir/cacert.pem serial = $dir/serial rand_serial = yes private_key = $dir/private/cakey.pem RANDFILE = $dir/private/.rand default_days = 365 default_crl_days= 30 default_md = SHA policy = policy_any email_in_dn = no name_opt = ca_default cert_opt = ca_default copy_extensions = none [ policy_any ] countryName = supplied stateOrProvinceName = optional organizationName = optional organizationalUnitName = optional commonName = supplied emailAddress = optional

FINAL NOTES

**- All commands were tested using OpenSSL version 1.1.1g.

  • The default format for almost all operations in openssl is PEM, however you can always specify a DER format using arguments or export to other formats with appropriate commands.** By Alberto González (albertx) cheatography.com/albertx/ Published 25th May, 2020. Last updated 27th July, 2020. Sponsored by CrosswordCheats.com Learn to solve cryptic crosswords!