List available Ciphers:
openssl ciphers -v
openssl ciphers -v tls1 #only TLS ciphers
openssl list-cypher-commands
openssl ciphers -v ‘HIGH’ #only good ciphers<\/p>\n
Test OpenSSL Speed:
openssl speed
openssl speed rsa #test only rsa<\/p>\n
Generate self-signed cert:
openssl req \\
-x509 -nodes -days 365 \\
-newkey rsa:1024 -keyout mycert.pem -out mycert.pem
OR
openssl req \\
-x509 -nodes -days 365 \\
-subj ‘\/C=US\/ST=Oregon\/L=Portland\/CN=www.madboa.com’ \\
-newkey rsa:1024 -keyout mycert.pem -out mycert.pem<\/p>\n
MD5 or SHA1 digest of file:
openssl dgst -md5 filename
openssl dgst -sha1 filename<\/p>\n
Base64 encode \/ decode a file:
openssl enc -base64 -in infile.txt #encode to stdout
openssl enc -base64 -in infile.txt -out outfile.txt #encode to a file
echo “encode me” | openssl enc -base64 #encode through a pipe
echo “Zw5jb2RlIGllCg==” | openssl enc -base64 -d #decode through a pipe<\/p>\n
Encrypt a file using 256-bit AES in CBC mode
openssl enc -aes-256-cbc -salt -in file.txt -out file.enc
openssl enc -aes-256-cbc -salt -in file.txt \\
-out file.enc -pass pass:password
openssl enc -aes-256-cbc -salt -in file.txt \\
-out file.enc -pass file:\/path\/to\/passwd.txt
openssl enc -aes-256-cbc -a -salt -in file.txt -out file.enc #base64 for email<\/p>\n
Decrypt binary \/ base64 AES CBC file
openssl enc -d -aes-256-cbc -in file.enc
openssl enc -d -aes-256-cbc -a -in file.enc\u00a0 # decode with base64<\/p>\n
Encrypt a file using Triple DES with base64 “ASCII Armor”<\/strong> Decrypt a file encoded with Triple DES and base64 encoded<\/strong> Encrypt a file using Blowfish and base64 encode<\/strong> Decrypt a file encoded with Blowfish and base64 encoded<\/strong> Generate an RSA key: Generate a public RSA key: Generate a DES key: Generate a shadow-style password hash: Test for prime number: Generate random number: cp server.key server.key.org\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 \u00a0\u00a0 # remove passphrase
openssl enc -e -a -salt -des3 -in file.txt -out file.des3<\/p>\n
openssl enc -d -a -in file.des3 -out file.txt <\/p>\n
openssl enc -e -a -salt -bf -in file.txt -out file.blowfish<\/p>\n
openssl enc -d -a -bf -in file.blowfish -out file.txt<\/p>\n
openssl genrsa
openssl genrsa -out mykep.pem 1024
openssl genrsa -des3 -out mykey.pem 1024<\/p>\n
openssl rsa -in mykey.pem -pubout<\/p>\n
openssl dsaparam -noout -out dsakey.pem -genkey 1024<\/p>\n
openssl passwd -1 MySecret
openssl passwd -1 -salt sXiKzkus MySecret #specific salt<\/p>\n
openssl prime 11905475924560753<\/p>\n
openssl rand -base64 128 #128 random base64 bits
openssl rand -out random_data.bin 1024 #1024 random binary bits
head -c 32 \/dev\/urandom | openssl enc -base64 #better entropy
<\/strong>
Create an SSL certificate:<\/strong>
openssl genrsa -des3 -out server.key 1024\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 # create keys
openssl req -new -key server.key -out server.csr\u00a0\u00a0 # create cert request<\/p>\n
openssl rsa -in server.key.org -out server.key
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt\u00a0 # create cert<\/p>\n