OpenSSL

The openssl tool is a command for general-purpose cryptography and secure communication, primarily using SSL/TLS certificates.

  • Securely connect to a remote host
$ openssl s_client -connect IP:port
$ openssl s_client -connect IP:protocol
$ openssl s_client -connect IP:port -starttls protocol
  • Password Hashes
$ echo -n "toto" | openssl md4 # MD4 Hash
$ echo -n "toto" | openssl dgst -md4 # same
$ openssl passwd toto # for usage in /etc/passwd
  • Encryption and Decryption
$ openssl enc -pbkdf2 -in plaintext -out ciphertext
$ openssl enc -d -pbkdf2 -in ciphertext -out plaintext
$ openssl enc -aes-256-cbc -iter 10 -pass pass:<...> -out ciphertext -in plaintext
$ openssl enc -d -aes-256-cbc -iter 10 -pass pass:<...> -in ciphertext -out plaintext
  • Generate a SSL/TLS certificate
$ openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365
$ openssl req -x509 -newkey rsa:4096 -nodes -keyout key.pem -out cert.pem -days 365
$ openssl req -x509 -newkey rsa:2048 -nodes -keyout server.pem -out cert.pem -sha256 -subj '/CN=xxx'
$ openssl x509 -in cert.pem -text -noout

πŸ‘» To-do πŸ‘»

Stuff that I found, but never read/used yet.

weak_rsa

# display Exponent and Modulus
$ openssl rsa -pubin -inform PEM -text -noout < key.pub
# decrypt (deprecated)
$ openssl rsautl -decrypt -inkey key.priv -in flag.enc
# decrypt (new)
$ openssl pkeyutl -decrypt -inkey key.priv -in flag.enc
$ ssh-keygen -y -f key > key.pub
$ ssh-keygen -e -f key.pub -m pem > key.pem
$ openssl rsa -pubin -inform PEM -text -noout < key.pem