OpenSSL
The openssl tool is a command for general-purpose cryptography and secure communication, primarily using SSL/TLS certificates.
- Securely connect to a remote host
$ openssl s_client -connect IP:port
$ openssl s_client -connect IP:protocol
$ openssl s_client -connect IP:port -starttls protocol
- Password Hashes
$ echo -n "toto" | openssl md4 # MD4 Hash
$ echo -n "toto" | openssl dgst -md4 # same
$ openssl passwd toto # for usage in /etc/passwd
- Encryption and Decryption
$ openssl enc -pbkdf2 -in plaintext -out ciphertext
$ openssl enc -d -pbkdf2 -in ciphertext -out plaintext
$ openssl enc -aes-256-cbc -iter 10 -pass pass:<...> -out ciphertext -in plaintext
$ openssl enc -d -aes-256-cbc -iter 10 -pass pass:<...> -in ciphertext -out plaintext
- Generate a SSL/TLS certificate
$ openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365
$ openssl req -x509 -newkey rsa:4096 -nodes -keyout key.pem -out cert.pem -days 365
$ openssl req -x509 -newkey rsa:2048 -nodes -keyout server.pem -out cert.pem -sha256 -subj '/CN=xxx'
$ openssl x509 -in cert.pem -text -noout
π» To-do π»
Stuff that I found, but never read/used yet.
# display Exponent and Modulus
$ openssl rsa -pubin -inform PEM -text -noout < key.pub
# decrypt (deprecated)
$ openssl rsautl -decrypt -inkey key.priv -in flag.enc
# decrypt (new)
$ openssl pkeyutl -decrypt -inkey key.priv -in flag.enc
$ ssh-keygen -y -f key > key.pub
$ ssh-keygen -e -f key.pub -m pem > key.pem
$ openssl rsa -pubin -inform PEM -text -noout < key.pem