0
0

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?

More than 1 year has passed since last update.

Some useful OpenSSL command

Last updated at Posted at 2023-03-04

OpenSSL is a swiss army knife of cryptography.

Help

# show option of enc command
$ openssl enc help
Usage: enc [options]
Valid options are:
 -help               Display this summary
 -list               List ciphers
 -ciphers            Alias for -list
 -in infile          Input file
 -out outfile        Output file
 -pass val           Passphrase source
 -e                  Encrypt
 -d                  Decrypt
 -p                  Print the iv/key
 -P                  Print the iv/key and exit
 -v                  Verbose output
 -nopad              Disable standard block padding
 -salt               Use salt in the KDF (default)
 -nosalt             Do not use salt in the KDF
 -debug              Print debug info
 -a                  Base64 encode/decode, depending on encryption flag
 -base64             Same as option -a
 -A                  Used with -[base64|a] to specify base64 buffer as a single line
 -bufsize val        Buffer size
 -k val              Passphrase
 -kfile infile       Read passphrase from file
 -K val              Raw key, in hex
 -S val              Salt, in hex
 -iv val             IV in hex
 -md val             Use specified digest to create a key from the passphrase
 -iter +int          Specify the iteration count and force use of PBKDF2
 -pbkdf2             Use password-based key derivation function 2
 -none               Don't encrypt
 -*                  Any supported cipher
 -rand val           Load the file(s) into the random number generator
 -writerand outfile  Write random data to the specified file
 -engine val         Use engine, possibly a hardware device

Generate symantec key

# generates 16 bytes (128 bits) key in binary format
$ openssl rand 16

# in hex format
$ openssl rand -hex 16
88cdbf1e106334f1bca57f730758abad

# encoded by BASE64 
$ openssl rand -base64 16
tMa1eyjIZw3g3M0dhPC87A==

# show hex format of the binary key saved in a file
$ xxd -ps symantec.key
88cdbf1e106334f1bca57f730758abad

Encode/decode file by AES

Assume using aes-128-cbc algorithm (128 bits key), with 128 bits initialization vector and no salt. Padding algorithm is PKCS#5.

# encode, -K is key in hex format, -iv is initialization vector in hex format
$ openssl enc -e -aes-128-cbc -K abcdef01234567890123456789abcdef -iv 0123456789abcdef0123456789abcdef -nosalt -in file.txt -out file.txt.encode

# decode
$ openssl enc -d -aes-128-cbc -K abcdef01234567890123456789abcdef -iv 0123456789abcdef0123456789abcdef -nosalt -in file.txt.encode -out file.txt

Establish HTTPS connection

$ openssl s_client -connect www.google.com:443
0
0
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
0
0

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?