2022-11-12 23:18:06 +01:00
|
|
|
# OpenSSL Cheatsheet
|
|
|
|
|
|
|
|
|
|
## Extract keys from PFX Cert
|
|
|
|
|
|
|
|
|
|
* Key and cert form PFX
|
|
|
|
|
```sh
|
|
|
|
|
openssl pkcs12 -in cert.pfx -nocerts -out key.pem -nodes
|
|
|
|
|
openssl pkcs12 -in cert.pfx -out cert.pem -clcerts -nokeys
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
## Extract & Repack PFX Cert
|
|
|
|
|
|
|
|
|
|
* Extract & Repack with another password, e.g. from `mimikatz` to `cqure`
|
|
|
|
|
```sh
|
|
|
|
|
openssl pkcs12 -in *.pfx -out temp.pem -nodes
|
|
|
|
|
openssl pkcs12 -export -out *.pfx -in temp.pem
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
## Generate Certificate
|
|
|
|
|
|
|
|
|
|
```sh
|
|
|
|
|
openssl req -new -x509 -keyout cert.pem -out cert.pem -days 365 -nodes
|
|
|
|
|
```
|
2023-01-02 20:28:19 +01:00
|
|
|
## RSA
|
|
|
|
|
|
|
|
|
|
### Decrypt RSA
|
|
|
|
|
|
|
|
|
|
* Decrypt a RSA cipher with the private key
|
|
|
|
|
```sh
|
|
|
|
|
openssl pkeyutl -decrypt -in $CIPHER -out $CLEAR_TEXT -inkey $PRIVATE_KEY
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
* Deprecated version of RSA decryption is the following
|
|
|
|
|
```sh
|
|
|
|
|
openssl rsautl -decrypt -in $CIPHER -out $CLEAR_TEXT -inkey $PRIVATE_KEY
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
### Encrypt RSA
|
|
|
|
|
|
|
|
|
|
* Encrypt RSA current and deprecated
|
|
|
|
|
```sh
|
|
|
|
|
openssl pkeyutl -encrypt -in $CLEAR_TEXT -out $CLEAR_TEXT -pubin -inkey $PRIVATE_KEY
|
|
|
|
|
openssl rsautl -encrypt -in $CLEAR_TEXT -out $ENCRYPTED -pubin -inkey $PRIVATE_KEY
|
|
|
|
|
```
|
