# OpenSSL Cheatsheet

## Extract keys from PFX Cert

* Key and cert form PFX
```sh
openssl pkcs12 -in cert.pfx -nocerts -out key.pem -nodes
openssl pkcs12 -in cert.pfx -out cert.pem -clcerts -nokeys
```

## Extract & Repack PFX Cert

* Extract & Repack with another password, e.g. from `mimikatz` to `cqure`
```sh
openssl pkcs12 -in *.pfx -out temp.pem -nodes
openssl pkcs12 -export -out *.pfx -in temp.pem
```

## Generate Certificate

```sh
openssl req -new -x509 -keyout cert.pem -out cert.pem -days 365 -nodes
```
## RSA

### Decrypt RSA

* Decrypt a RSA cipher with the private key
```sh
openssl pkeyutl -decrypt -in $CIPHER -out $CLEAR_TEXT -inkey $PRIVATE_KEY
```

* Deprecated version of RSA decryption is the following
```sh
openssl rsautl -decrypt -in $CIPHER -out $CLEAR_TEXT -inkey $PRIVATE_KEY
```

### Encrypt RSA

* Encrypt RSA current and deprecated
```sh
openssl pkeyutl -encrypt -in $CLEAR_TEXT -out $CLEAR_TEXT -pubin -inkey $PRIVATE_KEY
openssl rsautl -encrypt -in $CLEAR_TEXT -out $ENCRYPTED -pubin -inkey $PRIVATE_KEY
```