killchain-compendium/Cryptography/OpenSSL-Cheatsheet.md

OpenSSL Cheatsheet

Extract keys from PFX Cert

• Key and cert form PFX

openssl pkcs12 -in cert.pfx -nocerts -out key.pem -nodes
openssl pkcs12 -in cert.pfx -out cert.pem -clcerts -nokeys

Extract & Repack PFX Cert

• Extract & Repack with another password, e.g. from mimikatz to cqure

openssl pkcs12 -in *.pfx -out temp.pem -nodes
openssl pkcs12 -export -out *.pfx -in temp.pem

Generate Certificate

openssl req -new -x509 -keyout cert.pem -out cert.pem -days 365 -nodes

RSA

Decrypt RSA

• Decrypt a RSA cipher with the private key

openssl pkeyutl -decrypt -in $CIPHER -out $CLEAR_TEXT -inkey $PRIVATE_KEY

• Deprecated version of RSA decryption is the following

openssl rsautl -decrypt -in $CIPHER -out $CLEAR_TEXT -inkey $PRIVATE_KEY

Encrypt RSA

• Encrypt RSA current and deprecated

openssl pkeyutl -encrypt -in $CLEAR_TEXT -out $CLEAR_TEXT -pubin -inkey $PRIVATE_KEY
openssl rsautl -encrypt -in $CLEAR_TEXT -out $ENCRYPTED -pubin -inkey $PRIVATE_KEY