whx
/
killchain-compendium
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
killchain-compendium/Cryptography/OpenSSL-Cheatsheet.md

2.7 KiB
Raw Blame History

OpenSSL Cheatsheet

Read X.509 Certificate

A certificate can be read via

openssl x509 -in $CERT -text

Generate CSR

A Certificate Signing Request needs a private alongside the request for a cert. This is done in the following way

openssl req -new -nodes -newkey rsa:4096 -keyout $PRIVATE_KEY -out $CERT_CSR

Create an X.509 Certificate

Create a X.509 certificate via

openssl x509 -newkey -nodes rsa:4096 -keyout $PRIVATE_KEY -out $CERT -sha256 -days 365
openssl req -new -x509 -keyout cert.pem -out cert.pem -days 365 -nodes

Extract Keys from PFX Cert

Key and cert form PFX

openssl pkcs12 -in cert.pfx -nocerts -out key.pem -nodes
openssl pkcs12 -in cert.pfx -out cert.pem -clcerts -nokeys

Extract & Repack PFX Cert

Extract & Repack with another password, e.g. from mimikatz to cqure

openssl pkcs12 -in *.pfx -out temp.pem -nodes
openssl pkcs12 -export -out *.pfx -in temp.pem

RSA

Read Parameters of a RSA Key

Show parameters of the private key

openssl rsa -in $PRIVATE_KEY -text -noout

Create RSA Key

Generate an OpenSSL RSA key via

openssl genrsa -out $PRIVATE_KEY 4096

Generate an OpenSSl RSA public key from a private key

openssl rsa -in $PRIVATE_KEY -pubout -out public-key.pem

Encrypt RSA

Encrypt RSA current and deprecated

openssl pkeyutl -encrypt -in $CLEAR_TEXT -out $CLEAR_TEXT -pubin -inkey $PUBLIC_KEY
openssl rsautl -encrypt -in $CLEAR_TEXT -out $ENCRYPTED -pubin -inkey $PUBLIC_KEY

Decrypt RSA

Decrypt a RSA cipher with the private key

openssl pkeyutl -decrypt -in $CIPHER -out $PLAIN_TEXT -inkey $PRIVATE_KEY

Deprecated version of RSA decryption is the following

openssl rsautl -decrypt -in $CIPHER -out $PLAIN_TEXT -inkey $PRIVATE_KEY

Diffie-Hellman

Read Parameters of a DH Keys

Output of a DH key is done the following way

openssl dhparam -in $PRIVATE_KEY  -text -noout

Create DH Key

A Diffie-Hellman key can be created via

openssl dhparam -out $PRIVATE_KEY 4096

AES

Encrypt AES

Encrypt AES

openssl aes-256-cbc -e -in $PLAIN_TEXT -out $CIPHER

Decrypt AES

Decrypt AES

openssl aes-256-cbc -d -in $CIPHER -out $PLAIN_TEXT

PBKDF2

Encrypt PBKDF2

Encrypt file via PBKDF2 with 128000 iterations

openssl aes-256-cbc -pbkdf2 -iter 128000 -e -in $PLAIN_TEXT -out $CIPHER

Decrypt PBKDF2

Decrypt file via PBKDF2 with an iteration of 128000

openssl aes-256-cbc -pbkdf2 -iter 128000 -d -in $CIPHER -out $PLAIN_TEXT

ECPoint (EC)

  • RFC5480

Read PEM Public Key

openssl ec -pubin -in publickey.pem -noout -text