\documentclass[10pt,a4paper]{article} % Packages \usepackage{fancyhdr} % For header and footer \usepackage{multicol} % Allows multicols in tables \usepackage{tabularx} % Intelligent column widths \usepackage{tabulary} % Used in header and footer \usepackage{hhline} % Border under tables \usepackage{graphicx} % For images \usepackage{xcolor} % For hex colours %\usepackage[utf8x]{inputenc} % For unicode character support \usepackage[T1]{fontenc} % Without this we get weird character replacements \usepackage{colortbl} % For coloured tables \usepackage{setspace} % For line height \usepackage{lastpage} % Needed for total page number \usepackage{seqsplit} % Splits long words. %\usepackage{opensans} % Can't make this work so far. Shame. Would be lovely. \usepackage[normalem]{ulem} % For underlining links % Most of the following are not required for the majority % of cheat sheets but are needed for some symbol support. \usepackage{amsmath} % Symbols \usepackage{MnSymbol} % Symbols \usepackage{wasysym} % Symbols %\usepackage[english,german,french,spanish,italian]{babel} % Languages % Document Info \author{Alberto González (albertx)} \pdfinfo{ /Title (openssl.pdf) /Creator (Cheatography) /Author (Alberto González (albertx)) /Subject (OpenSSL Cheat Sheet) } % Lengths and widths \addtolength{\textwidth}{6cm} \addtolength{\textheight}{-1cm} \addtolength{\hoffset}{-3cm} \addtolength{\voffset}{-2cm} \setlength{\tabcolsep}{0.2cm} % Space between columns \setlength{\headsep}{-12pt} % Reduce space between header and content \setlength{\headheight}{85pt} % If less, LaTeX automatically increases it \renewcommand{\footrulewidth}{0pt} % Remove footer line \renewcommand{\headrulewidth}{0pt} % Remove header line \renewcommand{\seqinsert}{\ifmmode\allowbreak\else\-\fi} % Hyphens in seqsplit % This two commands together give roughly % the right line height in the tables \renewcommand{\arraystretch}{1.3} \onehalfspacing % Commands \newcommand{\SetRowColor}[1]{\noalign{\gdef\RowColorName{#1}}\rowcolor{\RowColorName}} % Shortcut for row colour \newcommand{\mymulticolumn}[3]{\multicolumn{#1}{>{\columncolor{\RowColorName}}#2}{#3}} % For coloured multi-cols \newcolumntype{x}[1]{>{\raggedright}p{#1}} % New column types for ragged-right paragraph columns \newcommand{\tn}{\tabularnewline} % Required as custom column type in use % Font and Colours \definecolor{HeadBackground}{HTML}{333333} \definecolor{FootBackground}{HTML}{666666} \definecolor{TextColor}{HTML}{333333} \definecolor{DarkBackground}{HTML}{293861} \definecolor{LightBackground}{HTML}{F8F8FA} \renewcommand{\familydefault}{\sfdefault} \color{TextColor} % Header and Footer \pagestyle{fancy} \fancyhead{} % Set header to blank \fancyfoot{} % Set footer to blank \fancyhead[L]{ \noindent \begin{multicols}{3} \begin{tabulary}{5.8cm}{C} \SetRowColor{DarkBackground} \vspace{-7pt} {\parbox{\dimexpr\textwidth-2\fboxsep\relax}{\noindent \hspace*{-6pt}\includegraphics[width=5.8cm]{/web/www.cheatography.com/public/images/cheatography_logo.pdf}} } \end{tabulary} \columnbreak \begin{tabulary}{11cm}{L} \vspace{-2pt}\large{\bf{\textcolor{DarkBackground}{\textrm{OpenSSL Cheat Sheet}}}} \\ \normalsize{by \textcolor{DarkBackground}{Alberto González (albertx)} via \textcolor{DarkBackground}{\uline{cheatography.com/122237/cs/22629/}}} \end{tabulary} \end{multicols}} \fancyfoot[L]{ \footnotesize \noindent \begin{multicols}{3} \begin{tabulary}{5.8cm}{LL} \SetRowColor{FootBackground} \mymulticolumn{2}{p{5.377cm}}{\bf\textcolor{white}{Cheatographer}} \\ \vspace{-2pt}Alberto González (albertx) \\ \uline{cheatography.com/albertx} \\ \uline{\seqsplit{albertx}.mx/blog/} \end{tabulary} \vfill \columnbreak \begin{tabulary}{5.8cm}{L} \SetRowColor{FootBackground} \mymulticolumn{1}{p{5.377cm}}{\bf\textcolor{white}{Cheat Sheet}} \\ \vspace{-2pt}Published 25th May, 2020.\\ Updated 9th June, 2021.\\ Page {\thepage} of \pageref{LastPage}. \end{tabulary} \vfill \columnbreak \begin{tabulary}{5.8cm}{L} \SetRowColor{FootBackground} \mymulticolumn{1}{p{5.377cm}}{\bf\textcolor{white}{Sponsor}} \\ \SetRowColor{white} \vspace{-5pt} %\includegraphics[width=48px,height=48px]{dave.jpeg} Measure your website readability!\\ www.readability-score.com \end{tabulary} \end{multicols}} \begin{document} \raggedright \raggedcolumns % Set font size to small. Switch to any value % from this page to resize cheat sheet text: % www.emerson.emory.edu/services/latex/latex_169.html \footnotesize % Small font. \begin{multicols*}{2} \begin{tabularx}{8.4cm}{X} \SetRowColor{DarkBackground} \mymulticolumn{1}{x{8.4cm}}{\bf\textcolor{white}{BASICS}} \tn % Row 0 \SetRowColor{LightBackground} \mymulticolumn{1}{x{8.4cm}}{Checking version\{\{nl\}\}{\bf{openssl version -a}}} \tn % Row Count 1 (+ 1) % Row 1 \SetRowColor{white} \mymulticolumn{1}{x{8.4cm}}{How fast it runs on the system using four CPU cores and testing RSA algorithm\{\{nl\}\}{\bf{openssl speed -multi 4 rsa}}} \tn % Row Count 4 (+ 3) % Row 2 \SetRowColor{LightBackground} \mymulticolumn{1}{x{8.4cm}}{Get basic help\{\{nl\}\}{\bf{openssl help}}} \tn % Row Count 5 (+ 1) % Row 3 \SetRowColor{white} \mymulticolumn{1}{x{8.4cm}}{Generate 20 random bytes and show them on screen\{\{nl\}\}\{\{noshy\}\}{\bf{openssl rand -hex 20}}} \tn % Row Count 7 (+ 2) \hhline{>{\arrayrulecolor{DarkBackground}}-} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{8.4cm}{X} \SetRowColor{DarkBackground} \mymulticolumn{1}{x{8.4cm}}{\bf\textcolor{white}{ENCODING / DECODING}} \tn % Row 0 \SetRowColor{LightBackground} \mymulticolumn{1}{x{8.4cm}}{Encoding a file using Base64\{\{nl\}\}{\bf{openssl base64 -in file.data}}} \tn % Row Count 2 (+ 2) % Row 1 \SetRowColor{white} \mymulticolumn{1}{x{8.4cm}}{Encoding some text using Base64\{\{nl\}\}{\bf{echo -n "some text" | openssl base64}}} \tn % Row Count 4 (+ 2) % Row 2 \SetRowColor{LightBackground} \mymulticolumn{1}{x{8.4cm}}{Base64 decode a file with output to another file\{\{nl\}\}{\bf{openssl base64 -d -in encoded.data -out decoded.data}}} \tn % Row Count 7 (+ 3) \hhline{>{\arrayrulecolor{DarkBackground}}-} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{8.4cm}{X} \SetRowColor{DarkBackground} \mymulticolumn{1}{x{8.4cm}}{\bf\textcolor{white}{WORKING WITH HASHES}} \tn % Row 0 \SetRowColor{LightBackground} \mymulticolumn{1}{x{8.4cm}}{List digest algorithms available\{\{nl\}\}{\bf{openssl list -digest-algorithms}}} \tn % Row Count 2 (+ 2) % Row 1 \SetRowColor{white} \mymulticolumn{1}{x{8.4cm}}{Hash a file using SHA256\{\{nl\}\}{\bf{openssl dgst -sha256 file.data}}} \tn % Row Count 4 (+ 2) % Row 2 \SetRowColor{LightBackground} \mymulticolumn{1}{x{8.4cm}}{Hash a file using SHA256 with its output in binary form (no output hex encoding)\{\{nl\}\}{\emph{No ASCII or encoded characters will be printed out to the console, just pure bytes. You can append ' | xxd'}}\{\{nl\}\}\{\{noshy\}\}{\bf{openssl dgst -binary -sha256 file.data}}} \tn % Row Count 10 (+ 6) % Row 3 \SetRowColor{white} \mymulticolumn{1}{x{8.4cm}}{Hash text using SHA3-512\{\{nl\}\}{\bf{echo -n "some text" | openssl dgst -sha3-512}}} \tn % Row Count 12 (+ 2) % Row 4 \SetRowColor{LightBackground} \mymulticolumn{1}{x{8.4cm}}{Create HMAC - SHA384 of a file using a specific key in bytes\{\{nl\}\}\{\{noshy\}\}{\bf{openssl dgst -SHA384 -mac HMAC -macopt hexkey:369bd7d655 file.data}}} \tn % Row Count 15 (+ 3) % Row 5 \SetRowColor{white} \mymulticolumn{1}{x{8.4cm}}{Create HMAC - SHA512 of some text\{\{nl\}\}{\bf{echo -n "some text" | openssl dgst -mac HMAC -macopt hexkey:369bd7d655 -sha512}}} \tn % Row Count 18 (+ 3) \hhline{>{\arrayrulecolor{DarkBackground}}-} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{8.4cm}{X} \SetRowColor{DarkBackground} \mymulticolumn{1}{x{8.4cm}}{\bf\textcolor{white}{ASYMMETRIC ENCRYPTION}} \tn % Row 0 \SetRowColor{LightBackground} \mymulticolumn{1}{x{8.4cm}}{List elliptic curves available\{\{nl\}\}{\bf{openssl ecparam -list\_curves}}} \tn % Row Count 2 (+ 2) % Row 1 \SetRowColor{white} \mymulticolumn{1}{x{8.4cm}}{Create 4096 bits RSA public-private key pair\{\{nl\}\}{\bf{openssl genrsa -out pub\_priv.key 4096}}} \tn % Row Count 4 (+ 2) % Row 2 \SetRowColor{LightBackground} \mymulticolumn{1}{x{8.4cm}}{Display detailed private key information\{\{nl\}\}\{\{noshy\}\}{\bf{openssl rsa -text -in pub\_priv.key -noout}}} \tn % Row Count 6 (+ 2) % Row 3 \SetRowColor{white} \mymulticolumn{1}{x{8.4cm}}{Encrypt public-private key pair using AES-256 algorithm\{\{nl\}\}\{\{noshy\}\}{\bf{openssl rsa -in pub\_priv.key -out encrypted.key -aes256}}} \tn % Row Count 9 (+ 3) % Row 4 \SetRowColor{LightBackground} \mymulticolumn{1}{x{8.4cm}}{Remove keys file encryption and save them to another file\{\{nl\}\}\{\{noshy\}\}{\bf{openssl rsa -in encrypted.key -out cleartext.key}}} \tn % Row Count 12 (+ 3) % Row 5 \SetRowColor{white} \mymulticolumn{1}{x{8.4cm}}{Copy the public key of the public-private key pair file to another file\{\{nl\}\}\{\{noshy\}\}{\bf{openssl rsa -in pub\_priv.key -pubout -out pubkey.key}}} \tn % Row Count 15 (+ 3) % Row 6 \SetRowColor{LightBackground} \mymulticolumn{1}{x{8.4cm}}{Encrypt a file using RSA public key\{\{nl\}\}\{\{noshy\}\}{\bf{openssl rsautl -encrypt -inkey pubkey.key -pubin -in cleartext.file -out ciphertext.file}}} \tn % Row Count 18 (+ 3) % Row 7 \SetRowColor{white} \mymulticolumn{1}{x{8.4cm}}{Decrypt a file using RSA private key\{\{nl\}\}\{\{noshy\}\}{\bf{openssl rsautl -decrypt -inkey pub\_priv.key -in ciphertext.file -out decrypted.file}}} \tn % Row Count 21 (+ 3) % Row 8 \SetRowColor{LightBackground} \mymulticolumn{1}{x{8.4cm}}{Create private key using the P-224 elliptic curve\{\{nl\}\}\{\{noshy\}\}{\bf{openssl ecparam -name secp224k1 -genkey -out ecpriv.key}}} \tn % Row Count 24 (+ 3) % Row 9 \SetRowColor{white} \mymulticolumn{1}{x{8.4cm}}{Encrypt private key using 3DES algorithm\{\{nl\}\}\{\{noshy\}\}{\bf{openssl ec -in ecP384priv.key -des3 -out ecP384priv\_enc.key}}} \tn % Row Count 27 (+ 3) \hhline{>{\arrayrulecolor{DarkBackground}}-} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{8.4cm}{X} \SetRowColor{DarkBackground} \mymulticolumn{1}{x{8.4cm}}{\bf\textcolor{white}{SYMMETRIC ENCRYPTION}} \tn % Row 0 \SetRowColor{LightBackground} \mymulticolumn{1}{x{8.4cm}}{List all supported symmetric encryption ciphers\{\{nl\}\}{\bf{openssl enc -list}}} \tn % Row Count 2 (+ 2) % Row 1 \SetRowColor{white} \mymulticolumn{1}{x{8.4cm}}{Encrypt a file using an ASCII encoded password provided and AES-128-ECB algorithm\{\{nl\}\}\{\{noshy\}\}{\bf{openssl enc -aes-128-ecb -in cleartext.file -out ciphertext.file -pass pass:thisisthepassword}}} \tn % Row Count 6 (+ 4) % Row 2 \SetRowColor{LightBackground} \mymulticolumn{1}{x{8.4cm}}{Decrypt a file using AES-256-CBC and a keyfile \{\{nl\}\}\{\{noshy\}\}{\bf{openssl enc -d -aes-256-cbc -in ciphertext.file -out cleartext.file -pass file:./key.file}}} \tn % Row Count 10 (+ 4) % Row 3 \SetRowColor{white} \mymulticolumn{1}{x{8.4cm}}{Encrypt a file using a specific encryption key (K) provided as hex digits\{\{nl\}\}\{\{noshy\}\}{\bf{openssl enc -aes-128-ecb -in cleartext.file -out ciphertext.file -K \seqsplit{1881807b2d1b3d22f14e9ec52563d981} -nosalt}}} \tn % Row Count 14 (+ 4) % Row 4 \SetRowColor{LightBackground} \mymulticolumn{1}{x{8.4cm}}{Encrypt a file using ARIA 256 in CBC block cipher mode using a specified encryption key (K:256 bits) and initialization vector (iv:128 bits)\{\{nl\}\}\{\{noshy\}\}{\bf{openssl enc -aria-256-cbc -in cleartext.file -out ciphertext.file -K \seqsplit{f92d2e986b7a2a01683b4c40d0cbcf6feaa669ef2bb5ec3a25ce85d9548291c1} -iv \seqsplit{470bc29762496046882b61ecee68e07c} -nosalt}}} \tn % Row Count 21 (+ 7) % Row 5 \SetRowColor{white} \mymulticolumn{1}{x{8.4cm}}{Encrypt a file using Camellia 192 algorithm in COUNTER block cipher mode with key and iv provided\{\{nl\}\}\{\{noshy\}\}{\bf{openssl enc -camellia-192-ctr -in cleartext.file -out ciphertext.file -K \seqsplit{6c7a1b3487d28d3bf444186d7c529b48d67dd6206c7a1b34} -iv 470bc29762496046882b61ecee68e07c}}} \tn % Row Count 27 (+ 6) \hhline{>{\arrayrulecolor{DarkBackground}}-} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{8.4cm}{X} \SetRowColor{DarkBackground} \mymulticolumn{1}{x{8.4cm}}{\bf\textcolor{white}{DIGITAL SIGNATURES}} \tn % Row 0 \SetRowColor{LightBackground} \mymulticolumn{1}{x{8.4cm}}{Generate DSA parameters for the private key. 2048 bits length\{\{nl\}\}\{\{noshy\}\}{\bf{openssl dsaparam -out dsaparam.pem 2048}}} \tn % Row Count 3 (+ 3) % Row 1 \SetRowColor{white} \mymulticolumn{1}{x{8.4cm}}{Generate DSA public-private key for signing documents and protect it using AES128 algorithm\{\{nl\}\}\{\{noshy\}\}{\bf{openssl gendsa -out dsaprivatekey.pem -aes-128-cbc dsaparam.pem}}} \tn % Row Count 7 (+ 4) % Row 2 \SetRowColor{LightBackground} \mymulticolumn{1}{x{8.4cm}}{Copy the public key of the DSA public-private key file to another file\{\{nl\}\}\{\{noshy\}\}{\bf{openssl dsa -in dsaprivatekey.pem -pubout -out dsapublickey.pem}}} \tn % Row Count 11 (+ 4) % Row 3 \SetRowColor{white} \mymulticolumn{1}{x{8.4cm}}{To print out the contents of a DSA key pair file\{\{nl\}\}\{\{noshy\}\}{\bf{openssl dsa -in dsaprivatekey.pem -text -noout}}} \tn % Row Count 14 (+ 3) % Row 4 \SetRowColor{LightBackground} \mymulticolumn{1}{x{8.4cm}}{Signing the sha-256 hash of a file using RSA private key\{\{nl\}\}\{\{noshy\}\}{\bf{openssl dgst -sha256 -sign rsakey.key -out signature.data document.pdf}}} \tn % Row Count 17 (+ 3) % Row 5 \SetRowColor{white} \mymulticolumn{1}{x{8.4cm}}{Verify a SHA-256 file signature using a public key \{\{nl\}\}\{\{noshy\}\}{\bf{openssl dgst -sha256 -verify publickey.pem -signature signature.data original.file}}} \tn % Row Count 21 (+ 4) % Row 6 \SetRowColor{LightBackground} \mymulticolumn{1}{x{8.4cm}}{Signing the sha3-512 hash of a file using DSA private key\{\{nl\}\}\{\{noshy\}\}{\bf{openssl pkeyutl -sign -pkeyopt digest:sha3-512 -in document.docx -inkey dsaprivatekey.pem -out signature.data}}} \tn % Row Count 25 (+ 4) % Row 7 \SetRowColor{white} \mymulticolumn{1}{x{8.4cm}}{Verify DSA signature\{\{nl\}\}\{\{noshy\}\}{\bf{openssl pkeyutl -verify -sigfile dsasignature.data -inkey dsakey.pem -in document.docx}}} \tn % Row Count 28 (+ 3) % Row 8 \SetRowColor{LightBackground} \mymulticolumn{1}{x{8.4cm}}{Create a private key using P-384 Elliptic Curve\{\{nl\}\}\{\{noshy\}\}{\bf{openssl ecparam -name secp384r1 -genkey -out ecP384priv.key}}} \tn % Row Count 31 (+ 3) \end{tabularx} \par\addvspace{1.3em} \vfill \columnbreak \begin{tabularx}{8.4cm}{X} \SetRowColor{DarkBackground} \mymulticolumn{1}{x{8.4cm}}{\bf\textcolor{white}{DIGITAL SIGNATURES (cont)}} \tn % Row 9 \SetRowColor{LightBackground} \mymulticolumn{1}{x{8.4cm}}{Encrypt private key using 3DES algorithm\{\{nl\}\}\{\{noshy\}\}{\bf{openssl ec -in ecP384priv.key -des3 -out ecP384priv\_enc.key}}} \tn % Row Count 3 (+ 3) % Row 10 \SetRowColor{white} \mymulticolumn{1}{x{8.4cm}}{Sign a PDF file using Elliptic Curves with the generated key\{\{nl\}\}\{\{noshy\}\}{\bf{openssl pkeyutl -sign -inkey ecP384priv\_enc.key -pkeyopt digest:sha3-512 -in document.pdf -out signature.data}}} \tn % Row Count 7 (+ 4) % Row 11 \SetRowColor{LightBackground} \mymulticolumn{1}{x{8.4cm}}{Verify the file's signature. If it's ok you must receive "Signature Verified Successfully"\{\{nl\}\}\{\{noshy\}\}{\bf{openssl pkeyutl -verify -in document.pdf -sigfile signature.data -inkey ecP384priv\_enc.key}}} \tn % Row Count 11 (+ 4) \hhline{>{\arrayrulecolor{DarkBackground}}-} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{8.4cm}{X} \SetRowColor{DarkBackground} \mymulticolumn{1}{x{8.4cm}}{\bf\textcolor{white}{DIGITAL CERTIFICATES}} \tn % Row 0 \SetRowColor{LightBackground} \mymulticolumn{1}{x{8.4cm}}{Generating a CSR file and a 4096 bits RSA key pair\{\{nl\}\}\{\{noshy\}\}{\bf{openssl req -newkey rsa:4096 -keyout private.key -out request.csr}}} \tn % Row Count 3 (+ 3) % Row 1 \SetRowColor{white} \mymulticolumn{1}{x{8.4cm}}{Display Certificate Signing Request ( CSR ) content\{\{nl\}\}\{\{noshy\}\}{\bf{openssl req -text -noout -in request.csr}}} \tn % Row Count 6 (+ 3) % Row 2 \SetRowColor{LightBackground} \mymulticolumn{1}{x{8.4cm}}{Display the public key contained in the CSR file\{\{nl\}\}\{\{noshy\}\}{\bf{openssl req -pubkey -noout -in request.csr}}} \tn % Row Count 9 (+ 3) % Row 3 \SetRowColor{white} \mymulticolumn{1}{x{8.4cm}}{Creating a Certificate Signing Request ( CSR ) using an existing private key. {\emph{This can be useful when you need to renew the public digital certificate without changing the private key.}}\{\{nl\}\}\{\{noshy\}\}{\bf{openssl req -new -key private.key -out request.csr}}} \tn % Row Count 15 (+ 6) % Row 4 \SetRowColor{LightBackground} \mymulticolumn{1}{x{8.4cm}}{Create EC P384 curve parameters file to generate a CSR using Elliptic Curves in the next step.\{\{nl\}\}\{\{noshy\}\}{\bf{openssl genpkey -genparam -algorithm EC -out EC\_params.pem -pkeyopt \seqsplit{ec\_paramgen\_curve:secp384r1} -pkeyopt ec\_param\_enc:named\_curve}}} \tn % Row Count 20 (+ 5) % Row 5 \SetRowColor{white} \mymulticolumn{1}{x{8.4cm}}{Create a CSR file using Elliptic Curve P384 parameters file created in the previous step. {\emph{Instead of using RSA keys.}}\{\{nl\}\}\{\{noshy\}\}{\bf{openssl req -newkey ec:EC\_params.pem -keyout EC\_P384\_priv.key -out EC\_request.csr}}} \tn % Row Count 25 (+ 5) % Row 6 \SetRowColor{LightBackground} \mymulticolumn{1}{x{8.4cm}}{Create a self-signed certificate, a new 2048 bits RSA key pair with one year of validity\{\{nl\}\}\{\{noshy\}\}{\bf{openssl req -newkey rsa:2048 -nodes -keyout priv.key -x509 -days 365 -out cert.crt}}} \tn % Row Count 29 (+ 4) % Row 7 \SetRowColor{white} \mymulticolumn{1}{x{8.4cm}}{Create and sign a new certificate using the CSR file and the private key for signing ( you must have a openssl.cnf file prepared )\{\{nl\}\}\{\{noshy\}\}{\bf{openssl ca -in request.csr -out certificate.crt -config ./CA/config/openssl.cnf}}} \tn % Row Count 34 (+ 5) \end{tabularx} \par\addvspace{1.3em} \vfill \columnbreak \begin{tabularx}{8.4cm}{X} \SetRowColor{DarkBackground} \mymulticolumn{1}{x{8.4cm}}{\bf\textcolor{white}{DIGITAL CERTIFICATES (cont)}} \tn % Row 8 \SetRowColor{LightBackground} \mymulticolumn{1}{x{8.4cm}}{Display PEM format certificate information\{\{nl\}\}{\bf{openssl x509 -text -noout -in cert.crt}}} \tn % Row Count 2 (+ 2) % Row 9 \SetRowColor{white} \mymulticolumn{1}{x{8.4cm}}{Display certificate information in Abstract Sintax Notation One (ASN.1)\{\{nl\}\}\{\{noshy\}\}{\bf{openssl asn1parse -in cert.crt}}} \tn % Row Count 5 (+ 3) % Row 10 \SetRowColor{LightBackground} \mymulticolumn{1}{x{8.4cm}}{Extract the certificate's public key\{\{nl\}\}{\bf{openssl x509 -pubkey -noout -in cert.crt}}} \tn % Row Count 7 (+ 2) % Row 11 \SetRowColor{white} \mymulticolumn{1}{x{8.4cm}}{Extract the public key's modulus in the certificate\{\{nl\}\}{\bf{openssl x509 -modulus -noout -in cert.crt}}} \tn % Row Count 10 (+ 3) % Row 12 \SetRowColor{LightBackground} \mymulticolumn{1}{x{8.4cm}}{Extract the domain certificate from an HTTPS/TLS connection\{\{nl\}\}\{\{noshy\}\}{\bf{openssl s\_client -connect domain.com:443 | openssl x509 -out certificate.crt}}} \tn % Row Count 14 (+ 4) % Row 13 \SetRowColor{white} \mymulticolumn{1}{x{8.4cm}}{Convert a certificate from PEM to DER format\{\{nl\}\}\{\{noshy\}\}{\bf{openssl x509 -inform PEM -outform DER -in cert.crt -out cert.der}}} \tn % Row Count 17 (+ 3) % Row 14 \SetRowColor{LightBackground} \mymulticolumn{1}{x{8.4cm}}{Checking whether the certificate pubic key matches a private key and request file. One step per file. Must match in the output hashes.\{\{nl\}\}\{\{noshy\}\}{\bf{openssl x509 -modulus -in certificate.crt -noout | openssl dgst -sha256\{\{nl\}\}openssl rsa -modulus -in private.key -noout | openssl dgst -sha256\{\{nl\}\}openssl req -modulus -in request.csr -noout | openssl dgst -sha256}}} \tn % Row Count 25 (+ 8) \hhline{>{\arrayrulecolor{DarkBackground}}-} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{8.4cm}{X} \SetRowColor{DarkBackground} \mymulticolumn{1}{x{8.4cm}}{\bf\textcolor{white}{WORKING WITH TLS PROTOCOL}} \tn % Row 0 \SetRowColor{LightBackground} \mymulticolumn{1}{x{8.4cm}}{List all cipher suites supported\{\{nl\}\}{\bf{openssl ciphers -V 'ALL'}}} \tn % Row Count 2 (+ 2) % Row 1 \SetRowColor{white} \mymulticolumn{1}{x{8.4cm}}{List all cipher suites supported with AES\{\{nl\}\}{\bf{openssl ciphers -V 'AES'}}} \tn % Row Count 4 (+ 2) % Row 2 \SetRowColor{LightBackground} \mymulticolumn{1}{x{8.4cm}}{List all cipher suites supporting CAMELLIA \& SHA256 algorithms.\{\{nl\}\}\{\{noshy\}\}{\bf{openssl ciphers -V 'CAMELLIA+SHA256'}}} \tn % Row Count 7 (+ 3) % Row 3 \SetRowColor{white} \mymulticolumn{1}{x{8.4cm}}{TLS connection to a server using port 443 (HTTPS)\{\{nl\}\}\{\{noshy\}\}{\bf{openssl s\_client -connect domain.com:443}}} \tn % Row Count 10 (+ 3) % Row 4 \SetRowColor{LightBackground} \mymulticolumn{1}{x{8.4cm}}{TLS connection to a server using v1.2\{\{nl\}\}\{\{noshy\}\}{\bf{openssl s\_client -tls1\_2 -connect domain.com:443}}} \tn % Row Count 13 (+ 3) % Row 5 \SetRowColor{white} \mymulticolumn{1}{x{8.4cm}}{TLS connection \& disable v1.0\{\{nl\}\}\{\{noshy\}\}{\bf{openssl s\_client -no\_tls1 domain.com:443}}} \tn % Row Count 15 (+ 2) % Row 6 \SetRowColor{LightBackground} \mymulticolumn{1}{x{8.4cm}}{TLS connection using a specific cipher suite\{\{nl\}\}\{\{noshy\}\}{\bf{openssl s\_client -cipher \seqsplit{DHE-RSA-AES256-GCM-SHA384} domain.com:443}}} \tn % Row Count 18 (+ 3) % Row 7 \SetRowColor{white} \mymulticolumn{1}{x{8.4cm}}{TLS connection displaying all certificates provided by server\{\{nl\}\}\{\{noshy\}\}{\bf{openssl s\_client -showcerts domain.com:443}}} \tn % Row Count 21 (+ 3) % Row 8 \SetRowColor{LightBackground} \mymulticolumn{1}{x{8.4cm}}{Setting up a listening port to receive TLS connections using a certificate, the private key \& supporting only TLS 1.2\{\{nl\}\}\{\{noshy\}\}{\bf{openssl s\_server -port 443 -cert cert.crt -key priv.key -tls1\_2}}} \tn % Row Count 25 (+ 4) % Row 9 \SetRowColor{white} \mymulticolumn{1}{x{8.4cm}}{Extract the domain certificate from an HTTPS/TLS connection\{\{nl\}\}\{\{noshy\}\}{\bf{openssl s\_client -connect domain.com:443 | openssl x509 -out certificate.crt}}} \tn % Row Count 29 (+ 4) % Row 10 \SetRowColor{LightBackground} \mymulticolumn{1}{x{8.4cm}}{{\emph{nmap command:}} Display enabled cipher-suites over an HTTPS/TLS Connection\{\{nl\}\}\{\{noshy\}\}{\bf{nmap -{}-script ssl-enum-ciphers -p 443 domain.com}}} \tn % Row Count 32 (+ 3) \end{tabularx} \par\addvspace{1.3em} \vfill \columnbreak \begin{tabularx}{8.4cm}{X} \SetRowColor{DarkBackground} \mymulticolumn{1}{x{8.4cm}}{\bf\textcolor{white}{WORKING WITH TLS PROTOCOL (cont)}} \tn % Row 11 \SetRowColor{LightBackground} \mymulticolumn{1}{x{8.4cm}}{{\emph{nmap command:}} Display enabled cipher-suites over a TLS (HTTPS) Connection using SNI. {\emph{(change it to desired IP \& domain name)}}\{\{nl\}\}\{\{noshy\}\}{\bf{nmap -{}-script ssl-enum-ciphers -{}-script-args=tls.servername=domain.com 172.67.129.11}}} \tn % Row Count 5 (+ 5) \hhline{>{\arrayrulecolor{DarkBackground}}-} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{8.4cm}{X} \SetRowColor{DarkBackground} \mymulticolumn{1}{x{8.4cm}}{\bf\textcolor{white}{PERSONAL SECURITY ENVIRONMENTS ( PSE )}} \tn % Row 0 \SetRowColor{LightBackground} \mymulticolumn{1}{x{8.4cm}}{Convert a certificate from PEM (base64) to DER (binary) format\{\{nl\}\}{\bf{openssl x509 -in certificate.pem -outform DER -out certificate.der}}} \tn % Row Count 3 (+ 3) % Row 1 \SetRowColor{white} \mymulticolumn{1}{x{8.4cm}}{Insert certificate \& private key into PKCS \#12 format file. These files can be imported in windows certificate manager or to a Java Key Store (jks) file\{\{nl\}\}\{\{noshy\}\}{\bf{openssl pkcs12 -export -out cert\_key.p12 -inkey private.key -in certificate.crt}}} \tn % Row Count 8 (+ 5) % Row 2 \SetRowColor{LightBackground} \mymulticolumn{1}{x{8.4cm}}{To show the contents of a PKCS \#12 file\{\{nl\}\}{\bf{openssl pkcs12 -in cert\_key.p12}}} \tn % Row Count 10 (+ 2) % Row 3 \SetRowColor{white} \mymulticolumn{1}{x{8.4cm}}{Convert the .p12 file into a Java Key Store. {\emph{This commnad uses java keytool instead of openssl.}}\{\{nl\}\}\{\{noshy\}\}{\bf{keytool -importkeystore -destkeystore javakeystore.jks -srckeystore cert\_key.p12 -srcstoretype pkcs12}}} \tn % Row Count 15 (+ 5) % Row 4 \SetRowColor{LightBackground} \mymulticolumn{1}{x{8.4cm}}{Convert PEM certificate to PKCS \#7 format\{\{nl\}\}\{\{noshy\}\}{\bf{openssl crl2pkcs7 -nocrl -certfile certificate.crt -out cert.p7b}}} \tn % Row Count 18 (+ 3) % Row 5 \SetRowColor{white} \mymulticolumn{1}{x{8.4cm}}{Convert a PKCS \#7 file from PEM to DER\{\{nl\}\}\{\{noshy\}\}{\bf{openssl pkcs7 -in cert.p7b -outform DER -out p7.der}}} \tn % Row Count 21 (+ 3) \hhline{>{\arrayrulecolor{DarkBackground}}-} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{8.4cm}{X} \SetRowColor{DarkBackground} \mymulticolumn{1}{x{8.4cm}}{\bf\textcolor{white}{SIMPLE CA CONFIGURATION FILE ( openssl.cnf )}} \tn \SetRowColor{white} \mymulticolumn{1}{x{8.4cm}}{{[} ca {]} \newline % Row Count 1 (+ 1) default\_ca = CA\_default \{\{nl\}\} \newline % Row Count 2 (+ 1) {[} CA\_default {]} \newline % Row Count 3 (+ 1) dir = ./personalCA \newline % Row Count 4 (+ 1) database = \$dir/index.txt \newline % Row Count 5 (+ 1) new\_certs\_dir = \$dir/newcerts\{\{nl\}\} \newline % Row Count 6 (+ 1) certificate = \$dir/cacert.pem \newline % Row Count 7 (+ 1) serial = \$dir/serial \newline % Row Count 8 (+ 1) rand\_serial = yes \newline % Row Count 9 (+ 1) private\_key = \$dir/private/cakey.pem \newline % Row Count 10 (+ 1) RANDFILE = \$dir/private/.rand\{\{nl\}\} \newline % Row Count 11 (+ 1) default\_days = 365 \newline % Row Count 12 (+ 1) default\_crl\_days= 30 \newline % Row Count 13 (+ 1) default\_md = SHA256 \{\{nl\}\} \newline % Row Count 14 (+ 1) policy = policy\_any \newline % Row Count 15 (+ 1) email\_in\_dn = no\{\{nl\}\} \newline % Row Count 16 (+ 1) name\_opt = ca\_default \newline % Row Count 17 (+ 1) cert\_opt = ca\_default \newline % Row Count 18 (+ 1) copy\_extensions = none\{\{nl\}\} \newline % Row Count 19 (+ 1) {[} policy\_any {]} \newline % Row Count 20 (+ 1) countryName = supplied \newline % Row Count 21 (+ 1) stateOrProvinceName = optional \newline % Row Count 22 (+ 1) organizationName = optional \newline % Row Count 23 (+ 1) organizationalUnitName = optional \newline % Row Count 24 (+ 1) commonName = supplied \newline % Row Count 25 (+ 1) emailAddress = optional% Row Count 26 (+ 1) } \tn \hhline{>{\arrayrulecolor{DarkBackground}}-} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{8.4cm}{X} \SetRowColor{DarkBackground} \mymulticolumn{1}{x{8.4cm}}{\bf\textcolor{white}{FINAL NOTES}} \tn \SetRowColor{white} \mymulticolumn{1}{x{8.4cm}}{{\bf{- All openssl commands were tested using OpenSSL version 1.1.1f}} \newline % Row Count 2 (+ 2) {\bf{- All nmap commands were tested using nmap version 7.80. nmap is compiled using openssl libraries.}} \newline % Row Count 5 (+ 3) {\bf{- The default format for almost all operations in openssl is PEM, however you can always specify a DER format using arguments or export to other formats with appropriate commands indicated on the document.}}% Row Count 10 (+ 5) } \tn \hhline{>{\arrayrulecolor{DarkBackground}}-} \end{tabularx} \par\addvspace{1.3em} % That's all folks \end{multicols*} \end{document}