# Cheat Sheet #day5 - OpenSSL Commands ### OpenSSL Cheat Sheet OpenSSL is a powerful tool for managing SSL/TLS certificates and encryption. Below is a comprehensive cheat sheet covering common OpenSSL commands for various tasks such as generating keys, creating certificate signing requests (CSRs), and managing certificates. #### General Information - **Version**: Check OpenSSL version ```bash openssl version ``` #### Key Generation - **Generate an RSA Private Key**: ```bash openssl genpkey -algorithm RSA -out private.key ``` - **Generate a Private Key with a Specific Size (e.g., 2048 bits)**: ```bash openssl genpkey -algorithm RSA -out private.key -pkeyopt rsa_keygen_bits:2048 ``` - **Generate a Password-Protected Private Key**: ```bash openssl genpkey -algorithm RSA -aes256 -out private.key ``` #### Certificate Signing Request (CSR) - **Generate a CSR**: ```bash openssl req -new -key private.key -out request.csr ``` - **Generate a CSR with a Specific Configuration File**: ```bash openssl req -new -key private.key -out request.csr -config openssl.cnf ``` #### Self-Signed Certificate - **Generate a Self-Signed Certificate**: ```bash openssl req -x509 -days 365 -key private.key -in request.csr -out certificate.crt ``` - **Generate a Self-Signed Certificate Without a CSR**: ```bash openssl req -x509 -newkey rsa:2048 -keyout private.key -out certificate.crt -days 365 ``` #### Viewing and Verifying Certificates - **View Certificate Details**: ```bash openssl x509 -in certificate.crt -text -noout ``` - **Verify a Certificate and Key Match**: ```bash openssl x509 -noout -modulus -in certificate.crt | openssl md5 openssl rsa -noout -modulus -in private.key | openssl md5 ``` - **Verify a CSR**: ```bash openssl req -text -noout -verify -in request.csr ``` #### Converting Certificate Formats - **Convert PEM to DER**: ```bash openssl x509 -outform der -in certificate.crt -out certificate.der ``` - **Convert DER to PEM**: ```bash openssl x509 -inform der -in certificate.der -out certificate.crt ``` - **Convert PEM to PKCS12**: ```bash openssl pkcs12 -export -out certificate.p12 -inkey private.key -in certificate.crt ``` #### Managing Existing Certificates - **Extract Public Key from a Certificate**: ```bash openssl x509 -pubkey -noout -in certificate.crt > public.key ``` - **Extract Public Key from a Private Key**: ```bash openssl rsa -pubout -in private.key -out public.key ``` - **Check a Private Key**: ```bash openssl rsa -check -in private.key ``` #### Encrypting and Decrypting Data - **Encrypt a File Using a Public Key**: ```bash openssl rsautl -encrypt -inkey public.key -pubin -in plaintext.txt -out encrypted.txt ``` - **Decrypt a File Using a Private Key**: ```bash openssl rsautl -decrypt -inkey private.key -in encrypted.txt -out decrypted.txt ``` #### Digital Signatures - **Sign a File**: ```bash openssl dgst -sha256 -sign private.key -out signature.bin data.txt ``` - **Verify a Signature**: ```bash openssl dgst -sha256 -verify public.key -signature signature.bin data.txt ``` #### Creating Certificate Authority (CA) - **Create a Self-Signed Root CA Certificate**: ```bash openssl req -x509 -new -nodes -key private.key -sha256 -days 1024 -out ca.crt ``` - **Sign a Certificate with a CA**: ```bash openssl x509 -req -in request.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out signed_certificate.crt -days 500 -sha256 ``` ### Summary This cheat sheet provides a quick reference to common OpenSSL commands for managing SSL/TLS certificates and encryption. Whether you are generating keys, creating CSRs, or converting certificate formats, these commands will help streamline your workflow. For more detailed information, always refer to the [OpenSSL documentation](https://www.openssl.org/docs/).