Skip to content

Instantly share code, notes, and snippets.

@franps
Last active March 15, 2022 14:00
Show Gist options
  • Save franps/1bbf1b6700ad609a9c1cf28f28e9145c to your computer and use it in GitHub Desktop.
Save franps/1bbf1b6700ad609a9c1cf28f28e9145c to your computer and use it in GitHub Desktop.
Comandos útiles openssl

Comandos útiles en openssl

Si se ven encabezados (-----BEGIN X509 CRL-----) es PEM, sino es DER

CRL

Ver info de CRL openssl crl -inform PEM -text -in test.crl

Ver solo encabezado openssl crl -inform PEM -text -in test.crl | head

Convertir DER a PEM (no probado) openssl crl -inform DER -in test.crl -outform PEM -out test.crl

Ver series de revocados openssl crl -inform DER -text -in test.crl | grep 'Serial\|Revocation'

Buscar si un certificado está revocado (buscar serial) openssl crl -inform DER -text -in test.crl | grep -A1 'numeroserial'

Certificados

Crear clave privada y cert openssl req -x509 -newkey rsa:4096 -keyout key.pem -out test.pem -days 365

Crear una privada y CSR openssl req -newkey rsa:2048 -keyout PRIVATEKEY.key -out MYCSR.csr

Crear CSR de una privada ya existente openssl req -new -key PRIVATEKEY.key -out MYCSR.csr

Crear publica a partir de privada openssl rsa -in mykey.pem -pubout > mykey.pub

Crear publica a partir de csr openssl req -in csr.txt -noout -pubkey -out publickey.pem

Ver info certificado openssl x509 -in test.cer -text -noout

Convertir DER a PEM openssl x509 -inform der -in test.cer -out test.pem

Ver info de clave pública openssl asn1parse -i -in test.pem

Validar que un cert corresponde a una CA openssl verify -verbose -CAfile Intermediate.pem UserCert.pem

Agregar password a una private key sin pass openssl pkcs8 -topk8 -in source.key -out encrypted.key

Crear un certificado con una key de CA openssl x509 -req -days 360 -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt

Claves SSH

Crear una clave privada ssh ssh-keygen -f newkey.key -t rsa -b 4096

Crear una publica ssh a partir de una privada ssh-keygen -y -f id_rsa

Cambiar formato de publica de SSH2 a OpenSSH ssh-keygen -i -f ssh2_pub_key > pub_key.pub

Keystores

Ver info de un jks/pfx/p12 keytool -list -keystore keystore.jks

Exportar private key a partir de pfx openssl pkcs12 -in certname.pfx -nocerts -out key.pem -nodes

Exportar certificado a partir de pfx openssl pkcs12 -in certname.pfx -nokeys -out cert.pem

Crear pfx/p12 a partir de key y cert openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt

Encripción

Encriptar simétrico openssl enc -aes-256-cbc -a -salt -in archivoAEncriptar.txt -out archivoEncriptado.txt

Encriptar asimétrico openssl rsautl -encrypt -inkey public.pem -pubin -in archivoAEncriptar.txt -out archivoEncriptado.txt

Decriptar asimétrico openssl rsautl -decrypt -inkey priv.pem -in archivoEncriptado.txt -out archivoDecriptado

Signing:

openssl dgst -sha256 data.txt > hash openssl rsautl -sign -inkey privatekey.pem -keyform PEM -in hash >signature

Verifying just the signature:

openssl rsautl -verify -inkey publickey.pem -pubin -keyform PEM -in signature

OCSP validation openssl ocsp -issuer ca.cer -cert cert.cer -verify_other ca.cer -url http://ocsp.sectigo.com -header "Host" "ocsp.sectigo.com" -no_nonce

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment