Skip to content

Instantly share code, notes, and snippets.

@mustakimali
Last active November 21, 2023 12:20
Show Gist options
  • Save mustakimali/21c89fa1e1f62c031c55058ba0a386b5 to your computer and use it in GitHub Desktop.
Save mustakimali/21c89fa1e1f62c031c55058ba0a386b5 to your computer and use it in GitHub Desktop.
OpenSSL/JWE Cheatsheets

Some Useful Aliases

alias openssl-genkeys="openssl genrsa -out opensslgenkeys-private-key.pem 2048 \
                && openssl rsa -in opensslgenkeys-private-key.pem -out opensslgenkeys-public-key.pem -outform PEM -pubout \
                && openssl req -key opensslgenkeys-private-key.pem -new -x509 -days 3650 -out opensslgenkeys-crt.crt \
                && openssl pkcs12 -in opensslgenkeys-crt.crt -inkey opensslgenkeys-private-key.pem -export -out opensslgenkeys-pfx.pfx \
                && openssl pkcs12 -in opensslgenkeys-crt.crt -export -out opensslgenkeys-public-key.pfx -nokeys \
                && cat opensslgenkeys-pfx.pfx | base64 -w 0 > opensslgenkeys-pfx.pfx-b64 \
                && cat opensslgenkeys-public-key.pfx | base64 -w 0 > opensslgenkeys-public-key.pfx-b64 \
                && cat opensslgenkeys-private-key.pem \
                && cat opensslgenkeys-public-key.pem \
                && cat opensslgenkeys-pfx.pfx-b64 \
                && cat opensslgenkeys-public-key.pfx"

alias openssl-gentempkeys="openssl genrsa -out opensslgenkeys-temp.pem 2048 \
                           && openssl rsa -in opensslgenkeys-temp.pem -out opensslgenkeys-temp-public.pem -outform PEM -pubout \
                           && cat opensslgenkeys-temp.pem \
                           && cat opensslgenkeys-temp-public.pem \
                           && rm opensslgenkeys-temp.pem opensslgenkeys-temp-public.pem"

alias openssl-genkeys-lite="openssl genrsa -out opensslgenkeys-private-key.pem 2048 \
                && openssl rsa -in opensslgenkeys-private-key.pem -out opensslgenkeys-public-key.pem -outform PEM -pubout"

alias openssl-genkeys-clear="rm opensslgenkeys-*.*"

Create JWE (Compact format) from any text

Requires Step CLI

cat /tmp/content_to_encrypt.txt | 
    # this produces a JSON with all 5 parts of JWE Compact format
    step crypto jwe encrypt --key /tmp/public-key.pem |
    # Convert the JSON into JWE Compact Format (help: https://smallstep.com/docs/step-cli/reference/crypto/jwe#examples)
    jq '.protected + "." + .encrypted_key + "." + .iv + "." + .ciphertext + "." + .tag'
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment