This article will show you some important commands about openssl like generating random data, encrypting and decrypting files using Symmetric and Asymmetric algorithms, generating digital signature and generating a file digest.
Generate Random Data
The OpenSSL rand the command can be used to generate pseudorandom bytes. The -base64 flag will base64 encode the output, providing you with a random string that can be used as a password or for other applications that require a random string. Just make sure that the number of bytes is divisible by three to avoid padding.
$ OpenSSL rand -base64 9
Emo+xQINmYoU
Generate Hash of a file
Hashing is the process of converting a given key into another value. Then, a hash function is used to generate the new value according to a mathematical algorithm. The result of a hash function is known as a hash value or, simply, a hash. A good hash function uses a one-way hashing algorithm. In other words, the Hash cannot be converted back into the original key. Many hashing algorithms are available like MD5, SHA256, SHA512, etc.
In the following example, I am generating the Hash of a file named hasIn1.txt using the SHA256 algorithm.
openssl dgst -sha256 hashIn1.txt
Symmetric Encryption using OpenSSL
In symmetric encryption, we used the same key to encrypt and decrypt the data. There are a lot of symmetric algorithms like
- AES (Advanced Encryption Standard)
- DES (Data Encryption Standard)
- IDEA (International Data Encryption Algorithm)
- Blowfish (Drop-in replacement for DES or IDEA)
- RC4 (Rivest Cipher 4)
- RC5 (Rivest Cipher 5)
- RC6 (Rivest Cipher 6)
The most popular is the AES algorithm. In the following example, I am encrypting a file using theAESalgorithm withCBCmode. Another mode is, which is not recommended because of the pattern in encrypted text.
openssl enc -aes-256-cbc -md sha512 -pbkdf2 -iter 100000 -salt -in secret.txt -out secret.enc
PBKDF2 applies a pseudorandom function, such as hash-based message authentication code (HMAC), to the input password or passphrase along with a salt value and repeats the process many times to produce a derived key, which can then be used as a cryptographic key in subsequent operations. The added computational work makes password cracking much more complex and is known as essential stretching.
Asymmetric encryption using OpenSSL
Asymmetric cryptography is a cryptographic system that uses pairs of keys: public keys and private keys. The Public key is used to decrypt the data, and the private key is used to encrypt the data. To encrypt data using Asymmetric encryption, you have to follow the following steps.
- Generate private key
- Extract public key from the key
- Encrypt the file using a public key
- Decrypt the file using the private key
# Generate public-private key
openssl genpkey -algorithm RSA -out private.pem
# Extract public key
openssl rsa -in private.pem -pubout > public.pem
# Encrypt the file using public key
openssl rsautl -encrypt -pubin -inkey public.pem -in plaintext.txt -out encrypted.txt
# Decrypt the file
openssl rsautl -decrypt -in encrypted.txt -out plaintext_2.txt -inkey private.pem
Check certificate validity.
If you want to validate the certificate of a given website is valid or not, you can use the following command.
echo | openssl s_client -connect google.com:443 -brief
Generate Digital Signature using OpenSSL
OpenSSL genpkey -algorithm RSA -out key.pem
openssl rsa -in key.pem -pubout > publickey.pem
openssl dgst -sha256 -sign key.key -out signature.txt demo.txt
openssl dgst -sha256 -verify publickey.pem -signature signature.txt demo.txt