OpenSSL

• Contains implementation of for various cryptographic operations and algorithms

• Is open-source means it is free to download and utilize it for commercial and non-
commercial use
• Available for almost all operating systems
• Has implementation for SSL and TLS protocols. You can use openssl to generate keys
and signatures for your communication on the web.
• Contains APIs that can be used for writing your own security solutions
• Widely used by web servers and other network security programs. Popular web
servers such as apache, nginx and tomcat have builtin support for openssl.
• It has two main libraries: LIBSSL and LIBCRYPTO

Where to download from

• https://slproweb.com/

OpenSSL basic commands

• Check version of OpenSSL

openssl version
• To view summary help information
openssl version -help
• To list the available commands
openssl list -commands
• To list the lists of digest commands
openssl list –digest-algorithms
• To list the lists of all cipher algorithms
openssl list –cipher-algorithms
• To list the lists of all public key algorithms
openssl list –public-key-algorithms
 • To get more usage about a command
openssl list –options aes-256-cbc

Verifying integrity using OpenSSL

• Verifying Integrity of a file with openssl (first download the file/folder you need
to check the integrity and its checksum value). Eg from openssl.org
openssl sha1 [the file to be checked]
openssl sha256 [the file to be checked]
• To generate your own check sum for your file
openssl sha256 –hex –out [filetobegenerated]
[targetfiletogeneratefor]

Ensuring confidentiality with OpenSSL

• To generate a random secret key

openssl rand –hex 10 (generates 10 key random key)
openssl rand –hex 16 (generates 16 key random key)
• If you need to export the key to a file
openssl rand –hex –out encryption.key 32
• To generate rsa for symmetric cryptography
openssl genrsa
• Genrsa generates 2048 size key. If you need to modify and specify the key size
openssl genrsa 1024
• You can also store the key to external file. Eg. key.pri
openssl genrsa –out key.pri
• You can specify the key size while exporting to a file
openssl genrsa –out key.pri 2048
• You can examine the rsa key as follows. This will display the two prime numbers,
coefficient, modulus and exponents information
openssl rsa –in key.pri –noout -text
• You can generate the public key for the rsa as follows
openssl rsa –in key.pri –pubout –out key.pub
Encryption using openssl

DES, & RSA with OpenSSL

Symmetric encryption with openSSL

Basic commands:

• To encrypt a file with openssl using a DES encryption:

openssl enc –des3 –in file –out file2

• The result is in the file file2.

• To decrypt the same file:

openssl> enc –des3 –d –in file2 –out filedecrypted

(here, file and filedecrypted should contain the same content)

Create and print keys:

• This command encrypt with DES3, the file file1 to the file file2, using the key
key and the initialization vector vector.

Openssl enc –des3 –in file1 –out file2 –k key – iv vector

Remarks:

• You can use directly openssl des3 (instead of openssl enc –des3)

You can use base64 instead of des3.

RSA with openSSL

Generating key pairs

• To create a pair of keys, the genrsa command is used:

Openssl genrsa

• Here, size is the size

• To save this key in keyfile.pem, use the option:

keyfile.pem

openssl genrsa -out keyfile.pem size

Visualizing RSA keys

 • The command rsa allows to visualize the content of a file (PEM format) containing
a RSA key pairs.

Openssl rsa –in keyfile.pem –text –noout

• The option –text pair.

• The option –noout command rsa.