This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
fuss:openssl [2014/11/24 01:17] – [Create a Self-Signed Certificate] office | fuss:openssl [2022/04/19 08:28] (current) – external edit 127.0.0.1 | ||
---|---|---|---|
Line 1: | Line 1: | ||
+ | ====== Encrypt and Decrypt a File using Symmetric Encryption ====== | ||
+ | |||
+ | To encrypt: | ||
+ | <code bash> | ||
+ | openssl enc -aes-256-cbc -salt -in archive.tar.xz -out archive.tar.xz.aes | ||
+ | </ | ||
+ | |||
+ | To decrypt: | ||
+ | <code bash> | ||
+ | openssl enc -d -aes-256-cbc -in archive.tar.xz.aes -out archive.tar.xz | ||
+ | </ | ||
+ | |||
+ | ====== Create a Self-Signed Certificate ====== | ||
+ | |||
+ | * Generate the private key: | ||
+ | |||
+ | <code bash> | ||
+ | openssl genrsa -des3 -out server.key 1024 | ||
+ | </ | ||
+ | |||
+ | * Create a certificate signing request ('' | ||
+ | |||
+ | <code bash> | ||
+ | openssl req -key server.key -out server.csr | ||
+ | </ | ||
+ | |||
+ | * Sign the certificate signing request ('' | ||
+ | |||
+ | <code bash> | ||
+ | openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt | ||
+ | </ | ||
+ | |||
+ | * Remove the passphrase from the private key (for apache to not prompt): | ||
+ | |||
+ | <code bash> | ||
+ | cp server.key server.key.secure | ||
+ | openssl rsa -in server.key.secure -out server.key | ||
+ | </ | ||
+ | |||
+ | ====== Benchmark ====== | ||
+ | |||
+ | To benchmark an OpenSSL encryption scheme, for example '' | ||
+ | |||
+ | <code bash> | ||
+ | openssl speed -evp aes-256-cbc | ||
+ | </ | ||
+ | |||
+ | ====== Check PEM Encoded Certificate Expiration ====== | ||
+ | |||
+ | <code bash> | ||
+ | openssl x509 -enddate -noout -in cert.pem | ||
+ | </ | ||
+ | |||
+ | where: | ||
+ | * '' | ||