Commands tagged openssl

To decrypt: openssl aes-256-cbc -d -in secrets.txt.enc -out secrets.txt.new

Reference: http://tombuntu.com/index.php/2007/12/12/simple-file-encryption-with-openssl

Optional parameter -a makes output base64 encoded, can be viewed in text editor or pasted in email

Create an AES256 encrypted and compressed tar archive.

User is prompted to enter the password.

Decrypt with:

At times you will need to safeguard your files. Use OpenSSL's native rc4 encryption to do so.

'nopad' removes padding and 'nosalt' removes random salt being added to the file.

Strip a password from a openssl key to use with apache httpd server

This will create, in the current directory, a file called 'pk.pem' containing an unencrypted 2048-bit RSA private key and a file called 'cert.pem' containing a certificate signed by 'pk.pem'. The private key file will have mode 600.

!!ATTENTION!! ==> this command will overwrite both files if present.

Another option is openssl.

No need to install yet another program when openssl is already installed. :-)

macchanger will allow you to change either 1) mfg code, 2) host id, or 3) all of the above. Use this at wifi hotspots to help reduce profiling.

Use the following variation for FreeBSD:

Finds all cert files on a server and lists them, finding out, which one is a symbolic link and which is true.

You want to do this when a certificate expires and you want to know which files to substitute with the new cert.

I have a mac, and do not want to install mac ports to get the base64 binary. Using openssl will do the trick just fine. Note, to decode base64, specify a '-d' after 'base64' in the command. Note also the files base64.decoded.txt and base64.encoded.txt are text files.

eliminates "l" and "o" characters change length by changing 'x' here: cut -c 1-x

The lifehacker way: http://lifehacker.com/software/top/geek-to-live--encrypt-your-data-178005.php#Alternate%20Method:%20OpenSSL

"That command will encrypt the unencrypted-data.tar file with the password you choose and output the result to encrypted-data.tar.des3. To unlock the encrypted file, use the following command:"

Allows you to connect to an SMTP server over TLS, which is useful for debugging SMTP sessions. (Much like telnet to 25/tcp). Once connected you can manually issue SMTP commands in the clear (e.g. EHLO)

A quick and simple way of outputting the start and end date of a certificate, you can simply use 'openssl x509 -in xxxxxx.crt -noout -enddate' to output the end date (ex. notAfter=Feb 01 11:30:32 2009 GMT) and with the date command you format the output to an ISO format.

For the start date use the switch -startdate and for end date use -enddate.

command to decrypt:

Of course, don't forget to rm the original files ;) You may also want to look at the openssl docs for more options.

When you don't have c_rehash handy. Really simple - if you have a .pem file that doesn't really contain a x509 cert (let's say, newreq.pem), it will create a link, simply called '.0', pointing to that file.