Commands tagged openssl sorted by votes

Commands tagged openssl (44)

sorted by

Encrypted archive with openssl and tar

Create an AES256 encrypted and compressed tar archive. User is prompted to enter the password. Decrypt with: openssl enc -d -aes256 -in <file> | tar --extract --file - --gzip
This is sample output - yours may be different.
25

tar --create --file - --posix --gzip -- <dir> | openssl enc -e -aes256 -out <file>

seb1245 · 2012-11-27 15:33:45 1
Generate a Random MAC address

Use the following variation for FreeBSD: openssl rand 6 | xxd -p | sed 's/$..$/\1:/g; s/:$//'
This is sample output - yours may be different.
15

openssl rand -hex 6 | sed 's/$..$/\1:/g; s/.$//'

putnamhill · 2010-09-23 02:31:12 0
Random unsigned integer
This is sample output - yours may be different.
12

echo $(openssl rand 4 | od -DAn)

putnamhill · 2010-11-09 14:55:39 0
Encrypted chat with netcat and openssl (one-liner)

client$ while true; do read -n30 ui; echo $ui |openssl enc -aes-256-ctr -a -k PaSSw ; done | nc localhost 8877 | while read so; do decoded_so=`echo "$so"| openssl enc -d -a -aes-256-ctr -k PaSSw`; echo -e "Incoming: $decoded_so"; done This will establish a simple encrypted chat with AES-256-CTR using netcat and openssl only. More info here https://nixaid.com/encrypted-chat-with-netcat/
This is sample output - yours may be different.
8

server$ while true; do read -n30 ui; echo $ui |openssl enc -aes-256-ctr -a -k PaSSw; done | nc -l -p 8877 | while read so; do decoded_so=`echo "$so"| openssl enc -d -a -aes-256-ctr -k PaSSw`; echo -e "Incoming: $decoded_so"; done

arno · 2014-01-16 14:36:09 0
Connect to SMTP server using STARTTLS

Allows you to connect to an SMTP server over TLS, which is useful for debugging SMTP sessions. (Much like telnet to 25/tcp). Once connected you can manually issue SMTP commands in the clear (e.g. EHLO) Show Sample Output
This is sample output - yours may be different.
```
$ openssl s_client -starttls smtp -crlf -connect smtp1.google.com:25
CONNECTED(00000003)
depth=1 /C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting cc/OU=Certification Services Division/CN=Thawte Premium Server CA/emailAddress=premium-server@thawte.com
verify error:num=19:self signed certificate in certificate chain
verify return:0
---
Certificate chain
<...>
---
220 smtp.google.com ESMTP
```
7

openssl s_client -starttls smtp -crlf -connect 127.0.0.1:25

realist · 2009-08-19 08:37:24 1
Bitcoin Brainwallet Private Key Calculator

A bitcoin "brainwallet" is a secret passphrase you carry in the "wallet" of your brain. The Bitcoin Brainwallet Private Key Calculator calculates the standard base58 encoded bitcoin private key from your "brainwallet" passphrase. The private key is the most important bitcoin number. All other numbers can be derived from it. This command uses 3 other functions - all 3 are defined on my user page: 1) brainwallet_exponent() - search for Bitcoin Brainwallet Exponent Calculator 2) brainwallet_checksum() - search for Bitcoin Brainwallet Exponent Calculator 3) b58encode() - search for Bitcoin Brainwallet Base58 Encoder Do make sure you use really strong, unpredictable passphrases (30+ characters)! http:brainwallet.org can be used to check the accuracy of this calculator. Show Sample Output
This is sample output - yours may be different.
```
> echo -n "correct horse battery staple" | the-above-command
> 5KJvsngHeMpm884wtkJNzQGaCErckhHJBGFsvd3VyK5qMZXj3hS
```
7

(read -r passphrase; b58encode 80$( brainwallet_exponent "$passphrase" )$( brainwallet_checksum "$passphrase" ))

nixnax · 2014-02-18 02:50:09 1
Encrypted archive with openssl and tar

command to decrypt: openssl enc -aes-256-cbc -d < secret.tar.enc | tar x Of course, don't forget to rm the original files ;) You may also want to look at the openssl docs for more options.
This is sample output - yours may be different.
5

tar c folder_to_encrypt | openssl enc -aes-256-cbc -e > secret.tar.enc

recursiverse · 2009-07-23 06:03:39 0
Bitcoin Brainwallet Exponent Calculator

A bitcoin "brainwallet" is a secret passphrase you carry in your brain. The Bitcoin Brainwallet Exponent Calculator is one of three functions needed to calculate the bitcoin PRIVATE key. Roughly, the formula is exponent = sha256 (passphrase) Note that this is a bash function, which means you have to type its name to invoke it. You can check the accuracy of the results here http://brainwallet.org Show Sample Output
This is sample output - yours may be different.
```
> brainwallet_exponent "correct horse battery staple"
> c4bbcb1fbec99d65bf59d85c8cb62ee2db963f0fe106f483d9afa73bd4e39a8a

> echo -ne "correct horse battery staple" | sha256sum
> c4bbcb1fbec99d65bf59d85c8cb62ee2db963f0fe106f483d9afa73bd4e39a8a  -
```
5

function brainwallet_exponent () { printf %s "$1"|sha256sum|head -c 64; }

nixnax · 2014-02-18 01:49:09 0
Bitcoin Brainwallet Checksum Calculator

A bitcoin "brainwallet" is a secret passphrase you carry in your brain. The Bitcoin Brainwallet Exponent Calculator is the second of three functions needed to calculate a bitcoin PRIVATE key. Roughly, checksum is the first 8 hex digits of sha256(sha256(0x80+sha256(passphrase))) Note that this is a bash function, which means you have to type its name to invoke it Show Sample Output
This is sample output - yours may be different.
```
> brainwallet_checksum "correct horse battery staple"
> eb5f56e1
```
5

function brainwallet_checksum () { (o='openssl sha256 -binary'; p='printf';($p %b "\x80";$p %s "$1"|$o)|$o|sha256sum|cut -b1-8); }

nixnax · 2014-02-18 02:07:02 0
c_rehash replacement

When you don't have c_rehash handy. Really simple - if you have a .pem file that doesn't really contain a x509 cert (let's say, newreq.pem), it will create a link, simply called '.0', pointing to that file.
This is sample output - yours may be different.
4

for file in *.pem; do ln -s $file `openssl x509 -hash -noout -in $file`.0; done

darkpand · 2009-06-30 17:42:07 0
Encrypted archive with openssl and tar

The lifehacker way: http://lifehacker.com/software/top/geek-to-live--encrypt-your-data-178005.php#Alternate%20Method:%20OpenSSL "That command will encrypt the unencrypted-data.tar file with the password you choose and output the result to encrypted-data.tar.des3. To unlock the encrypted file, use the following command:" openssl des3 -d -salt -in encrypted-data.tar.des3 -out unencrypted-data.tar Show Sample Output
This is sample output - yours may be different.
```
enter des-ede3-cbc encryption password:
Verifying - enter des-ede3-cbc encryption password:
```
3

openssl des3 -salt -in unencrypted-data.tar -out encrypted-data.tar.des3

berot3 · 2009-10-03 03:50:46 3
Encode/Decode text to/from Base64 on a Mac w/out Mac Ports

I have a mac, and do not want to install mac ports to get the base64 binary. Using openssl will do the trick just fine. Note, to decode base64, specify a '-d' after 'base64' in the command. Note also the files base64.decoded.txt and base64.encoded.txt are text files.
This is sample output - yours may be different.
3

openssl base64 -in base64.decoded.txt -out base64.encoded.txt

argherna · 2010-08-13 20:39:10 0
Output a SSL certificate start or end date

A quick and simple way of outputting the start and end date of a certificate, you can simply use 'openssl x509 -in xxxxxx.crt -noout -enddate' to output the end date (ex. notAfter=Feb 01 11:30:32 2009 GMT) and with the date command you format the output to an ISO format. For the start date use the switch -startdate and for end date use -enddate. Show Sample Output
This is sample output - yours may be different.
```
2009-02-01
```
2

date --date="$(openssl x509 -in xxxxxx.crt -noout -startdate | cut -d= -f 2)" --iso-8601

rez0r · 2009-07-23 23:24:33 0
Decode base64-encoded file in one line of Perl

Another option is openssl.
This is sample output - yours may be different.
2

openssl base64 -d < file.txt > out

putnamhill · 2010-12-14 00:23:12 0
remove password from openssl key file

Strip a password from a openssl key to use with apache httpd server
This is sample output - yours may be different.
2

openssl rsa -in /path/to/originalkeywithpass.key -out /path/to/newkeywithnopass.key

drerik · 2012-09-16 19:31:38 0
OpenSSL one line CSR & Key generation
This is sample output - yours may be different.
2

openssl req -nodes -newkey rsa:2048 -keyout server.key -out server.csr -subj "/C=BR/ST=State/L=City/O=Company Inc./OU=IT/CN=domain.com"

sistematico · 2015-04-17 10:04:18 0
Extract public key from private

This will extract the public key that is stored in the private key using openssl. Show Sample Output
This is sample output - yours may be different.
```
writing RSA key
```
2

openssl rsa -in key.priv -pubout > key.pub

krizzo · 2015-04-28 19:10:17 1
view certificate details
This is sample output - yours may be different.
1

openssl x509 -in filename.crt -noout -text

wincus · 2010-01-05 18:02:25 0
Generate hash( of some types) from string

No need to install yet another program when openssl is already installed. :-)
This is sample output - yours may be different.
1

openssl dgst -sha256 <<<"test"

dramaturg · 2010-12-05 17:34:06 0
Generate RSA private key and self-signed certificate

This will create, in the current directory, a file called 'pk.pem' containing an unencrypted 2048-bit RSA private key and a file called 'cert.pem' containing a certificate signed by 'pk.pem'. The private key file will have mode 600. !!ATTENTION!! ==> this command will overwrite both files if present.
This is sample output - yours may be different.
1

touch pk.pem && chmod 600 pk.pem && openssl genrsa -out pk.pem 2048 && openssl req -new -batch -key pk.pem | openssl x509 -req -days 365 -signkey pk.pem -out cert.pem

bfreis · 2011-05-11 18:09:33 0
AES file encryption with openssl

To decrypt: openssl aes-256-cbc -d -in secrets.txt.enc -out secrets.txt.new Reference: http://tombuntu.com/index.php/2007/12/12/simple-file-encryption-with-openssl Optional parameter -a makes output base64 encoded, can be viewed in text editor or pasted in email
This is sample output - yours may be different.
1

openssl aes-256-cbc -salt -in secrets.txt -out secrets.txt.enc

jrdbz · 2013-04-13 19:33:37 0
One-liner to generate Self-Signed SSL Certificate+Key without any annoying prompts or CSRs

Handy if you want to quickly generate a self-signed certificate. Also can be used in your automated scripts for generating quick-use certificates. Show Sample Output
This is sample output - yours may be different.
```
certificate.key
certificate.crt
```
1

openssl req -new -newkey rsa:4096 -days 3650 -nodes -x509 -subj "/C=<Country Code>/ST=<State>/L=<City>/O=<Organization>/CN=<Common Name>" -keyout certificate.key -out certificate.crt

rdx · 2014-11-27 15:19:42 0
Get the SAN (subjectAltName) of a site's certificate.

Based on http://stackoverflow.com/questions/13127352/checking-alternative-names-for-a-san-ssl-cert Replace "facebook.com" with the desired hostname. Show Sample Output
This is sample output - yours may be different.
```
depth=1 /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance CA-3
verify error:num=20:unable to get local issuer certificate
verify return:0
DONE

*.facebook.com
facebook.com
*.fb.com
fb.com
*.fbsbx.com
*.fbcdn.net
*.xx.fbcdn.net
*.xy.fbcdn.net
*.xz.fbcdn.net
*.m.facebook.com
*.messenger.com
messenger.com
```
1

echo "quit" | openssl s_client -connect facebook.com:443 | openssl x509 -noout -text | grep "DNS:" | perl -pe "s/(, )?DNS:/\n/g"

lgarron · 2015-08-13 22:50:45 0
Decrypt exported android wallet keys for import into desktop client (LTC,FTC,BTC)
This is sample output - yours may be different.
1

openssl enc -d -aes-256-cbc -a -in bitcoin-wallet-backup -out bitcoin-wallet-backup-decrypted

UnklAdM · 2016-01-13 21:04:19 0
Generate a random password 30 characters long
This is sample output - yours may be different.
1

openssl rand -rand /dev/urandom -base64 30

rolanda · 2019-06-29 14:55:15 1
1 2 >

What's this?

commandlinefu.com is the place to record those command-line gems that you return to again and again. That way others can gain from your CLI wisdom and you from theirs too. All commands can be commented on, discussed and voted up or down.

Share Your Commands

Check These Out

Print every Nth line

Sometimes commands give you too much feedback. Perhaps 1/100th might be enough. If so, every() is for you. $ my_verbose_command | every 100 will print every 100th line of output. Specifically, it will print lines 100, 200, 300, etc If you use a negative argument it will print the *first* of a block, $ my_verbose_command | every -100 It will print lines 1, 101, 201, 301, etc The function wraps up this useful sed snippet: $ ... | sed -n '0~100p' don't print anything by default $ sed -n starting at line 0, then every hundred lines ( ~100 ) print. $ '0~100p' There's also some bash magic to test if the number is negative: we want character 0, length 1, of variable N. $ ${N:0:1} If it *is* negative, strip off the first character ${N:1} is character 1 onwards (second actual character).

Which processes are listening on a specific port (e.g. port 80)

swap out "80" for your port of interest. Can use port number or named ports e.g. "http"

Cleanly manage tempfiles in scripts

Cleanly create tempfiles using mktemp and remove them using traps instead of removing them in the end of the script. This way, you make sure the tempfiles are removed properly even if the script is killed or interrupted. For a user script in KDE4, you can set TMPROOT using : $ TMPROOT=$(kde4-config --path tmp)

List all files opened by a particular command

List all file opened by a particular command based on it's command name.

Force wrap all text to 80 columns in Vim

This is assuming that you're editing some file that has not been wrapped at 80 columns, and you want it to be wrapped. While in Vim, enter ex mode, and set the textwidth to 80 columns: $ :set textwidth=80 Then, press: $ gg to get to the top of the file, and: $ gqG to wrap every line from the top to the bottom of the file at 80 characters. Of course, this will lose any indentation blocks you've setup if typing up some source code, or doing type setting. You can make modifications to this command as needed, as 'gq' is the formatting command you want, then you could send the formatting to a specific line in the file, rather than to the end of the file. $ gq49G Will apply the format from your current cursor location to the 49th row. And so on.

Run a command if file/directory changes

Example: $ runonchange /etc/nginx nginx -t Ignores vim temp files. Depends on 'inotify-tools' for monitoring of file changes. Alternative to tools like 'entr', 'watchr'.

Look up a unicode character by name

No need for further filedes or substitution for splitting. Simply use read a b

Get CPU thermal data on MacOS

Propagate a directory to another and create symlink to content

Lndir create from source directory to destination directory a full symlink tree of all contents of source directory, really useful for propagate changes from a directory to another.

concatenate avi files

concatenates avi files

Stay in the loop…

Follow the Tweets.

Every new command is wrapped in a tweet and posted to Twitter. Following the stream is a great way of staying abreast of the latest commands. For the more discerning, there are Twitter accounts for commands that get a minimum of 3 and 10 votes - that way only the great commands get tweeted.

» http://twitter.com/commandlinefu
» http://twitter.com/commandlinefu3
» http://twitter.com/commandlinefu10

Subscribe to the feeds.

Use your favourite RSS aggregator to stay in touch with the latest commands. There are feeds mirroring the 3 Twitter streams as well as for virtually every other subset (users, tags, functions,…):

Subscribe to the feed for:

» all commands
» commands with 3 up-votes (commandlinefu3)
» commands with 10 up-votes (commandlinefu10)
» commands tagged openssl

Commands tagged openssl (44) the last day the last week the last month all time sorted by date votes

What's this?

Check These Out

Stay in the loop…

Commands tagged openssl (44)

sorted by