Commands tagged openssl sorted by votes

Commands tagged openssl (45)

sorted by

Encrypted archive with openssl and tar

Create an AES256 encrypted and compressed tar archive. User is prompted to enter the password. Decrypt with: openssl enc -d -aes256 -in <file> | tar --extract --file - --gzip
This is sample output - yours may be different.
25

tar --create --file - --posix --gzip -- <dir> | openssl enc -e -aes256 -out <file>

seb1245 · 2012-11-27 15:33:45 1
Generate a Random MAC address

Use the following variation for FreeBSD: openssl rand 6 | xxd -p | sed 's/$..$/\1:/g; s/:$//'
This is sample output - yours may be different.
16

openssl rand -hex 6 | sed 's/$..$/\1:/g; s/.$//'

putnamhill · 2010-09-23 02:31:12 0
Random unsigned integer
This is sample output - yours may be different.
12

echo $(openssl rand 4 | od -DAn)

putnamhill · 2010-11-09 14:55:39 0
Encrypted chat with netcat and openssl (one-liner)

client$ while true; do read -n30 ui; echo $ui |openssl enc -aes-256-ctr -a -k PaSSw ; done | nc localhost 8877 | while read so; do decoded_so=`echo "$so"| openssl enc -d -a -aes-256-ctr -k PaSSw`; echo -e "Incoming: $decoded_so"; done This will establish a simple encrypted chat with AES-256-CTR using netcat and openssl only. More info here https://nixaid.com/encrypted-chat-with-netcat/
This is sample output - yours may be different.
8

server$ while true; do read -n30 ui; echo $ui |openssl enc -aes-256-ctr -a -k PaSSw; done | nc -l -p 8877 | while read so; do decoded_so=`echo "$so"| openssl enc -d -a -aes-256-ctr -k PaSSw`; echo -e "Incoming: $decoded_so"; done

arno · 2014-01-16 14:36:09 0
Connect to SMTP server using STARTTLS

Allows you to connect to an SMTP server over TLS, which is useful for debugging SMTP sessions. (Much like telnet to 25/tcp). Once connected you can manually issue SMTP commands in the clear (e.g. EHLO) Show Sample Output
This is sample output - yours may be different.
```
$ openssl s_client -starttls smtp -crlf -connect smtp1.google.com:25
CONNECTED(00000003)
depth=1 /C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting cc/OU=Certification Services Division/CN=Thawte Premium Server CA/[email protected]
verify error:num=19:self signed certificate in certificate chain
verify return:0
---
Certificate chain
<...>
---
220 smtp.google.com ESMTP
```
7

openssl s_client -starttls smtp -crlf -connect 127.0.0.1:25

realist · 2009-08-19 08:37:24 1
Bitcoin Brainwallet Private Key Calculator

A bitcoin "brainwallet" is a secret passphrase you carry in the "wallet" of your brain. The Bitcoin Brainwallet Private Key Calculator calculates the standard base58 encoded bitcoin private key from your "brainwallet" passphrase. The private key is the most important bitcoin number. All other numbers can be derived from it. This command uses 3 other functions - all 3 are defined on my user page: 1) brainwallet_exponent() - search for Bitcoin Brainwallet Exponent Calculator 2) brainwallet_checksum() - search for Bitcoin Brainwallet Exponent Calculator 3) b58encode() - search for Bitcoin Brainwallet Base58 Encoder Do make sure you use really strong, unpredictable passphrases (30+ characters)! http:brainwallet.org can be used to check the accuracy of this calculator. Show Sample Output
This is sample output - yours may be different.
```
> echo -n "correct horse battery staple" | the-above-command
> 5KJvsngHeMpm884wtkJNzQGaCErckhHJBGFsvd3VyK5qMZXj3hS
```
6

(read -r passphrase; b58encode 80$( brainwallet_exponent "$passphrase" )$( brainwallet_checksum "$passphrase" ))

nixnax · 2014-02-18 02:50:09 1
Encrypted archive with openssl and tar

command to decrypt: openssl enc -aes-256-cbc -d < secret.tar.enc | tar x Of course, don't forget to rm the original files ;) You may also want to look at the openssl docs for more options.
This is sample output - yours may be different.
5

tar c folder_to_encrypt | openssl enc -aes-256-cbc -e > secret.tar.enc

recursiverse · 2009-07-23 06:03:39 0
Bitcoin Brainwallet Exponent Calculator

A bitcoin "brainwallet" is a secret passphrase you carry in your brain. The Bitcoin Brainwallet Exponent Calculator is one of three functions needed to calculate the bitcoin PRIVATE key. Roughly, the formula is exponent = sha256 (passphrase) Note that this is a bash function, which means you have to type its name to invoke it. You can check the accuracy of the results here http://brainwallet.org Show Sample Output
This is sample output - yours may be different.
```
> brainwallet_exponent "correct horse battery staple"
> c4bbcb1fbec99d65bf59d85c8cb62ee2db963f0fe106f483d9afa73bd4e39a8a

> echo -ne "correct horse battery staple" | sha256sum
> c4bbcb1fbec99d65bf59d85c8cb62ee2db963f0fe106f483d9afa73bd4e39a8a  -
```
5

function brainwallet_exponent () { printf %s "$1"|sha256sum|head -c 64; }

nixnax · 2014-02-18 01:49:09 0
Bitcoin Brainwallet Checksum Calculator

A bitcoin "brainwallet" is a secret passphrase you carry in your brain. The Bitcoin Brainwallet Exponent Calculator is the second of three functions needed to calculate a bitcoin PRIVATE key. Roughly, checksum is the first 8 hex digits of sha256(sha256(0x80+sha256(passphrase))) Note that this is a bash function, which means you have to type its name to invoke it Show Sample Output
This is sample output - yours may be different.
```
> brainwallet_checksum "correct horse battery staple"
> eb5f56e1
```
5

function brainwallet_checksum () { (o='openssl sha256 -binary'; p='printf';($p %b "\x80";$p %s "$1"|$o)|$o|sha256sum|cut -b1-8); }

nixnax · 2014-02-18 02:07:02 0
c_rehash replacement

When you don't have c_rehash handy. Really simple - if you have a .pem file that doesn't really contain a x509 cert (let's say, newreq.pem), it will create a link, simply called '.0', pointing to that file.
This is sample output - yours may be different.
4

for file in *.pem; do ln -s $file `openssl x509 -hash -noout -in $file`.0; done

darkpand · 2009-06-30 17:42:07 1
Encrypted archive with openssl and tar

The lifehacker way: http://lifehacker.com/software/top/geek-to-live--encrypt-your-data-178005.php#Alternate%20Method:%20OpenSSL "That command will encrypt the unencrypted-data.tar file with the password you choose and output the result to encrypted-data.tar.des3. To unlock the encrypted file, use the following command:" openssl des3 -d -salt -in encrypted-data.tar.des3 -out unencrypted-data.tar Show Sample Output
This is sample output - yours may be different.
```
enter des-ede3-cbc encryption password:
Verifying - enter des-ede3-cbc encryption password:
```
3

openssl des3 -salt -in unencrypted-data.tar -out encrypted-data.tar.des3

berot3 · 2009-10-03 03:50:46 3
Encode/Decode text to/from Base64 on a Mac w/out Mac Ports

I have a mac, and do not want to install mac ports to get the base64 binary. Using openssl will do the trick just fine. Note, to decode base64, specify a '-d' after 'base64' in the command. Note also the files base64.decoded.txt and base64.encoded.txt are text files.
This is sample output - yours may be different.
3

openssl base64 -in base64.decoded.txt -out base64.encoded.txt

argherna · 2010-08-13 20:39:10 0
Output a SSL certificate start or end date

A quick and simple way of outputting the start and end date of a certificate, you can simply use 'openssl x509 -in xxxxxx.crt -noout -enddate' to output the end date (ex. notAfter=Feb 01 11:30:32 2009 GMT) and with the date command you format the output to an ISO format. For the start date use the switch -startdate and for end date use -enddate. Show Sample Output
This is sample output - yours may be different.
```
2009-02-01
```
2

date --date="$(openssl x509 -in xxxxxx.crt -noout -startdate | cut -d= -f 2)" --iso-8601

rez0r · 2009-07-23 23:24:33 0
Decode base64-encoded file in one line of Perl

Another option is openssl.
This is sample output - yours may be different.
2

openssl base64 -d < file.txt > out

putnamhill · 2010-12-14 00:23:12 0
remove password from openssl key file

Strip a password from a openssl key to use with apache httpd server
This is sample output - yours may be different.
2

openssl rsa -in /path/to/originalkeywithpass.key -out /path/to/newkeywithnopass.key

drerik · 2012-09-16 19:31:38 0
OpenSSL one line CSR & Key generation
This is sample output - yours may be different.
2

openssl req -nodes -newkey rsa:2048 -keyout server.key -out server.csr -subj "/C=BR/ST=State/L=City/O=Company Inc./OU=IT/CN=domain.com"

sistematico · 2015-04-17 10:04:18 0
Extract public key from private

This will extract the public key that is stored in the private key using openssl. Show Sample Output
This is sample output - yours may be different.
```
writing RSA key
```
2

openssl rsa -in key.priv -pubout > key.pub

krizzo · 2015-04-28 19:10:17 1
view certificate details
This is sample output - yours may be different.
1

openssl x509 -in filename.crt -noout -text

wincus · 2010-01-05 18:02:25 0
Generate hash( of some types) from string

No need to install yet another program when openssl is already installed. :-)
This is sample output - yours may be different.
1

openssl dgst -sha256 <<<"test"

dramaturg · 2010-12-05 17:34:06 0
Generate RSA private key and self-signed certificate

This will create, in the current directory, a file called 'pk.pem' containing an unencrypted 2048-bit RSA private key and a file called 'cert.pem' containing a certificate signed by 'pk.pem'. The private key file will have mode 600. !!ATTENTION!! ==> this command will overwrite both files if present.
This is sample output - yours may be different.
1

touch pk.pem && chmod 600 pk.pem && openssl genrsa -out pk.pem 2048 && openssl req -new -batch -key pk.pem | openssl x509 -req -days 365 -signkey pk.pem -out cert.pem

bfreis · 2011-05-11 18:09:33 0
AES file encryption with openssl

To decrypt: openssl aes-256-cbc -d -in secrets.txt.enc -out secrets.txt.new Reference: http://tombuntu.com/index.php/2007/12/12/simple-file-encryption-with-openssl Optional parameter -a makes output base64 encoded, can be viewed in text editor or pasted in email
This is sample output - yours may be different.
1

openssl aes-256-cbc -salt -in secrets.txt -out secrets.txt.enc

jrdbz · 2013-04-13 19:33:37 0
One-liner to generate Self-Signed SSL Certificate+Key without any annoying prompts or CSRs

Handy if you want to quickly generate a self-signed certificate. Also can be used in your automated scripts for generating quick-use certificates. Show Sample Output
This is sample output - yours may be different.
```
certificate.key
certificate.crt
```
1

openssl req -new -newkey rsa:4096 -days 3650 -nodes -x509 -subj "/C=<Country Code>/ST=<State>/L=<City>/O=<Organization>/CN=<Common Name>" -keyout certificate.key -out certificate.crt

rdx · 2014-11-27 15:19:42 0
Get the SAN (subjectAltName) of a site's certificate.

Based on http://stackoverflow.com/questions/13127352/checking-alternative-names-for-a-san-ssl-cert Replace "facebook.com" with the desired hostname. Show Sample Output
This is sample output - yours may be different.
```
depth=1 /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance CA-3
verify error:num=20:unable to get local issuer certificate
verify return:0
DONE

*.facebook.com
facebook.com
*.fb.com
fb.com
*.fbsbx.com
*.fbcdn.net
*.xx.fbcdn.net
*.xy.fbcdn.net
*.xz.fbcdn.net
*.m.facebook.com
*.messenger.com
messenger.com
```
1

echo "quit" | openssl s_client -connect facebook.com:443 | openssl x509 -noout -text | grep "DNS:" | perl -pe "s/(, )?DNS:/\n/g"

lgarron · 2015-08-13 22:50:45 0
Decrypt exported android wallet keys for import into desktop client (LTC,FTC,BTC)
This is sample output - yours may be different.
1

openssl enc -d -aes-256-cbc -a -in bitcoin-wallet-backup -out bitcoin-wallet-backup-decrypted

UnklAdM · 2016-01-13 21:04:19 0
Generate a random password 30 characters long
This is sample output - yours may be different.
1

openssl rand -rand /dev/urandom -base64 30

rolanda · 2019-06-29 14:55:15 1
1 2 >

What's this?

commandlinefu.com is the place to record those command-line gems that you return to again and again. That way others can gain from your CLI wisdom and you from theirs too. All commands can be commented on, discussed and voted up or down.

Share Your Commands

Check These Out

Search for files older than 30 days in a directory and list only their names not the full path

Writes ID3 tags using the file name as the title.

Assumes that the files are named as such: 01-Filename.mp3 If your files are named differently, change the number of periods in the sed 's/...$.*$/\1' bit to match the numbers of characters you need to cut off the front of the file. Note: This only writes the titles.

Which processes are listening on a specific port (e.g. port 80)

swap out "80" for your port of interest. Can use port number or named ports e.g. "http"

Get the full path of a bash script's Git repository head.

Rather than complicated and fragile paths relative to a script like "../../other", this command will retrieve the full path of the file's repository head. Safe with spaces in directory names. Works within a symlinked directory. Broken down: $cd "$(dirname "${BASH_SOURCE[0]}")" temporarily changes directories within this expansion. Double quoted "$(dirname" and ")" with unquoted ${BASH_SOURCE[0]} allows spaces in the path. $git rev-parse --show-toplevel gets the full path of the repository head of the current working directory, which was temporarily changed by the "cd".

Burn CD/DVD from an iso, eject disc when finished.

cdrecord -scanbus will tell you the (x,y,z) value of your cdr (for example, mine is 3,0,0)

Search some text from all files inside a directory

Get AWS temporary credentials ready to export based on a MFA virtual appliance

You might want to secure your AWS operations requiring to use a MFA token. But then to use API or tools, you need to pass credentials generated with a MFA token. This commands asks you for the MFA code and retrieves these credentials using AWS Cli. To print the exports, you can use: `awk '{ print "export AWS_ACCESS_KEY_ID=\"" $1 "\"\n" "export AWS_SECRET_ACCESS_KEY=\"" $2 "\"\n" "export AWS_SESSION_TOKEN=\"" $3 "\"" }'` You must adapt the command line to include: * $MFA_IDis ARN of the virtual MFA or serial number of the physical one * TTL for the credentials

Hide comments

Hide comments and empty lines, included XML comments,

Use md5sum to check your music and movie files. Also use diff.

This is a beginning script. You can create a file with > filename. You can also use diff to compare output run at different times to verify no change in your files. I apologize in advance if this is too simple. For some it should be a start.

analyze traffic remotely over ssh w/ wireshark

commandline for mac os x

Stay in the loop…

Follow the Tweets.

Every new command is wrapped in a tweet and posted to Twitter. Following the stream is a great way of staying abreast of the latest commands. For the more discerning, there are Twitter accounts for commands that get a minimum of 3 and 10 votes - that way only the great commands get tweeted.

» http://twitter.com/commandlinefu
» http://twitter.com/commandlinefu3
» http://twitter.com/commandlinefu10

Subscribe to the feeds.

Use your favourite RSS aggregator to stay in touch with the latest commands. There are feeds mirroring the 3 Twitter streams as well as for virtually every other subset (users, tags, functions,…):

Subscribe to the feed for:

» all commands
» commands with 3 up-votes (commandlinefu3)
» commands with 10 up-votes (commandlinefu10)
» commands tagged openssl

Commands tagged openssl (45) the last day the last week the last month all time sorted by date votes

What's this?

Check These Out

Stay in the loop…

Commands tagged openssl (45)

sorted by