Commands tagged openssl sorted by votes

Commands tagged openssl (44)

sorted by

Encrypted archive with openssl and tar

Create an AES256 encrypted and compressed tar archive. User is prompted to enter the password. Decrypt with: openssl enc -d -aes256 -in <file> | tar --extract --file - --gzip
This is sample output - yours may be different.
25

tar --create --file - --posix --gzip -- <dir> | openssl enc -e -aes256 -out <file>

seb1245 · 2012-11-27 15:33:45 1
Generate a Random MAC address

Use the following variation for FreeBSD: openssl rand 6 | xxd -p | sed 's/$..$/\1:/g; s/:$//'
This is sample output - yours may be different.
16

openssl rand -hex 6 | sed 's/$..$/\1:/g; s/.$//'

putnamhill · 2010-09-23 02:31:12 0
Random unsigned integer
This is sample output - yours may be different.
12

echo $(openssl rand 4 | od -DAn)

putnamhill · 2010-11-09 14:55:39 0
Encrypted chat with netcat and openssl (one-liner)

client$ while true; do read -n30 ui; echo $ui |openssl enc -aes-256-ctr -a -k PaSSw ; done | nc localhost 8877 | while read so; do decoded_so=`echo "$so"| openssl enc -d -a -aes-256-ctr -k PaSSw`; echo -e "Incoming: $decoded_so"; done This will establish a simple encrypted chat with AES-256-CTR using netcat and openssl only. More info here https://nixaid.com/encrypted-chat-with-netcat/
This is sample output - yours may be different.
8

server$ while true; do read -n30 ui; echo $ui |openssl enc -aes-256-ctr -a -k PaSSw; done | nc -l -p 8877 | while read so; do decoded_so=`echo "$so"| openssl enc -d -a -aes-256-ctr -k PaSSw`; echo -e "Incoming: $decoded_so"; done

arno · 2014-01-16 14:36:09 0
Connect to SMTP server using STARTTLS

Allows you to connect to an SMTP server over TLS, which is useful for debugging SMTP sessions. (Much like telnet to 25/tcp). Once connected you can manually issue SMTP commands in the clear (e.g. EHLO) Show Sample Output
This is sample output - yours may be different.
```
$ openssl s_client -starttls smtp -crlf -connect smtp1.google.com:25
CONNECTED(00000003)
depth=1 /C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting cc/OU=Certification Services Division/CN=Thawte Premium Server CA/emailAddress=premium-server@thawte.com
verify error:num=19:self signed certificate in certificate chain
verify return:0
---
Certificate chain
<...>
---
220 smtp.google.com ESMTP
```
7

openssl s_client -starttls smtp -crlf -connect 127.0.0.1:25

realist · 2009-08-19 08:37:24 1
Bitcoin Brainwallet Private Key Calculator

A bitcoin "brainwallet" is a secret passphrase you carry in the "wallet" of your brain. The Bitcoin Brainwallet Private Key Calculator calculates the standard base58 encoded bitcoin private key from your "brainwallet" passphrase. The private key is the most important bitcoin number. All other numbers can be derived from it. This command uses 3 other functions - all 3 are defined on my user page: 1) brainwallet_exponent() - search for Bitcoin Brainwallet Exponent Calculator 2) brainwallet_checksum() - search for Bitcoin Brainwallet Exponent Calculator 3) b58encode() - search for Bitcoin Brainwallet Base58 Encoder Do make sure you use really strong, unpredictable passphrases (30+ characters)! http:brainwallet.org can be used to check the accuracy of this calculator. Show Sample Output
This is sample output - yours may be different.
```
> echo -n "correct horse battery staple" | the-above-command
> 5KJvsngHeMpm884wtkJNzQGaCErckhHJBGFsvd3VyK5qMZXj3hS
```
6

(read -r passphrase; b58encode 80$( brainwallet_exponent "$passphrase" )$( brainwallet_checksum "$passphrase" ))

nixnax · 2014-02-18 02:50:09 1
Encrypted archive with openssl and tar

command to decrypt: openssl enc -aes-256-cbc -d < secret.tar.enc | tar x Of course, don't forget to rm the original files ;) You may also want to look at the openssl docs for more options.
This is sample output - yours may be different.
5

tar c folder_to_encrypt | openssl enc -aes-256-cbc -e > secret.tar.enc

recursiverse · 2009-07-23 06:03:39 0
Bitcoin Brainwallet Exponent Calculator

A bitcoin "brainwallet" is a secret passphrase you carry in your brain. The Bitcoin Brainwallet Exponent Calculator is one of three functions needed to calculate the bitcoin PRIVATE key. Roughly, the formula is exponent = sha256 (passphrase) Note that this is a bash function, which means you have to type its name to invoke it. You can check the accuracy of the results here http://brainwallet.org Show Sample Output
This is sample output - yours may be different.
```
> brainwallet_exponent "correct horse battery staple"
> c4bbcb1fbec99d65bf59d85c8cb62ee2db963f0fe106f483d9afa73bd4e39a8a

> echo -ne "correct horse battery staple" | sha256sum
> c4bbcb1fbec99d65bf59d85c8cb62ee2db963f0fe106f483d9afa73bd4e39a8a  -
```
5

function brainwallet_exponent () { printf %s "$1"|sha256sum|head -c 64; }

nixnax · 2014-02-18 01:49:09 0
Bitcoin Brainwallet Checksum Calculator

A bitcoin "brainwallet" is a secret passphrase you carry in your brain. The Bitcoin Brainwallet Exponent Calculator is the second of three functions needed to calculate a bitcoin PRIVATE key. Roughly, checksum is the first 8 hex digits of sha256(sha256(0x80+sha256(passphrase))) Note that this is a bash function, which means you have to type its name to invoke it Show Sample Output
This is sample output - yours may be different.
```
> brainwallet_checksum "correct horse battery staple"
> eb5f56e1
```
5

function brainwallet_checksum () { (o='openssl sha256 -binary'; p='printf';($p %b "\x80";$p %s "$1"|$o)|$o|sha256sum|cut -b1-8); }

nixnax · 2014-02-18 02:07:02 0
c_rehash replacement

When you don't have c_rehash handy. Really simple - if you have a .pem file that doesn't really contain a x509 cert (let's say, newreq.pem), it will create a link, simply called '.0', pointing to that file.
This is sample output - yours may be different.
4

for file in *.pem; do ln -s $file `openssl x509 -hash -noout -in $file`.0; done

darkpand · 2009-06-30 17:42:07 0
Encrypted archive with openssl and tar

The lifehacker way: http://lifehacker.com/software/top/geek-to-live--encrypt-your-data-178005.php#Alternate%20Method:%20OpenSSL "That command will encrypt the unencrypted-data.tar file with the password you choose and output the result to encrypted-data.tar.des3. To unlock the encrypted file, use the following command:" openssl des3 -d -salt -in encrypted-data.tar.des3 -out unencrypted-data.tar Show Sample Output
This is sample output - yours may be different.
```
enter des-ede3-cbc encryption password:
Verifying - enter des-ede3-cbc encryption password:
```
3

openssl des3 -salt -in unencrypted-data.tar -out encrypted-data.tar.des3

berot3 · 2009-10-03 03:50:46 3
Encode/Decode text to/from Base64 on a Mac w/out Mac Ports

I have a mac, and do not want to install mac ports to get the base64 binary. Using openssl will do the trick just fine. Note, to decode base64, specify a '-d' after 'base64' in the command. Note also the files base64.decoded.txt and base64.encoded.txt are text files.
This is sample output - yours may be different.
3

openssl base64 -in base64.decoded.txt -out base64.encoded.txt

argherna · 2010-08-13 20:39:10 0
Output a SSL certificate start or end date

A quick and simple way of outputting the start and end date of a certificate, you can simply use 'openssl x509 -in xxxxxx.crt -noout -enddate' to output the end date (ex. notAfter=Feb 01 11:30:32 2009 GMT) and with the date command you format the output to an ISO format. For the start date use the switch -startdate and for end date use -enddate. Show Sample Output
This is sample output - yours may be different.
```
2009-02-01
```
2

date --date="$(openssl x509 -in xxxxxx.crt -noout -startdate | cut -d= -f 2)" --iso-8601

rez0r · 2009-07-23 23:24:33 0
Decode base64-encoded file in one line of Perl

Another option is openssl.
This is sample output - yours may be different.
2

openssl base64 -d < file.txt > out

putnamhill · 2010-12-14 00:23:12 0
remove password from openssl key file

Strip a password from a openssl key to use with apache httpd server
This is sample output - yours may be different.
2

openssl rsa -in /path/to/originalkeywithpass.key -out /path/to/newkeywithnopass.key

drerik · 2012-09-16 19:31:38 0
OpenSSL one line CSR & Key generation
This is sample output - yours may be different.
2

openssl req -nodes -newkey rsa:2048 -keyout server.key -out server.csr -subj "/C=BR/ST=State/L=City/O=Company Inc./OU=IT/CN=domain.com"

sistematico · 2015-04-17 10:04:18 0
Extract public key from private

This will extract the public key that is stored in the private key using openssl. Show Sample Output
This is sample output - yours may be different.
```
writing RSA key
```
2

openssl rsa -in key.priv -pubout > key.pub

krizzo · 2015-04-28 19:10:17 1
view certificate details
This is sample output - yours may be different.
1

openssl x509 -in filename.crt -noout -text

wincus · 2010-01-05 18:02:25 0
Generate hash( of some types) from string

No need to install yet another program when openssl is already installed. :-)
This is sample output - yours may be different.
1

openssl dgst -sha256 <<<"test"

dramaturg · 2010-12-05 17:34:06 0
Generate RSA private key and self-signed certificate

This will create, in the current directory, a file called 'pk.pem' containing an unencrypted 2048-bit RSA private key and a file called 'cert.pem' containing a certificate signed by 'pk.pem'. The private key file will have mode 600. !!ATTENTION!! ==> this command will overwrite both files if present.
This is sample output - yours may be different.
1

touch pk.pem && chmod 600 pk.pem && openssl genrsa -out pk.pem 2048 && openssl req -new -batch -key pk.pem | openssl x509 -req -days 365 -signkey pk.pem -out cert.pem

bfreis · 2011-05-11 18:09:33 0
AES file encryption with openssl

To decrypt: openssl aes-256-cbc -d -in secrets.txt.enc -out secrets.txt.new Reference: http://tombuntu.com/index.php/2007/12/12/simple-file-encryption-with-openssl Optional parameter -a makes output base64 encoded, can be viewed in text editor or pasted in email
This is sample output - yours may be different.
1

openssl aes-256-cbc -salt -in secrets.txt -out secrets.txt.enc

jrdbz · 2013-04-13 19:33:37 0
One-liner to generate Self-Signed SSL Certificate+Key without any annoying prompts or CSRs

Handy if you want to quickly generate a self-signed certificate. Also can be used in your automated scripts for generating quick-use certificates. Show Sample Output
This is sample output - yours may be different.
```
certificate.key
certificate.crt
```
1

openssl req -new -newkey rsa:4096 -days 3650 -nodes -x509 -subj "/C=<Country Code>/ST=<State>/L=<City>/O=<Organization>/CN=<Common Name>" -keyout certificate.key -out certificate.crt

rdx · 2014-11-27 15:19:42 0
Get the SAN (subjectAltName) of a site's certificate.

Based on http://stackoverflow.com/questions/13127352/checking-alternative-names-for-a-san-ssl-cert Replace "facebook.com" with the desired hostname. Show Sample Output
This is sample output - yours may be different.
```
depth=1 /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance CA-3
verify error:num=20:unable to get local issuer certificate
verify return:0
DONE

*.facebook.com
facebook.com
*.fb.com
fb.com
*.fbsbx.com
*.fbcdn.net
*.xx.fbcdn.net
*.xy.fbcdn.net
*.xz.fbcdn.net
*.m.facebook.com
*.messenger.com
messenger.com
```
1

echo "quit" | openssl s_client -connect facebook.com:443 | openssl x509 -noout -text | grep "DNS:" | perl -pe "s/(, )?DNS:/\n/g"

lgarron · 2015-08-13 22:50:45 0
Decrypt exported android wallet keys for import into desktop client (LTC,FTC,BTC)
This is sample output - yours may be different.
1

openssl enc -d -aes-256-cbc -a -in bitcoin-wallet-backup -out bitcoin-wallet-backup-decrypted

UnklAdM · 2016-01-13 21:04:19 0
Generate a random password 30 characters long
This is sample output - yours may be different.
1

openssl rand -rand /dev/urandom -base64 30

rolanda · 2019-06-29 14:55:15 1
1 2 >

What's this?

commandlinefu.com is the place to record those command-line gems that you return to again and again. That way others can gain from your CLI wisdom and you from theirs too. All commands can be commented on, discussed and voted up or down.

Share Your Commands

Check These Out

create screencast (record text and audio simultaneously) using 'script' and 'arecord'

This shell function takes a single argument, which is used as the base name of the .wav, .timing and .session files created. To create a screencast: $ screencast test type and talk ... then type 'exit' or to exit the screencast. test.wav will contain the audio from your screencast. test.session will contain text and control characters needed to paint the screen test.timing will contain timing information needed to synch individual keystrokes in test.session with the audio. to play back: $ aplay test.wav & scriptreplay test.{timing,session} NOTE: because the shell function uses the variable "$!", and bash likes to expand '!' during history expansion, you will need to turn off bash's history before you enter the shell function. This can be achieved using the command $set +H

Get AWS temporary credentials ready to export based on a MFA virtual appliance

You might want to secure your AWS operations requiring to use a MFA token. But then to use API or tools, you need to pass credentials generated with a MFA token. This commands asks you for the MFA code and retrieves these credentials using AWS Cli. To print the exports, you can use: `awk '{ print "export AWS_ACCESS_KEY_ID=\"" $1 "\"\n" "export AWS_SECRET_ACCESS_KEY=\"" $2 "\"\n" "export AWS_SESSION_TOKEN=\"" $3 "\"" }'` You must adapt the command line to include: * $MFA_IDis ARN of the virtual MFA or serial number of the physical one * TTL for the credentials

For Gentoo users : helping with USE / emerge

This command puts all the flags of the USE variable actually used by the packages you emerged to the file "use", and those which are unused but available to the file "notuse"

Clean swap area after using a memory hogging application

When you run a memory intensive application (VirtualBox, large java application, etc) swap area is used as soon as memory becomes insufficient. After you close the program, the data in swap is not put back on memory and that decreases the responsiveness. Swapoff disables the swap area and forces system to put swap data be placed in memory. Since running without a swap area might be detrimental, swapon should be used to activate swap again. Both swapoff and swapon require root privileges.

Run a command when a file is changed

Install pip with Proxy

Installs pip packages defining a proxy

Which processes are listening on a specific port (e.g. port 80)

swap out "80" for your port of interest. Can use port number or named ports e.g. "http"

Install pip with Proxy

Installs pip packages defining a proxy

Recursive grep of all c++ source under the current directory

I like this better than some of the alternatives using -exec, because if I want to change the string, it's right there at the end of the command line. That means less editing effort and more time to drink coffee.

Redefine the cd command's behavior

Often, the very next command after the cd command is 'ls', so why not combine them?. Tested on a Red Hat derivative and Mac OS X Leopard Update: changed ${1:-$HOME} to "${@:-$HOME}" to accomodate directories with spaces in the names

Stay in the loop…

Follow the Tweets.

Every new command is wrapped in a tweet and posted to Twitter. Following the stream is a great way of staying abreast of the latest commands. For the more discerning, there are Twitter accounts for commands that get a minimum of 3 and 10 votes - that way only the great commands get tweeted.

» http://twitter.com/commandlinefu
» http://twitter.com/commandlinefu3
» http://twitter.com/commandlinefu10

Subscribe to the feeds.

Use your favourite RSS aggregator to stay in touch with the latest commands. There are feeds mirroring the 3 Twitter streams as well as for virtually every other subset (users, tags, functions,…):

Subscribe to the feed for:

» all commands
» commands with 3 up-votes (commandlinefu3)
» commands with 10 up-votes (commandlinefu10)
» commands tagged openssl

Commands tagged openssl (44) the last day the last week the last month all time sorted by date votes

What's this?

Check These Out

Stay in the loop…

Commands tagged openssl (44)

sorted by