Scribd
Upload
464 views4 pages

Openssl DGST - Sha1 File1: This Generates The Private Key and Store It Encrypted (Using Password)

The document provides an introduction to OpenSSL and describes how to generate RSA keys, sign and verify messages, encrypt and decrypt files, and use symmetric encryption with OpenSSL commands. Key points include: 1) The openssl genrsa command generates an RSA private key stored in rsaprivatekey.pem, and the corresponding public key is extracted to rsapublickey.pem. 2) The openssl dgst command signs a file with the private key, and verifies the signature with the public key. 3) Files can be encrypted with the public key using openssl rsautl, and decrypted with the private key. 4) Symmetric encryption of files can be done with openssl enc

Uploaded by

Suraj Padhy
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOC, PDF, TXT or read online on Scribd
464 views4 pages

Openssl DGST - Sha1 File1: This Generates The Private Key and Store It Encrypted (Using Password)

The document provides an introduction to OpenSSL and describes how to generate RSA keys, sign and verify messages, encrypt and decrypt files, and use symmetric encryption with OpenSSL commands. Key points include: 1) The openssl genrsa command generates an RSA private key stored in rsaprivatekey.pem, and the corresponding public key is extracted to rsapublickey.pem. 2) The openssl dgst command signs a file with the private key, and verifies the signature with the public key. 3) Files can be encrypted with the public key using openssl rsautl, and decrypted with the private key. 4) Symmetric encryption of files can be done with openssl enc

Uploaded by

Suraj Padhy
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOC, PDF, TXT or read online on Scribd
You are on page 1/ 4

OpenSSL – An Introduction

Message Digest

Command: openssl   dgst    -sha1   file1

Public Key Cryptography (asymmetric)

Generation RSA keys:


Command: openssl genrsa -out rsaprivatekey.pem -des3 1024
This generates the private key and store it encrypted (using
password)
cash:/home/mukka>openssl genrsa -out rsaprivatekey.pem -des3 1024
Generating RSA private key, 1024 bit long modulus
.............................................................................
..............++++++
....++++++
e is 65537 (0x10001)
Enter pass phrase for rsaprivatekey.pem:
Verifying - Enter pass phrase for rsaprivatekey.pem:

cash:/home/mukka>more rsaprivatekey.pem
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,72CAC55096B708F2

gIuONZq6fmyUhHpZxIwEiQ8eXRyYR84tnHnSmL0NjLNNcaXdpe1WtLKhx9KHHkuA9A
5B0Wl3bsM4Zg0Ss6wdCy5lYmFZ0tfB04WckBd9IEILici8aZzIsBhhI91FGRuO
DLogp+qc/J3woVQ+ZvYnNt47qlWP8rsJ6Y8IRbr8haHrZovz1lUv3zkdrG98U11b
43OynbCVYKd4volPqW54HL6oIG2fEmRhoxeEC7UOaSYiiiuCdZh1giZmUyBvFZJ7
WAOjuXnBN+18BBZ0qMbvzWN9UY/6VRwVg8MRJxR2LFsHr/4/LrDMvQe0ToBAAoD
HveBYlAlZl+uKUoUBOLBm2B4ba+lcUbQftnmkM3eiMdqjGqpqi28f2VXAXpZn6RVKm
G7UhV1f3jatNyZQWei1zoj4Tb351uDp0QIwHb5PsGRXUWhhVaRWvbcSQBr1YM4F9q
wlpnMqmFIFS6U+OkXkXu+EpU5wdWRVMb6tQ+PP+UFm7xQswylCbY13QRjw6B+
Hc7mF+12P6dDdRFfN0JRcU3NSsj9qZOENgCcoJo4hojsXczCoqm/2CYCgefvSZiRkagY
GKsihDJ/NFKgfAsp2l5t/6UXgqy34QryK7V6qjzqpASRb9WIHh1C1c4Ra3I3pr7RZVlTGS
AUtcZapHaTntVwD8knFyIQ2rZKOxQT4k8x6tdmAxVHC34+XcSxgtYAMc6+wxbK+pu
Qo4Uqn+UiZd5J2PE1xmhlB3sP/JUHlEd3cJjvpH2mxXXqTaEcR/iBo
yeBnh71861Kpcr+dzjDnqUUDIURx3JlLN7KLQy4dp/H3P+GziXkcZg==
-----END RSA PRIVATE KEY-----
Command:openssl rsa -in rsaprivatekey.pem -pubout -out
rsapublickey.pem

This generate the corresponding public key if the correct


password is provided. 
cash:/home/mukka>openssl rsa -in rsaprivatekey.pem -pubout -out rsapublickey.pem
Enter pass phrase for rsaprivatekey.pem:
writing RSA key

cash:/home/mukka>more rsapublickey.pem
-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWvYson8K5BE8/UNvvmZ
t8tMkXiwPxB0h0I1bYo+0MHMQYYDbsrCywGk9bP0B0bYaaSPtOgVlf7houq1ow3sY
1IrDu/HXgfKoL8QN2dTly77w2FuaebhKV/5Wv63wKhdOQNhzfTQD5sWxaLFcssorC
1s5iyj+vqc0kiiBEgQXi0wIDAQAB
-----END PUBLIC KEY-----

Signing/Verifying message digest with RSA

Command: openssl
dgst  -sha1 -sign rsaprivatekey.pem  -out 
mdrsasign_file1.cipher   file1.txt
 
Generates signature in    mdrsasign_file1.cipher for the file file1.txt

Command: openssl
dgst -sha1 -verify rsapublickey.pem
-signature mdrsasign_file1.cipher file1.txt
cash:/home/mukka>openssl dgst -sha1 –verify rsapublickey.pem -signature
mdrsasign_file1.cipher file1.txt
Verified OK

Change at least one character in file1.txt and try again:

cash:/home/mukka>vi file1.txtpenssl dgst -sha1 -verify rsapublickey.pem -signature


mdrsasign_file1.cipher file1.txt
Verification Failure

Message encryption/decryption with RSA


openssl rsautl -encrypt -pubin -inkey rsapublickey.pem -in 
file1.txt  -out file1.cipher

openssl rsautl -decrypt -inkey rsaprivatekey.pem -in


file1.cipher -out  file1.txt

file1.txt  has to be small (<=1024 bits or 128 bytes, the


length of the RSA key), since you are
encrypting/decryption  the file itself, not its digest.

Message signature/verification with RSA

openssl rsautl   -sign    -inkey rsaprivatekey.pem   -in


file1.txt   -out  file1_signature.cipher

openssl rsautl -verify -pubin  -inkey rsapublickey.pem -out


file1.txt -in file1_signature.cipher
file1.txt  has to be small, since you are
encrypting/decryption  file1.txt itself.

Secret Key Cryptography (Symmetric)

Encrypt (-e),  Decrypt (-d),   Base64 encode/decode (-a)  

openssl enc -des3  -e -salt -a -in file1.txt -out


file1sym.base64
openssl enc -des3  -d -salt -a -out file1.txt -in
file1sym.base64
 Encode/decode to/from base64
 Encrypt/decrypt without -a option to produce
file1sym.cipher:
> openssl enc -des3  -e -salt  -in file1.txt -out
file1sym.cipher

enter des-ede3-cbc encryption password:


Verifying password - enter des-ede3-cbc encryption password:

> openssl enc -des3  -d -salt  -out file1.txt -in


file1sym.cipher
enter des-ede3-cbc decryption password:

Now you can encode/decode file1sym.cipher to/from


file1sym.cipher64:

> openssl enc -base64 -e -out file1sym.base64 -in


file1sym.cipher
> openssl enc -base64  -d -in file1sym.base64
-out file1sym.cipher

You might also like