OpenSSL Commands

In this post, I cover a couple of uses of openssl that I keep finding myself doing. The openssl utility is one of those complex applications that I generally use 10-15 times a year, and generally for one of three purposes. This is annoying as it’s not frequent enough, nor simple enough to commit to memory. With this post, I’ll have a handy place to find this stuff again!

First, generating random characters (useful for generating sturdy passwords):

$ string_length=32
$ openssl rand -base64 $string_length

I used a environment variable above to make it more obvious what the last parameter is.

Next, recovering public keys from private keys. I’ve found myself in this situation a few times and always end up searching for a means to retrieve the public key. Here’s how:

$ openssl rsa -in some_key -pubout > some_key.pub

Quick symmetric encryption:

# Encrypt with:
$ openssl enc -bf -salt -in somefile.txt -out somefile.txt.enc
# Decrypt with:
$ openssl enc -d -bf -salt -in somefile.txt.enc -out somefile.txt

In the example above, I use the blowfish symmetric cipher algorithm. To list the algorithms available to you, use:

$ openssl list-cipher-commands

Generate a certificate signing request:

$ openssl req -new -key somekey -out cert.csr

Generate a self-signed (snakeoil) certificate:

$ openssl req -new -x509 -key somekey -out cacert.pem -days 1095