본문 바로가기

Hojung's Command List

Total Commands : 232

 (e)grep (6)
 * find large files (2)
 * System info (12)
 * Term Key (8)
 * use previous argu (1)
 *CD/DVD cmd (5)
 *DNS test (4)
 ab (2)
 apg (1)
 arping (4)
 at (1)
 awk (1)
 cal (2)
 cd and pushd (3)
 crontab (7)
 curl (4)
 dd (1)
 dhclient (1)
 dig (2)
 du (1)
 echo (1)
 editcap (1)
 ethtool (2)
 find (20)
 head (1)
 history (1)
 host (1)
 hping3 (6)
 ifconfig (3)
 lftp (1)
 logger (1)
 ls (2)
 lsof (2)
 mail (2)
 man (1)
 mergecap (1)
 mount (8)
 nc (netcat) (1)
 ncftpput (1)
 netcat(nc) (1)
 netstat (1)
 nice (2)
 nl (1)
 nmap (5)
 ntpdate (1)
 openssl (15)
 ping (1)
 pkill (1)
 ps (2)
 rar (1)
 recode (6)
 rename (3)
 rm (1)
 route (2)
 rpm (4)
 sed (4)
 smb (3)
 snmpwalk (2)
 sort (4)
 ssh (1)
 tar (6)
 tcpdump (10)
 top (1)
 touch (2)
 uniq (1)
 vi (11)
 wall (2)
 wget (3)
 yum (5)
 zip/unzip (6)

Simple File Encryption

openssl aes-256-cbc -a -salt -in secrets.txt -out secrets.txt.enc
openssl aes-256-cbc -d -a -in secrets.txt.enc -out secrets.txt.new

-aes-256-cbc: the encryption cipher to be used. (256bit AES is what the United States government uses to encrypt information at the Top Secret level.)
-a: the encrypted output will be base64 encoded, this allows you to view it in a text editor or paste it in an email. This is optional.
-salt: add strength to the encryption and should always be used.
You will be prompted for a password.
-d: decrypt data.

$ echo U2FsdGVkX18YcWkbmhsN7M/MP1E+GLf4IqmNsa53T+A= | openssl aes-256-cbc -d -a
enter aes-256-cbc decryption password: <pass>
hello world!
Written by Hojung at 2013-04-24 09:53:59

Website 인증서 내용보기

openssl s_client -showcerts -connect some.server.com:port

Written by Hojung at 2012-12-24 17:56:25

Key 와 Self-signed Cert 생성하기

openssl genrsa 1024 > host.key
openssl req -new -x509 -nodes -sha1 -days 365 -key host.key > host.cert

or

openssl req -newkey rsa:1024 -keyout host.key -nodes -sha1 -x509 -days 365 -out host.crt

Written by Hojung at 2011-04-13 16:52:50

RSA 키(개인키) 생성하기 예

openssl genrsa <---------- 기본 512-bit key를 표준 출력
openssl genrsa -out mykey.pem 1024 <---- 1024-bit 키를 파일로 생성
openssl genrsa -des3 -out mykey.pem 1024 <---- 위와 동일하지만 passphrase도 설정됨

Written by Hojung at 2010-05-22 12:06:43

Key 와 Self-signed Cert를 한 파일에 생성하고 PKCS#12 로 변환 (PEM to PKCS#12)

openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout mycert.pem -out mycert.pem
openssl pkcs12 -export -out mycert.pfx -in mycert.pem -name "My Certificate"

Written by Hojung at 2010-05-22 12:06:26

개인키에서 공개키 생성

openssl rsa -in mykey.pem -pubout

Written by Hojung at 2010-05-22 12:05:34

SSL연결을 사용하는 HTTP/LDAP/IMAP/POP3 테스트

openssl s_client -connect 1.1.1.1:443
openssl s_client -connect 1.1.1.1:636
openssl s_client -connect 1.1.1.1:993
openssl s_client -connect 1.1.1.1:995

openssl s_client -host 1.1.1.1 -port 443
or just use 'curl -k https://1.1.1.1'
Written by Hojung at 2010-05-22 12:00:17

CSR 생성하기 (Certificate Signing Request)

openssl req -nodes -newkey rsa:2048 -keyout myserver.key -out server.csr

Written by Hojung at 2010-05-22 11:51:36

DER/PEM간 인증서/개인키 변경하는 명령

openssl x509 -in test.cer -inform DER -out cert.pem -outform PEM <------- 인증서 변환 DER to PEM
openssl x509 -in test.cer -inform PEM -out output.cer -outform DER <------- 인증서 변환 PEM to DER

openssl rsa -in cert.cer -inform DER -out outkey.cer -outform PEM <------- 키 변환 DER to PEM
openssl rsa -in cert.cer -inform PEM -out outkey.cer -outform DER <------- 키 변환 PEM to DER

Written by Hojung at 2010-05-22 11:42:49

Write 128 random bytes of base64-encoded data to stdout

openssl rand -base64 128

http://www.bigip.co.kr/?mid=board_linux&search_keyword=openssl&search_target=title&document_srl=3290#random-generate
Written by Hojung at 2010-04-27 10:55:48

How to verify the expiration date of an self-signed certificate

openssl x509 -in /config/httpd/conf/ssl.crt/server.crt -noout -enddate |cut -c10-40

Written by Hojung at 2010-04-21 00:13:18

How to convert PKCS (.pfx) to PEM formatted cert and key

openssl pkcs12 –in filename.pfx –nocerts –out filename.key
openssl pkcs12 –in filename.pfx –clcerts –nokeys –out filename.crt

Written by Hojung at 2010-04-21 00:12:57

How to renew self-signed device certificates that expires in 10 years

openssl req -new -key /config/httpd/conf/ssl.key/server.key -x509 -days 3650 -out /config/httpd/conf/ssl.crt/server.crt
bigstart restart httpd

Written by Hojung at 2010-04-21 00:12:12

How to verify SSL certificates and keys

openssl rsa -in default.key -modulus -noout | openssl md5
openssl x509 -in default.crt -modulus -noout | openssl md5

To verify .csr:
openssl req -in default.csr -modulus -noout | openssl md5
Written by Hojung at 2010-04-21 00:11:50

How to remove a passphrase from an SSL Key

openssl rsa -in default.key -out default.key.unsecure

Written by Hojung at 2010-04-21 00:11:30