Monday, October 12, 2009

OpenSSL resources

http://www.dylanbeattie.net/docs/openssl_iis_ssl_howto.html
http://www.herongyang.com/crypto/OpenSSL_Signing_keytool_CSR_5.html
http://security.ncsa.uiuc.edu/research/grid-howtos/usefulopenssl.php

To view the details of the certificate signing request contained in the file server.csr, use:
openssl req -noout -text -in server.csr


c:\OpenSSL\bin\openssl asn1parse -inform der -in demo.p7 -i > c:\demo.asn1

c:\OpenSSL\bin\openssl pkcs7 -inform der -in demo.p7 -text -print_certs -noout

View certificate details
C:\Program Files\LunaPCI\keys>openssl x509 -inform PEM -in cert0.cer -text


------------------------------------------------------------------------------

1) Generate RSA key:
 $ openssl genrsa -out key.pem 1024
 $ openssl rsa -in key.pem -text -noout

2) Save public key in pub.pem file:
 $ openssl rsa -in key.pem -pubout -out pub.pem
 $ openssl rsa -in pub.pem -pubin -text -noout

3) Encrypt some data:
 $ echo test test test > file.txt
 $ openssl rsautl -encrypt -inkey pub.pem -pubin -in file.txt \
-out file.bin
 $ ll file.bin
 -rw-r--r-- 1 root root 128 2007-07-11 01:58 file.bin

4) Decrypt encrypted data:
 $ openssl rsautl -decrypt -inkey key.pem -in file.bin
 test test test

But you should have public key in so called SubjectPublicKeyInfo format
(look at RFC2459).
You can look at ASN.1 structure of public key with command:
$ openssl asn1parse -in pub.pem
  0:d=0  hl=3 l= 159 cons: SEQUENCE
  3:d=1  hl=2 l=  13 cons: SEQUENCE
  5:d=2  hl=2 l=   9 prim: OBJECT            :rsaEncryption
 16:d=2  hl=2 l=   0 prim: NULL
 18:d=1  hl=3 l= 141 prim: BIT STRING

Sample Public key
-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDRzVwcS4JP8K5iihVc4j26QZWp
4n4Bh9cTxdCovsrCd50lxPNRUPPGqPcPwYGLVyyTG8+DR9RtqcVrC3gYtI20G2+0
HbWTRWAAa/LF/x937nt3Q92CDu010eRY0CDtvyLcg90yLV/84TOc5PRwbCwuURgu
3Nzn+7BiEZ7lYCyXGQIDAQAB
-----END PUBLIC KEY-----


------------------------------------------------------------------------------
For public key in hex64 ending with '==', use openssl asn1parse -in c:\maybank.pem

-----BEGIN PUBLIC KEY-----
MIGIAoGAq74V/tQfDXWpO821eujW9MOpSROdVKQXncV3m+k1K0Vmnu8QGSzvFq5cBe7R6uHB
/J5gHKwFVG6XgrqjVa46gprk+8vQFfLfshHcFf/Vv79Ykpj0/PWaCAvp7uvcFKKByb1cDhAu
PDmzbBJYMyg7nG3dmAzhEqPK+LLOQ5s7mHkCAwEAAQ==
-----END PUBLIC KEY-----

------------------------------------------------------------------------------
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)