Unix and Linux Stack Exchange
Unix and Linux Stack Exchange

Questions tagged [openssl]

OpenSSL is an open-source implementation of the SSL and TLS protocols. The core library, written in the C programming language, implements the basic cryptographic functions and provides various utility functions.

OpenSSL is an open-source implementation of the SSL and TLS protocols. The core library, written in the C programming language, implements the basic cryptographic functions and provides various utility functions. Wrappers allowing the use of the OpenSSL library in a variety of computer languages are available.

694 questions
18
votes
4 answers

bad magic number on decrypt

In April I encrypted a file using the command openssl enc -aes-256-cbc -salt -pass file: < infile > outfil Now I want to decrypt it with openssl enc -d -aes-256-cbc -salt -pass file: -in outfil -out infile2 but I get…
KathyHH
  • 181
14
votes
2 answers

How to extract serial from SSL certificate

I'd like to know what is the best way to extract serial number from a SSL certificate formatted in PEM format. After that I'd like to format the certificate in following format hexhex:hexhex:...:hexhex so for example if my serial number of the SSL…
Gabriel Hernandez
  • 243
13
votes
1 answer

Convert PEM formatted public key to DER

I have a public key which is ASN.1 DER formatted shown below : 0:d=0 hl=3 l= 181 cons: SEQUENCE 3:d=1 hl=3 l= 144 cons: SEQUENCE 6:d=2 hl=2 l= 0 prim: PRINTABLESTRING : 8:d=2 hl=3 l= 139 prim:…
Prem
  • 131
12
votes
1 answer

OpenSSL sign requests with extensions

I set a small self signed CA for my dev environment. I would like to create many different server certificates with different properties. My approach is to create a specific extensions section for each server. I have one big openssl.cnf which…
Bananguin
  • 7,984
11
votes
3 answers

How to pass string (not file) to openssl?

I want to encrypt a bunch of strings using openssl. How do I pass plaintext in console to openssl (instead of specifying input file which has plaintext). openssl man page has only these two options related to input/output: -in input…
Nitish Parkar
  • 323
6
votes
3 answers

openssl generating SHA-256

I'm trying to use openssl to create a cryptographic hash of a file using HMAC-SHA-256. I'm confused as to why I'm seeing a 'no such file or directory' error on the output. The key I'm using is in a file called mykey.txt. This is my command: openssl…
Jimmy Collins
  • 163
6
votes
2 answers

configuration file routine:STR_COPY:variable has no value

As I can't get out which file this is being generated from, I have no idea how to grab the variable that isn't set. But the error resembles an old issue where a variable wasn't correctly set in the default config or sourced variables file. I do have…
Torxed
  • 3,637
5
votes
2 answers

Upgrading OpenSSL to version 3.0.2 from source

In light of the current security issues with openssl 1.1.1x we had to upgade our (Ubuntu) systems from source, as apt only showed that the latest openssl (1.1.1f) was the newest UPDATE CVE-2022-0778 after running sudo apt update/upgrade, openssl was…
richardwhitney
  • 253
4
votes
2 answers

openssl 'genpkey -algorithm RSA' vs. 'genrsa'

What is difference between below two commands? 1. openssl genpkey -algorithm RSA 2. openssl genrsa In document difference is "Private Key" and "RSA Private Key". Then.. What is diference between "Private Key with algorithm RSA" and "RSA Private…
diky
  • 43
4
votes
1 answer

"format error in certificate's notBefore field" but x509 -text shows a valid "Not Before"

I'm renewing the certificates for my VPN configuration. When I'm checking the validity: openssl verify -CAfile keys/ca.crt -verbose keys/example.org.crt C = XX, ST = XX, L = City, O = Example, OU = Manager, CN = example.org, name = EasyRSA,…
Braiam
  • 35,991
4
votes
3 answers

OpenSSL self signed certificate with a common name longer than 64 bytes

I can create a self signed certificate using openSSL as follows: openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -days XXX -nodes The interface somehow restricts me to 64 bytes for the common name. How can I create a certificate…
SivaDotRender
  • 1,207
  • 2
  • 13
  • 13
4
votes
1 answer

openssl and OCSP

I'm trying to check the revocation of certificates in a script but I'm getting the following error: unable to load certificate 140735258465104:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:703:Expecting: TRUSTED CERTIFICATE Here…
Matteo
  • 9,796
  • 4
  • 51
  • 66
4
votes
2 answers

OpenSSL updating ciphers suites

For PCI compliance I was required to protect our server against BEAST attacks. While I have correctly configured the apache / openssl settings to pass a scan, these settings have effectively limited the client browsers that can securely transact on…
sr_1436048
  • 187
3
votes
1 answer

openssl s_client set character mode

I am porting my telnet IM server to support SSL connections, and I test it with the command "openssl s_client -connect IP" on Linux, which connects to the server without errors. However, on telnet I was able to set the character mode (LINEMODE…
IS4
  • 223
2
votes
1 answer

openssl speed: any way to test only one curve in ECDSA?

I have been testing ECDSA speed with openssl speed ecdsa It took more than 7 minutes to report 22 curves. However, in most cases I only care about NIST P-256 (obviously), so it’s a waste of time for me to run so many niche curves. Is there…
Franklin Yu
  • 1,237
1
2 3 4