Develop Reference

Linux command piping in openssl to use string input

I have a shell script where a file path $path have some text which I encrypt as below and it works:
content_sha256="$(openssl dgst -binary -sha256 < $path | openssl enc -e -base64)";
The value of variable content_sha256 works correctly.
Now, I have a string $body which I want to encrypt. I am trying below but it gives me entirely different result.
content_sha256="$(echo $body | openssl dgst -sha256 | openssl enc -e -base64)";
Am I piping something wrong or option for openssl should be different?

Correct answer below
content_sha256="$(echo $body | openssl dgst -binary -sha256 | openssl enc -e -base64)";
Points to note:
Include -binary option.
Instead of redirection of file content as input, use echo $body with pipe .

Decryption in a loop with openssl?

I'm trying to use openssl to decrypt files. I can successfully encrypt them in a loop, but when I try to change the command to make it decrypt, I get "error reading input file."
for f in /dir1/dir2/*.txt ;
do [ -f $f ] && openssl aes-256-cbc enc -in $f -out $f.enc -k PASSWORD ;
done
!the above works for encrypting
for f in /dir1/dir2/*.txt.enc ;
do [ -f $f ] && openssl enc -d -aes-256-cbc -k PASSWORD -in $f -out $f;
done
"error reading input file"
So I've tried making the input file $f.txt.enc, and $f.enc, and similar fiddling with the outfile. No luck.

I think your encoding line has problem, missing - in front of the aes part ... for reference here are lines that work for me:
openssl enc -aes-256-cbc -in $f -out $f.enc -k PASSWORD
openssl enc -aes-256-cbc -d -in $f.enc -out $f.dec -k PASSWORD

How to direct output of time command to a file in shell script?

This does not append the output of the time command to file.txt
echo $(time openssl genrsa -aes128 -out server.key 1024) &> file.txt

You can use the following:
{time openssl genrsa -aes128 -out server.key 1024} 2>> file.txt

pass outfile to another program using bash script

I have the following bash code for a batch run of multiple files to be processed by 3 different programs:
for i in *.txt
do
program1 -in ${i} -out Prog1_out_${i}
program2 -in Prog1_out_${i} -out Prog2_out_${i}
program3 -in Prog2_out_${i} -out Prog3_out_${i}
done
I ran into problem with program 2 not finding the input which is the output from program 1, and of course program 3 did not find the required input.
Can anyone help with suggestions for solving the problem?
Thanks

If the programs produce the output whenever they are successful, you could make them dependent of the previous commands success, like this:
program1 -in ${i} -out Prog1_out_${i} &&
program2 -in Prog1_out_${i} -out Prog2_out_${i} &&
program3 -in Prog2_out_${i} -out Prog3_out_${i}
So if one of the programs fails, the rest of the chain will not be invoked.
However, if the creation of the output has nothing to do with the success of the program, but you just want to check if the files exist, you can add the appropriate check before you call programx, i.e.
if [ -f "${i}" ]
then
progx ...
fi
As you are doing the same thing all the time this could be generalized for all programs (untested):
for i in *.txt
do
mv $i Prog0_out_$i
for program in 0 1 2
do
INFILE=Prog{$program}_out_${$i}
if [ ! -r ${INFILE} ]
then
break
fi
program{$program} -in ${INFILE} -out "Prog{$program}_out_$((i+1))"
done
done

Using Openssl To Read Multiple Certificates

I want to use the following command:
openssl x509 -noout -in /etc/pki/tls/certs/cert1.pem -enddate
openssl x509 -noout -in /etc/pki/tls/certs/cert2.pem -enddate
openssl x509 -noout -in /etc/pki/tls/certs/certN.pem -enddate
Is there a way to read all the certificates using wild cards? e.g,
openssl x509 -noout -in /etc/pki/tls/certs/*.pem -enddate
Any help would be much appreciated. Thank you in advance.

use a shell scriptlet:
#! /bin/sh
for file in /etc/pki/tls/certs/*.pem; do
echo -n "$file: "
openssl x509 -noout -in "$file" -enddate
done
put this in a file, say certexpires.sh then you can run it with:
sh certexpires.sh

My answer for your case is this command:
ls /etc/pki/tls/certs/cert*.pem | xargs -L1 openssl x509 -noout -enddate -in
Explanation
In the first step, I make the list of my certificates that I want to parse. For example in my case it could be like this:
[root#vpsfree certs]# ls -1 */*.crt
ewsport.org/ewsport.org.crt
hxpro.cz/hxpro.crt
jaguars.cz/jaguars.crt
koudelka.photography/koudelka.photography.crt
unicycle-hockey.cz/unicycle-hockey.cz.crt
unipragga.cz/unipragga.cz.crt
Next step, I want to get expiration date from each of them.
[root#vpsfree certs]# openssl x509 -noout -enddate -in hxpro.cz/hxpro.crt
notAfter=Apr 24 11:29:21 2017 GMT
Now I can send output from my first command to second using xargs.
[root#vpsfree certs]# ls -1 */*.crt | xargs -L1 openssl x509 -noout -enddate -in
notAfter=Mar 31 15:08:20 2017 GMT
notAfter=Apr 24 11:29:21 2017 GMT
notAfter=Mar 23 21:23:42 2017 GMT
notAfter=Apr 24 11:50:32 2017 GMT
notAfter=Dec 11 16:32:41 2016 GMT
notAfter=Mar 20 19:44:17 2017 GMT
I used option -L1, because openssl command needs only one -in file as input.

I have created an Alias for my terminal which runs this on whole files in folder (you can adjust it to run only on pem extension but this is my adaptation)
alias ssl-opemu='_(){ for i in *; do openssl x509 -in $i -noout -text; done; }; _'
I am almost sure I have inherited this from a previous thread so all rights to their original owners. :)