This does not append the output of the time command to file.txt
echo $(time openssl genrsa -aes128 -out server.key 1024) &> file.txt
You can use the following:
{time openssl genrsa -aes128 -out server.key 1024} 2>> file.txt
Related
Using openssl with aes256 by passing password works fine:
openssl enc -iv BABA -aes256 -in message.txt -out message.enc -base64 -k 1234
openssl enc -d -iv BABA -aes256 -in message.enc -out message.txt -base64 -k 1234
What I am trying to do is to generate an aes256 key and save it in a file. Then use the key file for encryption/decryption actions.
I found this procedure:
openssl rand -base64 256 > symm_key
openssl enc -aes256 -e -in message.txt -out cipher.bin -pass file:symm_key -salt
openssl enc -aes256 -d -in cipher.bin -out message.txt -pass file:symm_key -salt
Any other solution? I do not want to use password.
I have a shell script where a file path $path have some text which I encrypt as below and it works:
content_sha256="$(openssl dgst -binary -sha256 < $path | openssl enc -e -base64)";
The value of variable content_sha256 works correctly.
Now, I have a string $body which I want to encrypt. I am trying below but it gives me entirely different result.
content_sha256="$(echo $body | openssl dgst -sha256 | openssl enc -e -base64)";
Am I piping something wrong or option for openssl should be different?
Correct answer below
content_sha256="$(echo $body | openssl dgst -binary -sha256 | openssl enc -e -base64)";
Points to note:
Include -binary option.
Instead of redirection of file content as input, use echo $body with pipe .
I'm trying to use openssl to decrypt files. I can successfully encrypt them in a loop, but when I try to change the command to make it decrypt, I get "error reading input file."
for f in /dir1/dir2/*.txt ;
do [ -f $f ] && openssl aes-256-cbc enc -in $f -out $f.enc -k PASSWORD ;
done
!the above works for encrypting
for f in /dir1/dir2/*.txt.enc ;
do [ -f $f ] && openssl enc -d -aes-256-cbc -k PASSWORD -in $f -out $f;
done
"error reading input file"
So I've tried making the input file $f.txt.enc, and $f.enc, and similar fiddling with the outfile. No luck.
I think your encoding line has problem, missing - in front of the aes part ... for reference here are lines that work for me:
openssl enc -aes-256-cbc -in $f -out $f.enc -k PASSWORD
openssl enc -aes-256-cbc -d -in $f.enc -out $f.dec -k PASSWORD
I am trying to generate some certificate using below command in CSH environment:
/usr/bin/openssl req -x509 -nodes -days 365 -newkey rsa:4096 -keyout "selfsigned.key" \
-out "selfsigned.crt" -subj "/C=XX/ST=XX/L=XX/O=XX/OU=XX/CN=Some IP" -extensions SAN \
-config <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=DNS:Some DNS,Some IP"))
Getting Missing name for redirect error.
How can I fix this?
Part of your command line is:
… <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=DNS:Some DNS,Some IP"))
You're using a Bash-specific notation — process substitution — twice. In the C shell, that simply isn't going to work. The C shell has no clue what you mean (witness the error message).
You'll have to wrap the command in a Bash script and use Bash to execute it. Or rethink the command so as not to use process substitution at all.
One option would be to create a temporary file and use that in the command:
set tmpfile `mktemp`
cat /etc/ssl/openssl.cnf > $tmpfile
printf "\n[SAN]\nsubjectAltName=DNS:Some DNS,Some IP\n" >> $tmpfile
/usr/bin/openssl req -x509 -nodes -days 365 -newkey rsa:4096 -keyout "selfsigned.key" \
-out "selfsigned.crt" -subj "/C=XX/ST=XX/L=XX/O=XX/OU=XX/CN=Some IP" -extensions SAN \
-config $tmpfile
rm -f $tmpfile
The fact that this might leave the temporary file lying around if interrupted is one of the reasons why the standard recommendation is not to write scripts in the C shell. (See C Shell Programming Considered Harmful or Top Ten Reasons not to use the C shell.) With a POSIX shell, you can ensure that the temporary file is removed unless you brutally kill the script with SIGKILL.
I want to use the following command:
openssl x509 -noout -in /etc/pki/tls/certs/cert1.pem -enddate
openssl x509 -noout -in /etc/pki/tls/certs/cert2.pem -enddate
openssl x509 -noout -in /etc/pki/tls/certs/certN.pem -enddate
Is there a way to read all the certificates using wild cards? e.g,
openssl x509 -noout -in /etc/pki/tls/certs/*.pem -enddate
Any help would be much appreciated. Thank you in advance.
use a shell scriptlet:
#! /bin/sh
for file in /etc/pki/tls/certs/*.pem; do
echo -n "$file: "
openssl x509 -noout -in "$file" -enddate
done
put this in a file, say certexpires.sh then you can run it with:
sh certexpires.sh
My answer for your case is this command:
ls /etc/pki/tls/certs/cert*.pem | xargs -L1 openssl x509 -noout -enddate -in
Explanation
In the first step, I make the list of my certificates that I want to parse. For example in my case it could be like this:
[root#vpsfree certs]# ls -1 */*.crt
ewsport.org/ewsport.org.crt
hxpro.cz/hxpro.crt
jaguars.cz/jaguars.crt
koudelka.photography/koudelka.photography.crt
unicycle-hockey.cz/unicycle-hockey.cz.crt
unipragga.cz/unipragga.cz.crt
Next step, I want to get expiration date from each of them.
[root#vpsfree certs]# openssl x509 -noout -enddate -in hxpro.cz/hxpro.crt
notAfter=Apr 24 11:29:21 2017 GMT
Now I can send output from my first command to second using xargs.
[root#vpsfree certs]# ls -1 */*.crt | xargs -L1 openssl x509 -noout -enddate -in
notAfter=Mar 31 15:08:20 2017 GMT
notAfter=Apr 24 11:29:21 2017 GMT
notAfter=Mar 23 21:23:42 2017 GMT
notAfter=Apr 24 11:50:32 2017 GMT
notAfter=Dec 11 16:32:41 2016 GMT
notAfter=Mar 20 19:44:17 2017 GMT
I used option -L1, because openssl command needs only one -in file as input.
I have created an Alias for my terminal which runs this on whole files in folder (you can adjust it to run only on pem extension but this is my adaptation)
alias ssl-opemu='_(){ for i in *; do openssl x509 -in $i -noout -text; done; }; _'
I am almost sure I have inherited this from a previous thread so all rights to their original owners. :)