Would I have to make any changes to these linux commands to make it work on windows? Do all the pipes and redirects work as they do on linux?
openssl genrsa -out key.pem
openssl rsa -in key.pem -pubout > key.pub
openssl rsa -pubin -modulus -noout < key.pub
#
# to decrypt mess.enc (message encrypted via javascript)
cat mess.enc | openssl base64 -d | openssl rsautl -inkey key.pem -decrypt
I expect I must swap cat for type, and I am hoping the rest will work as it is. Can anyone confirm this?
Equivalent of cat on Windows will be of great help. Rest of the commands are same and should work fine on Windows.
Equivalent of cat on Windows
openssl
cat key.pem
type key.pem
cat=type
Related
I am encrypting a file with this openssl command -
openssl smime -encrypt -aes256 -in <input-file> -binary -outform DEM publicKey.pem
Although the command uses public key but it does not uses RSA as the input file is certainly larger in size.
The same file can be decrypted by -
cat encrypted | openssl smime -decrypt -binary -inform DEM -inkey publickey.pem
My question is, what method openssl uses here to encrypt using public key and how to achieve this command line functionality in code using node.js / ruby ?
Which programme or command do you use to extract the public key from a p12 protected with a password? I am trying with the command hydrabut i think it only works along networks
You can use openssl to check, convert etc. a p12 file.
E.g.:
openssl pkcs12 -info -in example.p12
or
openssl pkcs12 -in example.p12 -out example.pem -nodes
etc.
You can make openssl read the password from a file or stdin. E.g.:
openssl [...] -pass stdin
See man page for openssl for more ideas.
I am programming with Linux to encrypt a .txt file. I should encrypt a s2 chaine with a given PKI encryption key using RSA in
RSA/ECB/PKCS1Padding mode.
I have excecuted the following commands:
openssl rsautl -encrypt -pkcs -inkey Key.pem -pubin -in s2.txt -out rsa_4096.bin
openssl -encrypt -e -base64 -in rsa_4096.bin -out s2encrypted.txt
There is a problem with the padding mode.
Where can I get a certificate to the enterprise where I am working for sign an executable that we distribute? Because now, If the clients download the .exe file from Internet, Windows displays the security warning dialog "unknown publisher" when they execute it.
Futhermore, once I get it, how can I sign the executable on Linux?
Mono's signing tools allow to sign an executable on a Linux box.
First convert your .pfx certificate to .pvk and .spc files :
openssl pkcs12 -in authenticode.pfx -nocerts -nodes -out key.pem
openssl rsa -in key.pem -outform PVK -pvk-strong -out authenticode.pvk
openssl pkcs12 -in authenticode.pfx -nokeys -nodes -out cert.pem
openssl crl2pkcs7 -nocrl -certfile cert.pem -outform DER -out authenticode.spc
And then sign it :
signcode \
-spc authenticode.spc \
-v authenticode.pvk \
-a sha1 -$ commercial \
-n My\ Application \
-i http://www.example.com/ \
-t http://timestamp.verisign.com/scripts/timstamp.dll \
-tr 10 \
application.exe
Is there any (easy) way to create a signature for a file using the command and the openssl rsautl command while the necessary key is stored in a TPM?
I just want to do the following with "key.pem" being a TPM-stored key.
openssl rsautl -sign -in file -inkey key.pem -out sig
How to tell openssl rsautl to use key stored in TPM?
OpenSSL does not provide an ENGINE for TPMs. I believe you need to use TrouSerS.
Dr. Henson made some comments about it on the OpenSSL mailing list at TPM engine.