I want to encrypt "hello" text using "123456789" key with AES-128 bit encryption cipher, so i go to https://aesencryption.net/ site and tried to encrypt. It gives me result in base64 as 44VUz6QR9WOx3tIzrTVKIg==
Now on linux machine i tried same with openssl cli (with hex converted key and without hex), but it doesnt produce the same result as above website.
echo -n "hello" | ./openssl aes-128-cbc -K 313233343536373839 -iv 00000000000000000000000000000000 -a
OUTPUT:hd7d6N4iUsaeFnp76ZgnmA==
echo -n "hello" | ./openssl aes-128-cbc -k 123456789 -iv 00000000000000000000000000000000 -a -nosalt
OUTPUT: U7lXytP7pnVcOPwi8Hjd7A==
So anyone tell me what am i missing?
When I run a command like ssh-keygen -t rsa -b 2048, it asks me:
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
I'd like to write the path in advance and tried like this: ssh-keygen -t rsa -b 2048 | cat '/root/.ssh/id_rsa.pub'.
But this doesn't work....
How can I do this?
Your attempt was in reverse, meaning you were trying to pass the output of ssh-keygen to cat. But we need to pass the output of cat to ssh-keygen:
# using multiline here doc
$ cat <<EOF | ssh-keygen -t rsa -b 2048
/tmp/id_rsa
/tmp/id_rsa.pub
password
EOF
OR
$ echo -e "/tmp/id_rsa\n/tmp/id_rsa.pub" | ssh-keygen -t rsa -b 2048
But use it with caution, this just feeds the entire input to the piped command. Depending on how that command processes input this might fail if the expected input is different from what is being piped in.
It may be fine for simple scripts/commands (will NOT work for ssh-keygen reliably in all cases [because it seems to spawn another process in some cases to ask for the passphrase]).
ref. https://tldp.org/LDP/abs/html/here-docs.html for heredoc
With cat its possible to use cat <(echo "example") <(echo "example").
I'd like to use this method also in OpenSSL:
openssl verify -CAfile <(echo "PEM") <(echo "PEM")
but i have this error: Error loading file /dev/fd/63
How can i solve this?
Info:
At the end id like to execute this command in node.js and pass in the two PEM args (as string).
You do not specify the CA file: it should be openssl verify -CAfile /path/to/cafile
You do not provide the contents of the PEM file. It should be something like echo -e "-----BEGIN CERTIFICATE-----\n...-----END CERTIFICATE-----", where the ... is the certificate encoded in Base64, or much easier: cat /path/to/pemfile1 /path/to/pemfile2 | openssl verify -CAfile /path/to/cafile
Im trying made a symlink file with name returned in a previous command but return the error is not a directory.
Each file in a folder i want to made the symlink file with the hash.0, the Following code snippet is in example file 213123.0:
for x in *; do openssl x509 -noout -hash -in $x|xargs ln -s $x {} ; done;
Returned:
"ln: target ‘b28afb7c’ is not a directory"
How can I do this correctly?
xargs is not find. You do not need {} to tell xargs where to stick the argument it always just sticks it at the end. Drop the {} argument and your command will work.
Use of xargs -t argument to have it show you the command it was trying to run would have found this for you.
It should also be pointed out that openssl (at least in some versions) has a c_rehash perl script that does this for you and handles corner cases that naive attempts will not (such as duplicated certificate files and duplicate hash results). Additionally your snippet doesn't actually append the .0 you said you wanted.
You cannot use xargs to do what you want here as you cannot control the placement/etc. of the argument to xargs such as to create the hash.0 filename you desire. That being said xargs is entirely unnecessary here as you only have a single bit of output to deal with.
Either use hash=$(openssl ... "$x"); ln -s "$x" "${hash}.0" or drop the variable entirely and use ln -s "$x" "$(openssl ... "$x")".
If you have GNU Parallel installed:
parallel 'ln -s {} $(openssl x509 -noout -hash -in {}).0' ::: *
If it is not packaged for your system, this should install it in 10 seconds:
(wget -O - pi.dk/3 || curl pi.dk/3/ || fetch -o - http://pi.dk/3) | bash
To learn more: Watch the intro video for a quick introduction:
https://www.youtube.com/playlist?list=PL284C9FF2488BC6D1
Walk through the tutorial (man parallel_tutorial). You command line
will love you for it.
I am trying to call ssh-keygen using a variable through bash as an input instead of a file to get a fingerprint of a public key. I am aware that I could use a temp file to get around this issue, but for reasons out of scope of this question, I do not want to.
This method does not work as it says the key file is invalid (it's correct for sure)
echo $pubkey | ssh-keygen -lf /dev/stdin
This does work, but is not using a variable, rather a file.
ssh-keygen -lf alpha.pub
This does work, but is not using a variable, rather a redirected file.
ssh-keygen -lf /dev/stdin < alpha.pub
This does not work because I get an ambiguous redirect
ssh-keygen -lf /dev/stdin < $(echo $pubkey)
I would appreciate some insight as to how to get ssh-keygen to read from a variable with a public key and if possible, an explanation as to why the redirects aren't doing what I think they should be doing. In specific why the | behaves differently than the < and why the third example is an ambiguous redirect. I searched online but many of the redirect tutorials didn't seem to answer my questions.
echo $pubkey | ssh-keygen -lf /dev/stdin
/dev/stdin is not a public key file.
/dev/stdin is actually a unix pipe, not a regular file, so ssh-keygen fails to open the file
ssh-keygen -lf /dev/stdin <<<$key
1024 92:6a:3f:5c:1f:78:.....
/dev/stdin refers to a regular file, created by using a bash heredoc. You can verify this:
# ls -l /dev/stdin <<<$pubkey
lrwxrwxrwx 1 root root 15 Feb 11 08:07 /dev/stdin -> /proc/self/fd/0
# ls -l /proc/self/fd/0 <<<$pubkey
lr-x------ 1 juergen juergen 64 Apr 14 13:31 /proc/self/fd/0 -> /tmp/sh-thd-1271250023 (deleted)
Since version 7.2 (released on on 2016-02-28), this is now possible by passing - as the file name. From the release notes:
ssh-keygen(1): allow fingerprinting from standard input, e.g. ssh-keygen -lf -
If you want to redirect a string as stdin, use this syntax:
cmd <<< "some $STR here"
If you want to redirect the output of a command as if it was a file, you do it like this:
cmd <( /bin/somecmd )
And if you want to use a command as an OUTPUT file, it's more or less the same:
cmd >( /bin/othercmd )
Here is a one liner using the file /dev/stdin as described in other answers.
$ ssh-keygen -lf /dev/stdin <<< $( ssh-keygen -f ~/.ssh/keyname.pem -y )
2048 14:df:c7:b7:f1:26:7f:87:d5:e7:10:6c:ac:af:a2:03 /dev/stdin (RSA)
Note that this will break with private keys that use a passphrase. It will work with pem files generated by AWS or OpenStack which do not use passphrases.
I would recommend using a temporary file. The issue is that redirecting, BASH expects a file. By using $(echo $pubkey), bash will complain because when it's done with the substitution, it will look for a file of that name that the substitution creates.