Openssl 64

OpenSSL Command-Line HOWTO

1. Openssl 64 Bit
2. Openssl 64 Library
3. How To Use Openssl
4. Openssl 64 Bit Source Code

The openssl application that ships with the OpenSSL libraries can perform a wide range of crypto operations. This HOWTO provides some cookbook-style recipes for using it.

Paul Heinlein
First published on June 13, 2004
Last updated on September 13, 2016

1. OpenSSL 3.0 is the next major version of OpenSSL that is currently in development and includes the new FIPS Object Module. A pre-release version of this is available below. This is for testing only. It should not be used in production. Information and notes about OpenSSL 3.0 are available on the OpenSSL Wiki.
2. Fedora x8664 Official: openssl-devel-1.1.1g-15.fc33.x8664.rpm: Files for development of applications which will use OpenSSL: Fedora Updates x8664 Official: openssl-devel-1.1.1k-1.fc33.x8664.rpm: Files for development of applications which will use OpenSSL.

OpenSSL versions 1.0.1 through 1.0.1f had a severe memory handling bug in their implementation of the TLS Heartbeat Extension that could be used to reveal up to 64 KB of the application's memory with every heartbeat (CVE-2014-0160).

The openssl command-line binary that ships with theOpenSSL libraries can perform a wide range ofcryptographic operations. It can come in handy in scripts or foraccomplishing one-time command-line tasks.

Documentation for using the openssl application is somewhat scattered,however, so this article aims to provide some practical examples of itsuse. I assume that you've already got a functional OpenSSL installationand that the openssl binary is in your shell's PATH.

Just to be clear, this article is strictly practical; it does notconcern cryptographic theory and concepts. If you don't know what an MD5sum is, this article won't enlighten you one bit—but if all you need toknow is how to use openssl to generate a file sum, you're inluck.

The nature of this article is that I'll be adding new examplesincrementally. Check back at a later date if I haven't gotten to theinformation you need.

How do I find out what OpenSSL version I'm running?

Use the version option.

You can get much more information with the version -a option.

How do I get a list of the available commands?

Openssl 64 Bit

There are three built-in options for getting lists of availablecommands, but none of them provide what I consider useful output. Thebest thing to do is provide an invalid command (help or -h will donicely) to get a readable answer.

What the shell calls 'Standard commands' are the main top-level options.

You can use the same trick with any of the subcommands.

In more boring fashion, you can consult the OpenSSL man pages.

How do I get a list of available ciphers?

Use the ciphers option. Theciphers(1) man page isquite helpful.

How do I benchmark my system's performance?

The OpenSSL developers have built a benchmarking suite directly into theopenssl binary. It's accessible via the speed option. It tests howmany operations it can perform in a given time, rather than how long ittakes to perform a given number of operations. This strikes me as quitesane, because the benchmarks don't take significantly longer to run on aslow system than on a fast one.

To run a catchall benchmark, run it without any further options.

There are two sets of results. The first reports how many bytes persecond can be processed for each algorithm, the second the times neededfor sign/verify cycles. Here are the results on an 2.70GHz Intel Xeon E5.

You can run any of the algorithm-specific subtests directly.

How do I benchmark remote connections?

The s_time option lets you test connection performance. The mostsimple invocation will run for 30 seconds, use any cipher, and use SSLhandshaking to determine number of connections per second, using bothnew and reused sessions:

Beyond that most simple invocation, s_time gives you a wide variety oftesting options.

If you don't have an SSL-enabled web server available for your use, youcan emulate one using the s_server option.

How do I generate a self-signed certificate?

You'll first need to decide whether or not you want to encrypt your key.Doing so means that the key is protected by a passphrase.

On the plus side, adding a passphrase to a key makes it more secure, sothe key is less likely to be useful to someone who steals it. Thedownside, however, is that you'll have to either store the passphrase ina file or type it manually every time you want to start your web or ldapserver.

It violates my normally paranoid nature to say it, but I preferunencrypted keys, so I don't have to manually type a passphrase eachtime a secure daemon is started. (It's not terribly difficult todecrypt your key if you later tire of typing apassphrase.)

This example will produce a file called mycert.pem which will containboth the private key and the public certificate based on it. Thecertificate will be valid for 365 days, and the key (thanks to the-nodes option) is unencrypted.

Using this command-line invocation, you'll have to answer a lot ofquestions: Country Name, State, City, and so on. The tricky question is'Common Name.' You'll want to answer with the hostname or CNAME bywhich people will address the server. This is very important. If yourweb server's real hostname is mybox.mydomain.com but people will beusing www.mydomain.com to address the box, then use the latter name toanswer the 'Common Name' question.

Once you're comfortable with the answers you provide to those questions,you can script the whole thing by adding the -subj option. I'veincluded some information about location into the example that follows,but the only thing you really need to include for the certificate to beuseful is the hostname (CN).

How do I generate a certificate request for VeriSign?

Applying for a certificate signed by a recognized certificate authoritylike VeriSign is a complex bureaucratic process. You've got to performall the requisite paperwork before creating a certificate request.

As in the recipe for creating a self-signed certificate,you'll have to decide whether or not you want a passphrase on yourprivate key. The recipe below assumes you don't. You'll end up with twofiles: a new private key called mykey.pem and a certificate requestcalled myreq.pem.

If you've already got a key and would like to use it forgenerating the request, the syntax is a bit simpler.

Similarly, you can also provide subject information on the command line.

When dealing with an institution like VeriSign, you need to take specialcare to make sure that the information you provide during the creationof the certificate request is exactly correct. I know from personalexperience that even a difference as trivial as substituting 'and' for'&' in the Organization Name will stall the process.

If you'd like, you can double check the signature and informationprovided in the certificate request.

Save the key file in a secure location. You'll need it in order to usethe certificate VeriSign sends you. The certificate request willtypically be pasted into VeriSign's online application form.

How do I test a new certificate?

The s_server option provides a simple but effective testing method.The example below assumes you've combined your key and certificate intoone file called mycert.pem.

First, launch the test server on the machine on which the certificatewill be used. By default, the server will listen on port 4433; you canalter that using the -accept option.

If the server launches without complaint, then chances are good that thecertificate is ready for production use.

You can also point your web browser at the test server, e.g.,https://yourserver:4433/. Don't forget to specify the 'https'protocol; plain-old 'http' won't work. You should see a page listing thevarious ciphers available and some statistics about your connection.Most modern browsers allow you to examine the certificate as well.

How do I retrieve a remote certificate?

If you combine openssl and sed, you can retrieve remote certificatesvia a shell one-liner or a simple script.

You can, in turn, pipe that information back to openssl to do thingslike check the dates on all your active certificates.

How do I extract information from a certificate?

An SSL certificate contains a wide range of information: issuer, validdates, subject, and some hardcore crypto stuff. The x509 subcommand isthe entry point for retrieving this information. The examples below allassume that the certificate you want to examine is stored in a filenamed cert.pem.

Using the -text option will give you the full breadth of information.

Other options will provide more targeted sets of data.

How do I export or import a PKCS#12 certificate?

PKCS#12 files can be imported and exported by a number of applications,including Microsoft IIS. They are often associated with the fileextension .pfx.

To create a PKCS#12 certificate, you'll need a private key and acertificate. During the conversion process, you'll be given anopportunity to put an 'Export Password' (which can be empty, if youchoose) on the certificate.

If someone sends you a PKCS#12 and any passwords needed to work withit, you can export it into standard PEM format.

Applications linked against the OpenSSL libraries can verifycertificates signed by a recognized certificate authority (CA).

How do I verify a certificate?

Use the verify option to verify certificates.

If your local OpenSSL installation recognizes the certificate or itssigning authority and everything else (dates, signing chain, etc.)checks out, you'll get a simple OK message.

If anything is amiss, you'll see some error messages with shortdescriptions of the problem, e.g.,

• error 10 at 0 depth lookup:certificate has expired. Certificatesare typically issued for a limited period of time—usually just oneyear—and openssl will complain if a certificate has expired.

• error 18 at 0 depth lookup:self signed certificate. Unless youmake an exception, OpenSSL won't verify aself-signed certificate.

What certificate authorities does OpenSSL recognize?

When OpenSSL was built for your system, it was configured with a'Directory for OpenSSL files.' (That's the --openssldir option passedto the configure script, for you hands-on types.) This is the directorythat typically holds information about certificate authorities yoursystem trusts.

The default location for this directory is /usr/local/ssl, but mostvendors put it elsewhere, e.g., /usr/share/ssl (Red Hat/Fedora),/etc/ssl (Gentoo), /usr/lib/ssl (Debian), or/System/Library/OpenSSL (Macintosh OS X).

Use the version option to identify which directory (labeledOPENSSLDIR) your installation uses.

Within that directory and a subdirectory called certs, you're likelyto find one or more of three different kinds of files.

1. A large file called cert.pem, an omnibus collection of manycertificates from recognized certificate authorities like VeriSignand Thawte.

2. Some small files in the certs subdirectory named with a .pemfile extension, each of which contains a certificate from a singleCA.

3. Some symlinks in the certs subdirectory with obscure filenameslike 052eae11.0. There is typically one of these links for each.pem file.

   The first part of obscure filename is actually a hash value based onthe certificate within the .pem file to which it points. The fileextension is just an iterator, since it's theoretically possiblethat multiple certificates can generate identical hashes.

   On my Gentoo system, for example, there's a symlink namedf73e89fd.0 that points to a file named vsignss.pem. Sure enough,the certificate in that file generates a hash the equates to thename of the symlink:

When an application encounters a remote certificate, it will typicallycheck to see if the cert can be found in cert.pem or, if not, in afile named after the certificate's hash value. If found, the certificateis considered verified.

It's interesting to note that some applications, like Sendmail, allowyou to specify at runtime the location of the certificates you trust,while others, like Pine, do not.

How do I get OpenSSL to recognize/verify a certificate?

Put the file that contains the certificate you'd like to trust into thecerts directory discussed above. Then create thehash-based symlink. Here's a little script that'll do just that.

The s_client and s_server options provide a way to launchSSL-enabled command-line clients and servers. There are other examplesof their use scattered around this document, but this section isdedicated solely to them.

In this section, I assume you are familiar with the specific protocolsat issue: SMTP, HTTP, etc. Explaining them is out of the scope of thisarticle.

How do I connect to a secure SMTP server?

You can test, or even use, an SSL-enabled SMTP server from the commandline using the s_client option.

Secure SMTP servers offer secure connections on up to three ports: 25(TLS), 465 (SSL), and 587 (TLS). Some time around the 0.9.7 release, theopenssl binary was given the ability to use STARTTLS when talking toSMTP servers.

RFC821 suggests (although itfalls short of explicitly specifying) the two characters '' asline-terminator. Most mail agents do not care about this and accepteither '' or '' as line-terminators, but Qmail does not.If you want to comply to the letter with RFC821 and/or communicate withQmail, use also the -crlf option:

How do I connect to a web server using SNI?

The shortage of IPv4 addresses prompted the development of the HTTP 1.1standard so a single IP address could host multiple name-based virtualservers.

Later, that same shortage of addresses led to the development ofthe Server NameIndication(SNI) extension of the TLS protocol. When using SNI, the clientsends the hostname it wants to contact during the TLS negotiation.An SNI-enabled server is then able to offer the certificate withthe matching hostname for the client to verify.

SNI is enabled in openssl by specifying the -servername option.

How do I connect to a secure [whatever] server?

Connecting to a different type of SSL-enabled server is essentially thesame operation as outlined above. As of the date of this writing,openssl only supports command-line TLS with SMTP servers, so you haveto use straightforward SSL connections with any other protocol.

How do I set up an SSL server from the command line?

The s_server option allows you to set up an SSL-enabled server fromthe command line, but it's I wouldn't recommend using it for anythingother than testing or debugging. If you need a production-qualitywrapper around an otherwise insecure server, check outStunnel instead.

The s_server option works best when you have a certificate; it'sfairly limited without one.

Generating digests with the dgst option is one of the morestraightforward tasks you can accomplish with the openssl binary.Producing digests is done so often, as a matter of fact, that you canfind special-use binaries for doing the same thing.

How do I create an MD5 or SHA1 digest of a file?

Digests are created using the dgst option. I've seen severalsystems on which the OpenSSLdgst(1) manpage does not accurately report the digest functions available viathe local openssl binary. I suggest running openssl dgst -h tosee which digests are actually available.

The MD5 digests are identical to those created with the widely availablemd5sum command, though the output formats differ.

The same is true for SHA1 digests and the output of the sha1sumapplication.

How do I sign a digest?

If you want to ensure that the digest you create doesn't get modifiedwithout your permission, you can sign it using your privatekey. The following example assumes that you want to sign theSHA256 sum of a file called foo-1.23.tar.gz.

How do I verify a signed digest?

To verify a signed digest you'll need the file from which the digest wasderived, the signed digest, and the signer's publickey.

How do I create an Apache digest password entry?

Apache's HTTP digest authentication feature requires a special passwordformat. Apache ships with the htdigest utility, but it will only writeto a file, not to standard output. When working with remote users, it'ssometimes nice for them to be able to generate a password hash on amachine they trust and then mail it for inclusion in your local passworddatabase.

The format of the password database is relatively simple: acolon-separated list of the username, authorization realm (specified bythe Apache AuthName directive), and an MD5 digest of those two items andthe password. Below is a script that duplicates the output ofhtdigest, except that the output is written to standard output. Ittakes advantage of the dgst option's ability to read from standardinput.

What other kinds of digests are available?

Use the built-in list-message-digest-commands option to get a list ofthe digest types available to your local OpenSSL installation.

Like the list in the dgst(1) man page, this list may be outdated.Let the buyer beware!

How do I base64-encode something?

Use the enc -base64 option.

It's also possible to do a quick command-line encoding of a stringvalue:

Note that echo will silently attach a newline character to yourstring. Consider using its -n option if you want to avoid thatsituation, which could be important if you're trying to encode apassword or authentication string.

Use the -d (decode) option to reverse the process.

How do I simply encrypt a file?

Simple file encryption is probably better done using a tool likeGPG. Still, you may have occasion to want toencrypt a file without having to build or use a key/certificatestructure. All you want to have to remember is a password. It can nearlybe that simple—if you can also remember the cipher you employed forencryption.

To choose a cipher, consult the enc(1) manpage. More simply (andperhaps more accurately), you can ask openssl for a list in one of twoways.

After you choose a cipher, you'll also have to decide if you want tobase64-encode the data. Doing so will mean the encrypted data can be,say, pasted into an email message. Otherwise, the output will be abinary file.

To decrypt file.enc you or the file's recipient will need to rememberthe cipher and the passphrase.

If you'd like to avoid typing a passphrase every time you encrypt ordecrypt a file, the openssl(1) man page provides the details under theheading 'PASS PHRASE ARGUMENTS.' The format of the password argument isfairly simple.

How do I interpret SSL error messages?

Poking through your system logs, you see some error messages that areevidently related to OpenSSL or crypto:

The first step to figure out what's going wrong is to use the errstroption to intrepret the error code. The code number is found between'error:' and ':lib'. In this case, it's 0407006A.

If you've got a full OpenSSL installation, including all the developmentdocumentation, you can start your investigation there. In this example,the RSA_padding_add_PKCS1_type_1(3) man page will inform you thatPKCS #1 involves block methods for signatures. After that, of course,you'd need to pore through your application's source code to identifywhen it would expect be receiving those sorts of packets.

How do I generate an RSA key?

Use the genrsa option.

How do I generate a public RSA key?

Use the rsa option to produce a public version of your private RSAkey.

How do I generate a DSA key?

Building DSA keys requires a parameter file, and DSA verify operationsare slower than their RSA counterparts, so they aren't as widely used asRSA keys.

If you're only going to build a single DSA key, you can do so in justone step using the dsaparam subcommand.

If, on the other hand, you'll be creating several DSA keys, you'llprobably want to build a shared parameter file before generating thekeys. It can take a while to build the parameters, but once built, keygeneration is done quickly.

How do I create an elliptic curve key?

Routines for working with elliptic curvecryptography were added to OpenSSL in version0.9.8. Generating an EC key involves the ecparam option.

How do I remove a passphrase from a key?

Perhaps you've grown tired of typing your passphrase every time yoursecure daemon starts. You can decrypt your key, removing the passphraserequirement, using the rsa or dsa option, depending on the signaturealgorithm you chose when creating your private key.

If you created an RSA key and it is stored in a standalone file calledkey.pem, then here's how to output a decrypted version of the same keyto a file called newkey.pem.

Often, you'll have your private key and public certificate stored in thesame file. If they are stored in a file called mycert.pem, you canconstruct a decrypted version called newcert.pem in two steps.

Using the passwd option, you can generate password hashes thatinteroperate with traditional /etc/passwd files, newer-style/etc/shadow files, and Apache password files.

How do I generate a crypt-style password hash?

You can generate a new hash quite simply:

If you know an existing password's 'salt,' you can duplicate the hash.

How do I generate a shadow-style password hash?

Newer Unix systems use a more secure MD5-based hashing mechanism thatuses an eight-character salt (as compared to the two-character salt intraditional crypt()-style hashes). Generating them is stillstraightforward using the -1 option:

The salt in this format consists of the eight characters between thesecond and third dollar signs, in this case sXiKzkus. So you can alsoduplicate a hash with a known salt and password.

Current cryptographic techniques rely heavily on the generation andtesting of prime numbers, so it's no surprise that the OpenSSL librariescontain several routines dealing with primes. Beginning with version0.9.7e (or so), the prime option was added to the openssl binary.

How do I test whether a number is prime?

Pass the number to the prime option. Note that the number returned byopenssl will be in hex, not decimal, format.

You can also pass hex numbers directly.

How do I generate a set of prime numbers?

Starting with OpenSSL version 1.0.0, the openssl binary can generateprime numbers of a specified length:

If you're using a version of OpenSSL older than 1.0.0, you'll have topass a bunch of numbers to openssl and see what sticks. The sequtility is useful in this capacity.

How do I generate random data?

Use the rand option to generate binary or base64-encoded data.

On a Unix box with a /dev/urandom device and a copy of GNU head, ora recent version of BSD head, you can achieve a similar effect, oftenwith better entropy:

You can get a wider variety of characters than what's offered usingBase64 encoding by using strings:

Make sure you know the trade-offs between the random and urandomdevices before relying on them for truly critical entropy. Consult therandom(4) man page on Linux and BSD systems, or random(7D) on Solaris,for further information.

S/MIME is astandard for sending and receiving secure MIME data, especially ine-mail messages. Automated S/MIME capabilities have been added to quitea few e-mail clients, though openssl can provide command-line S/MIMEservices using the smime option.

Note that the documentation in thesmime(1) man pageincludes a number of good examples.

How do I verify a signed S/MIME message?

It's pretty easy to verify a signed message. Use your mail client tosave the signed message to a file. In this example, I assume that thefile is named msg.txt.

If the sender's certificate is signed by a certificate authority trustedby your OpenSSL infrastructure, you'll see some mail headers, a copy ofthe message, and a concluding line that says Verification successful.

If the messages has been modified by an unauthorized party, the outputwill conclude with a failure message indicating that the digest and/orthe signature doesn't match what you received:

Likewise, if the sender's certificate isn't recognized by your OpenSSLinfrastructure, you'll get a similar error:

Openssl 64 Library

Most e-mail clients send a copy of the public certificate in thesignature attached to the message. From the command line, you can viewthe certificate data yourself. You'll use the smime -pk7out option topipe a copy of the PKCS#7 certificate back into the pkcs7 option.It's oddly cumbersome but it works.

If you'd like to extract a copy of your correspondent's certificate forlong-term use, use just the first part of that pipe.

At that point, you can either integrate it into your OpenSSLinfrastructure or you can save it off somewhere forspecial use.

How do I encrypt a S/MIME message?

Let's say that someone sends you her public certificate and asks thatyou encrypt some message to her. You've saved her certificate asher-cert.pem. You've saved your reply as my-message.txt.

To get the default—though fairly weak—RC2-40 encryption, you just tellopenssl where the message and the certificate are located.

If you're pretty sure your remote correspondent has a robust SSLtoolkit, you can specify a stronger encryption algorithm like tripleDES:

By default, the encrypted message, including the mail headers, is sentto standard output. Use the -out option or your shell to redirect itto a file. Or, much trickier, pipe the output directly to sendmail.

How do I sign a S/MIME message?

If you don't need to encrypt the entire message, but you do want to signit so that your recipient can be assured of the message's integrity, therecipe is similar to that for encryption. The maindifference is that you need to have your own key and certificate, sinceyou can't sign anything with the recipient's cert.

Though it takes time to read them all and figure out how they relate toone another, the OpenSSL man pages are the best place to start:asn1parse(1),ca(1),ciphers(1),config(5),crl(1),crl2pkcs7(1),dgst(1),dhparam(1),dsa(1),dsaparam(1),ec(1),ecparam(1),enc(1),errstr(1),gendsa(1),genpkey(1),genrsa(1),nseq(1),ocsp(1),openssl(1),passwd(1),pkcs12(1),pkcs7(1),pkcs8(1),pkey(1),pkeyparam(1),pkeyutl(1),rand(1),req(1),rsa(1),rsautl(1),s_client(1),s_server(1),s_time(1),sess_id(1),smime(1),speed(1),spkac(1),ts(1),tsget(1),verify(1),version(1),x509(1),x509v3_config(5).

This document has been online for well over a decade. Much of itsdevelopment is due to my own curiosity, but several key improvementshave come via unsolicited suggestions from readers. So let me sayexplicitly that comments and suggestions about this document areappreciated and can be addressed to the author at heinlein@madboa.com.

Embed SSL and TLS support into your projects to enhance security with the help of this lightweight cryptography library, which comprises various encryption algorithms

What's new in OpenSSL 1.1.1k:

You'll first need to decide whether or not you want to encrypt your key.Doing so means that the key is protected by a passphrase.

On the plus side, adding a passphrase to a key makes it more secure, sothe key is less likely to be useful to someone who steals it. Thedownside, however, is that you'll have to either store the passphrase ina file or type it manually every time you want to start your web or ldapserver.

It violates my normally paranoid nature to say it, but I preferunencrypted keys, so I don't have to manually type a passphrase eachtime a secure daemon is started. (It's not terribly difficult todecrypt your key if you later tire of typing apassphrase.)

This example will produce a file called mycert.pem which will containboth the private key and the public certificate based on it. Thecertificate will be valid for 365 days, and the key (thanks to the-nodes option) is unencrypted.

Using this command-line invocation, you'll have to answer a lot ofquestions: Country Name, State, City, and so on. The tricky question is'Common Name.' You'll want to answer with the hostname or CNAME bywhich people will address the server. This is very important. If yourweb server's real hostname is mybox.mydomain.com but people will beusing www.mydomain.com to address the box, then use the latter name toanswer the 'Common Name' question.

Once you're comfortable with the answers you provide to those questions,you can script the whole thing by adding the -subj option. I'veincluded some information about location into the example that follows,but the only thing you really need to include for the certificate to beuseful is the hostname (CN).

How do I generate a certificate request for VeriSign?

Applying for a certificate signed by a recognized certificate authoritylike VeriSign is a complex bureaucratic process. You've got to performall the requisite paperwork before creating a certificate request.

As in the recipe for creating a self-signed certificate,you'll have to decide whether or not you want a passphrase on yourprivate key. The recipe below assumes you don't. You'll end up with twofiles: a new private key called mykey.pem and a certificate requestcalled myreq.pem.

If you've already got a key and would like to use it forgenerating the request, the syntax is a bit simpler.

Similarly, you can also provide subject information on the command line.

When dealing with an institution like VeriSign, you need to take specialcare to make sure that the information you provide during the creationof the certificate request is exactly correct. I know from personalexperience that even a difference as trivial as substituting 'and' for'&' in the Organization Name will stall the process.

If you'd like, you can double check the signature and informationprovided in the certificate request.

Save the key file in a secure location. You'll need it in order to usethe certificate VeriSign sends you. The certificate request willtypically be pasted into VeriSign's online application form.

How do I test a new certificate?

The s_server option provides a simple but effective testing method.The example below assumes you've combined your key and certificate intoone file called mycert.pem.

First, launch the test server on the machine on which the certificatewill be used. By default, the server will listen on port 4433; you canalter that using the -accept option.

If the server launches without complaint, then chances are good that thecertificate is ready for production use.

You can also point your web browser at the test server, e.g.,https://yourserver:4433/. Don't forget to specify the 'https'protocol; plain-old 'http' won't work. You should see a page listing thevarious ciphers available and some statistics about your connection.Most modern browsers allow you to examine the certificate as well.

How do I retrieve a remote certificate?

If you combine openssl and sed, you can retrieve remote certificatesvia a shell one-liner or a simple script.

You can, in turn, pipe that information back to openssl to do thingslike check the dates on all your active certificates.

How do I extract information from a certificate?

An SSL certificate contains a wide range of information: issuer, validdates, subject, and some hardcore crypto stuff. The x509 subcommand isthe entry point for retrieving this information. The examples below allassume that the certificate you want to examine is stored in a filenamed cert.pem.

Using the -text option will give you the full breadth of information.

Other options will provide more targeted sets of data.

How do I export or import a PKCS#12 certificate?

PKCS#12 files can be imported and exported by a number of applications,including Microsoft IIS. They are often associated with the fileextension .pfx.

To create a PKCS#12 certificate, you'll need a private key and acertificate. During the conversion process, you'll be given anopportunity to put an 'Export Password' (which can be empty, if youchoose) on the certificate.

If someone sends you a PKCS#12 and any passwords needed to work withit, you can export it into standard PEM format.

Applications linked against the OpenSSL libraries can verifycertificates signed by a recognized certificate authority (CA).

How do I verify a certificate?

Use the verify option to verify certificates.

If your local OpenSSL installation recognizes the certificate or itssigning authority and everything else (dates, signing chain, etc.)checks out, you'll get a simple OK message.

If anything is amiss, you'll see some error messages with shortdescriptions of the problem, e.g.,

• error 10 at 0 depth lookup:certificate has expired. Certificatesare typically issued for a limited period of time—usually just oneyear—and openssl will complain if a certificate has expired.

• error 18 at 0 depth lookup:self signed certificate. Unless youmake an exception, OpenSSL won't verify aself-signed certificate.

What certificate authorities does OpenSSL recognize?

When OpenSSL was built for your system, it was configured with a'Directory for OpenSSL files.' (That's the --openssldir option passedto the configure script, for you hands-on types.) This is the directorythat typically holds information about certificate authorities yoursystem trusts.

The default location for this directory is /usr/local/ssl, but mostvendors put it elsewhere, e.g., /usr/share/ssl (Red Hat/Fedora),/etc/ssl (Gentoo), /usr/lib/ssl (Debian), or/System/Library/OpenSSL (Macintosh OS X).

Use the version option to identify which directory (labeledOPENSSLDIR) your installation uses.

Within that directory and a subdirectory called certs, you're likelyto find one or more of three different kinds of files.

1. A large file called cert.pem, an omnibus collection of manycertificates from recognized certificate authorities like VeriSignand Thawte.

2. Some small files in the certs subdirectory named with a .pemfile extension, each of which contains a certificate from a singleCA.

3. Some symlinks in the certs subdirectory with obscure filenameslike 052eae11.0. There is typically one of these links for each.pem file.

   The first part of obscure filename is actually a hash value based onthe certificate within the .pem file to which it points. The fileextension is just an iterator, since it's theoretically possiblethat multiple certificates can generate identical hashes.

   On my Gentoo system, for example, there's a symlink namedf73e89fd.0 that points to a file named vsignss.pem. Sure enough,the certificate in that file generates a hash the equates to thename of the symlink:

When an application encounters a remote certificate, it will typicallycheck to see if the cert can be found in cert.pem or, if not, in afile named after the certificate's hash value. If found, the certificateis considered verified.

It's interesting to note that some applications, like Sendmail, allowyou to specify at runtime the location of the certificates you trust,while others, like Pine, do not.

How do I get OpenSSL to recognize/verify a certificate?

Put the file that contains the certificate you'd like to trust into thecerts directory discussed above. Then create thehash-based symlink. Here's a little script that'll do just that.

The s_client and s_server options provide a way to launchSSL-enabled command-line clients and servers. There are other examplesof their use scattered around this document, but this section isdedicated solely to them.

In this section, I assume you are familiar with the specific protocolsat issue: SMTP, HTTP, etc. Explaining them is out of the scope of thisarticle.

How do I connect to a secure SMTP server?

You can test, or even use, an SSL-enabled SMTP server from the commandline using the s_client option.

Secure SMTP servers offer secure connections on up to three ports: 25(TLS), 465 (SSL), and 587 (TLS). Some time around the 0.9.7 release, theopenssl binary was given the ability to use STARTTLS when talking toSMTP servers.

RFC821 suggests (although itfalls short of explicitly specifying) the two characters '' asline-terminator. Most mail agents do not care about this and accepteither '' or '' as line-terminators, but Qmail does not.If you want to comply to the letter with RFC821 and/or communicate withQmail, use also the -crlf option:

How do I connect to a web server using SNI?

The shortage of IPv4 addresses prompted the development of the HTTP 1.1standard so a single IP address could host multiple name-based virtualservers.

Later, that same shortage of addresses led to the development ofthe Server NameIndication(SNI) extension of the TLS protocol. When using SNI, the clientsends the hostname it wants to contact during the TLS negotiation.An SNI-enabled server is then able to offer the certificate withthe matching hostname for the client to verify.

SNI is enabled in openssl by specifying the -servername option.

How do I connect to a secure [whatever] server?

Connecting to a different type of SSL-enabled server is essentially thesame operation as outlined above. As of the date of this writing,openssl only supports command-line TLS with SMTP servers, so you haveto use straightforward SSL connections with any other protocol.

How do I set up an SSL server from the command line?

The s_server option allows you to set up an SSL-enabled server fromthe command line, but it's I wouldn't recommend using it for anythingother than testing or debugging. If you need a production-qualitywrapper around an otherwise insecure server, check outStunnel instead.

The s_server option works best when you have a certificate; it'sfairly limited without one.

Generating digests with the dgst option is one of the morestraightforward tasks you can accomplish with the openssl binary.Producing digests is done so often, as a matter of fact, that you canfind special-use binaries for doing the same thing.

How do I create an MD5 or SHA1 digest of a file?

Digests are created using the dgst option. I've seen severalsystems on which the OpenSSLdgst(1) manpage does not accurately report the digest functions available viathe local openssl binary. I suggest running openssl dgst -h tosee which digests are actually available.

The MD5 digests are identical to those created with the widely availablemd5sum command, though the output formats differ.

The same is true for SHA1 digests and the output of the sha1sumapplication.

How do I sign a digest?

If you want to ensure that the digest you create doesn't get modifiedwithout your permission, you can sign it using your privatekey. The following example assumes that you want to sign theSHA256 sum of a file called foo-1.23.tar.gz.

How do I verify a signed digest?

To verify a signed digest you'll need the file from which the digest wasderived, the signed digest, and the signer's publickey.

How do I create an Apache digest password entry?

Apache's HTTP digest authentication feature requires a special passwordformat. Apache ships with the htdigest utility, but it will only writeto a file, not to standard output. When working with remote users, it'ssometimes nice for them to be able to generate a password hash on amachine they trust and then mail it for inclusion in your local passworddatabase.

The format of the password database is relatively simple: acolon-separated list of the username, authorization realm (specified bythe Apache AuthName directive), and an MD5 digest of those two items andthe password. Below is a script that duplicates the output ofhtdigest, except that the output is written to standard output. Ittakes advantage of the dgst option's ability to read from standardinput.

What other kinds of digests are available?

Use the built-in list-message-digest-commands option to get a list ofthe digest types available to your local OpenSSL installation.

Like the list in the dgst(1) man page, this list may be outdated.Let the buyer beware!

How do I base64-encode something?

Use the enc -base64 option.

It's also possible to do a quick command-line encoding of a stringvalue:

Note that echo will silently attach a newline character to yourstring. Consider using its -n option if you want to avoid thatsituation, which could be important if you're trying to encode apassword or authentication string.

Use the -d (decode) option to reverse the process.

How do I simply encrypt a file?

Simple file encryption is probably better done using a tool likeGPG. Still, you may have occasion to want toencrypt a file without having to build or use a key/certificatestructure. All you want to have to remember is a password. It can nearlybe that simple—if you can also remember the cipher you employed forencryption.

To choose a cipher, consult the enc(1) manpage. More simply (andperhaps more accurately), you can ask openssl for a list in one of twoways.

After you choose a cipher, you'll also have to decide if you want tobase64-encode the data. Doing so will mean the encrypted data can be,say, pasted into an email message. Otherwise, the output will be abinary file.

To decrypt file.enc you or the file's recipient will need to rememberthe cipher and the passphrase.

If you'd like to avoid typing a passphrase every time you encrypt ordecrypt a file, the openssl(1) man page provides the details under theheading 'PASS PHRASE ARGUMENTS.' The format of the password argument isfairly simple.

How do I interpret SSL error messages?

Poking through your system logs, you see some error messages that areevidently related to OpenSSL or crypto:

The first step to figure out what's going wrong is to use the errstroption to intrepret the error code. The code number is found between'error:' and ':lib'. In this case, it's 0407006A.

If you've got a full OpenSSL installation, including all the developmentdocumentation, you can start your investigation there. In this example,the RSA_padding_add_PKCS1_type_1(3) man page will inform you thatPKCS #1 involves block methods for signatures. After that, of course,you'd need to pore through your application's source code to identifywhen it would expect be receiving those sorts of packets.

How do I generate an RSA key?

Use the genrsa option.

How do I generate a public RSA key?

Use the rsa option to produce a public version of your private RSAkey.

How do I generate a DSA key?

Building DSA keys requires a parameter file, and DSA verify operationsare slower than their RSA counterparts, so they aren't as widely used asRSA keys.

If you're only going to build a single DSA key, you can do so in justone step using the dsaparam subcommand.

If, on the other hand, you'll be creating several DSA keys, you'llprobably want to build a shared parameter file before generating thekeys. It can take a while to build the parameters, but once built, keygeneration is done quickly.

How do I create an elliptic curve key?

Routines for working with elliptic curvecryptography were added to OpenSSL in version0.9.8. Generating an EC key involves the ecparam option.

How do I remove a passphrase from a key?

Perhaps you've grown tired of typing your passphrase every time yoursecure daemon starts. You can decrypt your key, removing the passphraserequirement, using the rsa or dsa option, depending on the signaturealgorithm you chose when creating your private key.

If you created an RSA key and it is stored in a standalone file calledkey.pem, then here's how to output a decrypted version of the same keyto a file called newkey.pem.

Often, you'll have your private key and public certificate stored in thesame file. If they are stored in a file called mycert.pem, you canconstruct a decrypted version called newcert.pem in two steps.

Using the passwd option, you can generate password hashes thatinteroperate with traditional /etc/passwd files, newer-style/etc/shadow files, and Apache password files.

How do I generate a crypt-style password hash?

You can generate a new hash quite simply:

If you know an existing password's 'salt,' you can duplicate the hash.

How do I generate a shadow-style password hash?

Newer Unix systems use a more secure MD5-based hashing mechanism thatuses an eight-character salt (as compared to the two-character salt intraditional crypt()-style hashes). Generating them is stillstraightforward using the -1 option:

The salt in this format consists of the eight characters between thesecond and third dollar signs, in this case sXiKzkus. So you can alsoduplicate a hash with a known salt and password.

Current cryptographic techniques rely heavily on the generation andtesting of prime numbers, so it's no surprise that the OpenSSL librariescontain several routines dealing with primes. Beginning with version0.9.7e (or so), the prime option was added to the openssl binary.

How do I test whether a number is prime?

Pass the number to the prime option. Note that the number returned byopenssl will be in hex, not decimal, format.

You can also pass hex numbers directly.

How do I generate a set of prime numbers?

Starting with OpenSSL version 1.0.0, the openssl binary can generateprime numbers of a specified length:

If you're using a version of OpenSSL older than 1.0.0, you'll have topass a bunch of numbers to openssl and see what sticks. The sequtility is useful in this capacity.

How do I generate random data?

Use the rand option to generate binary or base64-encoded data.

On a Unix box with a /dev/urandom device and a copy of GNU head, ora recent version of BSD head, you can achieve a similar effect, oftenwith better entropy:

You can get a wider variety of characters than what's offered usingBase64 encoding by using strings:

Make sure you know the trade-offs between the random and urandomdevices before relying on them for truly critical entropy. Consult therandom(4) man page on Linux and BSD systems, or random(7D) on Solaris,for further information.

S/MIME is astandard for sending and receiving secure MIME data, especially ine-mail messages. Automated S/MIME capabilities have been added to quitea few e-mail clients, though openssl can provide command-line S/MIMEservices using the smime option.

Note that the documentation in thesmime(1) man pageincludes a number of good examples.

How do I verify a signed S/MIME message?

It's pretty easy to verify a signed message. Use your mail client tosave the signed message to a file. In this example, I assume that thefile is named msg.txt.

If the sender's certificate is signed by a certificate authority trustedby your OpenSSL infrastructure, you'll see some mail headers, a copy ofthe message, and a concluding line that says Verification successful.

If the messages has been modified by an unauthorized party, the outputwill conclude with a failure message indicating that the digest and/orthe signature doesn't match what you received:

Likewise, if the sender's certificate isn't recognized by your OpenSSLinfrastructure, you'll get a similar error:

Openssl 64 Library

Most e-mail clients send a copy of the public certificate in thesignature attached to the message. From the command line, you can viewthe certificate data yourself. You'll use the smime -pk7out option topipe a copy of the PKCS#7 certificate back into the pkcs7 option.It's oddly cumbersome but it works.

If you'd like to extract a copy of your correspondent's certificate forlong-term use, use just the first part of that pipe.

At that point, you can either integrate it into your OpenSSLinfrastructure or you can save it off somewhere forspecial use.

How do I encrypt a S/MIME message?

Let's say that someone sends you her public certificate and asks thatyou encrypt some message to her. You've saved her certificate asher-cert.pem. You've saved your reply as my-message.txt.

To get the default—though fairly weak—RC2-40 encryption, you just tellopenssl where the message and the certificate are located.

If you're pretty sure your remote correspondent has a robust SSLtoolkit, you can specify a stronger encryption algorithm like tripleDES:

By default, the encrypted message, including the mail headers, is sentto standard output. Use the -out option or your shell to redirect itto a file. Or, much trickier, pipe the output directly to sendmail.

How do I sign a S/MIME message?

If you don't need to encrypt the entire message, but you do want to signit so that your recipient can be assured of the message's integrity, therecipe is similar to that for encryption. The maindifference is that you need to have your own key and certificate, sinceyou can't sign anything with the recipient's cert.

Though it takes time to read them all and figure out how they relate toone another, the OpenSSL man pages are the best place to start:asn1parse(1),ca(1),ciphers(1),config(5),crl(1),crl2pkcs7(1),dgst(1),dhparam(1),dsa(1),dsaparam(1),ec(1),ecparam(1),enc(1),errstr(1),gendsa(1),genpkey(1),genrsa(1),nseq(1),ocsp(1),openssl(1),passwd(1),pkcs12(1),pkcs7(1),pkcs8(1),pkey(1),pkeyparam(1),pkeyutl(1),rand(1),req(1),rsa(1),rsautl(1),s_client(1),s_server(1),s_time(1),sess_id(1),smime(1),speed(1),spkac(1),ts(1),tsget(1),verify(1),version(1),x509(1),x509v3_config(5).

This document has been online for well over a decade. Much of itsdevelopment is due to my own curiosity, but several key improvementshave come via unsolicited suggestions from readers. So let me sayexplicitly that comments and suggestions about this document areappreciated and can be addressed to the author at heinlein@madboa.com.

Embed SSL and TLS support into your projects to enhance security with the help of this lightweight cryptography library, which comprises various encryption algorithms

What's new in OpenSSL 1.1.1k:

• OpenSSL 1.1.1k is now available, including bug and security fixes

OpenSSL is a development tool designed to implement the SSL and TLS cryptographic protocols in your projects. The library is developed as open source and can be used on multiple operating systems in order to secure the data transferred over the Internet.

Secure your Internet data transfers

The TLS and SSL protocols are widely used to secure the Internet communication by using data encryption and complex authentication keys in order to ensure the confidentiality of sensitive messages.

OpenSSL aims to provide you with a reliable way to encrypt your data and generate the security keys required to safely transfer the information over the Internet. The main library is developed in C and includes a command line tool that provides access to all the available algorithms and ciphers.

Supports various encryption algorithms

The list of encryption algorithms is extensive and you can use the console to generate personal keys and certificates with Blowfish, MD5, SHA-1, DES or AES. The library also supports public-key cryptography algorithms such as RSA, DSA, and the Diffie–Hellman key exchange method.

Although the download package does not include a documentation, the online resources are extensive and provide you with details about implementing the algorithms. You can also bring your own contribution to the project as a part of the open source community.

The tools included in the package can only be used in the console which might be difficult for the users that are accustomed to graphical interfaces. Moreover, using the library requires solid knowledge about encryption algorithms and cryptography standards.

To end with

However, OpenSSL is a useful tool for generating and managing private keys, public keys or certificates for a large variety of projects.

Filed under

How To Use Openssl

• 32MB RAM
• 200MHz CPU
• 20MB hard drive space
• 128MB RAM
• 500MHz CPU
• 50MB hard drive space

OpenSSL 1.1.1k

Openssl 64 Bit Source Code

runs on:

Windows 10 32/64 bit
Windows 8 32/64 bit
Windows 7 32/64 bit
Windows Vista 32/64 bit
Windows XP 32/64 bit

file size:

55.1 MB

filename:

Win32OpenSSL-1_1_1k.exe

main category:

Programming

developer:

visit homepage

top alternatives FREE

top alternatives PAID