openssl

openssl

September 7, 2023 | permanent

tags :

Summary #

OpenSSL is a cryptography toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) network protocols and related cryptography standards required by them.

The openssl program is a command line program for using the various cryptography functions of OpenSSL’s crypto library from the shell. It can be used for

  • Creation and management of private keys, public keys and parameters
  • Public key cryptographic operations
  • Creation of X.509 certificates, CSRs and CRLs
  • Calculation of Message Digests and Message Authentication Codes
  • Encryption and Decryption with Ciphers
  • SSL/TLS Client and Server Tests
  • Handling of S/MIME signed or encrypted mail
  • Timestamp requests, generation and verification

ref: From man pages

ecparam or ec parameter #

ref ec parameter manipulation and generation EC : Elliptic Curve, related to ECC

-name #

openssl ecparam -list_curves

gives lists currently implemented list parameters

-conv_form #

This specifies how the points on the elliptic curve are converted into octet strings. Possible values are: compressed, uncompressed (the default value) and hybrid. For more information regarding the point conversion forms please read the X9.62 standard. Note Due to patent issues the compressed option is disabled by default for binary curves and can be enabled by defining the preprocessor macro OPENSSL_EC_BIN_PT_COMP at compile time.

Debugging SSL issues? #

ref

openssl s_client -connect google.com:443 -showcerts

Start Time: 1632912777
Timeout   : 7200 (sec)
Verify return code: 21 (unable to verify the first certificate)
Extended master secret: yes

Useful command #

Signing and verifying signature #

invoicing-apis used these to create signature and verify it with public key

ec-private-key.pem should be in PEM format

# create public key from private key
openssl ec -in azmx-privatekey.pem  -pubout -out public_key.pem

# sign with private key
openssl dgst -sha256 -sign ec-private-key.pem -out signature.bin message.txt

# convert signature in binary format to base64
openssl base64 -in signature.bin -out signature.base64

# verify the signature
openssl dgst -sha256 -verify publickey.pem -signature data.txt.signature data.txt

Generate private key with ec and secp521r1 or secp256r1 algorithm #

openssl ecparam -genkey -name secp256k1  -out azmx-ec-private.pem
openssl ecparam -genkey -name secp521r1  -out azmx-ec-private.pem

Creating public key from private key from CSR #

openssl ec -in private-key.pem -pubout -out public-key.pem

Create CSR with private key #

openssl req -new -sha256 -key azmx-ec-private.pem -config csr-config.cnf -out azmx-csr.csr
# csr gets created in pem format

ec algorithm exists to use with openssl #

openssl ecparam -list_curves
# or
openssl ecparam -list_curves | grep secp521r1
# make sure it exists for fatoorah

Links to this note

Calendar September 11, 2023

Go to random page

Previous Next