Monday, 29 June 2015

Centos 6/RHEL install/use OpenSSL

Base64 encoding is a standard method for converting 8 bit binary information into a limited subset of ASCII characters for safe transport through e-mail systems and systems that are not 8-bit safe. It is straightforward to encode BAse64 data with OpenSSL.

$ openssl enc -base64 -in myfile -out myfile.b64

$ openssl enc -d -base64 -in myfile.b64 -out myfile.decrypt

Symmetric Encryption/Decryption of Files

Blowfish encrypt

$ openssl enc -e -a -salt -bf -in tomcat.jpg -out tomcat.blowfish

enter bf-cbc encryption password:
Verifying password - enter bf-cbc encryption password:

Blowfish decrypt

$ openssl enc -d -a -bf -in tomcat.blowfish -out tomcat-decrypt.jpg
enter bf-cbc decryption password:

Triple DES encrypt

$ openssl enc -e -a -salt -des3 -in tomcat.jpg -out tomcat.des3

enter des-ede3-cbc encryption password:
Verifying password - enter des-ede3-cbc encryption password:

Triple DES decrypt

$ openssl enc -d -a -des3 -in tomcat.des3 -out tomcat-des3.jpg

Cast 5 encrypt

$ openssl enc -e -a -salt -cast5-cbc -in tomcat.jpg -out tomcat.cast5

enter cast5-cbc encryption password:
Verifying password - enter cast5-cbc encryption password:

Cast 5 decrypt

$ openssl enc -d -a -cast5-cbc -in tomcat.jpg -out tomcat.cast5

If it is not being Emailed you can leave off the -a argument

Cryptographic Hashing Functions

Use these to see if a file has been tampered with.

$ openssl dgst -sha1 -c tomcat.jpg

$ openssl dgst -ripemd160 -c tomcat.jpg

$ openssl dgst -md5 -c tomcat.jpg

S Client SSL?TLS Test Utilty

The S client test utilty lets you test servers that use SSL/TLS with a powerful command line utilty

$ openssl s_client -connect

Once you have connected, you can manually type in any commands you want, such as "GET /" and "HEAD / HTTP/1.0" for secure web servers. There are also options like -no_tls1 and -no_ssl2 that let you specify which version of SSL/TLS that you want to connect with.

The -showcerts and -debug options are also worth a look.