Questions tagged [openssl]

OpenSSL is an open-source implementation of basic cryptographic primitives, X.509 certificate utilities, and SSL and TLS protocols.

OpenSSL is an open-source implementation of the SSL and TLS protocols. It is written in C and it implements basic cryptographic functions. Wrappers are available for a wide variety of computer languages.

For the typical security developer, openssl is the go-to library/API for cryptographic operations, certificate-related utilities, and SSL/TLS implementations. Openssl has a reputation of being reliable and fast, and is often considered to be the reference implementation that other crypto implementations are checked against.

Project homepage: https://www.openssl.org/

Source code: https://github.com/openssl/openssl

1302 questions
57
votes
2 answers

What do the dots and pluses mean when OpenSSL generates keys?

When OpenSSL generates keys you'll always see a series of periods/dots (.) and pluses (+). openssl dhparam -text -noout -outform PEM -5…
Evan Carroll
  • 2,811
  • 5
  • 25
  • 40
24
votes
2 answers

Expecting: TRUSTED CERTIFICATE while converting pem to crt

I am trying to generate a private-public key pair and convert the public key into a certificate which can be added into my truststore. To generate private & public key: openssl rsa -in private.pem -outform PEM -pubout -out public_key.pem Now I am…
user1692342
  • 351
  • 1
  • 2
  • 6
14
votes
1 answer

Purpose of RANDFILE in OpenSSL?

What is the purpose of the RANDFILE in an OpenSSL configuration file (specifically, the ca section)? The man page entry, config, just describes this as: At startup the specified file is loaded into the random number generator, and at exit 256…
Jonathan Wilbur
  • 565
  • 1
  • 5
  • 12
13
votes
1 answer

What encryption is applied on a key generated by `openssl req`?

When a key is generated with openssl genrsa, the encryption is selected with a command line argument such as -aes128. After the key is generated, we can see what encryption was used in the file. Ex: cat host.key -----BEGIN RSA PRIVATE…
Philippe A.
  • 233
  • 2
  • 6
11
votes
1 answer

"acceptable client certificate CA names" OpenSSL

What does the Acceptable client certificate CA names line mean in OpenSSL? When I connect via OpenSSL I can see the server certificate and Acceptable client certificate CA names that's listing various root CA.
cyzczy
  • 1,578
  • 5
  • 23
  • 42
8
votes
1 answer

OpenSSL TLS 1.1 Cipher Suites

https://www.openssl.org/docs/apps/ciphers.html listed a set of cipher suites supported by different protocol versions, but I don't see a TLS 1.1 list. Anybody could help me to understand where to get a lit of cipersuites supported by OpenSSL TLS…
hardywang
  • 225
  • 1
  • 3
  • 6
8
votes
2 answers

Determine if a server is asking for a client certificate using openssl s_client

I am using openssl to connect to servers to detect if they require a client certificate. Currently I am using this command: openssl s_client -connect pokyloky.com:5222 -state 2>&1 | grep 'server certificate request' SSL_connect:SSLv3 read server…
Cybergibbons
  • 1,251
  • 2
  • 9
  • 21
7
votes
1 answer

OpenSSL 1.1.1d - how does it compare to BoringSSL now?

There are plenty of comparisons, but most of them are for older versions of OpenSSL. Apparently OpenSSL fixed a lot of infamous vulnerabilities, and cleaned up the code and the build process. As of today (OpenSSL 1.1.1d), how does OpenSSL compare to…
Rahul
  • 171
  • 3
6
votes
2 answers

Lost passphrase recovery for SSL

Today is friday and I'm a desperate sysadmin. I issued a demand of certificate for an HTTPS server, and just received it after more than a long week of waiting, but while my request was processed I lost the passphrase that secured my private…
Nicocube
  • 163
  • 1
  • 1
  • 5
5
votes
0 answers

How to know if I'm using openSSL properly

I would like to know how I can be sure that I am using openSSL the right way. You all know how the openSSL documentation is hard to read. I know that everybody has different goals when using this library, but is there a way to test that for instance…
Jacques
  • 595
  • 1
  • 5
  • 12
5
votes
2 answers

openssl - generating rsa key pair - public key

I am trying to generate RSA 1024 key pair (public/private) using the following command openssl genrsa -des3 -out server.key 1024 In the server.key file, only RSA private block is there, so where does the public key go ?
Jake
  • 1,095
  • 3
  • 12
  • 20
5
votes
1 answer

Can OpenSSL decrypt the encrypted signature in an Amazon Alexa request to a web service?

We're using OpenSSL to parse and verify the certificate and signature that Amazon's Alexa sends to external web services, following their list of requirements in the instructions here. We're successfully extracting the public key, checking the…
4
votes
1 answer

OpenSSL with AES-256-CTR cipher

I have installed OpenSSL on my OS X box and it provides the AES-256-CTR cipher. When I install OpenSSL on Windows, then the AES-256-CTR cipher isn't available. Can anyone explain why there is a difference? I need the AES-CTR cipher, because it works…
Ramon de Klein
  • 181
  • 1
  • 7
4
votes
2 answers

How can I interpret openssl speed output?

I ran openssl speed on my Ubuntu computer. Some results: Doing md4 for 3s on 16 size blocks: 9063888 md4's in 3.00s Doing md4 for 3s on 64 size blocks: 7105157 md4's in 3.00s Doing md4 for 3s on 256 size blocks: 4507884 md4's in 3.00s Doing md4 for…
mazix
  • 195
  • 1
  • 7
4
votes
2 answers

Generating private key from hex string with openssl

Is there a quick way to take a set of numbers and encode it as a private key with openssl command line? Inventing the CLI interface openssl genpkey -fromhex 'FFFFFFFFF' -algorithm RSA edit: of course any random numbers wouldn't always fit (depends…
Elazar Leibovich
  • 539
  • 2
  • 7
  • 14
1
2 3 4 5 6