https://old.andunix.net/ 2026-06-03T22:04:28+00:00 https://old.andunix.net/ https://old.andunix.net/_media/favicon.ico text/html 2013-02-04T22:17:21+00:00 Anonymous (anonymous@undisclosed.example.com) https://old.andunix.net/info/cryptography/index Cryptography This guide tries to easily describe the terms used in cryptography. As all pages on this site, it's meant as a mnemonic for myself, but I'm happy if someone else finds it helpful too. cryptography index cryptography guide text/html 2014-11-20T08:13:01+00:00 Anonymous (anonymous@undisclosed.example.com) https://old.andunix.net/info/cryptography/openssl/generate_key Generate a Test Key openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout testkey.key -out testkey.crt Informations about the used arguments from the OpenSSL man page: * req: PKCS#10 certificate request and certificate generating utility. * -x509: this option outputs a self signed certificate instead of a certificate request. This is typically used to generate a test certificate or a self signed root CA. The extensions added to the certificate (if any) are specified in the configurati… text/html 2015-02-11T14:42:38+00:00 Anonymous (anonymous@undisclosed.example.com) https://old.andunix.net/info/cryptography/openssl/download_server_certificate Download a Server Certificate First, load the certificate chain from the server: openssl s_client -showcerts -connect www.example.org:443 </dev/null This will output the whole server certificate chain. Every chertificate ist wrapped between ----- text/html 2015-01-29T09:15:04+00:00 Anonymous (anonymous@undisclosed.example.com) https://old.andunix.net/info/cryptography/openssl/print_signature Print Information about a Signature openssl pkcs7 -in signature.p7s -text -inform DER -print_certs -noout cryptography howto openssl security text/html 2013-02-18T14:27:02+00:00 Anonymous (anonymous@undisclosed.example.com) https://old.andunix.net/info/cryptography/openssl/print_all_certificates_in_a_file Print all certificates in a file This command is especially helpful if you want to use Tomcat-/Java-Keystore-Certificates with the Apache webserver. Use the -print_certs to print all the certificates and then cut the file and store each certificate in a single file. text/html 2014-12-18T15:34:24+00:00 Anonymous (anonymous@undisclosed.example.com) https://old.andunix.net/info/cryptography/openssl/convert_certificate Convert a Certificate Convert DER to PEM openssl x509 -inform der -in testkey.der -out testkey.pem Convert PEM to DER openssl x509 -outform der -in testkey.pem -out testkey.der openssl security cryptography certificate howto text/html 2013-02-04T22:17:20+00:00 Anonymous (anonymous@undisclosed.example.com) https://old.andunix.net/info/cryptography/plaintext Plaintext The plaintext is unencrypted and unsigned text. It's the payload which then get's signed and/or encrypted. Wikipedia defines plaintext as: " In cryptography, plaintext is information a sender wishes to transmit to a receiver. Cleartext is often used as a synonym. Before the computer era, plaintext most commonly meant message text in the language of the communicating parties. Plaintext has reference to the operation of cryptographic algorithms, usually encryption algorithms, and is … text/html 2015-01-29T09:15:22+00:00 Anonymous (anonymous@undisclosed.example.com) https://old.andunix.net/info/cryptography/openssl/print_key Print Information about a Key openssl x509 -inform DER -in testkey.cer -noout -text Informations about the used arguments from the OpenSSL man page: * x509: Certificate display and signing utility. * -inform DER: This specifies the input format normally the command will expect an X509 certificate but this can change if other options such as -req are present. The DER format is the DER encoding of the certificate and PEM is the base64 encoding of the DER encoding with header and footer lines … text/html 2013-02-18T14:26:27+00:00 Anonymous (anonymous@undisclosed.example.com) https://old.andunix.net/info/cryptography/openssl/compare_key_with_certificate Compare a Key with its Certificate Credit for this example goes to “Verifying that a Private Key Matches a Certificate” from the University of Wisconsin Knowledgebase. To see if a key server.key belongs to the certificate server.crt, they need to have the same “modulus” and “exponent”. openssl x509 -noout -text -in server.crt openssl rsa -noout -text -in server.key text/html 2019-01-17T19:19:12+00:00 Anonymous (anonymous@undisclosed.example.com) https://old.andunix.net/info/cryptography/openssl/convert_key Convert a Key Convert P12 to Java Keystore keytool -importkeystore -srckeystore testkey.p12 -srcstoretype pkcs12 -srcalias 1 -destkeystore testkey.jks -deststoretype jks -destalias testkey You can add -deststorepass PASSWORD to set the password on the command line. If you don't, keytool will ask you for a password. text/html 2015-12-09T07:36:40+00:00 Anonymous (anonymous@undisclosed.example.com) https://old.andunix.net/info/cryptography/openssl/print_certificate Print Information about a Certificate openssl x509 -in testkey.crt -noout -text Informations about the used arguments from the OpenSSL man page: * x509: Certificate display and signing utility. * -in testkey.crt: This specifies the input filename to read a certificate from or standard input if this option is not specified. text/html 2013-02-18T13:56:15+00:00 Anonymous (anonymous@undisclosed.example.com) https://old.andunix.net/info/cryptography/openssl/index OpenSSL openssl index cryptography howto guide openssl security text/html 2014-04-28T08:07:54+00:00 Anonymous (anonymous@undisclosed.example.com) https://old.andunix.net/info/cryptography/openssl/debug_server_certificate_from_client Debug Server Certificate from Client Credit for this example goes to “ Checking A Remote Certificate Chain With OpenSSL” from langui.sh. openssl s_client -showcerts -connect www.andunix.net:443 Informations about the used arguments from the OpenSSL man page: * s_client: SSL/TLS client program * -showcerts: display the whole server certificate chain: normally only the server certificate itself is displayed.