docs.daveops.net

Snippets for yer computer needs

Public Key Infrastructure

OpenSSL

RSA key processing

# Generate a private key
openssl genrsa -out private_key.pem 2048
# Make a new public key
openssl rsa -pubout -in private_key.pem -out public_key.pem
# Get info on private key
openssl rsa -text -in private_key.pem

Generate Certificate Signing Request

openssl req -new -key private_key.pem -out cert.csr

Self-sign a certificate

openssl req -x509 -key private_key.pem -in cert.csr -out cert.crt

Get certificate details

openssl x509 -in certificate.crt -text -noout

Create a CA

# Create a root CA key
openssl genrsa -out rootCA.key 2048
# Create a self-signed CA certificate
openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 365 -out rootCA.pem
# Sign a request
openssl x509 -req -in request.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out requested.crt -days 500 -sha256

Cross-signing certs with multiple CA’s

Testing an SNI certificate

openssl s_client -servername example.com -connect example.com:443

GPG

Generate GPG keypair

gpg --gen-key

Export the public key

gpg --armor --export user@example.com > user.gpg.pub

Encrypt a file

gpg --encrypt --recipient user@example.com --output <file>.gpg <file>

Decrypt a file

gpg --output <file> --decrypt <file>.gpg

Show key fingerprints

gpg --list-keys --fingerprint
# Show 32-bit fingerprints
gpg --list-keys --fingerprint --keyid-format=short

Verify signature of document

# Compressed, signed doc
gpg --output doc --decrypt doc.sig
# Detached signature
gpg --verify doc.sig doc

Generate a subkey

gpg --edit-key KEYNAME
gpg> addkey

List private keys

gpg --list-secret-keys
# A # after the letters sec means that the secret key is not usable

Deleting keys

gpg --delete-key USERNAME
gpg --delete-secret-key USERNAME