In the following examples, we will use openssl commands to
The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured, and Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. The project is managed by a worldwide community of volunteers that use the Internet to communicate, plan, and develop the OpenSSL toolkit and its related documentation. Its web site is at http://www.openssl.org/
OpenSSL is based on the excellent SSLeay library developed by Eric A. Young
and Tim J. Hudson. The OpenSSL toolkit is licensed under an Apache-style license,
which basically means that you are free to get and use it for commercial and
non-commercial purposes subject to some simple license conditions.
Beside the crypto and ssl protocol libraries which can be accessed through API, the OpenSSL toolkit provides the openssl command line tool for using the various cryptography functions of OpenSSL's crypto library from the shell. It can be used for
o Creation of RSA, DH and DSA key parameters
o Creation of X.509 certificates, CSRs and CRLs
o Calculation of Message Digests
o Encryption and Decryption with Ciphers
o SSL/TLS Client and Server Tests
o Handling of S/MIME signed or encrypted mail
http://www.openssl.org/docs/apps/openssl.html provides high level descriptions of the available OpenSSL commands. For detailed description and options of each command, see the man pages in our CS Unix machines using "man openssl" or "man <openssl command>".
Here we only illustrate the use of the following OpenSSL commands:
Since some of these commands requires quite a lot of parameters, a configuration file called openssl.cnf is used to specify the default parameters to be provided to these commands. Examples of default parameter include those of default certificate request values, the directories for saving the certificates, serial number, CA private key and certificate, and crl. In our hw2 directory we provide a sample of such configuration file.
openssl req -new -x509 -keyout private/cakey.pem -out cacert.pem -days 365 -config openssl.cnf
The above req command will create an encrypted private rsa key in pem format and save it in private directory as filename cakey.pem. It also generates a self signed certificate to be used for root CA.
-new
this option generates a new certificate request. It will prompt the
user for the relevant field values. The actual fields prompted for
and their maximum and minimum sizes are specified in the
configuration file and any requested extensions.If the -key option is not used it will generate a new RSA private
key using information specified in the configuration file.
-x509
this option outputs a self signed certificate instead of a
certificate request. This is typically used to generate a test
certificate or a self signed root CA. The extensions added to the
certificate (if any) are specified in the configuration file.
-keyout filename
this gives the filename to write the newly created private key to.
If this option is not specified then the filename present in the
configuration file is used.
-out filename
This specifies the output filename to write to or standard output
by default. In this case, the output file will contain the self-signed certificate.
-days n
when the -x509 option is being used this specifies the number of
days to certify the certificate for. The default is 30 days.
-config filename
this allows an alternative configuration file to be specified, this
overrides the compile time filename or any specified in the
OPENSSL_CONF environment variable.
When you run the above command, you will see the following prompt
[cs691@blanca ex2]$ openssl req -new -x509 -keyout
private/cakey.pem -out cacert.pem -days 365 -config openssl.cnf
Using configuration from openssl.cnf
Generating a 1024 bit RSA private key
.............................++++++
..................................................................++++++
writing new private key to 'private/cakey.pem'
Enter PEM pass phrase: xxxxxx
At this point, req command is asked you to enter the password for encrypted the RSA private key using DES format. Enter the password we used in hw1 exercise.
Verifying password - Enter PEM pass phrase: xxxxxx
retype the password to confirm it.
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
Note that here you are asked to enter those required
values to be included in the certificate.
The following default values are from the openssl.cnf file.
Just hit enter to accept the default values.
We overwrite the values for Organizational Unit Name, Common Name, and Email
Address. You can choose your own values.
-----
Country Name (2 letter code) [US]:
State or Province Name (full name) [Colorado]:
Locality Name (eg, city) [Colorado Springs]:
Organization Name (eg, company) [University of Colorado at Colorado Springs]:
Organizational Unit Name (eg, section) [CS526]:CS691
Common Name (eg, YOUR name) [Edward Chow]:CS691CA
Email Address [chow@cs.uccs.edu]:cs691@cs.uccs.edu
[cs691@blanca ex2]$
The following is the content of the private/cakey.pem
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,EEC5FF75AC6E6743
azdowx+bhgR8ff5EPh8DfQK+zVyta4YOa3FpBJsU2ykGzSOihPaY2dNQFJPnJgDh
2CNVuz0M6qc1lPlsshUwTYeMyD0kqrWnah9dXMTNI4O+n2KQ4WIqEpS+gCFjmIlR
QLbE84Nqx1JkjJlFtUDR1mTiz5NC8EC8h8OWpEFswYJ7Xa5Jc/v8eeX99tUw60/8
LGUC0p03A62uUx0/KCaausybffx9npTFZcCf/O/y29ERaGTaAD8z+Eq1CLWjJUMH
AqtOi2M4mXnx/RDgz6+oHAzWlaSYyqHyMXP3+w+jH2eZPabt52J/SXMOJ1WGd5Cb
iQYwduxc8JO80cfqEFc2FqMbPMqRsoEjsarY6X3GTO9prJIw+Q37DR8LsiLiFY9/
M3SlOD8WD6mRr+hJR0UA3tcfMNSFlGgbjAJSdVbxNaEaS+/lI+Q500YMkj8owsWk
Ozahdw923XGw1MVthLaJ+n8HZMQVJDusxjVsaUiLlQc2m/RfAI4yxhHdxVF6gyFc
qGcOggJl7EOKwvWTRlLlYGHqaLj+o0moUqS1qx3+GTAorZP/4Fl5xm4KxVmKQ/4U
6C2Qfr1hv+yNL9asLitUCPWmEusZWNgv5WE3bkqCUwdB1TPGBwBFgstTjAfuTBfx
hgAFTwnnI/IIYTY0w1WGPh3A8YcySTMI3I9hs6qxkYfrJsxoxtgNo109wgg8lC6N
cVnAZIe0v+G6RUFMVIr2n7D9PzEM/gFCcOWtnBXcklzclAUJ1tjhQ8Yjd3G1uVgB
Tqf0bcWWPTWjW0vmO6jbPbxcn6f8xIm9YfqhY/9H65qNVABcbvJd7A==
-----END RSA PRIVATE KEY-----
It is defined in RFC 1421, 1422, 1423, and 1424. Can contain all of private keys (RSA and DSA), public keys (RSA and DSA) and (x509) certificates. It is the default format for OpenSSL. It stores data Base64 encoded DER format, surrounded by ascii headers, so is suitable for text mode transfers between systems.
This is one of ASN.1 encoding rules. Can contain all of private keys, public
keys and certificates. It stored according to the ASN1 DER format. It is headerless
- PEM is text header wrapped DER. It is the default format for most browsers.
See ASN.1 encoding rules
Specification of Basic Encoding Rules (BER), Canonical Encoding Rules (CER)
and Distinguished Encoding Rules (DER)
ITU-T Rec. X.690 (1997) | ISO/IEC 8825-1:1998.
The pem file format begins with a header line
-----BEGIN RSA PRIVATE KEY-----
It indicates the file contains a RSA PRIVATE KEY and ends with footnote
-----END RSA PRIVATE KEY-----
The first header indicates this is an encrypted private key. The 2nd header provides more detailed info about the encryption method and encrypted password.
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,EEC5FF75AC6E6743
The following command renames the cakey.pem as cakey.pem.enc (enc stands for
encrypted private key)
cp private/cakey.pem private/cakey.pem.enc
The following command generates the unencrypted private key for signing. You
will be asked to enter the pass phrase.
The unencrypted private key is save as private/cakey.pem.
openssl rsa -in private/cakey.pem.enc -out private/cakey.pem
Here is the execution result of the above command:
[cs691@blanca ex2]$ cp private/cakey.pem private/cakey.pem.enc
[cs691@blanca ex2]$ openssl rsa -in private/cakey.pem.enc -out private/cakey.pem
read RSA key
Enter PEM pass phrase: XXXXXX
Here you should enter the pass phrase (using the same
password we used in hw1).
writing RSA key
[cs691@blanca ex2]$
The cakey.pem now contained the unencrypted private key of CA.
-----BEGIN RSA PRIVATE KEY-----
MIICXQIBAAKBgQDnKbZiREd8+JDBjb5K372/V81vAHpUNoOY65Xuoguz8CoQIOtu
E+T+T9fdVPY9FIu0f78x6RTx/8xoqWwt08N5kSSO3qD+36ufdQiCpLBXPqQEMYpH
YWm4QorTjjUsuU1YE+MQIM3Csqk4xmUPEBTdv5K0+BeMkqvYB1A3Jao2dwIDAQAB
AoGBALg61z9z2WGxHHUVyW4U6T3A9VodEGFjXPgX8dNQ1HDg3DUkd12wf1VrPsgH
+YNuh3UgRrm5YFcKHdfgBvZzChqqHvHrIst0Os/6Zx4iMNR3l1hSH8H/3cY5aeNU
ZGOUIncFdiuw98fzjAxYXCjHlIqurgTfiMPW2zq4zQtMiYJZAkEA9HWuuJJQAKhH
3tf9ntinVcxAnVWiDeMjDwseongQx7oE6vxukgqOrczM3LWDEBV57y9ODklXGcyI
4KPdeLyOawJBAPITVmCk4DFeTKzh0RbseutjNN2InoZtRuWi3XLH4yPPCWK9gOUK
8aib0qgoYMbTxZvQP1jmdW0dHd+KsUsTIyUCQC/+xu3/8+sdHvc2itncCYaD0o/R
Vz7IwIJcmYgmcIz2Da8hHohXwEmJMxOGI5RN0yHNtNKDPbGYAauxIHNq+b8CQHva
rvgVg2te3wYZJ3x+E8n5YSPzcYA/yuVU9c5zPOCmXhv570fA2LG2wAovVoyD73fw
DWkzyGLCYfVspZdOvE0CQQC1CTmZ+NRCIiDJM4Ymtl80ALeWtnbbmqUrsvEUYpHq
tcx8AR8bhdiZ+B6blDFiSCJt1B9yEla23wIbUsHv1ZIk
-----END RSA PRIVATE KEY-----
Note that there is not header indicates it is encrypted as the cakey.pem.enc
file.
# the following shows how a server keys and x509 certificate request
# can be created and how CA can use openssl to sign the certificate for server
# to use
#
The following req command generate private key and certificate for user CS691.
openssl req -nodes -new -x509 -keyout cs691privatekey.pem -out cs691req.pem
-days 365 -config openssl.cnf
The req command differs only slightly with the req command we used to create
private key and certificate of CA.
It includes an additional option -nodes.
-nodes
if this option is specified then if a private key is created it
will not be encrypted.
We then use the following x509 command to generate the certificate request
given the certificate and the private key of CS691.
openssl x509 -x509toreq -in cs691req.pem -signkey cs691privatekey.pem -out cs691certrequest.pem
Here the description of the related options for this x509 command:
-x509toreq
converts a certificate into a certificate request. The -signkey
option is used to pass the required private key.
-in filename
This specifies the input filename to read a certificate from or
standard input if this option is not specified. Here cs691req.pem is the certificate generated by the previous req command.
-out filename
This specifies the output filename to write to or standard output
by default. Here the output file contains the certificate request generated.
-signkey filename
this option causes the input file to be self signed using the
supplied private key. Here we used the private key of CS691 to sign the certificate request.If the input file is a certificate it sets the issuer name to the
subject name (i.e. makes it self signed) changes the public key to
the supplied value and changes the start and end dates. The start
date is set to the current time and the end date is set to a value
determined by the -days option. Any certificate extensions are
retained unless the -clrext option is supplied.If the input is a certificate request then a self signed
certificate is created using the supplied private key using the
subject name in the request.
After the certificate request (cs691certrequest.pem) is generated, we send
it over Email to the CA such as verisign.
In our case, we also serve as a CA. Therefore this email sending step is skipped.
When CA receives a certificate request, it saves it in a file and perform the following ca command. In our simplified case, the certificate request file, cs691certrequest.pem is in the same hw2 directory.
openssl ca -config openssl.cnf -policy policy_anything -out cs691signedcert.pem -infiles cs691certrequest.pem
-policy arg
this option defines the CA "policy" to use. This is a section in
the configuration file which decides which fields should be
mandatory or match the CA certificate. Check out the POLICY FORMAT
section for more information. Note that in openssl.cnf there are sections that matches with the name of arg.
For example, openssl.cnf contains the following two sections (policy_match and policy_anything):# For the CA policy
[ policy_match ]
countryName = match
stateOrProvinceName = match
organizationName = match
organizationalUnitName = optional
commonName = supplied
emailAddress = optional# For the 'anything' policy
# At this point in time, you must list all acceptable 'object'
# types.
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
If the policy_match is specified, then the certificate request's CountryName, stateOrProvinceName, and organizationName must be the same as that of the CA, i.e., the CA will not sign the certificate request not from the same organization.
If the policy_anything is specified, then the CA is willing to sign certificate requests from anybody.
-infiles
if present this should be the last option, all subsequent arguments
are assumed to the the names of files containing certificate
requests. For multiple certificate requests, -outdir are often used to specify the directory that will contain the signed certificate files.
-out filename
the output file to output certificates to. The default is standard
output. The certificate details will also be printed out to this
file.
Note that here the CA certificate file and CA private key file are provided through the default parameters in the openssl.cnf file.
# create rsa private/public keys and certificate and perform encryption using
# public key an decryption using private key
cp cs691privatekey.pem cs691/private/cs691privatekey.pem
The following command is used to generate the public key from the private key.
openssl rsa -in cs691/private/cs691privatekey.pem -passin
pass:cs03se -pubout -out cs691/public/cs691publickey.pem
-in specify the private key
-passin specify the pass phrase used to decrypt the encrypted private key. Actually in this case, the cs691privatekey.pem is not encrypted. cs03se is the password.
-pubout
by default a private key is output: with this option a public key
will be output instead. This option is automatically set if the
input is a public key.
openssl rsautl -encrypt -pubin -inkey cs691/public/cs691publickey.pem -in plain.txt
-out cipher.txt
Here we use rsautl command with the publickey of CS691 to encrypt the plain.txt block as cipher.txt block. Note for this command, we are not allowed to have long plain.txt file.
openssl rsautl -decrypt -inkey cs691/private/cs691privatekey.pem -in cipher.txt
-out plainRcv.txt
The above command is used to decrypt the cipher.txt using the private key of
CS691.
The plainRcv.txt should match with that of plain.txt.
# create, sign, and verify message digest
openssl sha1 -out digest.txt plain.txt
Given the plain.txt, the above command generates the SHA-1 based message digest in digest.txt file.
openssl sha1 -sign cs691/private/cs691privatekey.pem -out rsasign.bin plain.txt
Given the plain.txt, the above command generates the SHA-1 based hash and then sign it with the private key of CS691. The signed hash is save in rsasign.bin (binary data) file.
openssl sha1 -verify cs691/public/ cs691publickey.pem -signature rsasign.bin
plain.txt
Given the plain.txt and the signed hash received, the above command verified if it is indeed signed by CS691 using its public key and indeed the hash is correct.
[cs691@sanluis ex2]$ openssl sha1 -verify cs691publickey.pem -signature rsasign.bin
plain.txt
Verified OK