parent
874ec1b980
commit
7289d3c81c
36
README.md
36
README.md
|
@ -2539,7 +2539,7 @@ openssl s_client -connect ${_host}:443 -tls1_3 -sess_in session.pem -early_data
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
# _len: 2048, 4096
|
# _len: 2048, 4096
|
||||||
( _fd="private.key" ; _len="4096" ; \
|
( _fd="private.key" ; _len="2048" ; \
|
||||||
openssl genrsa -out ${_fd} ${_len} )
|
openssl genrsa -out ${_fd} ${_len} )
|
||||||
```
|
```
|
||||||
|
|
||||||
|
@ -2548,7 +2548,7 @@ openssl genrsa -out ${_fd} ${_len} )
|
||||||
```bash
|
```bash
|
||||||
# _ciph: des3, aes128, aes256
|
# _ciph: des3, aes128, aes256
|
||||||
# _len: 2048, 4096
|
# _len: 2048, 4096
|
||||||
( _ciph="aes128" ; _fd="private.key" ; _len="4096" ; \
|
( _ciph="aes128" ; _fd="private.key" ; _len="2048" ; \
|
||||||
openssl genrsa -${_ciph} -out ${_fd} ${_len} )
|
openssl genrsa -${_ciph} -out ${_fd} ${_len} )
|
||||||
```
|
```
|
||||||
|
|
||||||
|
@ -2584,7 +2584,7 @@ openssl rsa -pubout -in ${_fd} -out ${_fd_pub} )
|
||||||
###### Generate private key and CSR
|
###### Generate private key and CSR
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
( _fd="private.key" ; _fd_csr="request.csr" ; _len="4096" ; \
|
( _fd="private.key" ; _fd_csr="request.csr" ; _len="2048" ; \
|
||||||
openssl req -out ${_fd_csr} -new -newkey rsa:${_len} -nodes -keyout ${_fd} )
|
openssl req -out ${_fd_csr} -new -newkey rsa:${_len} -nodes -keyout ${_fd} )
|
||||||
```
|
```
|
||||||
|
|
||||||
|
@ -2678,6 +2678,17 @@ For more information please look at these great explanations:
|
||||||
openssl ecparam -list_curves
|
openssl ecparam -list_curves
|
||||||
```
|
```
|
||||||
|
|
||||||
|
###### Print ECDSA private and public keys
|
||||||
|
|
||||||
|
```bash
|
||||||
|
( _fd="private.key" ; \
|
||||||
|
openssl ec -in ${_fd} -noout -text )
|
||||||
|
|
||||||
|
# For x25519 only extracting public key
|
||||||
|
( _fd="private.key" ; _fd_pub="public.key" ; \
|
||||||
|
openssl pkey -in ${_fd} -pubout -out ${_fd_pub} )
|
||||||
|
```
|
||||||
|
|
||||||
###### Generate ECDSA private key
|
###### Generate ECDSA private key
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
|
@ -2690,18 +2701,7 @@ openssl ecparam -out ${_fd} -name ${_curve} -genkey )
|
||||||
openssl genpkey -algorithm ${_curve} -out ${_fd} )
|
openssl genpkey -algorithm ${_curve} -out ${_fd} )
|
||||||
```
|
```
|
||||||
|
|
||||||
###### Print ECDSA private and public keys
|
###### Generate private key and CSR (ECC)
|
||||||
|
|
||||||
```bash
|
|
||||||
( _fd="private.key" ; \
|
|
||||||
openssl ec -in ${_fd} -noout -text )
|
|
||||||
|
|
||||||
# For x25519 only extracting public key
|
|
||||||
( _fd="private.key" ; _fd_pub="public.key" ; \
|
|
||||||
openssl pkey -in ${_fd} -pubout -out ${_fd_pub} )
|
|
||||||
```
|
|
||||||
|
|
||||||
###### Generate private key with CSR (ECC)
|
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
# _curve: prime256v1, secp521r1, secp384r1
|
# _curve: prime256v1, secp521r1, secp384r1
|
||||||
|
@ -2714,7 +2714,7 @@ openssl req -new -key ${_fd} -out ${_fd_csr} -sha256 )
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
# _len: 2048, 4096
|
# _len: 2048, 4096
|
||||||
( _fd="domain.key" ; _fd_out="domain.crt" ; _len="4096" ; _days="365" ; \
|
( _fd="domain.key" ; _fd_out="domain.crt" ; _len="2048" ; _days="365" ; \
|
||||||
openssl req -newkey rsa:${_len} -nodes \
|
openssl req -newkey rsa:${_len} -nodes \
|
||||||
-keyout ${_fd} -x509 -days ${_days} -out ${_fd_out} )
|
-keyout ${_fd} -x509 -days ${_days} -out ${_fd_out} )
|
||||||
```
|
```
|
||||||
|
@ -2822,14 +2822,14 @@ openssl x509 -noout -text -in ${_fd} )
|
||||||
openssl req -text -noout -in ${_fd_csr} )
|
openssl req -text -noout -in ${_fd_csr} )
|
||||||
```
|
```
|
||||||
|
|
||||||
###### Check whether the private key and the certificate match
|
###### Check the private key and the certificate are match
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
(openssl rsa -noout -modulus -in private.key | openssl md5 ; \
|
(openssl rsa -noout -modulus -in private.key | openssl md5 ; \
|
||||||
openssl x509 -noout -modulus -in certificate.crt | openssl md5) | uniq
|
openssl x509 -noout -modulus -in certificate.crt | openssl md5) | uniq
|
||||||
```
|
```
|
||||||
|
|
||||||
###### Check whether the private key and the CSR match
|
###### Check the private key and the CSR are match
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
(openssl rsa -noout -modulus -in private.key | openssl md5 ; \
|
(openssl rsa -noout -modulus -in private.key | openssl md5 ; \
|
||||||
|
|
Loading…
Reference in New Issue