You won't remember the OpenSSL options, so here's bash shortcuts for everything
certsimple.comOn the one hand, this is really quite good. I'm always interested in making my time at the command line more efficient. If I put this in my shell's config, and remember the function names, I'm golden.
On the other hand, I've learned more from continuing to read the manpages than probably anything else. And the OpenSSL commands that I use frequently, such as connecting to a site with TLS, or checking a certificate chain, can now be easily recalled from memory, and I feel I'm better off for it, especially if I'm at a terminal where my OpenSSL functions might not be installed.
Encrypting files should probably include a salt-per-file, otherwise the same file contents will produce the same ciphertext when the same passphrase is provided.
function openssl-encrypt() {
openssl enc -aes-256-cbc -salt -in "${1}" -out "${2}"
}This is great. Now I just need to remember the shortcuts! I have such a giant collection of bash short cuts in my .bashrc and other dotfiles that I can't seem to remember ANY of them and end up just typing everything out in the end :-)
function openssl-key-to-pin() { openssl rsa -in "${1}" -outform der -pubout | openssl dgst -sha256 -binary | openssl enc -base64 }
function openssl-website-to-pin() { openssl s_client -connect ${1}:443 | openssl x509 -pubkey -noout | openssl rsa -pubin -outform der | openssl dgst -sha256 -binary | openssl enc -base64 }
Awesome - for HPKP?
Yup, exactly. :)
Would probably be more verbose if named:
openssl-key-to-hpkp-pin
openssl-website-to-hpkp-pin
Added and credited :-)
Thanks! And thanks for the article! Lots of great shortcuts, they all made it to my .bashrc ;)
I just sent you an email, I have two more.