Monthly Archives: March 2006

openssl cheat sheet

Generate a 2048 bit keyfile named private.key:
openssl genrsa -out private.key 2048

Take that keyfile and pull out the public key into public.key:
openssl rsa -in private.key -out public.key -pubout

Sign some text with your private key:
openssl dgst -sign private.key -out signature.asc

You can then send source.txt, signature.asc, and public.key and the recipient can verify your signature by doing:
openssl dgst -verify public.key -signature signature.asc

The program will exit with 0 (success) if the signature matches and 1 (failure) if it is incorrect.

Print out stuff in a CSR:
openssl req -noout -text -in certificate.csr

Every need to grab a certificate from somewhere? To grab the certificate for https://www.example.com, do:
openssl s_client -connect www.example.com:443 (then hit ^C out of the interactive shell)