OpenSSL

OpenSSL is a widely used open-source library that provides cryptographic functions and tools to secure network communications and perform various encryption and decryption operations

Basic Usage

Generating cryptographic keys:

OpenSSL can generate different types of cryptographic keys, such as RSA, DSA, and ECDSA. The genrsa command is used to generate an RSA private key. For example:

openssl genrsa -out private.key 2048

Creating a digital certificate:

OpenSSL can be used to generate self-signed certificates or certificate signing requests (CSRs). The req command is used for this purpose. For example, to generate a self-signed certificate:

openssl req -new -key private.key -out certificate.crt

Encrypting and decrypting files:

OpenSSL provides symmetric and asymmetric encryption capabilities. The enc command is used for file encryption and decryption. For example, to encrypt a file using AES-256:

openssl enc -aes-256-cbc -salt -in plaintext.txt -out encrypted.bin

Generating a hash of a file:

OpenSSL can generate message digests or hash values of files using various algorithms such as MD5, SHA-1, and SHA-256. The dgst command is used for this purpose. For example:

openssl dgst -sha256 file.txt

Creating and verifying digital signatures:

OpenSSL can create digital signatures using private keys and verify them using corresponding public keys. The dgst and rsautl commands are used for this purpose. For example, to sign a file using an RSA private key:

openssl dgst -sha256 -sign private.key -out signature.bin file.txt

To verify the signature:

openssl dgst -sha256 -verify public.key -signature signature.bin file.txt

Establishing secure connections (TLS/SSL):

OpenSSL provides utilities for testing and establishing secure connections over networks. The s_client command is used to connect to an SSL/TLS server. For example:

openssl s_client -connect example.com:443

How to extract files using OpenSSL

Set a Listener
Send the file with openssl
We cant extract the file via netcat

Well, we can extract but we can't read it

Generate a private key
Open a listener with the private key
Now we can send the file

As we can see in the example above, not only the "server" must contain the certificates but also the "client". In order to receive the file correctly.

Shadow extracted
Wireshark Results
PreviousPythonNextArticles

Last updated