• Home
• 2023⌄
• 2021⌄
• 2020⌄
• 2019⌄
• 2017⌄
• 2016⌄
• 2015⌄
• 2014⌄
  • LVM Snapshotting
  • Useful OpenSSL Commands
  • jspwgen
  • Net Neutrality
  • Apache: PFS and SNI
  • How to Study
  • Security vs. Usability
  • Readable IDs
  • SafeCurves
• Login

Useful OpenSSL Commands

I often find myself browsing various pages when trying to do simple things like generate a new key for a web server or a certificate signing request for the new key. Granted, there is good documentation on various sites (like http://www.madboa.com/geek/openssl/ or http://www.akadia.com/services/ssh_test_certificate.html) but there is always missing something. Whenever anything below is stated as "good" this is at the time of writing (August 2014).

Generate RSA key for web server:

openssl genrsa -camellia256 -out server.key 4096

• Use -camellia256 (similar to aes, but with fewer broken rounds) for key encryption. Usually, the examples advertise -des3, which is old, ugly and weak.
• Use 4096 bits for the key. Usually, examples advertise 1024 bit keys, that is equivalent to 80 bits of security [wiki] and thus very weak. Most (all good) CAs already support keys of this size, StartSSL even does it for free.

Generate CSR for a key:

openssl req -new -key server.key -out server.csr -sha256

• This uses sha256 as hash function instead of the default sha1. sha256 is part of the sha2 family of functions that are more secure than sha1; also, sha1 has a hash size of 160 bits, making it vulnerable to birthday attack brute force collisions. [wiki]

View a CSR:

openssl req -noout -text -in server.csr

• This is useful to check which hash function was used for the CSR. If you see it should say something like 'sha256WithRSAEncryption' or 'sha1WithRSAEncryption'. If you see anything with md5 or md4, your alarm bells should go off.

View a certificate:

openssl x509 -noout -text -in server.crt

• You get that certificate from the certificate authority to which you submitted your certificate signing request (CSR). With this command you can inspect the certificate. Check the signature algorithm, it should NOT be anything of md5 or md4 or older. sha256, other members of the sha2 family, sha1, or (in the future) sha3 are fine.

Generate a TLSA entry for a certificate for the DNS server, using sha256 as hash function:

openssl x509 -in server.crt -outform der | openssl sha256

or

openssl x509 -in server.crt -outform der | sha256sum

• Basically this is just the sha256 hash of the certificate in DER format. Usually, a certificate comes in PEM format, which is just base64 encoded DER with the familiar headers and footers ('-----BEGIN CERTIFICATE-----' and '-----END CERTIFICATE-----').

TLSA header format for a hash as generated above:

_443._tcp.server.org. IN TLSA 3 0 1 84bceb6a5fa5ec97cc3417d1f38deef0d6329d6efaad9288aaab6a55d7be40cf

• A nice overview of TLSA can be found on http://blog.huque.com/2012/10/dnssec-and-certificates.html this great blog entry and the "official", of course a bit less readable rfc on http://tools.ietf.org/html/rfc6698.