CTB Appendix OpenSSL en
CTB Appendix OpenSSL en
Table of Contents
Table of Contents 1
3 Index 29
Page 1
1 Short Introduction into the CLI openssl
$ openssl
OpenSSL> version
To get complete version information including the used compiler flags during building OpenSSL, use the option
-a:
1
Also see https://www.openssl.org/ and https://en.wikipedia.org/wiki/OpenSSL. We provide further commented links at the end
of this appendix on page 27.
2
In contrast to the command line tool gpg from GNU Privacy Guard (https://en.wikipedia.org/wiki/GNU_Privacy_Guard), which is
also very popular, openssl also allows calls that go into great detail. At gpg, the focus is only on the cipher suites that are in practical use.
To our knowledge, simply encrypting exactly one block without padding as in OpenSSL example 1.11.1 of the book does not work with
gpg. On the other hand, also with OpenSSL, you can call for example RSA and TLS only with certain minimum sizes (such as 512 bit
for the length of the RSA modulus).
3
You can update OpenSSL via sudo apt-get install openssl, but mind that this pre-packed version can have major differences
compared to the newest stable version that you have to build from source code (when writing the first version of this appendix, we got
with apt-get under Ubuntu 18.04 the OpenSSL major version 1.1.1 dated from September 11, 2019, whereas the last stable version
had been the minor version 1.1.1g from April 4, 2020).
Page 2
1 Short Introduction into the CLI openssl
$ openssl version -a
OpenSSL 1.1.1 11 Sep 2018
built on: Wed May 27 19:15:54 2020 UTC
platform: debian-amd64
options: bn(64,64) rc4(16x,int) des(int) blowfish(ptr)
compiler: gcc -fPIC -pthread -m64 -Wa,--noexecstack -Wall -Wa,--noexecstack -g -O2
-fdebug-prefix-map=/build/openssl-dyPhHZ/openssl-1.1.1=. -fstack-protector-strong
-Wformat -Werror=format-security -DOPENSSL_USE_NODELETE -DL_ENDIAN
-DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2
-DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5
-DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM
-DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM
-DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM
-DPADLOCK_ASM -DPOLY1305_ASM -DNDEBUG -Wdate-time -D_FORTIFY_SOURCE=2
OPENSSLDIR: "/usr/lib/ssl"
ENGINESDIR: "/usr/lib/x86_64-linux-gnu/engines-1.1"
Seeding source: os-specific
The output that follows this command is divided into three groups: the standard commands, the message digest
commands and the cipher commands4 .
Standard commands
asn1parse ca ciphers cms
crl crl2pkcs7 dgst dhparam
dsa dsaparam ec ecparam
enc engine errstr gendsa
genpkey genrsa help list
nseq ocsp passwd pkcs12
pkcs7 pkcs8 pkey pkeyparam
pkeyutl prime rand rehash
req rsa rsautl s_client
s_server s_time sess_id smime
speed spkac srp storeutl
ts verify version x509
Message Digest commands (see the 'dgst' command for more details)
blake2b512 blake2s256 gost md4
md5 rmd160 sha1 sha224
sha256 sha3-224 sha3-256 sha3-384
sha3-512 sha384 sha512 sha512-224
sha512-256 shake128 shake256 sm3
4
However, not included in the enc-list is e. g. the encryption procedure ChaCha20, which in openssl you can only call from within
cipher suites and in combination with MAC Poly1305.
Page 3
1 Short Introduction into the CLI openssl
All standard commands have options. To show them, enter something like:
$ openssl x509 -help
$ openssl enc -help
The symmetric cipher AES needs as input a message m, a session key k, and an initialization vector (IV).5
There are several ways in which AES can be invoked with OpenSSL. Two variants are presented here: On the one
hand the parameters are explicitly transferred, on the other hand they are derived internally from the transferred
password (OpenSSL uses a built-in key derivation function such as PBKDF2). Using a password and a key
derivation function is the usual way.
The session key can be placed directly on the command line or read from a file. There are even three options for
the password: It can be given directly on the command line or read from a file, or you will be prompted for a
password.
First, we generate a 256-bit key to be stored in symkey.bin. The argument 32 means to get a length of 32 bytes
which is 256 bit.
$ openssl rand -out symkey.bin 32
Then we generate a random IV of length 16 byte = 128 bit = 32 hex digits. Sample output:
$ openssl rand -hex 16
cbff22e0ae27abf4892c1437c54dc4ca
The values for session key and IV created in advance are only needed in the first variant, where the parameters are
explicitly transferred to OpenSSL. In the first variant, both the session key and the IV have to given explicitly.
Encrypt the file message.txt with AES-256 in cfb8 mode using IV from above as additional input. The output
is a file containing the ciphertext which is called message.txt.enc. The option -p always makes OpenSSL show
in addition which parameters this command used. The session key is given after -K – once directly as hex value
and once after it is read from the file symkey.bin and stored in a shell variable.
$ openssl enc -aes-256-cfb8 -in message.txt -out message.txt.enc -K F8ED266E40B5534E04EC3F0C688B84E9168E8DF8C64F1 �
� 598C3D905DD68BBD860 -iv cbff22e0ae27abf4892c1437c54dc4ca -p
5
You also can use -iter to specify the iteration count used by the key derivation function (KDF). In addition, as default, the KDF uses a
salt value which can be switched off with -nosalt.
Page 4
1 Short Introduction into the CLI openssl
Encrypt the file message.txt like above but use a password instead of explicit parameters. This is the recom-
mended approach. The command gets the password by one of three different ways: The command prompts
for the password, or it is entered after the option -pass pass: on the command line, or it is read out after the
option -pass file: from the file symkey.bin.6 This file was created just before to act as random password file.
An option -iv is optional in all cases.
$ openssl enc -aes-256-cfb8 -in message.txt -out message.txt.enc -pbkdf2
Decrypt the file message.txt.enc using AES-256. To do this, the additional option -d is needed. As output, we
get the file message.txt.enc.dec that contains the original message.
$ openssl aes-256-cfb8 -d -in message.txt.enc -out message.txt.enc.dec -pbkdf2
For the asymmetric encryption method RSA, each participant first needs a key pair that consists of a so-called
public and a private key. Then both sides have to exchange their public key. This creates the necessary “infras-
tructure”.
The sender then encrypts with the recipient’s public key, and the recipient decrypts with his private key.
The length of the modulus9 is considered to be the length of the RSA key.
The following command generates the private key and stores it in PKCS#8 format10 into the file privatekey �
� .pem (base64 coded). This format consists not only of the key but contains also the OID11 defining the key
type.12,13
$ openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -out privatekey.pem
6
Old options to read a password are -k and -kfile. According to https://wiki.openssl.org/index.php/Enc these options are
depricated and should be substituted by -pass pass: and -pass file:.
7
It doesn’t matter whether the option enc -aes or the option aes for openssl is used, that is, aes without the leading “-”, cf. listing on p.
9.
8
For the day-to-day usage of an end user, for symmetric encrypting/decrypting GnuPG or Veracrypt are recommended instead of openssl,
because those programs are either well integrated in (email) applications or directly do the hard drive encryption.
9
For singular, we use “modulus” and for plural “moduli”. Wikipdia does it in the same way e. g. for “RSA modulus” and “RSA moduli”
in https://en.wikipedia.org/wiki/RSA_(cryptosystem).
10
PKCS stands for “public key cryptography standards”, see RFC 5208 (https://tools.ietf.org/html/rfc5208).
11
Object Identifier, see https://www.ietf.org/rfc/rfc3447.txt
12
Small keys like in student exercises are not allowed in openssl. OpenSSL 1.1.1 requires at least 512 bit for an RSA key.
13
genrsa also has an option to use the number 3 instead of 65537 as public exponent. And with the option -primes you can generate a
so-called “multi-prime” RSA key. See the documentation at https://www.openssl.org/docs/man1.1.1/man1/genrsa.html.
Page 5
1 Short Introduction into the CLI openssl
An alternative14 is:
$ openssl genrsa -out rsa.key 2048
Those two calls are equivalent: openssl genpkey -algorithm RSA and openssl genrsa both generate a file in
the platform-independent PEM format15 .
You also can AES-encrypt the private key at once by adding the option -aes256. The passphrase (4 to 1023
characters) can be delivered either via prompt or at the CLI:
a) Here the pass phrase is prompted and has to be entered twice:
$ openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -out privatekey2.pem -aes256
b) Here the pass phrase (“test”) is delivered directly at the command line (no prompt):
$ openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -out privatekey2.pem -aes256 -pass pass:test
In mathematics the private RSA key consists exactly of the modulus n and the decryption exponent d. This is
correct.
For implementation reasons, in openssl the “private key” contains all relevant information created during key
generation: so not only n and d, but also the values of the public key (n and the encryption exponent e), the
length of the modulus, and three further exponents which can be used to speed up the decryption.16
The actual content of the private key can be shown with the following command:17,18
$ openssl pkey -in privatekey.pem -text
-----BEGIN PRIVATE KEY-----
MIIEwAIBADANBgkqhkiG9w0BAQEFAASCBKowggSmAgEAAoIBAQDNKnRwj+TRx5ru
icDrwlBUU0UdP9HJOxyFjzsuy/OvwqOKYVLABec97N/4fFEmvDvoAyMHZWCReO3c
...
-----END PRIVATE KEY-----
Private-Key: (2048 bit)
modulus:
00:cd:2a:74:70:8f:e4:d1:c7:9a:ee:89:c0:eb:c2:
50:54:53:45:1d:3f:d1:c9:3b:1c:85:8f:3b:2e:cb:
...
09:f8:4f:e8:9b:65:b7:78:87:5f:2f:73:49:f4:6c:
e6:17
publicExponent: 65537 (0x10001)
privateExponent:
00:b9:af:3c:e7:4b:34:3b:30:be:66:39:c2:a3:1d:
a0:7a:51:4a:f2:27:fa:84:77:bd:5e:9b:bd:62:a3:
...
33:d5:fe:40:9c:04:90:71:91:a5:cd:99:10:f9:dd:
be:c1
prime1:
00:f0:7e:2c:8e:03:5a:55:c3:47:3a:98:e4:8e:d7:
...
14
On the website of OpenSSL the user is actually encouraged not to use this alternative, see https://www.openssl.org/docs/manmaster
/man1/openssl-genpkey.html: “NOTES: The use of the genpkey program is encouraged over the algorithm specific utilities because
additional algorithm options and ENGINE provided algorithms can be used.”
15
PEM stands for privacy enhanced mail, cf. https://tools.ietf.org/html/rfc1421.
16
More information about these additional exponents can be found here, see the “Example” section at the RSA article in Wikipedia.
• d = privateExponent • p = prime1 • d_q = exponent2
• n = modulus • q = prime2 • q_inv = coefficient
• e = publicExponent • d_p = exponent1
17
If you add the option -noout, you get the same output without the base64 preamble between BEGIN PRIVATE KEY and END PRIVATE KEY.
18
How to get those values as integers in decimal notation we show in Section 1.0.6 on page 9.
Page 6
1 Short Introduction into the CLI openssl
b1:9a:76:02:2b:bc:e7:f6:11
prime2:
00:da:65:22:d4:24:d6:08:da:cc:64:38:44:56:0e:
...
27:ff:f5:ea:01:d0:40:51:a7
exponent1:
00:da:bb:77:9c:a6:b2:07:e4:f7:a8:f5:1c:94:4a:
...
a0:eb:82:bf:90:b6:5d:27:71
exponent2:
00:bd:42:8b:ee:40:85:e3:62:89:62:08:88:df:f2:
...
08:73:fe:ce:6e:07:e4:d5:5d
coefficient:
00:ce:bc:f6:f1:fd:64:c3:8f:36:7c:c9:da:64:3a:
...
45:2a:a9:f6:bb:da:f0:12:cd
When generating the key openssl generates only the private key that we had saved as privatekey.pem. This file
also contains all the information for the public key. Therefore, with openssl (but not generally with RSA) we
can “derive” the public key from the private key.19
To complete the key pair, we now generate the public key from the private key (only the public key will be made
public). We have to specify a different name for the public key.20
$ openssl pkey -in privatekey.pem -out publickey.pem -pubout
With the following command you can see the details of the public key (it only contains the length of the modulus,
its value in hex and the public exponent):21
$ openssl pkey -in publickey.pem -pubin -text -noout
Using the same option also allows getting the modulus from the private key:
$ openssl rsa -in privatekey.pem -noout -modulus
19
But keep in mind that you cannot derive a private key from a public key, even when using openssl.
20
It is always better to use the internal option -out instead of redirecting stdout to a file:
openssl pkey -in privatekey.pem -pubout > publickey.pem
As an alternative there is a deprecated command: $ openssl rsa -in privatekey.pem -out publickey.pem -pubout
21
How to get all values of a key as a decimal integer is shown in Section 1.0.6 on page 9. Here are two ways how to convert hex numbers
into decimal numbers:
- in Python:
s="6a48f82d8e828ce82b82"; i = int(s, 16); s=str(i); i; s
- on the command line via the BC tool:
$ echo "ibase=16; 6A48F82D8E828CE82B82"|bc
501916895863876199394178
Page 7
1 Short Introduction into the CLI openssl
We want to encrypt a file called message.txt with openssl and use the public key in the file publickey.pem.
Our encrypted file is called message.txt.rsaenc.22
$ openssl rsautl -encrypt -inkey publickey.pem -pubin
-in message.txt -out message.txt.rsaenc
We want to decrypt the file message.txt.rsaenc with openssl using the according private key from privatekey �
� .pem. We call our decrypted file message.decrypted.txt.
$ openssl rsautl -decrypt -inkey privatekey.pem
-in message.txt.rsaenc -out message.decrypted.txt
Note
All commands in this Subsection 1.0.5 are contained in the shell script hybrid-openssl-enc-dec.sh for direct
execution. You can find its listing (1.0.2) at the end of this section or on the website: https://www.cryptool.o
rg/en/documentation/ctbook/openssl
Hybrid scheme variants are used e. g. for secure email and HTTPS. Hybrid encryption uses both symmetric
and asymmetric encryption: The asymmetric procedure (RSA) to encrypt the session keys and the symmetric
procedure (AES) to encrypt the possibly very long message file. In our scenario Alice and Bob communicate.
22
For encrypting with RSA the length of message.txt must be less than the size of the RSA modulus if the message file is not split into
smaller parts. If using RSA-OAEP instead of textbook RSA, then the input has to be even smaller.
OAEP stands for “Optimal Asymmetric Encryption Padding” and should – according to RFC 8017 (https://tools.ietf.org/html/
rfc8017) – be used to add a component of randomness to the deterministic RSA algorithm. When doing so the result has an overhead
which reduces the maximal encryptable message size (which equals exactly the bit length of the modulus in the case of textbook RSA)
by some bytes. Details can be found e. g. on crypto.stackexchange.com (https://crypto.stackexchange.com/questions/42097
/what-is-the-maximum-size-of-the-plaintext-message-for-rsa-oaep). There you can find especially this post from 2017 (by
Maarten Bodewes): “For PKCS#1 v1.5 padding, for encryption the overhead is simply 11 bytes (three bytes static values and 8 bytes filled
with random numbers 1...255).”
Example: If the modulus of Bob’s public key has the length 2048bit you can encrypt a file of length 245 B = (256 − 11)B = 1960 bit,
but not a file of length (256 − 10)B = 246 B = 1968 bit. In the following listing we generate two random messages, one with 245 B
(we call it x245, per default in binary format) and one with 246 B (called y246, also in binary format) using the command rand. Then we
(at least try to) encrypt both messages:
$ openssl rand -out x245 245
$ openssl rand -out y246 246
$ openssl genrsa -out key.pem 2048
$ openssl pkey -in key.pem -out pubkey.pem -pubout
$ openssl rsautl -encrypt -pubin -inkey pubkey.pem -in x245 -out x245enc
# no error
$ openssl rsautl -encrypt -pubin -inkey pubkey.pem -in y246 -out y246enc
RSA operation error
4354178496:error:0406D06E:rsa routines:RSA_padding_add_PKCS1_type_2:data too large for key size:crypto/rsa/rsa_pk �
� 1.c:125:
Page 8
1 Short Introduction into the CLI openssl
Bob generates his key pair and saves his private key into a file. Then he generates his public key from his private
key.
$ openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048
-out privatekey.Bob.pem
$ openssl pkey -in privatekey.Bob.pem -out publickey.Bob.pem -pubout
1. Alice creates a random symmetric key (session key) and stores it in the file symkey.bin.
openssl rand -out symkey.bin 32
2. Alice encrypts the session key symkey.bin using RSA with Bob’s public key.
$ openssl rsautl -encrypt -pubin -inkey publickey.Bob.pem
-in symkey.bin -out symkey.bin.rsa-encrypted-for-bob
3. Alice encrypts her message with AES using symkey.bin as session key.
$ openssl enc -aes-256-cfb8 -in message.txt -out message.txt.enc
-pass file:symkey.bin -pbkdf2
1. Bob decrypts the session key with his private RSA key.
openssl rsautl -decrypt -inkey privatekey.Bob.pem -in symkey.bin.rsa-encrypted-for-bob -out symkey-decrypted.bin
2. Bob uses the session key to decrypt the actual data (message) with AES.
openssl aes-256-cfb8 -d -in message.txt.enc -out message.txt.enc.dec -pass file:symkey.bin.rsa-encrypted-for-bob �
� -pbkdf2
1.0.6 Show all keys of a private PEM file as decimal numbers (using an own Python script)
The script convert-pem-dec.py converts the found hex numbers in a private or public PEM file into decimal
numbers. To do so, it searches the text form of the corresponding text form of the key file for the occurrence of
the strings “RSA private key” and “RSA public key”.
Note: The private PEM file generated by OpenSSL is often also called “private key” in OpenSSL, while in theory
this PEM file contains both the private RSA key d and the public RSA key e, N .
Call for a private PEM file:
$ openssl pkey -in privatekey.Bob.pem -noout -text > privatekey.Bob.txt
$ ./convert-pem-dec.py privatekey.Bob.txt
Page 9
1 Short Introduction into the CLI openssl
The same goes for the public PEM file with the following call:
$ openssl pkey -in publickey.Bob.pem -pubin -noout -text > publickey.Bob.txt
$ ./convert-pem-dec.py publickey.Bob.txt -pubin
$ cat publickey.Bob.txt
RSA Public-Key: (2048 bit)
Modulus:
00:cb:e8:77:13:ac:77:67:de:bc:57:b4:5c:73:4b:
99:49:92:92:71:95:8a:b8:3b:a3:c5:9b:30:e7:b0:
4d:5a:b7:e5:af:ea:b0:92:43:db:7c:39:90:c6:dd:
96:a0:de:2d:61:4d:73:51:fa:9c:35:c0:76:1b:ac:
2c:b1:da:e5:f9:26:22:0d:2d:c4:56:5f:7e:aa:84:
87:0e:84:a5:11:68:47:9a:5b:d7:6b:e8:2a:b0:79:
35:8d:cf:17:d7:56:42:f8:57:39:c9:96:23:1c:b0:
9c:19:c2:3e:62:67:de:06:b7:66:65:b0:70:6d:5a:
b7:2b:20:13:df:5a:a0:65:fd:59:bd:7f:d9:71:fd:
01:3e:e8:43:b3:6f:56:14:54:a6:77:b6:3c:e5:19:
46:6b:0d:7b:10:ca:72:b8:2a:41:05:9e:5c:73:d1:
e2:46:b6:b3:dc:4a:21:a1:af:08:80:ae:2c:9f:52:
68:83:c1:7b:04:05:ab:13:f3:e9:fb:ca:8e:9a:d6:
11:29:28:ac:aa:dd:7b:58:e1:4b:2e:d2:53:fd:f0:
e4:1d:96:90:07:cd:5c:a0:a6:e6:fe:f0:8c:c5:72:
73:e3:10:73:16:21:80:31:90:9c:eb:07:d0:98:47:
16:77:78:bb:00:0b:f2:e6:61:24:78:b2:39:00:bb:
76:63
Exponent: 65537 (0x10001)
RsaCtfTool23 also recognizes the PEM format used by OpenSSL to store asymmetric keys.
The so-called “RSA attack tool” RsaCtfTool is mainly used for CTFs24 in order to retrieve a private key from
a weak public key or to decrypt a ciphertext decrypted with textbook RSA. It also can be used to dump the
parameters (numbers) from a key in PEM or DER format.
23
https://github.com/RsaCtfTool/RsaCtfTool
24
https://en.wikipedia.org/wiki/Capture_the_flag_(cybersecurity)
Page 10
1 Short Introduction into the CLI openssl
1.0.8 Overview of previous OpenSSL commands (as list and in shell script)
openssl rsautl -encrypt -inkey publickey.pem -pubin -in message.txt -out message.txt.rsaenc
openssl rsautl -decrypt -inkey privatekey.pem -in message.txt.rsaenc -out message.decrypted.txt
echo "- A creates a random symmetric password and stores it in the file symkey.bin"
openssl rand -out symkey.bin 32
openssl rsautl -encrypt -pubin -inkey publickey.Bob.pem -in symkey.bin -out symkey.bin.rsa-encrypted-for-bob
openssl enc -aes-256-cfb8 -in message.txt -out message.txt.enc -pass file:symkey.bin -pbkdf2
echo "- B decrypts the random symmetric password and stores it in the file symkey.bin.rsa-encrypted-for-bob.dec"
openssl rsautl -decrypt -inkey privatekey.Bob.pem -in symkey.bin.rsa-encrypted-for-bob -out symkey.bin.rsa-encrypted-for-bob.dec
openssl aes-256-cfb8 -d -in message.txt.enc -out message.txt.enc.dec -pass file:symkey.bin.rsa-encrypted-for-bob.dec -pbkdf2
openssl pkey -in privatekey.Bob.pem -noout -text > privatekey.Bob.txt
./convert-pem-dec.py privatekey.Bob.txt
echo
openssl version
# create a message
echo "sultans of swing meet sympathy for the devil" > message.txt
echo "- Generate a random symmetric key (= sessionkey) to be used for AES (32 byte = 256 bit)"
openssl rand -out symkey.bin 32
echo "- Generate a random initialization vector (IV) of length 16 byte = 128 bit = 64 hex digits"
openssl rand -hex 16 > IV.hex
cat IV.hex
echo "- Encrypt file with AES using the session key (here IV is read from file)"
openssl enc -aes-256-cfb8 -in message.txt -out message.txt.enc -k file:symkey.bin -pbkdf2 -iv "$(cat IV.hex)"
echo "- Decrypt file using AES. Needs additional option -d"
openssl enc -d -aes-256-cfb8 -in message.txt.enc -out message.txt.enc.dec -k file:symkey.bin -pbkdf2 -iv "$(cat IV.hex)"
Page 11
1 Short Introduction into the CLI openssl
printf "\r\n### (2) Asymmetric Encryption / Decryption with OpenSSL: Key Generation\n"
echo "- Create an RSA 4096 bit key pair. The private keys is stored in PKCS#8 format in the file privatekey.pem."
openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:4096 -out privatekey.pem
echo "- Look at the details of the private key file, which in openssl also contains the public values and some more values for faster calculations (output only �
� in base64 and/or hex)"
openssl pkey -in privatekey.pem -text
echo "- Create the public key (from the private key)"
openssl pkey -in privatekey.pem -out publickey.pem -pubout
echo "- View the details of the public key (it only contains n and e as usual in maths)"
openssl pkey -in publickey.pem -pubin -text
printf "\r\n### (3) Asymmetric Encryption / Decryption with OpenSSL: Textbook RSA\n"
echo "- Encrypt a file called message.txt via RSA and public key"
openssl rsautl -encrypt -inkey publickey.pem -pubin -in message.txt -out message.txt.rsaenc
echo "- Decrypt file with the RSA and private key (privatekey.pem)"
openssl rsautl -decrypt -inkey privatekey.pem -in message.txt.rsaenc -out message.decrypted.txt
printf "\n\n### (4) Hybrid Encryption Using RSA for Sessionkey and AES for (Long) Message File\n"
echo
echo "# Pre-tasks at the receiver Bob (B): Key generation (RSA)"
echo "- B creates his keypair and stores the private key in a file"
openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -out privatekey.Bob.pem
# echo "- view the details on the public key with this command"
# $ openssl pkey -in publickey.Bob.pem -pubin -text
echo
echo "# Tasks at the sender Alice: Encryption"
# Prerequisite: message.txt given
echo "- A creates a random symmetric key and stores it in the file symkey.bin"
openssl rand -out symkey.bin 32
echo "- A encrypts symkey.bin using RSA with B's public key"
openssl rsautl -encrypt -pubin -inkey publickey.Bob.pem -in symkey.bin -out symkey.bin.rsa-encrypted-for-bob
echo
echo "# Tasks at the receiver Bob: Decryption"
echo "- B uses the sessionkey to decrypt the data with AES"
openssl aes-256-cfb8 -d -in message.txt.enc -out message.txt.enc.dec -k file:symkey.bin -pbkdf2
echo
echo "- Check correctness: message.txt ?= message.txt.enc.dec"
cmp -s "message.txt" "message.txt.enc.dec"
CMPRESULT=$?
Page 12
1 Short Introduction into the CLI openssl
printf "\n\n### (5) Show Numbers of Bob's Private Key as Decimals (Using a Python Script)\n"
openssl pkey -in privatekey.Bob.pem -noout -text > privatekey.Bob.txt
./convert-pem-dec.py privatekey.Bob.txt
echo "- Generate 32 byte = 256-bit and write them to a file called testkey.bin"
openssl rand -out testkey.bin 32
echo "- Generate 100 byte of random data and write to a file called file.bin"
openssl rand -out file.bin 100
echo "- Generate 100 byte of random data in hexadecimal and redirect output to file.hex"
openssl rand -hex 100 > file.hex
echo "- Generate 100 byte of random data in base64 and redirect output to file.b64"
openssl rand -base64 100 > file.b64
echo "- Generate a random 4096-bit prime number (takes about 3 sec)"
openssl prime -generate -bits 4096
echo "- Generate small primes (doesn't create all of the given bit length)"
openssl prime -generate -bits 2
openssl prime -generate -bits 3
openssl prime -generate -bits 4
openssl prime -generate -bits 5
openssl prime -generate -bits 6
openssl prime -generate -bits 7
openssl prime -generate -bits 8
echo
: <<KOMMENTARIO
Files initially required in an empty directory:
-rwx--x--x 1 bet bet 3222 Jun 1 17:35 convert-pem-dec.py
-rwxr-xr-x 1 bet bet 8051 Jun 2 04:14 hybrid-openssl-enc-dec.sh
KOMMENTARIO
Preparations
In the following we use the Python script int2bin.py. It transforms a natural number into binary format which
openssl uses for a specific length. This length must be equal to the length of the modulus in the public key that
is uses. The following command shows the bit length (key size) of the modulus:
Page 13
1 Short Introduction into the CLI openssl
Step 6: Follow the whole process with the Python function pow()
Using openssl and the Python script convert-pem-dec.py we extract the RSA parameters n, e and d from the
private key.
$ openssl pkey -in privatekey.pem -noout -text > privatekey.txt
$ ./convert-pem-dec.py privatekey.txt
n = 793291 ... 187789
e = 65537
d = 214891 ... 510429
It’s important to use the pow() function in order to avoid the decryption operation taking too long or just
stopping without result.25
25
Page 14
1 Short Introduction into the CLI openssl
>>> c = pow(m, e, n)
>>> m = pow(c, d, n)
Comment
All commands of this Subsection 1.0.9 are contained in the shell script OpenSSL example 1.0.3 that you can
find here: https://www.cryptool.org/en/documentation/ctbook/openssl
OpenSSL Example 1.0.3: Textbook RSA with openssl and Python script (commented in detail in zahl-
direkt-openssl-enc-dec.sh)
NUMBER=25
KEYSIZE=4096
openssl pkey -in publickey.pem -pubin -noout -text
./int2bin.py -enc $NUMBER $KEYSIZE message.bin
openssl rsautl -encrypt -raw -inkey publickey.pem -pubin -in message.bin -out message.bin.enc
./int2bin.py -dec message.bin.enc
openssl rsautl -decrypt -raw -inkey privatekey.pem -in message.bin.enc -out message.bin.enc.dec
./int2bin.py -dec message.bin.enc.dec
openssl pkey -in privatekey.pem -noout -text > privatekey.txt
./convert-pem-dec.py privatekey.txt
Here are some commands for generating random data with different length and format:
1) Generate 32 B = 256 bit and write them to a file called testkey.bin:
openssl rand -out testkey.bin 32
2) Generate 100 byte of random data in hexadecimal and redirect output to file.hex:
openssl rand -hex 100 > file.hex
3) Generate 100 byte of random data in base64 and redirect output to file.b64:
$ openssl rand -base64 100 > file.b64
$ more file.b64
32zjqFBi1jl3IyHkXoZ2PMLb7kWEO4Qqsqc9pja3zb1xQEUjYOaWSG5c9ZpBD7UE
18K0M4ZyVBKxmN1ywCjjMIxqRqoFmpV87GvRshfCxhX7s5DyCSX1Vznr00WjTEMS
Gkz9kg==
Page 15
1 Short Introduction into the CLI openssl
OpenSSL is used productively to generate large prime numbers. For a prime of length 4096 bit a modern PC
needs less than a second. 26
$ openssl prime -generate -bits 4096
It is also possible to generate smaller primes, but the random number generator of OpenSSL seems to not cover
all primes of a specific given bit length (for 2, 3 and 4 bit we always get the same prime).27
$ openssl prime -generate -bits 2
3
$ openssl prime -generate -bits 3
7
$ openssl prime -generate -bits 4
13
$ openssl prime -generate -bits 5
29 or 31
$ openssl prime -generate -bits 6
53, 59, 61
$ openssl prime -generate -bits 7
127, 113, 103, 101, 107, 109, 97
$ openssl prime -generate -bits 8
211, 227, 239, 223, 251, ...
In addition to generate pseudo random primes, OpenSSL also can check primality. The output shows the input
first in hex, then decimal:
$ openssl prime 17
11 (17) is prime
$ openssl prime 717
2CD (717) is not prime
OpenSSL Example 1.0.4: Generate random numbers and primes (also see 1.0.2 hybrid-openssl-enc-
dec.sh)
With OpenSSL you can test and compare the speed of different ciphers on your PC.
26
If one needs a hex output instead of decimal, this can be done by appending the option -hex:
openssl prime -generate -bits 200-hex
With the option -safe you also can generate so-called “safe” or “strong” prime numbers. These are not needed for RSA, but for the
Diffie-Hellman key exchange.
The list of all options you can find in the original documentation: https://www.openssl.org/docs/man1.1.1/man1/openssl-prime.h
tml
27
We don’t know why the primes 5, 11, 17, 19, 23, 37, 41, 43, 47, 67, 71, 73, 79, 83, 89, 131, 137, 139, 149, 151, 157, 163, 167, 173, 179,
181, 191, 193, 197, 199, … never appeared.
Page 16
1 Short Introduction into the CLI openssl
This means that OpenSSL runs the corresponding algorithm in a loop for 3 seconds with a 16 B resp. 64 B etc.
input. E. g. for the hash algorithm md4 in the case 16 B more than 24 million iterations were run in 3 s. At the
end of the console output (it’s left out above because it’s quite long) a list is shown containing the number of
processed bytes, e. g. more than 384 bytes in 3 s for md4 and 16 B, that is over 128 million bytes per second.
28
The block mode GCM of AES (here e. g. aes-256-gcm) is only accessible via the EVP-name (EVP = “Envelope” = the Digital EnVeloPe
library, which is a high level interface to OpenSSL cryptographic functions for programmers).
Page 17
1 Short Introduction into the CLI openssl
Doing 512 bits public rsa's for 10s: 5723802 512 bits public RSA's in 10.00s
...
Doing 512 bits sign dsa's for 10s: 219602 512 bits DSA signs in 9.99s
Doing 512 bits verify dsa's for 10s: 417515 512 bits DSA verify in 10.00s
...
Doing 160 bits sign ecdsa's for 10s: 65977 160 bits ECDSA signs in 9.99s
Doing 160 bits verify ecdsa's for 10s: 73865 160 bits ECDSA verify in 10.00s
..
Doing 512 bits sign ecdsa's for 10s: 9819 512 bits ECDSA signs in 10.00s
Doing 512 bits verify ecdsa's for 10s: 13214 512 bits ECDSA verify in 10.00s
...
Doing 160 bits ecdh's for 10s: 69874 160-bits ECDH ops in 9.99s
..
Doing 448 bits ecdh's for 10s: 24944 448-bits ECDH ops in 10.00s
...
Doing 253 bits sign Ed25519's for 10s: 325591 253 bits Ed25519 signs in 10.00s
Doing 253 bits verify Ed25519's for 10s: 119356 253 bits Ed25519 verify in 10.00s
Doing 456 bits sign Ed448's for 10s: 28164 456 bits Ed448 signs in 10.00s
Doing 456 bits verify Ed448's for 10s: 22268 456 bits Ed448 verify in 10.00s
...
OpenSSL 1.1.1 11 Sep 2018
built on: Wed May 27 19:15:54 2020 UTC
options:bn(64,64) rc4(16x,int) des(int) aes(partial) blowfish(ptr)
compiler: gcc -fPIC -pthread -m64 -Wa,--noexecstack -Wall -Wa,--noexecstack -g -O2
-fdebug-prefix-map=/build/openssl-dyPhHZ/openssl-1.1.1=. -fstack-protector-strong
-Wformat -Werror=format-security -DOPENSSL_USE_NODELETE -DL_ENDIAN
-DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2
-DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5
-DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM
-DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM
-DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM
-DPADLOCK_ASM -DPOLY1305_ASM -DNDEBUG -Wdate-time -D_FORTIFY_SOURCE=2
...
The 'numbers' are in 1000s of bytes per second processed.
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes 16384 bytes
md2 0.00 0.00 0.00 0.00 0.00 0.00
mdc2 0.00 0.00 0.00 0.00 0.00 0.00
md4 130585.13k 398696.92k 910739.20k 1345290.92k 1548752.21k 1572099.41k
md5 176569.24k 406777.28k 713249.45k 878841.51k 940930.39k 946765.82k
hmac(md5) 75775.88k 231158.85k 535103.06k 767268.18k 912558.76k 936700.59k
sha1 184141.60k 452444.01k 906871.81k 1217873.92k 1349842.26k 1359686.31k
rmd160 63166.69k 151465.28k 273872.98k 339738.97k 373060.95k 378328.41k
rc4 907995.56k 958468.46k 768643.33k 730315.78k 721253.72k 717357.06k
des cbc 105103.52k 107784.15k 107826.26k 108655.62k 108079.79k 108030.63k
des ede3 40019.91k 40663.00k 40784.30k 40932.69k 40970.92k 40932.69k
idea cbc 0.00 0.00 0.00 0.00 0.00 0.00
seed cbc 128830.90k 129395.80k 129792.34k 129607.68k 129791.32k 129531.90k
rc2 cbc 70959.62k 72832.68k 73396.91k 73166.85k 73430.36k 73362.09k
rc5-32/12 cbc 0.00 0.00 0.00 0.00 0.00 0.00
blowfish cbc 182118.04k 196655.51k 199951.19k 201562.11k 201695.23k 202265.94k
cast cbc 164831.91k 176574.40k 179900.84k 180461.23k 180718.25k 181114.20k
aes-128 cbc 189477.49k 211289.05k 216948.14k 219875.33k 219941.55k 219703.98k
aes-192 cbc 161263.31k 175736.53k 181192.87k 182700.71k 184015.88k 182867.29k
aes-256 cbc 140094.03k 152293.46k 154599.94k 156222.46k 156969.64k 156652.89k
camellia-128 cbc 159201.94k 239704.73k 272104.62k 279830.19k 283238.40k 281204.05k
camellia-192 cbc 136476.58k 188461.03k 205451.26k 211486.38k 211664.90k 212516.86k
camellia-256 cbc 138217.39k 186853.99k 205037.65k 211876.86k 214119.77k 214553.94k
sha256 110165.06k 248223.59k 457620.22k 566733.14k 615216.47k 621215.74k
sha512 76416.55k 303715.82k 518181.63k 774714.71k 918227.63k 931921.92k
whirlpool 53274.65k 114055.74k 190728.70k 230286.68k 245000.87k 246338.90k
aes-128 ige 188933.85k 201223.36k 202676.57k 205343.40k 205739.35k 206067.03k
aes-192 ige 160361.40k 168854.02k 171212.89k 172596.57k 173197.99k 172900.35k
aes-256 ige 139888.63k 146539.63k 148333.31k 149011.11k 148886.87k 148799.49k
ghash 1934151.35k 7725503.27k 11779075.84k 12840266.07k 13200414.04k 13222084.61k
rand 17170.07k 65357.57k 215719.23k 503646.39k 850989.89k 888807.34k
Page 18
1 Short Introduction into the CLI openssl
op op/s
160 bits ecdh (secp160r1) 0.0001s 6994.4
192 bits ecdh (nistp192) 0.0002s 5659.3
224 bits ecdh (nistp224) 0.0001s 14945.8
256 bits ecdh (nistp256) 0.0000s 27865.6
384 bits ecdh (nistp384) 0.0007s 1449.0
521 bits ecdh (nistp521) 0.0003s 3882.4
163 bits ecdh (nistk163) 0.0002s 6230.6
233 bits ecdh (nistk233) 0.0002s 4584.6
283 bits ecdh (nistk283) 0.0004s 2691.5
409 bits ecdh (nistk409) 0.0006s 1626.3
571 bits ecdh (nistk571) 0.0014s 716.0
163 bits ecdh (nistb163) 0.0002s 5995.4
233 bits ecdh (nistb233) 0.0002s 4445.4
283 bits ecdh (nistb283) 0.0004s 2564.5
409 bits ecdh (nistb409) 0.0007s 1532.7
571 bits ecdh (nistb571) 0.0015s 659.9
256 bits ecdh (brainpoolP256r1) 0.0003s 3513.3
256 bits ecdh (brainpoolP256t1) 0.0003s 3501.7
384 bits ecdh (brainpoolP384r1) 0.0007s 1460.7
384 bits ecdh (brainpoolP384t1) 0.0007s 1478.0
512 bits ecdh (brainpoolP512r1) 0.0010s 998.7
512 bits ecdh (brainpoolP512t1) 0.0010s 1022.6
253 bits ecdh (X25519) 0.0000s 40491.7
448 bits ecdh (X448) 0.0004s 2494.4
Here we list some single commands that allow to get protocol details of connected servers.
29
see https://opensource.com/article/19/6/cryptography-basics-openssl-part-1
Page 19
1 Short Introduction into the CLI openssl
-----BEGIN CERTIFICATE-----
MIIESjCCAzKgAwIBAgINAeO0mqGNiqmBJWlQuDANBgkqhkiG9w0BAQsFADBMMSAw
HgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMjETMBEGA1UEChMKR2xvYmFs
U2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjAeFw0xNzA2MTUwMDAwNDJaFw0yMTEy
MTUwMDAwNDJaMEIxCzAJBgNVBAYTAlVTMR4wHAYDVQQKExVHb29nbGUgVHJ1c3Qg
U2VydmljZXMxEzARBgNVBAMTCkdUUyBDQSAxTzEwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDQGM9F1IvN05zkQO9+tN1pIRvJzzyOTHW5DzEZhD2ePCnv
UA0Qk28FgICfKqC9EksC4T2fWBYk/jCfC3R3VZMdS/dN4ZKCEPZRrAzDsiKUDzRr
mBBJ5wudgzndIMYcLe/RGGFl5yODIKgjEv/SJH/UL+dEaltN11BmsK+eQmMF++Ac
xGNhr59qM/9il71I2dN8FGfcddwuaej4bXhp0LcQBbjxMcI7JP0aM3T4I+DsaxmK
FsbjzaTNC9uzpFlgOIg7rR25xoynUxv8vNmkq7zdPGHXkxWY7oG9j+JkRyBABk7X
rJfoucBZEqFJJSPk7XA0LKW0Y3z5oz2D0c1tJKwHAgMBAAGjggEzMIIBLzAOBgNV
HQ8BAf8EBAMCAYYwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBIGA1Ud
EwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYEFJjR+G4Q68+b7GCfGJAboOt9Cf0rMB8G
A1UdIwQYMBaAFJviB1dnHB7AagbeWbSaLd/cGYYuMDUGCCsGAQUFBwEBBCkwJzAl
BggrBgEFBQcwAYYZaHR0cDovL29jc3AucGtpLmdvb2cvZ3NyMjAyBgNVHR8EKzAp
MCegJaAjhiFodHRwOi8vY3JsLnBraS5nb29nL2dzcjIvZ3NyMi5jcmwwPwYDVR0g
BDgwNjA0BgZngQwBAgIwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly9wa2kuZ29vZy9y
ZXBvc2l0b3J5LzANBgkqhkiG9w0BAQsFAAOCAQEAGoA+Nnn78y6pRjd9XlQWNa7H
TgiZ/r3RNGkmUmYHPQq6Scti9PEajvwRT2iWTHQr02fesqOqBY2ETUwgZQ+lltoN
FvhsO9tvBCOIazpswWC9aJ9xju4tWDQH8NVU6YZZ/XteDSGU9YzJqPjY8q3MDxrz
mqepBCf5o8mw/wJ4a2G6xzUr6Fb6T8McDO22PLRL6u3M4Tzs3A2M1j6bykJYi8wW
IRdAvKLWZu/axBVbzYmqmwkm5zLSDW5nIAJbELCQCZwMH56t2Dvqofxs6BBcCFIZ
USpxu6x6td0V7SvJCCosirSmIatj/9dSSVDQibet8q/7UK4v4ZUN80atnZz1yg==
-----END CERTIFICATE-----
---
Server certificate
subject=C = US, ST = California, L = Mountain View, O = Google LLC, CN = www.google.com
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: ECDSA
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 2638 bytes and written 396 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 256 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
read:errno=0
A good description of this output can be found e. g. on the website of Marty Kalin, where we also found the
example from above: https://opensource.com/article/19/6/cryptography-basics-openssl-part-1
With the following command we get the chain of certificates and the two non-root certificates in base64 format
(enter Enter at the end of the first line): depth = 2,1,0
$ openssl s_client -showcerts -connect www.google.com:443 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' �
�> google_server_certs.crt
depth=2 OU = GlobalSign Root CA - R2, O = GlobalSign, CN = GlobalSign
verify return:1
depth=1 C = US, O = Google Trust Services, CN = GTS CA 1O1
verify return:1
depth=0 C = US, ST = California, L = Mountain View, O = Google LLC, CN = www.google.com
verify return:1
read:errno=0
It is also possible to download the server certificate, cut all not needed information and save the file in PEM
format. There seems to be no option to get the algorithm information. With the option -dates or -enddate
you can get the certificate expiry date from the created pem file. You can see that the Google certificate has a
validity of about three months.
$ openssl s_client -showcerts -connect www.google.com:443 </dev/null 2>/dev/null | openssl x509 -outform PEM > �
� google_server_certs.pem
$ openssl x509 -in google_server_certs.pem -pubkey -noout
-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE+lkeKI2uNc3kqhY6tZCMgfNVbmFb
TI9rg0f07qiqNRk+J1QhBmZH06vn5jHl0skPMG4SEKjHDqL16U2c6fCXuw==
-----END PUBLIC KEY-----
Page 20
1 Short Introduction into the CLI openssl
A good description of e. g. how you can check the supported cipher suites of a server you can find here:
https://www.feistyduck.com/library/openssl-cookbook/online/ch-testing-with-openssl.html
Automatically extract the single certificates out of an organization’s certificate in order to get the
modulus of each single certificate
Using the command below one could show the modulus of a certificate in case RSA has been used for the
signature. The certificate of Google from 05/26/2020 (see above) shows “Public Key Algorithm: id-ecPublicKey”
instead of “Public Key Algorithm: rsaEncryption”. So the option -modulus leads to an error:
$ openssl x509 -in google_server_certs.crt -text -pubkey -noout -modulus
Modulus=Wrong Algorithm type
Now we have a closer look at the certificate of “Let’s Encrypt” which is using RSA instead of ECDSA. We
fetch the certificate with openssl s_client, then we extract the contained single certificates from it (in base64
format) and write every certificate into a separate file using awk (awk searches lines beginning with the actual
value of the awk outer variable RS. In case it finds such a line it writes this and all following lines until the next
occurrence of the search string into a file with the name of the inner variable FileName). Finally it tells us the
number of occurrences of BEGIN CERT ... END CERT constructs that had been found.30
$ echo | openssl s_client -showcerts -connect www.letsencrypt.org:443 > all.crt
$ ls -l *.crt
-rw-r--r-- 1 bet bet 4395 Jun 25 00:27 all.crt
-rw-r--r-- 1 bet bet 1940 Jun 25 00:28 Cert_1.crt
-rw-r--r-- 1 bet bet 1648 Jun 25 00:28 Cert_2.crt
Since these Let’s Encrypt certificates use RSA, you can output the module of the certificate owner (subject
public key info) for each individual file using openssl.
openssl x509 -in Cert_1.crt -noout -modulus
Modulus=DEB5AF ... CD6F51
30
One also could execute those 3 commands consecutively (per pipe instead of using intermediary files). The first command used openssl;
the processing of the results with sed and awk was done in the bash shell.
31
https://security.stackexchange.com/questions/73127/how-can-you-check-if-a-private-key-and-certificate-match-in-o
penssl-with-ecdsa
Page 21
1 Short Introduction into the CLI openssl
Test the availability of the mail server of the university of Siegen and get the used algorithms
$ openssl s_client -connect mail.uni-siegen.de:993 -showcerts
bet@tux19:~/D/openssl$ openssl s_client -connect mail.uni-siegen.de:993 -showcerts
CONNECTED(00000005)
depth=3 C = DE, O = T-Systems Enterprise Services GmbH, OU = T-Systems Trust Center, CN = T-TeleSec GlobalRoot Class 2
verify return:1
depth=2 C = DE, O = Verein zur Foerderung eines Deutschen Forschungsnetzes e. V., OU = DFN-PKI, CN = DFN-Verein Certification Authority 2
verify return:1
depth=1 C = DE, O = Verein zur Foerderung eines Deutschen Forschungsnetzes e. V., OU = DFN-PKI, CN = DFN-Verein Global Issuing CA
verify return:1
depth=0 C = DE, ST = Nordrhein-Westfalen, L = Siegen, O = Universitaet Siegen, CN = mail.uni-siegen.de
verify return:1
---
Certificate chain
0 s:C = DE, ST = Nordrhein-Westfalen, L = Siegen, O = Universitaet Siegen, CN = mail.uni-siegen.de
i:C = DE, O = Verein zur Foerderung eines Deutschen Forschungsnetzes e. V., OU = DFN-PKI, CN = DFN-Verein Global Issuing CA
-----BEGIN CERTIFICATE-----
MIIIujCCB6KgAwIBAgIMIwfrEZso2bJu9A95MA0GCSqGSIb3DQEBCwUAMIGNMQsw
CQYDVQQGEwJERTFFMEMGA1UECgw8VmVyZWluIHp1ciBGb2VyZGVydW5nIGVpbmVz
IERldXRzY2hlbiBGb3JzY2h1bmdzbmV0emVzIGUuIFYuMRAwDgYDVQQLDAdERk4t
UEtJMSUwIwYDVQQDDBxERk4tVmVyZWluIEdsb2JhbCBJc3N1aW5nIENBMB4XDTIw
MDYxNjA2NTgxMloXDTIyMDkxODA2NTgxMlowdzELMAkGA1UEBhMCREUxHDAaBgNV
BAgME05vcmRyaGVpbi1XZXN0ZmFsZW4xDzANBgNVBAcMBlNpZWdlbjEcMBoGA1UE
CgwTVW5pdmVyc2l0YWV0IFNpZWdlbjEbMBkGA1UEAwwSbWFpbC51bmktc2llZ2Vu
LmRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAowx01PYGm+fXc5/V
1YUc2U7Vnd2W1RM/l6thk+M174Ba8RI0Rd3Eiz4735xta+QaDtQIOG2J3o6bmRw3
Jw2WASuxLJameDF3bxJETuwHkq0uL2NSKOtDcQaf9M2BID38jmMFbfLV3eKf7L4c
ZcZ/MlZ+Ugmh171Qm+UUNliIGZQadO/7skYx1oHqvhW4B6PRjbVLjkA/F5gT+1u4
ORojID8rTY9c+8qdhG+C7BMX44kkWe3buKlkDJPIh67D5byepoKFH5f9x7dUuAKy
mxB9n4c+g6xQEZfLJkIzSOlCM4vRSVsU2ecLer7DsRw4Q5bqmOhtPoD+wcW76BMx
2oZOmQIDAQABo4IFLTCCBSkwVwYDVR0gBFAwTjAIBgZngQwBAgIwDQYLKwYBBAGB
rSGCLB4wDwYNKwYBBAGBrSGCLAEBBDAQBg4rBgEEAYGtIYIsAQEEBzAQBg4rBgEE
AYGtIYIsAgEEBzAJBgNVHRMEAjAAMA4GA1UdDwEB/wQEAwIFoDATBgNVHSUEDDAK
BggrBgEFBQcDATAdBgNVHQ4EFgQU0s2Ru8znB01n/Yhh/lEQOLhH0gIwHwYDVR0j
BBgwFoAUazqYi/nyU4na4K2yMh4JH+iqO3QwgfQGA1UdEQSB7DCB6YIXYXV0aC5t
YWlsLnVuaS1zaWVnZW4uZGWCF2RpbmtlbC5hZC51bmktc2llZ2VuLmRlghdnZXJz
dGUuYWQudW5pLXNpZWdlbi5kZYISaW1hcC51bmktc2llZ2VuLmRlghJtYWlsLnVu
aS1zaWVnZW4uZGWCFW91dGxvb2sudW5pLXNpZWdlbi5kZYIXb3V0bG9va2NzLnVu
aS1zaWVnZW4uZGWCF3JvZ2dlbi5hZC51bmktc2llZ2VuLmRlghJzbXRwLnVuaS1z
aWVnZW4uZGWCF3dlaXplbi5hZC51bmktc2llZ2VuLmRlMIGNBgNVHR8EgYUwgYIw
P6A9oDuGOWh0dHA6Ly9jZHAxLnBjYS5kZm4uZGUvZGZuLWNhLWdsb2JhbC1nMi9w
dWIvY3JsL2NhY3JsLmNybDA/oD2gO4Y5aHR0cDovL2NkcDIucGNhLmRmbi5kZS9k
Zm4tY2EtZ2xvYmFsLWcyL3B1Yi9jcmwvY2FjcmwuY3JsMIHbBggrBgEFBQcBAQSB
zjCByzAzBggrBgEFBQcwAYYnaHR0cDovL29jc3AucGNhLmRmbi5kZS9PQ1NQLVNl
cnZlci9PQ1NQMEkGCCsGAQUFBzAChj1odHRwOi8vY2RwMS5wY2EuZGZuLmRlL2Rm
bi1jYS1nbG9iYWwtZzIvcHViL2NhY2VydC9jYWNlcnQuY3J0MEkGCCsGAQUFBzAC
hj1odHRwOi8vY2RwMi5wY2EuZGZuLmRlL2Rmbi1jYS1nbG9iYWwtZzIvcHViL2Nh
Y2VydC9jYWNlcnQuY3J0MIIB9wYKKwYBBAHWeQIEAgSCAecEggHjAeEAdwBGpVXr
dfqRIDC1oolp9PN9ESxBdL79SbiFq/L8cP5tRwAAAXK769yOAAAEAwBIMEYCIQDn
6UkxQRveDHHyTxxdvkZNnTkx36+fccP0mdS0zpYhrgIhAOgKdcGNve/UpSPg09/t
Hhv3/Ur5TQCW0EcLIArRbV2qAHUAKXm+8J45OSHwVnOfY6V35b5XfZxgCvj5TV0m
XCVdx4QAAAFyu+vgcQAABAMARjBEAiAtPCEJdS40/4xN5s2z2t94aLGNJAFIb2zq
RCbIrzUaDAIgb5xcvzut8aOLGs9FaS9rUe+DFzoQgUkpc5yh3HVeTgwAdwBvU3as
MfAxGdiZAKRRFf93FRwR2QLBACkGjbIImjfZEwAAAXK76912AAAEAwBIMEYCIQCh
zyqPMhMoLK3k/BiweeRm8Sj+DybAEgN5Zm7tZJko2AIhAPK1DcB6fSarvYLZxEWG
+EvXJa/WfT+0gTdSicaG7VAYAHYAVYHUwhaQNgFK6gubVzxT8MDkOHhwJQgXL6Oq
HQcT0wwAAAFyu+veUAAABAMARzBFAiAWOwjw+5+GOjpuChHVfO6qhXJaDZIsarpB
mbyBBA4iGgIhANXqSeotxdFyeqULQpQDUjOJ9Vhb6C/Tlh2SmBHyhd2xMA0GCSqG
SIb3DQEBCwUAA4IBAQCTzy1S1xiSFjvzpHRCo2lQGdMx2OD161++gEArBCVu/P2f
TcwbI2dv5Xip62Ty7kK3wOBby+JceYET3+VeZ/X2/o89wg2QCyO4rRPiU5WwbEUE
/truWU/YKxkt1wBvMxDljdstxlmfyxYPwG/nmqs0AVqZ2GJMAbtIJSJDu3aMFNGJ
TvWsivpiTg+E8wiGK8t11j/0fJHpqSATXhDbzAF4KUu8NTtuyzFvW1j8Q3iLGx+S
fzSwCeYZNEEKI+WQO1gt6iJ1eCN7FXrQXCkRsYSh9Yyi0pVIj2EhvVeDe77NIN0b
IM6tU3qblo0VcaeO5pQ61fYQ+dBJJUxJPIA0g2/u
-----END CERTIFICATE-----
1 s:C = DE, O = Verein zur Foerderung eines Deutschen Forschungsnetzes e. V., OU = DFN-PKI, CN = DFN-Verein Global Issuing CA
i:C = DE, O = Verein zur Foerderung eines Deutschen Forschungsnetzes e. V., OU = DFN-PKI, CN = DFN-Verein Certification Authority 2
-----BEGIN CERTIFICATE-----
MIIFrDCCBJSgAwIBAgIHG2O60B4sPTANBgkqhkiG9w0BAQsFADCBlTELMAkGA1UE
BhMCREUxRTBDBgNVBAoTPFZlcmVpbiB6dXIgRm9lcmRlcnVuZyBlaW5lcyBEZXV0
c2NoZW4gRm9yc2NodW5nc25ldHplcyBlLiBWLjEQMA4GA1UECxMHREZOLVBLSTEt
MCsGA1UEAxMkREZOLVZlcmVpbiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAyMB4X
DTE2MDUyNDExMzg0MFoXDTMxMDIyMjIzNTk1OVowgY0xCzAJBgNVBAYTAkRFMUUw
QwYDVQQKDDxWZXJlaW4genVyIEZvZXJkZXJ1bmcgZWluZXMgRGV1dHNjaGVuIEZv
cnNjaHVuZ3NuZXR6ZXMgZS4gVi4xEDAOBgNVBAsMB0RGTi1QS0kxJTAjBgNVBAMM
HERGTi1WZXJlaW4gR2xvYmFsIElzc3VpbmcgQ0EwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCdO3kcR94fhsvGadcQnjnX2aIw23IcBX8pX0to8a0Z1kzh
axuxC3+hq+B7i4vYLc5uiDoQ7lflHn8EUTbrunBtY6C+li5A4dGDTGY9HGRp5Zuk
rXKuaDlRh3nMF9OuL11jcUs5eutCp5eQaQW/kP+kQHC9A+e/nhiIH5+ZiE0OR41I
X2WZENLZKkntwbktHZ8SyxXTP38eVC86rpNXp354ytVK4hrl7UF9U1/Isyr1ijCs
7RcFJD+2oAsH/U0amgNSoDac3iSHZeTn+seWcyQUzdDoG2ieGFmudn730Qp4PIdL
sDfPU8o6OBDzy0dtjGQ9PFpFSrrKgHy48+enTEzNAgMBAAGjggIFMIICATASBgNV
HRMBAf8ECDAGAQH/AgEBMA4GA1UdDwEB/wQEAwIBBjApBgNVHSAEIjAgMA0GCysG
AQQBga0hgiweMA8GDSsGAQQBga0hgiwBAQQwHQYDVR0OBBYEFGs6mIv58lOJ2uCt
sjIeCR/oqjt0MB8GA1UdIwQYMBaAFJPj2DIm2tXxSqWRSuDqS+KiDM/hMIGPBgNV
HR8EgYcwgYQwQKA+oDyGOmh0dHA6Ly9jZHAxLnBjYS5kZm4uZGUvZ2xvYmFsLXJv
b3QtZzItY2EvcHViL2NybC9jYWNybC5jcmwwQKA+oDyGOmh0dHA6Ly9jZHAyLnBj
YS5kZm4uZGUvZ2xvYmFsLXJvb3QtZzItY2EvcHViL2NybC9jYWNybC5jcmwwgd0G
CCsGAQUFBwEBBIHQMIHNMDMGCCsGAQUFBzABhidodHRwOi8vb2NzcC5wY2EuZGZu
LmRlL09DU1AtU2VydmVyL09DU1AwSgYIKwYBBQUHMAKGPmh0dHA6Ly9jZHAxLnBj
YS5kZm4uZGUvZ2xvYmFsLXJvb3QtZzItY2EvcHViL2NhY2VydC9jYWNlcnQuY3J0
MEoGCCsGAQUFBzAChj5odHRwOi8vY2RwMi5wY2EuZGZuLmRlL2dsb2JhbC1yb290
LWcyLWNhL3B1Yi9jYWNlcnQvY2FjZXJ0LmNydDANBgkqhkiG9w0BAQsFAAOCAQEA
gXhFpE6kfw5V8Amxaj54zGg1qRzzlZ4/8/jfazh3iSyNta0+x/KUzaAGrrrMqLGt
Mwi2JIZiNkx4blDw1W5gjU9SMUOXRnXwYuRuZlHBQjFnUOVJ5zkey5/KhkjeCBT/
FUsrZpugOJ8Azv2n69F/Vy3ITF/cEBGXPpYEAlyEqCk5bJT8EJIGe57u2Ea0G7UD
DDjZ3LCpP3EGC7IDBzPCjUhjJSU8entXbveKBTjvuKCuL/TbB9VbhBjBqbhLzmyQ
GoLkuT36d/HSHzMCv1PndvncJiVBby+mG/qkE5D6fH7ZC2Bd7L/KQaBh+xFJKdio
LXUV2EoY6hbvVTQiGhONBg==
-----END CERTIFICATE-----
2 s:C = DE, O = Verein zur Foerderung eines Deutschen Forschungsnetzes e. V., OU = DFN-PKI, CN = DFN-Verein Certification Authority 2
i:C = DE, O = T-Systems Enterprise Services GmbH, OU = T-Systems Trust Center, CN = T-TeleSec GlobalRoot Class 2
Page 22
1 Short Introduction into the CLI openssl
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgIJAOML1fivJdmBMA0GCSqGSIb3DQEBCwUAMIGCMQswCQYD
VQQGEwJERTErMCkGA1UECgwiVC1TeXN0ZW1zIEVudGVycHJpc2UgU2VydmljZXMg
R21iSDEfMB0GA1UECwwWVC1TeXN0ZW1zIFRydXN0IENlbnRlcjElMCMGA1UEAwwc
VC1UZWxlU2VjIEdsb2JhbFJvb3QgQ2xhc3MgMjAeFw0xNjAyMjIxMzM4MjJaFw0z
MTAyMjIyMzU5NTlaMIGVMQswCQYDVQQGEwJERTFFMEMGA1UEChM8VmVyZWluIHp1
ciBGb2VyZGVydW5nIGVpbmVzIERldXRzY2hlbiBGb3JzY2h1bmdzbmV0emVzIGUu
IFYuMRAwDgYDVQQLEwdERk4tUEtJMS0wKwYDVQQDEyRERk4tVmVyZWluIENlcnRp
ZmljYXRpb24gQXV0aG9yaXR5IDIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQDLYNf/ZqFBzdL6h5eKc6uZTepnOVqhYIBHFU6MlbLlz87TV0uNzvhWbBVV
dgfqRv3IA0VjPnDUq1SAsSOcvjcoqQn/BV0YD8SYmTezIPZmeBeHwp0OzEoy5xad
rg6NKXkHACBU3BVfSpbXeLY008F0tZ3pv8B3Teq9WQfgWi9sPKUA3DW9ZQ2PfzJt
8lpqS2IB7qw4NFlFNkkF2njKam1bwIFrEczSPKiL+HEayjvigN0WtGd6izbqTpEp
PbNRXK2oDL6dNOPRDReDdcQ5HrCUCxLx1WmOJfS4PSu/wI7DHjulv1UQqyquF5de
M87I8/QJB+MChjFGawHFEAwRx1npAgMBAAGjggF0MIIBcDAOBgNVHQ8BAf8EBAMC
AQYwHQYDVR0OBBYEFJPj2DIm2tXxSqWRSuDqS+KiDM/hMB8GA1UdIwQYMBaAFL9Z
IDYAeaCgImuM1fJh0rgsy4JKMBIGA1UdEwEB/wQIMAYBAf8CAQIwMwYDVR0gBCww
KjAPBg0rBgEEAYGtIYIsAQEEMA0GCysGAQQBga0hgiweMAgGBmeBDAECAjBMBgNV
HR8ERTBDMEGgP6A9hjtodHRwOi8vcGtpMDMzNi50ZWxlc2VjLmRlL3JsL1RlbGVT
ZWNfR2xvYmFsUm9vdF9DbGFzc18yLmNybDCBhgYIKwYBBQUHAQEEejB4MCwGCCsG
AQUFBzABhiBodHRwOi8vb2NzcDAzMzYudGVsZXNlYy5kZS9vY3NwcjBIBggrBgEF
BQcwAoY8aHR0cDovL3BraTAzMzYudGVsZXNlYy5kZS9jcnQvVGVsZVNlY19HbG9i
YWxSb290X0NsYXNzXzIuY2VyMA0GCSqGSIb3DQEBCwUAA4IBAQCHC/8+AptlyFYt
1juamItxT9q6Kaoh+UYu9bKkD64ROHk4sw50unZdnugYgpZi20wz6N35at8yvSxM
R2BVf+d0a7Qsg9h5a7a3TVALZge17bOXrerufzDmmf0i4nJNPoRb7vnPmep/11I5
LqyYAER+aTu/de7QCzsazeX3DyJsR4T2pUeg/dAaNH2t0j13s+70103/w+jlkk9Z
PpBHEEqwhVjAb3/4ru0IQp4e1N8ULk2PvJ6Uw+ft9hj4PEnnJqinNtgs3iLNi4LY
2XjiVRKjO4dEthEL1QxSr2mMDwbf0KJTi1eYe8/9ByT0/L3D/UqSApcb8re2z2WK
GqK1chk5
-----END CERTIFICATE-----
---
Server certificate
subject=C = DE, ST = Nordrhein-Westfalen, L = Siegen, O = Universitaet Siegen, CN = mail.uni-siegen.de
issuer=C = DE, O = Verein zur Foerderung eines Deutschen Forschungsnetzes e. V., OU = DFN-PKI, CN = DFN-Verein Global Issuing CA
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 5490 bytes and written 446 bytes
Verification: OK
---
New, TLSv1.2, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES128-GCM-SHA256
Session-ID: 541F00003A7E8C0C2752B7A9311FFF3F3FFEF9906C73CD66A8E32090AC203137
Session-ID-ctx:
Master-Key: F95B5BEEACC98FB50B014F90A64D3E733304DF995105C25EFB4E6983ECBF9D170E8CF51845C5CF47F18BE2B530782D7C
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1592595632
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: yes
---
* OK University Siegen IMAP4 service is ready.
Page 23
1 Short Introduction into the CLI openssl
OpenSSL 3.0.0 was officially released beginning of September 2021 after 3 years of development.32 From version
3, OpenSSL is under the Apache 2.0 license, which simplifies its use in other open-source projects.
As part of a bachelor thesis a plugin was built that made OpenSSL available in the browser in CrypTool-Online
(CTO). This was done by first porting OpenSSL 1.1.1 to WebAssembly (wasm); and with this experience it was
easy to bring the now released OpenSSL 3.0.0 to WebAssembly and make it available still in September 2021.
This CTO plugin can be reached at:33
https://www.cryptool.org/en/cto/openssl
Here you can perform all OpenSSL command line commands34 which do not use any special feature of the
bash shell apart from the pipe. As a result, almost all commands in this chapter can be executed ad hoc without
having to install OpenSSL. This should be of particular interest on the go or for Windows and MAC users who
need an OpenSSL command quickly.
WebAssembly has a virtual memory in the browser in which the generated files are stored. Input files can also be
uploaded there.
To demonstrate and to support teaching, a few functions were made available in the CTO OpenSSL plugin
directly in the GUI in 5 tabs (Encrypt&Decrypt, Generate Keys, Sign&Verify, Hashes, Files). If you perform an
action in the GUI, the corresponding OpenSSL command is displayed synchronously on the command line.
Figure 1.1 on the following page shows how a text was encrypted using AES and a password by selecting the
according buttons in the GUI, and what the corresponding OpenSSL command looks like on the command
line.
Figure 1.2 on page 26 shows the “Files” tab, in which a file can be seen in the virtual data system that contains
the private key that was generated beforehand via OpenSSL.
Thus, with this CTO plugin even as a beginner, you can get to know the OpenSSL commands and even use
OpenSSL on your smartphone.
32
https://www.openssl.org/blog/blog/2021/09/07/OpenSSL3.Final/
33
In the meantime, the Web terminal (XXXXLINKxxxx) was heavily improved and the OpenSSL plugin can run in its own thread and
can use a browser fullscreen view. (state December 2023)
34
The first version of WebOpenSSL could handle commands which require a user interaction (e. g. when creating certificates) only by
taking a detour of a file interface: The data for the certificate is written to a config file, this file is uploaded and then used by OpenSSL in
the browser.
Page 24
1 Short Introduction into the CLI openssl
Page 25
1 Short Introduction into the CLI openssl
Page 26
1 Short Introduction into the CLI openssl
3. An Introduction to Cryptography using OpenSSL – Part I , 2020, good tutorial by Chris Morris
https://integralpublication.com/2020/03/16/an-introduction-to-cryptography-using-opens
sl-part-i/
4. Getting started with OpenSSL: Cryptography basics, 2019, good tutorial by Marty Kalin
https://opensource.com/article/19/6/cryptography-basics-openssl-part-1
5. How to use OpenSSL: Hashes, digital signatures, and more, 2019, Marty Kalin
https://opensource.com/article/19/6/cryptography-basics-openssl-part-2
7. An Introduction to the OpenSSL command line tool, 2004, tutorial by Philippe Camacho
https://users.dcc.uchile.cl/~pcamacho/tutorial/crypto/openssl/openssl_intro.html
10. Hybrid encryption with OpenSSL using openssl genrsa and openssl rsa, 2015
https://gist.github.com/markus-k/fc37c36e13b32c8a6dd1
11. OpenSSL – Kryptologie in C, 2009, Ernst-Günter Giessmann, student lecture notes (p. 54 reference to
the CTB)
https://www.mathematik.hu-berlin.de/~wilhelm/openssl-notizen.pdf
12. OpenSSL Cookbook – A Short Guide to the Most Frequently Used OpenSSL Features and Commands, 3rd
ed., 2022, Ivan Ristić
https://www.feistyduck.com/library/openssl-cookbook/online
The openssl examples from this book plus their according Shell and Python scripts can be found on the
CrypTool website. Further details can be found in the list on page 28.
Page 27
2 Lists of Figures, Tables, Code Examples, etc.
You can find these four scripts with the openssl examples from this book on the CrypTool website:
https://www.cryptool.org/en/documentation/ctbook/openssl
All examples have been tested with OpenSSL version 1.1.1l (release date 2021-08-24).
All SageMath examples of this book can be found on the CrypTool website:
https://www.cryptool.org/en/documentation/ctbook/sagemath
The names of the SageMath script files contain first the chapter number and then the running number of the
script within that chapter, e. g. chap09_sample110.sage.
All examples have been tested with the SageMath versions 9.3 (release date 2021-05-09) under Windows, 9.5
(release date 2022-01-30) under Linux, and 10.0 (release date 2023-05-23) under macOS.
Page 28
3 Index
A L
algebraic attack, see attack, algebraic last theorem, see Fermat, last theorem
algebraic cryptanalysis, see cryptanalysis, algebraic LFSR, see shift register, linear
ANF, see normal form, algebraic little theorem, see Fermat, little theorem
artificial intelligence, see AI
M
C maximal message size, 8
CBC, see mode of operation modulus, 5
challenge, see cipher challenge multiparty computation, see MPC
CNF, see normal form, conjunctive MysteryTwister, see MTW
CRT, see Chinese remainder theorem MysteryTwister C3, see MTW
CrypTool-Online, see CTO
CrypTool 1, see CT1 N
CrypTool 2, see CT2 neural network, see AI
CTF Capture-the-flag, 10 NLFSR, see shift register, nonlinear
D O
DL problem, see logarithm problem, discrete OAEP, 8
DNF, see normal form, disjunctive one-time pad, see OTP
double-column transposition, see transposition OpenSSL, 2
code examples, 2
E samples, 28
ECB, see mode of operation optimal asymmetric encryption padding, see OAEP
ECC, see elliptic curve
P
F phi function, see Euler, (phi) function
factoring, see factorization PKCS, 5, 8
fast fourier transformation, see FFT plaintext
feedback shift register, see shift register known, see attack
FSR, see shift register post-quantum cryptography, see PQC
prime number factorization, see factorization
G PRNG, see random generator
general number field sieve, see GNFS pseudorandom generator, see random generator
GnuPG, 2
gpg, see GnuPG R
remainder set, see residue system
J RSA, 8
JCrypTool, see JCT multi-prime, 5
OAEP, 8
K
textbook, see textbook RSA
KDF, 4
RsaCtfTool, 10
key exchange
Diffie-Hellman, see Diffie-Hellman S
key-derivation function, see KDF SageMath
known-plaintext, see attack code examples, 28
satisfiability, see SAT
29
Index
T
textbook RSA, 8, 13, 15
triple DES, see DES, triple DES
Page 30