Forrest logo
tool overview
On this page you find all important commands for the CLI tool openssl. If the command you are looking for is missing please ask our AI.

openssl

OpenSSL is a powerful open-source command-line tool used for various cryptographic operations. It provides functionality to create, manage, and validate certificates and cryptographic keys. OpenSSL supports numerous encryption algorithms and protocols, making it widely used for secure communication over networks.

With OpenSSL, you can generate private and public key pairs, which are fundamental components of secure communication. It allows you to create RSA, DSA, and ECDSA keys, as well as X.509 certificates.

The tool assists in creating a Certificate Signing Request (CSR) that is necessary for obtaining SSL/TLS certificates from Certificate Authorities (CAs). It also helps in managing those certificates and allows you to convert them between different formats, such as PEM, DER, and PFX.

OpenSSL facilitates encryption and decryption using symmetric and asymmetric key algorithms, such as AES, DES, and RSA. It supports secure file transfers using protocols like SFTP and offers functionality to encrypt and decrypt files with ease.

Additionally, OpenSSL is capable of generating cryptographic hashes (message digests) like MD5, SHA1, and SHA256, which are widely used for data integrity verification and password hashing.

The tool provides functionality to test the SSL/TLS security of servers and diagnose any potential vulnerabilities or misconfigurations. This feature is beneficial for system administrators and security professionals.

OpenSSL is cross-platform and widely supported, enabling its usage on various operating systems like Linux, macOS, and Windows.

The tool is extensible through its comprehensive APIs, allowing developers to integrate OpenSSL functionalities into their applications and software systems.

OpenSSL has an active community that regularly updates and maintains the tool, ensuring its security, reliability, and compatibility.

The command-line interface of OpenSSL provides a flexible and efficient way to perform cryptographic operations, making it a popular choice among developers, administrators, and security experts.

List of commands for openssl:

  • openssl-dgst:tldr:2c8ca openssl-dgst: Sign a file using and ECDSA key.
    $ openssl dgst -sign ${private_key_file} -sha256 -out ${output_file} ${input_file}
    try on your machine
    explain this command
  • openssl-dgst:tldr:4f448 openssl-dgst: Sign a file using an RSA key, saving the result to a specific file.
    $ openssl dgst -sign ${private_key_file} -sha256 -sigopt rsa_padding_mode:pss -out ${output_file} ${input_file}
    try on your machine
    explain this command
  • openssl-dgst:tldr:5ae71 openssl-dgst: Verify an ECDSA signature.
    $ openssl dgst -verify ${public_key_file} -signature ${signature_file} ${signature_message_file}
    try on your machine
    explain this command
  • openssl-dgst:tldr:ab8cd openssl-dgst: Calculate the SHA256 digest for a file, saving the result to a specific file.
    $ openssl dgst -sha256 -binary -out ${output_file} ${input_file}
    try on your machine
    explain this command
  • openssl-dgst:tldr:b9f99 openssl-dgst: Verify an RSA signature.
    $ openssl dgst -verify ${public_key_file} -signature ${signature_file} -sigopt rsa_padding_mode:pss ${signature_message_file}
    try on your machine
    explain this command
  • openssl-genpkey:tldr:6ece1 openssl-genpkey: Generate an `ED25519` elliptic curve private key, saving it to a specific file.
    $ openssl genpkey -algorithm ${ED25519} -out ${filename-key}
    try on your machine
    explain this command
  • openssl-genpkey:tldr:7928b openssl-genpkey: Generate an RSA private key of 2048 bits, saving it to a specific file.
    $ openssl genpkey -algorithm rsa -pkeyopt rsa_keygen_bits:${2048} -out ${filename-key}
    try on your machine
    explain this command
  • openssl-genpkey:tldr:fd389 openssl-genpkey: Generate an elliptic curve private key using the curve `prime256v1`, saving it to a specific file.
    $ openssl genpkey -algorithm EC -pkeyopt ec_paramgen_curve:${prime256v1} -out ${filename-key}
    try on your machine
    explain this command
  • openssl-genrsa:tldr:03797 openssl-genrsa: Generate an RSA private key of 2048 bits to `stdout`.
    $ openssl genrsa
    try on your machine
    explain this command
  • openssl-genrsa:tldr:2b4f7 openssl-genrsa: Generate an RSA private key and encrypt it with AES256 (you will be prompted for a passphrase).
    $ openssl genrsa ${-aes256}
    try on your machine
    explain this command
  • openssl-genrsa:tldr:5129f openssl-genrsa: Save an RSA private key of an arbitrary number of bits to the output file.
    $ openssl genrsa -out ${output_file-key} ${1234}
    try on your machine
    explain this command
  • openssl-prime:tldr:686e9 openssl-prime: Check if a given number is prime.
    $ openssl prime ${number}
    try on your machine
    explain this command
  • openssl-prime:tldr:aa9cc openssl-prime: Generate a 2048bit prime number and display it in hexadecimal.
    $ openssl prime -generate -bits 2048 -hex
    try on your machine
    explain this command
  • openssl-req:tldr:3d544 openssl-req: Generate a self-signed certificate and a corresponding key-pair, storing both in a file.
    $ openssl req -new -x509 -newkey ${rsa}:${4096} -keyout ${filename-key} -out ${filename-cert} -subj "${-C=XX-CN=foobar}" -days ${365}
    try on your machine
    explain this command
  • openssl-req:tldr:9c946 openssl-req: Generate a certificate signing request to be sent to a certificate authority.
    $ openssl req -new -sha256 -key ${filename-key} -out ${filename-csr}
    try on your machine
    explain this command
  • openssl-s_client:tldr:04296 openssl-s_client: Set the Server Name Indicator (SNI) when connecting to the SSL/TLS server.
    $ openssl s_client -connect ${host}:${port} -servername ${hostname}
    try on your machine
    explain this command
  • openssl-s_client:tldr:0f40d openssl-s_client: Display the certificate presented by an SSL/TLS server.
    $ openssl s_client -connect ${host}:${port}
    try on your machine
    explain this command
  • openssl-s_client:tldr:7221b openssl-s_client: Display the start and expiry dates for a domain's certificate.
    $ openssl s_client -connect ${host}:${port} 2>/dev/null | openssl x509 -noout -dates
    try on your machine
    explain this command
  • openssl-s_client:tldr:c6144 openssl-s_client: Display the complete certificate chain of an HTTPS server.
    $ openssl s_client -connect ${host}:443 -showcerts
    try on your machine
    explain this command
  • openssl-ts:tldr:01897 openssl-ts: Generate a SHA-512 timestamp request of a specific file and output to `file.tsq`.
    $ openssl ts -query -data ${filename} -sha512 -out ${filename-tsq}
    try on your machine
    explain this command
  • openssl-ts:tldr:420ae openssl-ts: Verify a timestamp request file and a timestamp response file from the server with an SSL certificate file.
    $ openssl ts -verify -in ${filename-tsr} -queryfile ${filename-tsq} -partial_chain -CAfile ${path-to-cert-pem}
    try on your machine
    explain this command
  • openssl-ts:tldr:c49ba openssl-ts: Create a timestamp response for request using key and signing certificate and output it to `file.tsr`.
    $ openssl ts -reply -queryfile ${filename-tsq} -inkey ${path-to-tsakey-pem} -signer tsacert.pem -out ${filename-tsr}
    try on your machine
    explain this command
  • openssl-ts:tldr:d9f23 openssl-ts: Check the date and metadata of a specific timestamp response file.
    $ openssl ts -reply -in ${filename-tsr} -text
    try on your machine
    explain this command
  • openssl-x509:tldr:95826 openssl-x509: Store a certificate's public key in a file.
    $ openssl x509 -in ${certificate_file} -noout -pubkey -out ${output_file}
    try on your machine
    explain this command
  • openssl-x509:tldr:c71b1 openssl-x509: Display certificate information.
    $ openssl x509 -in ${filename-crt} -noout -text
    try on your machine
    explain this command
  • openssl-x509:tldr:f2dc5 openssl-x509: Convert a certificate between binary DER encoding and textual PEM encoding.
    $ openssl x509 -inform ${der} -outform ${pem} -in ${original_certificate_file} -out ${converted_certificate_file}
    try on your machine
    explain this command
  • openssl-x509:tldr:fb5c5 openssl-x509: Display a certificate's expiration date.
    $ openssl x509 -enddate -noout -in ${filename-pem}
    try on your machine
    explain this command
  • openssl:tldr:5e17b openssl: Print the version of OpenSSL.
    $ openssl version
    try on your machine
    explain this command
  • openssl:tldr:89ff7 openssl: Print a list of available subcommands.
    $ openssl help
    try on your machine
    explain this command
  • openssl:tldr:bfc65 openssl: Print options for a specific subcommand.
    $ openssl help ${x509}
    try on your machine
    explain this command
  • ssl:certificate:self-signed:create Generate a self-signed SSL certificate
    $ openssl req -x509 -newkey rsa:4096 -keyout ${key_file} -out ${cert_file} -sha256 -days ${expiration_days}
    try on your machine
    explain this command
tool overview