__ _______________________ _________._________________________ \_ _____/ \______ \ / _ \ / _____/ / _____/ | | \_ _____/ | __) | _/ / /_\ \ / \ ___ / \ ___ | | | __)_ | \ | | \ / | \ \ \_\ \ \ \_\ \ | |___ | \ \___ / |____|_ / \____|__ / \______ / \______ / |_______ \ /_______ / \/ \/ \/ \/ \/ \/ \/

openssl Cheatsheet

← Back to cheatsheets

← Home

OpenSSL is a cryptography toolkit providing implementations of SSL/TLS protocols and various cryptographic algorithms. Essential for certificate management, encryption, and secure communications.

Hashes

  • openssl dgst -sha256 file.txt - Calculate SHA-256 hash
  • openssl dgst -md5 file.txt - Calculate MD5 hash
  • openssl dgst -sha512 file.txt - Calculate SHA-512 hash
  • echo -n "text" | openssl dgst -sha256 - Hash from stdin

Base64 Encoding

  • openssl base64 -in file.txt - Base64 encode
  • openssl base64 -d -in encoded.txt - Base64 decode
  • echo "text" | openssl base64 - Encode from stdin

Certificate Management

  • openssl x509 -in cert.pem -text -noout - View certificate details
  • openssl x509 -in cert.pem -dates -noout - Show validity dates
  • openssl x509 -in cert.pem -fingerprint -noout - Show fingerprint
  • openssl req -new -x509 -key key.pem -out cert.pem -days 365 - Generate self-signed cert

Key Generation

  • openssl genrsa -out key.pem 2048 - Generate RSA private key (2048 bits)
  • openssl genrsa -out key.pem 4096 - Generate RSA private key (4096 bits)
  • openssl ecparam -genkey -name secp256r1 -out key.pem - Generate EC private key
  • openssl rsa -in key.pem -pubout -out pubkey.pem - Extract public key

Encryption/Decryption

  • openssl enc -aes-256-cbc -salt -in file.txt -out file.enc - Encrypt file
  • openssl enc -aes-256-cbc -d -in file.enc -out file.txt - Decrypt file
  • openssl enc -aes-256-gcm -in file.txt -out file.enc - Encrypt with GCM

SSL/TLS Testing

  • openssl s_client -connect host:443 - Connect to SSL server
  • openssl s_client -connect host:443 -showcerts - Show certificate chain
  • openssl s_client -connect host:443 -servername example.com - SNI support

Common Examples

Calculate Hash

openssl dgst -sha256 file.iso

Calculate SHA-256 hash of file.

View Certificate

openssl x509 -in cert.pem -text -noout

Display certificate information.

Generate Self-Signed Certificate

openssl req -new -x509 -key key.pem -out cert.pem -days 365

Create self-signed certificate valid for 1 year.

Encrypt File

openssl enc -aes-256-cbc -salt -in secret.txt -out secret.enc

Encrypt file with AES-256-CBC.

Test SSL Connection

openssl s_client -connect example.com:443

Test SSL/TLS connection to server.

Tips

  • Use modern algorithms (AES-256-GCM, SHA-256, ECDSA)
  • Always use -salt for encryption (default in newer versions)
  • RSA 2048-bit minimum, prefer 4096 for long-term keys
  • EC keys are smaller and faster than RSA
  • Use s_client to debug SSL/TLS connections
  • Check certificate expiration dates regularly