Cryptography Stack Exchange
Cryptography Stack Exchange

Questions tagged [openssl]

OpenSSL is an open source implementation of the SSL and TLS protocols. Questions about how to use the OpenSSL tools and libraries are usually better asked at Stack Overflow or Super User.

OpenSSL is an open source implementation of the SSL and TLS protocols. The OpenSSL ssl library — which implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols — can be found at https://www.openssl.org/.

Note that questions about using the OpenSSL toolkit and libraries are generally off-topic on Crypto.SE, and should be asked at Stack Overflow (for the libraries) or Super User (for the command-line tools) instead. Questions about professional server administration tasks involving OpenSSL (such a certificate management) may also be on-topic at Server Fault.

370 questions
5
votes
1 answer

Encryption, Decryption using OpenSSL

How to use OpenSSL in windows for encryption and decryption ?
Logan
  • 505
  • 1
  • 4
  • 15
4
votes
2 answers

OpenSSL Signature different each time

I have a file that I am generating a signature for using OpenSSL, and each time I generate the signature, it is different to the last time. openssl dgst -sha1 -sign update_key.pem TERM010134.bin > Update.sig Anyone able to tell me why that might…
chadianscot
  • 345
  • 2
  • 7
3
votes
1 answer

OpenSSL: Call X509_verify_cert on a certificate with OIDs unknown to openssl

I have a DS and a csca certificate that contain special OIDs from the BSI. They are: 0.4.0.127.0.7.4.1.1 ECDSA with SHA1 (BSI) 0.4.0.127.0.7.4.1.2 ECDSA with SHA224 (BSI) 0.4.0.127.0.7.4.1.3 ECDSA with SHA256 (BSI) 0.4.0.127.0.7.4.1.4 ECDSA with…
tzippy
  • 143
  • 4
2
votes
1 answer

Is this a good PHP encryption Strategy?

I'm writing a multi-tenant application that interacts with a couple of different APIs on behalf of each customer. Obviously, we need to store private keys for these various different APIs in the database so that we can connect to them. Goes without…
Dominic Kirby
  • 29
  • 3
2
votes
0 answers

openssl command line equivalent of AESWrap? (defined in RFC3394; use in AmazonS3 Client Side Encryption of datakey wrapping)

when dealing with S3 Client Side Encryption, it's using "AESWrap" (defined in rfc3394) algorithm to encrypt the data-key; I'm trying to play with openssl command line to see if it's possible decrypt it "AESWrap", does anyone know how to use call…
phillip
  • 21
  • 1
1
vote
1 answer

Is there a difference between password and key?

I encrypt data with this command: openssl aes-256-cbc -a -salt -in C:\Users\User\secrets.txt -out C:\Users\User\secrets.txt.encs The program then asks that I... enter aes-256-cbc encryption password: Is the encryption password the same as the key?…
Michael Hathe
  • 13
  • 3
1
vote
1 answer

Question about OpenSSL testing for FIPS 186-4 and using BN_generate_prime_ex

I am working on testing my implementation of OpenSSL using the CAVP 186-4 RSA Validation System (RSA2VS). There are tools under openssl-fips-2.0.16/test and I am working on modifying fips_rsagtest.c to process the 186-4 test vectors the way I need…
Toby
  • 21
  • 4
1
vote
1 answer

Question about using BN_rand()

I am working on a project and I'm noticing a peculiar behavior that I was hoping someone could tell me if it is correct or not. I have a program that is trying to generate some random numbers using BN_rand(). Snippet of code follows: BIGNUM *test =…
Toby
  • 21
  • 4
1
vote
3 answers

Differences between DSA and RSA Algorithms

Despite having learned much related to RSA and DSA, I cannot understand their differences. Can anyone tell me at least 4-5 differences between these algorithms? I have just used them for two-factor authentication (Linux OpenSSL).
Ankit
1
vote
3 answers

"Strict" software for playing and learning with private and public key

my question is just for teaching/learning practice and I think it's not meaningful for the real world. I've played with openssl a lot but from my understanding it's somehow not strict in the format of the input because it's capable of understanding…
user2984629
  • 13
  • 3
1
vote
1 answer

How do I properly generate pkcs#12 keystore?

I have an application that needs to communicate with the bank for online transactions. I am using OpenSSL 3.0.8.7 in Windows 11. I generated a private key using: openssl genrsa -out rsa_key.pem 2048 Then a Certifate Signing Request using: openssl…
objecttothis
  • 39
  • 2
0
votes
1 answer

Difference in key generation with genpkey and genrsa

What is the difference in key generation with commands below? openssl genpkey -algorithm RSA -out key1.pem key1.pem content: -----BEGIN PRIVATE KEY----- ... -----END PRIVATE KEY----- openssl genrsa -out key2.pem key2.pem content: -----BEGIN RSA…
vico
  • 101
0
votes
2 answers

CSR creation in android

I'm trying to generate a csr with spongyCastle in android that has to be submited to a webservice. My problem is that the webservice always complains that the CSR is not in DER or PEM format. On the other hand, if i use Openssl command line to…
nelson pires
  • 1
  • 1
0
votes
1 answer

How to use openssl securely?

I don't want openssl to log my keys and passwords... but I don't use gpg as I need more manual control for my purpose. I also don't like gpg and would like to use openssl without logging. Does openssl too engaging in logging when I open the…
Mini kute
  • 33
  • 3
0
votes
1 answer

How to check a signed CSR with openssl?

I just learned that a CSR can be signed. See this Why is a CSR signed and which key is used for signing? I tried to check the csr with below openssl command, but failed with errors "139942025398160:error:0906D06C:PEM routines:PEM_read_bio:no start…
Feng Xi
  • 103
  • 2
1
2