13 January 2025 / WRITING, OPENSSL, CRYPTOGRAPHY, SECURITY

Openssl Commands

Writing down some of the openssl commands that I use frequently.

NOTE: This is just a demonstration. Please do not use these commands in production without understanding them. Printing, leaking or sharing private keys can lead to a security breach.

Serialization formats
Key Pair
Certificate Signing Request (CSR)
Certificate
ASN.1 (Abstract Syntax Notation One) parsing
Certificate Revocation List (CRL)

Serialization formats

PEM (Privacy Enhanced Mail) and DER (Distinguished Encoding Rules) are two widely used formats for serializing cryptographic objects.

DER is a binary format, and PEM is a base64 encoded DER format with header and footer lines.

Key Pair

Generate an elliptic curve P-256 key and serialize it to a file in PEM format

openssl ecparam -genkey -name prime256v1 -out private-key.pem

Print the contents of the private key

openssl ec -in private-key.pem -text -noout

Generate a public key from the private key

openssl ec -in private-key.pem -pubout -out public-key.pem

Print the contents of the public key

openssl ec -in public-key.pem -pubin -text -noout

PEM to DER and DER to PEM conversion

openssl ec -in private-key.pem -outform DER -out private-key.der
openssl ec -in private-key.der -inform DER -out private-key.pem

Certificate Signing Request (CSR)

Generate a CSR using the private key

openssl req -new -key private-key.pem -out csr.pem

Print the contents of the CSR

openssl req -in csr.pem -text -noout

PEM to DER and DER to PEM conversion

openssl req -in csr.pem -outform DER -out csr.der
openssl req -in csr.der -inform DER -out csr.pem

Certificate

Generate a self-signed certificate using the private key

openssl req -new -x509 -key private-key.pem -out certificate.pem

Print the contents of the certificate

openssl x509 -in certificate.pem -text -noout

PEM to DER and DER to PEM conversion

openssl x509 -in certificate.pem -outform DER -out certificate.der
openssl x509 -in certificate.der -inform DER -out certificate.pem

ASN.1 (Abstract Syntax Notation One) parsing

Parse the contents of the private key

openssl asn1parse -in private-key.pem

Parse the contents of the public key

openssl asn1parse -in public-key.pem

Parse the contents of the CSR

openssl asn1parse -in csr.pem

Parse the contents of the certificate

openssl asn1parse -in certificate.pem

Certificate Revocation List (CRL)

TODO: This requires setting up the CA and issuing a certificate. Will cover in the separate post.

Openssl Commands

Table of Contents

Serialization formats

Key Pair

Generate an elliptic curve P-256 key and serialize it to a file in PEM format

Print the contents of the private key

Generate a public key from the private key

Print the contents of the public key

PEM to DER and DER to PEM conversion

Certificate Signing Request (CSR)

Generate a CSR using the private key

Print the contents of the CSR

PEM to DER and DER to PEM conversion

Certificate

Generate a self-signed certificate using the private key

Print the contents of the certificate

PEM to DER and DER to PEM conversion

ASN.1 (Abstract Syntax Notation One) parsing

Parse the contents of the private key

Parse the contents of the public key

Parse the contents of the CSR

Parse the contents of the certificate

Certificate Revocation List (CRL)

Cryptography Basics