Encrypt a file using a symmetric key:
openssl enc -aes-256-cbc -salt -in message.txt -out encrypted_message
Decrypt a symmetrically encrypted file:
openssl enc -aes-256-cbc -d -in encrypted_message -out original_message.txt
Encrypt a file using a password-derived key:
openssl enc -aes-256-cbc -pbkdf2 -iter 10000 -in message.txt -out encrypted_message
Generate a random key for symmetric encryption:
openssl rand -base64 32
Generate a private key:
openssl genpkey -algorithm RSA -out private_key.pem
Generate a certificate signing request (CSR):
openssl req -new -key private_key.pem -out csr.pem
Generate a self-signed certificate:
openssl req -new -x509 -key private_key.pem -out certificate.pem
Convert a certificate from PEM to DER format:
openssl x509 -outform der -in certificate.pem -out certificate.der
To generate a 2048-bit RSA key pair:
openssl genrsa -out private_key.pem 2048
To extract the public key from an RSA private key:
openssl rsa -in private_key.pem -pubout -out public_key.pem```
SSL Certificates:
It may contain the sensitive information about the target company. We can find it on the key icon in the URL bar in the most web browsers.
Detect TLS Version: We can also enumerate TLS version as below:
openssl s_client -connect [URL]:443 -tls1
openssl s_client -connect [URL]:443 -tls1_1
openssl s_client -connect [URL]:443 -tls1_2
openssl s_client -connect [URL]:443 -tls1_3