Bloque4-Tema9-OpenSSL

Question 1

Ver info de CRL

Answer 1

openssl crl -inform PEM -text -in test.crl

Question 2

Ver solo encabezado

Answer 2

openssl crl -inform PEM -text -in test.crl | head

Question 3

Ver series de revocados

Answer 3

openssl crl -inform DER -text -in test.crl | grep ‘Serial|Revocation’

Question 4

Buscar si un certificado está revocado (buscar serial)

Answer 4

openssl crl -inform DER -text -in test.crl | grep -A1 ‘numeroserial’

Question 5

Crear clave privada y cert

Answer 5

openssl req -x509 -newkey rsa:4096 -keyout key.pem -out test.pem -days 365

Question 6

Que es CSR(certificate Signing request)

Answer 6

En los sistemas de infraestructura de clave pública, una certificate signing request es un mensaje enviado por un solicitante a una autoridad de registro de la infraestructura de clave pública para solicitar un certificado de identidad digital.

Question 7

Crear una privada y CSR

Answer 7

openssl req -newkey rsa:2048 -keyout PRIVATEKEY.key -out MYCSR.csr

Question 8

Crear CSR de una privada ya existente

Answer 8

openssl req -new -key PRIVATEKEY.key -out MYCSR.csr

Question 9

Crear publica a partir de privada

Answer 9

openssl rsa -in mykey.pem -pubout > mykey.pub

Question 10

Crear publica a partir de csr

Answer 10

openssl req -in csr.txt -noout -pubkey -out publickey.pem

Question 11

Ver info certificado

Answer 11

openssl x509 -in test.cer -text -noout

Question 12

Convertir DER a PEM

Answer 12

openssl x509 -inform der -in test.cer -out test.pem

Question 13

Ver info de clave pública

Answer 13

openssl asn1parse -i -in test.pem

Question 14

Validar que un cert corresponde a una CA

Answer 14

openssl verify -verbose -CAfile Intermediate.pem UserCert.pem

Question 15

Agregar password a una private key sin pass

Answer 15

openssl pkcs8 -topk8 -in source.key -out encrypted.key

Question 16

Crear un certificado con una key de CA

Answer 16

openssl x509 -req -days 360 -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt

Question 17

Crear una clave privada

Answer 17

ssh ssh-keygen -f newkey.key -t rsa -b 4096

Question 18

crear una publica ssh a partir de una privada

Answer 18

ssh-keygen -y -f id_rsa

Question 19

Cambiar formato de publica de SSH2 a OpenSSH

Answer 19

ssh-keygen -i -f ssh2_pub_key > pub_key.pub

Question 20

Ver info de un jks/pfx/p12

Answer 20

keytool -list -keystore keystore.jks

Question 21

Exportar private key a partir de pfx

Answer 21

openssl pkcs12 -in certname.pfx -nocerts -out key.pem -nodes

Question 22

Exportar certificado a partir de pfx

Answer 22

openssl pkcs12 -in certname.pfx -nokeys -out cert.pem

Question 23

Crear pfx/p12 a partir de key y cert

Answer 23

openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt

Question 24

Encriptar simétrico

Answer 24

openssl enc -aes-256-cbc -a -salt -in archivoAEncriptar.txt -out archivoEncriptado.txt

Question 25

Encriptar asimétrico

Answer 25

openssl rsautl -encrypt -inkey public.pem -pubin -in archivoAEncriptar.txt -out archivoEncriptado.txt

Question 26

Decriptar asimétrico

Answer 26

openssl rsautl -decrypt -inkey priv.pem -in archivoEncriptado.txt -out archivoDecriptado

Question 27

Firmado.

Answer 27

openssl dgst -sha256 data.txt > hash
openssl rsautl -sign -inkey privatekey.pem -keyform PEM -in hash >signature

Question 28

verificar firma

Answer 28

openssl rsautl -verify -inkey publickey.pem -pubin -keyform PEM -in signature