informatique:openssl
Différences
Ci-dessous, les différences entre deux révisions de la page.
Les deux révisions précédentesRévision précédenteProchaine révision | Révision précédente | ||
informatique:openssl [24/03/2021 21:23] – [Chiffrer des fichiers en asymétrique] cyrille | informatique:openssl [17/08/2021 15:43] (Version actuelle) – [CSR generation] cyrille | ||
---|---|---|---|
Ligne 51: | Ligne 51: | ||
openssl req -nodes -newkey rsa:2048 -keyout monserveur.key -out serveur.csr | openssl req -nodes -newkey rsa:2048 -keyout monserveur.key -out serveur.csr | ||
</ | </ | ||
+ | |||
+ | ===== Create Certificate Authority ===== | ||
+ | |||
+ | https:// | ||
+ | |||
===== Decode ===== | ===== Decode ===== | ||
Ligne 79: | Ligne 84: | ||
<code bash> | <code bash> | ||
- | # secret size must be compatible | + | # blowfish may be faster in code implementation, |
- | SECRET=`openssl rand -base64 164` | + | # but recent cpu embed hard coded aes which should be faster ;-) |
+ | # | ||
+ | ALGO=-aes256 | ||
+ | |||
+ | # Create a random secret: | ||
+ | # - secret size must be compatible | ||
+ | # - use hex because base64 add newline | ||
+ | # which will shorter the secret in next commands | ||
+ | # because only first line will be used. | ||
+ | SECRET=`openssl rand -hex 64` | ||
# encrypt the secret: | # encrypt the secret: | ||
Ligne 87: | Ligne 101: | ||
# encrypt file with the secret: | # encrypt file with the secret: | ||
echo $SECRET \ | echo $SECRET \ | ||
- | | openssl enc -blowfish | + | | openssl enc $ALGO -pbkdf2 -salt -pass stdin -in $THE_FILE -out ${THE_FILE}.ssl |
# decrypt the secret: | # decrypt the secret: | ||
Ligne 93: | Ligne 107: | ||
# decrypt the file: | # decrypt the file: | ||
echo $SECRET \ | echo $SECRET \ | ||
- | | openssl enc -d -blowfish | + | | openssl enc -d $ALGO -pbkdf2 -salt -pass stdin -in ${THE_FILE}.ssl -out ${THE_FILE}.clear |
</ | </ | ||
+ | |||
+ | Sources: | ||
+ | * https:// | ||
+ | * https:// | ||
+ | * https:// | ||
+ | * https:// | ||
+ | * https:// | ||
informatique/openssl.1616617424.txt.gz · Dernière modification : 24/03/2021 21:23 de cyrille