Différences

Ci-dessous, les différences entre deux révisions de la page.

--- informatique:openssl [24/03/2021 21:23] – [Chiffrer des fichiers en asymétrique] cyrille
+++ informatique:openssl [17/08/2021 15:43] (Version actuelle) – [CSR generation] cyrille
@@ Ligne 51: / Ligne 51: @@
   openssl req -nodes -newkey rsa:2048 -keyout monserveur.key -out serveur.csr
 </code>
+===== Create Certificate Authority =====
+https://www.golinuxcloud.com/create-certificate-authority-root-ca-linux/#Step_4_Create_Certificate_Authority_Certificate
 ===== Decode =====
@@ Ligne 79: / Ligne 84: @@
 <code bash>
-# secret size must be compatible
+# blowfish may be faster in code implementation,
-SECRET=`openssl rand -base64 164`
+# but recent cpu embed hard coded aes which should be faster ;-)
+#ALGO=-blowfish
+ALGO=-aes256
+# Create a random secret:
+#  - secret size must be compatible with RSA
+#  - use hex because base64 add newline
+#    which will shorter the secret in next commands
+#    because only first line will be used.
+SECRET=`openssl rand -hex 64`
 # encrypt the secret:
@@ Ligne 87: / Ligne 101: @@
 # encrypt file with the secret:
 echo $SECRET \
- | openssl enc -blowfish -pbkdf2 -salt -pass stdin -in $THE_FILE -out ${THE_FILE}.ssl
+ | openssl enc $ALGO -pbkdf2 -salt -pass stdin -in $THE_FILE -out ${THE_FILE}.ssl
 # decrypt the secret:
@@ Ligne 93: / Ligne 107: @@
 # decrypt the file:
 echo $SECRET \
- | openssl enc -d -blowfish -pbkdf2 -salt -pass stdin -in ${THE_FILE}.ssl -out ${THE_FILE}.clear
+ | openssl enc -d $ALGO -pbkdf2 -salt -pass stdin -in ${THE_FILE}.ssl -out ${THE_FILE}.clear
 </code>
+Sources:
+  * https://wiki.openssl.org/index.php/Enc
+  * https://unix.stackexchange.com/questions/507131/openssl-1-1-1b-warning-using-iter-or-pbkdf2-would-be-better-while-decrypting
+  * https://www.devco.net/archives/2006/02/13/public_-_private_key_encryption_using_openssl.php
+  * https://linuxconfig.org/using-openssl-to-encrypt-messages-and-files-on-linux
+  * https://raymii.org/s/tutorials/Encrypt_and_decrypt_files_to_public_keys_via_the_OpenSSL_Command_Line.html