I have to create a shell-script that can decrypt a RSA key file that is encrypted with a specific .pem file. And then to decrypt zip file with the AES key which I get from the RSA file once it is decrypted in a file named keyaes (or whatever you want).
Here are the two commands I have to use
openssl rsautl -decrypt -in AES_KEY -inkey CERTIFICATE.pem -out keyaes
openssl enc -d -aes-256-cbc -in zipfile.zip -out extraction.zip -nosalt -p -K RSA_KEY_from_key_aes_output -iv 0
The commands work perfectly, the problem is in my script I don't know how to make it automatically and to get the key from the keyaes output and put it into the next command properly.
How can I do it ?
you could just use bash command substitution in the second command, using backticks
openssl enc -d -aes-256-cbc -in zipfile.zip -out extraction.zip -nosalt -p -K `cat output_filename_with_aes_key` -iv 0
Related
script.sh
certKey=$(openssl rand -hex 70)
openssl pkcs12 -export -out fullchain.p12 --passin pass:$certKey -inkey .../privkey.pem -in .../fullchain.pem
I when calling this script the certKey is not passed in, and system asks me for the pkcs12 password. But I am clearly trying to pass $certKey in.
openssl Documention
"-passin arg
The PKCS#12 file (i.e. input file) password source. For more information about the format of arg see the PASS PHRASE ARGUMENTS section in openssl(1)."
What am I missing? Thanks!
Should be -passout
openssl pkcs12 -export -out fullchain.p12 -passout pass:$certKey -inkey .../privkey.pem -in .../fullchain.pem
Package directroy $HOME/Desktop/bill into /tmp/bill.tar and encrypt it with key into /tmp/bill.asc.
key="xxxxxxxx"
tar -zcP $HOME/Desktop/bill -f /tmp/bill.tar
openssl enc -des3 -a -salt -in /tmp/bill.tar -k ${key} -out /tmp/bill.asc
I want to combine tar and openssl as one whole command with pipe.
tar -zcP $HOME/Desktop/bill -f | openssl enc -des3 -a -salt -in -k ${key} -out /tmp/bill.asc
It can't work,how to fix it?
Without -f parameter,remove -in parameter in Bsquare's post.
tar -zcP $HOME/Desktop/bill |openssl enc -des3 -a -salt -k ${key} -out /tmp/bill.asc
With -f parameter,same as John Law say.
tar -zcP $HOME/Desktop/bill -f /tmp/bill.tar | openssl enc -des3 -a -salt -k ${key} -out /tmp/bill.asc
I am trying to convert a p12 to a pem from a shell script without any user input.
I can have the password as a variable within the script.
so when I call:
openssl pkcs12 -in *.p12 -out cert.pem -nodes
The terminal prints "Enter Import Password:" and waits for input.
I tried to pipe the password in with:
echo $PASS | openssl pkcs12 -in *.p12 -out cert.pem -nodes
as well as trying to use a flag with the openssl command but can't figure out how to do this.
This one liner worked for me-
openssl pkcs12 -in certificate.p12 -password pass:<your_password> -nodes | openssl x509 -noout -enddate
openssl enc -e -bf -in X:\a.jpg -out X:\a -kfile Y:\password.txt
or
openssl enc -e -bf -in X:\a.jpg -out X:\a -k password
I get:
### is some number always different
###:error20074002:BIO routines:FILE_CTRL:system lib:.\crypto\bio\bss_file.C:400:
It would seem it does not like writing to Drives. It use too work till I updated even then it was sort of iffy.
I have tried every Windows admin rights I think of http://www.mydigitallife.info/how-to-open-elevated-command-prompt-with-administrator-privileges-in-windows-vista/
I would like some help with the openssl command. I need to automate the retrieval of the subject= line in a pkcs12 certificate for a script I'm working on.
I've used openssl to view the contents of the Identity/Certificate:
openssl pkcs12 -info -in /Users/[user]/Desktop/ID.pfx
But I am prompted three times for the password. I used -passin to eliminate one of the password prompts, but I am still being prompted for the PEM pass phrase and verification entry.
I need to figure out a way to pass ${password} to the other two password challenges or have the scrip issue a ctl-c. The piece of info I need is outputted to the stdout before the second password prompt.
Any help would be appreciated!
Obviously I gutted the certificate output for this post.... but you should get the idea of what I'm seeing:
bash-3.2# openssl pkcs12 -info -in /Users/[user]/Desktop/ID.pfx -passin pass:${password}
MAC Iteration 2048
MAC verified OK
PKCS7 Encrypted data: pbeWithSHA1And40BitRC2-CBC, Iteration 2048
Certificate bag
Bag Attributes
localKeyID: ****
friendlyName: ****
subject=****
issuer=****
-----BEGIN CERTIFICATE-----
::HASH REMOVED::
-----END CERTIFICATE-----
PKCS7 Data
Shrouded Keybag: ****
Bag Attributes
localKeyID: ****
friendlyName: ****
Key Attributes: <No Attributes>
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info:
::HASH REMOVED::
-----END RSA PRIVATE KEY-----
bash-3.2#
Try this:
$ openssl pkcs12 -in ~/cert.p12 -nodes \
-passin pass:"my password" | openssl x509 -noout -subject
Or this for the common name (ruby to strip trailing whitespace):
$ openssl pkcs12 -in ~/cert.p12 -nodes \
-passin pass:"my password" | openssl x509 -noout -subject \
| awk -F'[=/]' '{print $6}'`.strip`
Copying answer here in order to remove this question from the "Unanswered" filter:
openssl pkcs12 -nokeys -in /Users/[User]/Desktop/ID.pfx -passin pass:${password}
You could also use -passin and -passout which would not prompt you again for manual input. Here is a sample code:
openssl pkcs12 -in seldpush_dev.p12 -passin pass:$password -passout pass:$password | \
sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' | \
openssl x509 -subject -noout
Basically, use -keyword to fetch that value. In your case, -subject.
This is a few years late; I'm not familiar with openssl, & etc; but since I see no reference to "-nokeys" I'll give what works for me.
echo -e "$password\n$passphrase\n$passphrase\n" \
| openssl pkcs12 -in /Users/[user]/Desktop/ID.pfx -passin stdin -passout stdin
from manpage
stdin read the password from standard input.