Package directroy $HOME/Desktop/bill into /tmp/bill.tar and encrypt it with key into /tmp/bill.asc.
key="xxxxxxxx"
tar -zcP $HOME/Desktop/bill -f /tmp/bill.tar
openssl enc -des3 -a -salt -in /tmp/bill.tar -k ${key} -out /tmp/bill.asc
I want to combine tar and openssl as one whole command with pipe.
tar -zcP $HOME/Desktop/bill -f | openssl enc -des3 -a -salt -in -k ${key} -out /tmp/bill.asc
It can't work,how to fix it?
Without -f parameter,remove -in parameter in Bsquare's post.
tar -zcP $HOME/Desktop/bill |openssl enc -des3 -a -salt -k ${key} -out /tmp/bill.asc
With -f parameter,same as John Law say.
tar -zcP $HOME/Desktop/bill -f /tmp/bill.tar | openssl enc -des3 -a -salt -k ${key} -out /tmp/bill.asc
Related
I use this command to give me the output from openssl without the (stdin)= the beginning.
openssl x509 -noout -modulus -in certfile.crt | openssl sha1 -binary | xxd -p
with output
7857b35259019acc7484201958ac7e622c227b68
If I change openssl to create a sha256 digest, xxd prints it over two lines
openssl x509 -noout -modulus -in certfile.crt | openssl sha256 -binary | xxd -p
with output
b274c19ac31cc7893dc2297804a2ca666fe168d5cd5eb4d4b6c47616bad9
8996
How can I write that output on line one?
b274c19ac31cc7893dc2297804a2ca666fe168d5cd5eb4d4b6c47616bad98996
Is it something else I have to do with xxd now that the digest is longer or is there a need to pipe it through some other command to get the combined output?
As usual there are several ways.
The first general solution which came into my mind is this:
printf "%s" $( openssl x509 -noout -modulus -in certfile.crt | openssl sha256 -binary | xxd -p )
Of course, if the output is less than 256, you could use xxd -f -c 256 as stated by tshiono.
Another solution for this special case with openssl would be this:
openssl x509 -noout -modulus -in certfile.crt | openssl sha256 -r
or
openssl x509 -noout -modulus -in certfile.crt | openssl sha256 -hex
but both are not exactly like the output you want. The hex string is in the output, but padded before or after which can be cut off, by piping to the command cut -d" " -f 1 or cut -d" " -f 2 for the removal of the prefix or postfix.
I have to create a shell-script that can decrypt a RSA key file that is encrypted with a specific .pem file. And then to decrypt zip file with the AES key which I get from the RSA file once it is decrypted in a file named keyaes (or whatever you want).
Here are the two commands I have to use
openssl rsautl -decrypt -in AES_KEY -inkey CERTIFICATE.pem -out keyaes
openssl enc -d -aes-256-cbc -in zipfile.zip -out extraction.zip -nosalt -p -K RSA_KEY_from_key_aes_output -iv 0
The commands work perfectly, the problem is in my script I don't know how to make it automatically and to get the key from the keyaes output and put it into the next command properly.
How can I do it ?
you could just use bash command substitution in the second command, using backticks
openssl enc -d -aes-256-cbc -in zipfile.zip -out extraction.zip -nosalt -p -K `cat output_filename_with_aes_key` -iv 0
I have an article page with AMP (on an subdomain).
Now I have made a few changes in an article.
How can I reload this cached AMP (sub-)page?
Normal Version: https://www.example.com/this-is-a-article-999
AMP-Version: https://amp.example.com/this-is-a-article-999
i do following steps:
1. I have installed openssl on my server
2. Then I generated the two keys
openssl genrsa 2048 > private-key.pem
openssl rsa -in private-key.pem -pubout >public-key.pem
3. I copied the public key to the subdomain (= AMP page) and renamed it to "apikey.pub"
So the public key is accessible over the browser:
https://amp.example.com/apikey.pub
4. Then I have created the update-cache request as follow:
get a timestamp with "date +%s"
echo -n >url.txt '/update-cache/c/s/amp.example.com/this-is-a-article-999?amp_action=flush&_ts=1526997689' cat url.txt | openssl dgst -sha256 -sign private-key.pem >signature.bin
5. I used the public key to verify the signature:
openssl dgst -sha256 -signature signature.bin -verify public-key.pem url.txt
I get the followind Error:
==> Verification Failure (!!!)
On step 3, the placement of the public key is wrong. The correct one would be: https://amp.example.com/.well-known/amphtml/apikey.pub
The issue with the verification seems to be on step 4, as there are 2 commands being invoked on single line and generating invalid output.
The solution is to break it in 2 parts:
echo -n >url.txt '/update-cache/c/s/amp.example.com/this-is-a-article-999?amp_action=flush&_ts=1526997689'
cat url.txt | openssl dgst -sha256 -sign private-key.pem >signature.bin
or to add an & between the 2 commands:
echo -n > url.txt '/update-cache/c/s/amp.example.com/this-is-a-article-999?amp_action=flush&_ts=1526997689' & cat url.txt | openssl dgst -sha256 -sign private-key.pem > signature.bin
The full sequence becomes something like this:
openssl genrsa 2048 > private-key.pem
openssl rsa -in private-key.pem -pubout > public-key.pem
echo -n > url.txt '/update-cache/c/s/amp.example.com/this-is-a-article-999?amp_action=flush&_ts=1526997689'
cat url.txt | openssl dgst -sha256 -sign private-key.pem > signature.bin
openssl dgst -sha256 -signature signature.bin -verify public-key.pem url.txt
and the output is the following:
openssl dgst -sha256 -signature signature.bin -verify public-key.pem url.txt
Verified OK
Another couple of things is that after generating the signature, it must be appended to the URL on the amp_url_signature parameter, using a web-safe variant of Base64.
At last, make sure to check the parameters section of the documentation and generating the URLs according to the AMP Cache URL Format.
Is there a way to run the following shell commands only on ruby?
I searched for weeks but I'm afraid it's not very well documented. I've tried a few methods from Ruby 'openssl' but I get different results.
%x[openssl pkcs8 -inform DER -in key.key -passin pass:passcode -out key.pem]
%x[openssl x509 -inform DER -in certificate.cer -noout -serial > serial.txt]
%x[openssl dgst -sha256 -out sign.bin -sign key.pem serial.txt]
%x[openssl enc -in sign.bin -a -A -out stamp.txt]
I am trying to convert a p12 to a pem from a shell script without any user input.
I can have the password as a variable within the script.
so when I call:
openssl pkcs12 -in *.p12 -out cert.pem -nodes
The terminal prints "Enter Import Password:" and waits for input.
I tried to pipe the password in with:
echo $PASS | openssl pkcs12 -in *.p12 -out cert.pem -nodes
as well as trying to use a flag with the openssl command but can't figure out how to do this.
This one liner worked for me-
openssl pkcs12 -in certificate.p12 -password pass:<your_password> -nodes | openssl x509 -noout -enddate