Cryptography Stack Exchange
Cryptography Stack Exchange

Questions tagged [openssl]

OpenSSL is an open source implementation of the SSL and TLS protocols. Questions about how to use the OpenSSL tools and libraries are usually better asked at Stack Overflow or Super User.

OpenSSL is an open source implementation of the SSL and TLS protocols. The OpenSSL ssl library — which implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols — can be found at https://www.openssl.org/.

Note that questions about using the OpenSSL toolkit and libraries are generally off-topic on Crypto.SE, and should be asked at Stack Overflow (for the libraries) or Super User (for the command-line tools) instead. Questions about professional server administration tasks involving OpenSSL (such a certificate management) may also be on-topic at Server Fault.

384 questions
153
votes
1 answer

What are the differences between .pem, .csr, .key, .crt and other such file extensions?

I'm new to SSL / TLS, and I want to work with the OpenSSL toolkit. What do .pem and .csr stand for? I do know that .key is the private key and .crt is the public key.
Richard R. Matthews
  • 4,545
  • 9
  • 31
  • 49
49
votes
1 answer

AES256-GCM - can someone explain how to use it securely (ruby)

I am looking into using AES256-GCM for encrypting some database fields. I know that for AES256-CBC, I need to generate a new IV for each encrypt, but I can use the same key. The IV can be openly stored alongside the ciphertext (ie, it can be…
breakingbreadmuffins
  • 491
  • 1
  • 5
  • 3
27
votes
1 answer

Is openssl rand command cryptographically secure?

I'm wondering if the openssl rand command produces cryptographically secure random bytes. For example when in need for a random password or token: openssl rand -hex 32 The man page unfortunately does neither state it's cryptographically secure, nor…
firefexx
  • 427
  • 1
  • 4
  • 7
17
votes
1 answer

What to watch for with openssl generating weak keys? (low entropy)

(Disclaimer: I am regular software engineer with only basic crypto knowledge, so helpful if can be explained for a layman.) I am concerned about generating weak keys on a shared linux box with openssl. Some questions: How low does entropy have to…
Brian Armstrong
  • 273
  • 1
  • 2
  • 7
14
votes
3 answers

Anatomy of an RSA private key

I'm learning about OpenSSL and public key infrastructure and am curious about the structure of an RSA key and how it's related to its corresponding public key. I can generate a private RSA key with the OpenSSL genrsa command: $ openssl genrsa…
mbigras
  • 251
  • 1
  • 2
  • 6
14
votes
2 answers

Which crypto libraries/programs do we have the most confidence in?

I have recently begun studying crypto. If it's one thing I have learned it's that we should not implement our own crypto. Therefore we should look to using existing software and libraries. When I go to implement something that needs data security,…
user9061
  • 149
  • 1
  • 3
13
votes
1 answer

Why does OpenSSL append extra bytes when encrypting with aes-128-ecb?

Plaintext: Attack at dawn!! Hex: 41747461636b206174206461776e2121 Key: abcdefghijklmnop Hex: 6162636465666768696a6b6c6d6e6f70) Through calculations done both by hand and with various sites online, the result should…
k_sel
  • 233
  • 1
  • 2
  • 4
12
votes
3 answers

How vulnerable is the C rand() in public cryptography protocols?

I just learned about the basics of public cryptography a few weeks ago and I am curious as to why the C rand() function should not be used for crypto schemes. For example, say I want to generate a private key using the C rand() function, along with…
jeffrey
  • 221
  • 1
  • 2
  • 3
11
votes
2 answers

RSA Private Exponent Generation according to FIPS 186-4 in openssl v1

I guess this is more of a math problem in a cryptography context so I apologize beforehand if it is not the right place to ask. Basically I have to check whether a certain implementation of RSA key-pair generation adheres to FIPS 186-4. More…
Farzad Sadeghi
  • 113
  • 6
11
votes
3 answers

What is different below two Ciphersuites?

I have two questions; I need an explanation for the differences of below two cipher suites. How do they work with SSL/TLS protocol? (my main concern first one doesn't have 'ecdhe_rsa' part…
uma
  • 241
  • 1
  • 2
  • 9
11
votes
1 answer

Why do crypto tools display key components in such an unusual format?

openssl x509 (v1.0.1f) displays public key moduli as arrays of hex-encoded bytes, 15 columns wide, starting with a leading 00:: Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (1024 bit) …
Dan Lenski
  • 345
  • 2
  • 11
11
votes
2 answers

How to derive a symmetric key from ECDH shared secret?

I am trying to implement the internal primitives of ECDH. Currently I'm able to multiply the receiver's public EC point with the sender's private key to arrive at the shared EC point. Next step is to input the x-coordinate of the shared point which…
sce
  • 267
  • 2
  • 7
10
votes
2 answers

Good entropy source for generating openssl keys

I need to generate a CA (4096-bit RSA) and server keys for openvpn and I want them to be "top quality". Here is my plan: gather entropy from multiple sources (saving individual files): FreeBSD Yarrow, Linux (with haveged daemon while entropy_avail…
Vincent
  • 101
  • 1
  • 1
  • 3
9
votes
3 answers

Why does OpenSSL differentiate between PSS and non-PSS for private key generation?

RSA-PSS private keys The following command will generate an RSA-PSS private key: openssl genpkey -algorithm rsa-pss -pkeyopt rsa_keygen_bits:2048 -pkeyopt rsa_keygen_pubexp:65537 -out CA.priKey Here's a sample one I just…
neubert
  • 2,969
  • 1
  • 29
  • 58
9
votes
2 answers

Complete Set of Test-Vectors for ECDSA secp256k1

Although there are several implementations of ECDSA secp256k1 public available over the internet (the most popular being OpenSSL), it seems that there are no complete set of test-vectors available. The few test vectors I could find always miss…
Mark Messa
  • 203
  • 2
  • 7
1
2 3
25 26