Openssl cheat sheet

This is my cheat sheet for establishing Public Key Infrastructure. These are the commands that I usually use in my setups for the PKI

Generate private key:

openssl genpkey -algorithm RSA -out tim.pkey

Get the public key from the private key:

openssl pkey -in tim.pkey -pubout -out tim_public_key

Encrypt file

openssl pkeyutl -in my_private_infor.txt -out encrypted_data.txt -encrypt -pubin -inkey tim_public_key

Decrypt file

openssl pkeyutl -out decrypted.txt -in encrypted_data.txt -decrypt -inkey tim.pkey

Commands to handle CA, generation of CSR and signing the CSR by the CA.

First need to setup the CA

Generate private key for the CA:

openssl genrsa -aes256 -out myCA.key 2048

Generate CA certificate from the private key of the CA

openssl req -x509 -new -key myCA.key -sha256 -days 3650 -out myCA.pem

On the device that I want to request from the CA to sign the CSR:

First generate private key for the device, or some kind of an endpoint

openssl genrsa -out dev.key

Generate CSR from the private key. This CSR needs to be sent to the CA server.

openssl req -new -key dev.key -out dev.csr

Then on CA, sign the CSR, and the recieved certificate to be sent to the device

openssl x509 -req -in device/dev.csr -CA myCA.pem -CAkey myCA.key -CAcreateserial -out dev.crt -days 365 -sha256