This is my cheat sheet for establishing Public Key Infrastructure. These are the commands that I usually use in my setups for the PKI
Generate private key:
openssl genpkey -algorithm RSA -out tim.pkey
Get the public key from the private key:
openssl pkey -in tim.pkey -pubout -out tim_public_key
Encrypt file
openssl pkeyutl -in my_private_infor.txt -out encrypted_data.txt -encrypt -pubin -inkey tim_public_key
Decrypt file
openssl pkeyutl -out decrypted.txt -in encrypted_data.txt -decrypt -inkey tim.pkey
Commands to handle CA, generation of CSR and signing the CSR by the CA.
First need to setup the CA
Generate private key for the CA:
openssl genrsa -aes256 -out myCA.key 2048
Generate CA certificate from the private key of the CA
openssl req -x509 -new -key myCA.key -sha256 -days 3650 -out myCA.pem
On the device that I want to request from the CA to sign the CSR:
First generate private key for the device, or some kind of an endpoint
openssl genrsa -out dev.key
Generate CSR from the private key. This CSR needs to be sent to the CA server.
openssl req -new -key dev.key -out dev.csr
Then on CA, sign the CSR, and the recieved certificate to be sent to the device
openssl x509 -req -in device/dev.csr -CA myCA.pem -CAkey myCA.key -CAcreateserial -out dev.crt -days 365 -sha256