This shows you the differences between two versions of the page.
Next revision | Previous revision | ||
sw:security [2022/01/26 11:38] 127.0.0.1 external edit |
sw:security [2024/04/30 08:38] (current) tomas [Prace s openssl] |
||
---|---|---|---|
Line 20: | Line 20: | ||
keystore.jks ... Java Keystore | keystore.jks ... Java Keystore | ||
keystore.p12 ... Klicenka ve formatu | keystore.p12 ... Klicenka ve formatu | ||
+ | |||
+ | ====Typy kódování==== | ||
+ | DER ... Distinguished Encoding Rules ... binární forma\\ | ||
+ | PEM ... Privacy Enhanced Mail = certifikát v base64 podobě a uzavřený -----BEGIN xxx----- a -----END xxx-----\\ | ||
+ | PKCS12 neboli PFX ... binární formát pro ukládání více klíču, či certifikátů chránněné heslem\\ | ||
====Typy souboru==== | ====Typy souboru==== | ||
key.csr ... Certificate Signing Request - zadost o certifikaci certifikatu\\ | key.csr ... Certificate Signing Request - zadost o certifikaci certifikatu\\ | ||
key.key ... Private key\\ | key.key ... Private key\\ | ||
- | key.crt ... certifikat v textove podobe | + | key.crt ... certifikat v textove podobe PEM nebo v binarni podobe DER\\ |
- | key.cer ... certifikat textove podobe, | + | key.cer ... certifikat textove podobe, PEM nebo v binarni podobe DER\\ |
key.pem ... certifikat v PEM kodovani (X.509) v base64/asci podobe\\ | key.pem ... certifikat v PEM kodovani (X.509) v base64/asci podobe\\ | ||
key.der ... certivikat v binarni podobe zakodovany pomoci DER\\ | key.der ... certivikat v binarni podobe zakodovany pomoci DER\\ | ||
Line 50: | Line 55: | ||
[[https:// | [[https:// | ||
- | openssl s_client -showcerts -connect www.domain.com: | + | '' |
- | openssl s_client -showcerts -cert cert.cer -key cert.key -connect www.domain.com: | + | '' |
- | echo n | openssl s_client -showcerts -connect www.domain.com: | + | '' |
- | openssl genrsa | + | '' |
- | openssl req -new -key server.key -out server.csr ... generovani | + | '' |
- | cp server.key server.key.org; | + | '' |
- | openssl rsa -in server.key -text > private.pem ... konverze privatniho klice z KEY do PEM\\ | + | '' |
- | openssl | + | '' |
- | openssl x509 -in acs.qacafe.com.pem -text -noout ... informace o klici acs.qacafe.com.pem v textove podobe\\ | + | '' |
- | openssl x509 -in root_ca.cer -inform DER -out root_ca.pem ... konverze z DER formatu | + | |
- | openssl x509 -inform DER -in certificate.cer -out certificate.pem ... konverze z DER do PEM\\ | + | |
\\ | \\ | ||
- | cat clientcert.pem trusted_ca.pem root_ca.pem >> clientcertchain.pem ... vytvori certifikacni retezec (certification chain)\\ | + | '' |
- | openssl pkcs12 -info -in a.pfx ... informace o certifikatu\\ | + | '' |
- | openssl pkcs12 -export -in www-example-com.crt -inkey | + | '' |
- | openssl pkcs12 -in certificate.p12 -out clientcert.pem -nodes -clcerts ... export certifikaty z p12 klicenky\\ | + | '' |
- | openssl pkcs12 -export -in clientcertchain.pem -out clientcertchain.pfx ... vytvoreni/ | + | '' |
- | openssl pkcs7 -print_certs -in certificate.cer -out certificate.crt ... konverze certifikatu do jineho kodovani\\ | + | '' |
+ | '' | ||
+ | |||
+ | ===RSA=== | ||
+ | '' | ||
+ | '' | ||
+ | '' | ||
+ | '' | ||
+ | '' | ||
====Analyza https toku==== | ====Analyza https toku==== | ||
Line 101: | Line 112: | ||
====ssh==== | ====ssh==== | ||
ssh-keygen -f id_rsa -p ... zmena passphrase\\ | ssh-keygen -f id_rsa -p ... zmena passphrase\\ | ||
+ | |||
+ | ====gpg==== | ||
+ | gpg -k ... seznam klíčů\\ | ||
+ | gpg --output public.pgp --armor --export username@email ... exportovaní veřejného klíče\\ | ||
+ | gpg --output private.pgp --armor --export-secret-key username@email ... exportování soukromého klíče\\ | ||
+ | gpg --import my-key.asc ... import klíče\\ | ||
+ | cat soubor | gpg --decrypt ... rozkódování\\ | ||
+ |