IT notes

To create an HMAC-SHA1: $ echo -n "string" | openssl sha1 -hmac "shared_secret" or $ echo -n "string" | openssl dgst -sha1 -hmac "shared_secret" …

To create an htpasswd file (for htaccess “authentication”) using openssl: $ printf "foo:$(openssl passwd -apr1 PASSWORD)\n" >> .htpasswd If need to use crypt: $ printf "foo:$(openssl passwd -crypt PASSWORD)\n" >> .htpasswd …

mysqldump + xz + openssl First add to .my.cnf the proper username/password to avoid getting a warning: [client] host = localhost user = dbadmin password = secret To take the dump and keep it only for 31 days: #!/bin/sh DAY=$(date +%d) mysqldump --events --routines --triggers --add-drop-database --compress --hex-blob --opt --skip-comments --single-transaction dbname | \ xz -c | \ openssl smime -encrypt -aes256 -binary -out /safe/path/${DAY}.sql.xz.enc -outform DER /path/to/cert.pem mysqldump The options used: …

Encrypt a file using ssh public keys. Create ssh public key in PEM format: ssh-keygen -f id_rsa.pub -e -m PKCS8 > id_rsa.pem.pub Use openssl to encrypt/decrypt Encrypt: openssl rsautl -encrypt -pubin -inkey ~/.ssh/id_rsa.pem.pub -ssl -in test.txt -out test.txt.enc Decrypt: openssl rsautl -decrypt -inkey ~/.ssh/id_rsa -in test.txt.enc -out test.txt.enc.txt …

To display the contents of a PEM formatted certificate: $ openssl x509 -in the-cert.pm -text Connecting to the server: $ openssl s_client -showcerts -connect imap.ejemplo.org:993 < /dev/null Test smtp 587: $ openssl s_client -host smtp.gmail.com -port 587 -starttls smtp -crlf Checking the Validity Date: $ openssl s_client -showcerts -connect nbari.com:443 2>/dev/null | openssl x509 -noout -dates Encode base64 a file: $ openssl enc -base64 -in file. …