IT notes

openssl SHA1 HMAC

To create an HMAC-SHA1: $ echo -n "string" | openssl sha1 -hmac "shared_secret" or $ echo -n "string" | openssl dgst -sha1 -hmac "shared_secret"


To create an htpasswd file (for htaccess “authentication”) using openssl: $ printf "foo:$(openssl passwd -apr1 PASSWORD)\n" >> .htpasswd If need to use crypt: $ printf "foo:$(openssl passwd -crypt PASSWORD)\n" >> .htpasswd

mysql backup

mysqldump + xz + openssl First add to .my.cnf the proper username/password to avoid getting a warning: [client] host = localhost user = dbadmin password = secret To take the dump and keep it only for 31 days: #!/bin/sh DAY=$(date +%d) mysqldump --events --routines --triggers --add-drop-database --compress --hex-blob --opt --skip-comments --single-transaction dbname | \ xz -c | \ openssl smime -encrypt -aes256 -binary -out /safe/path/${DAY}.sql.xz.enc -outform DER /path/to/cert.pem mysqldump The options used:

ssh rsa public key encryption

Encrypt a file using ssh public keys. Create ssh public key in PEM format: ssh-keygen -f -e -m PKCS8 > Use openssl to encrypt/decrypt Encrypt: openssl rsautl -encrypt -pubin -inkey ~/.ssh/ -ssl -in test.txt -out test.txt.enc Decrypt: openssl rsautl -decrypt -inkey ~/.ssh/id_rsa -in test.txt.enc -out test.txt.enc.txt

openssl cheat sheet

To display the contents of a PEM formatted certificate: $ openssl x509 -in -text Connecting to the server: $ openssl s_client -showcerts -connect < /dev/null Test smtp 587: $ openssl s_client -host -port 587 -starttls smtp -crlf Checking the Validity Date: $ openssl s_client -showcerts -connect 2>/dev/null | openssl x509 -noout -dates Encode base64 a file: $ openssl enc -base64 -in file.txt -out file.