changeset 2451:892004bd19bb

PKCS#12 stores.
author Oleksandr Gavenko <gavenkoa@gmail.com>
date Sun, 08 Nov 2020 09:14:06 +0200
parents 3e1990dc6ac8
children f2450d4f1adc
files tls.rst
diffstat 1 files changed, 38 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/tls.rst	Sun Nov 08 01:01:04 2020 +0200
+++ b/tls.rst	Sun Nov 08 09:14:06 2020 +0200
@@ -5,6 +5,17 @@
 .. contents::
    :local:
 
+Generate private keys
+=====================
+
+Generate RSA key (last argument is a key bit size)::
+
+  openssl genrsa -des3 -out my.key -passout pass:123456 2048
+
+Generate DSA key::
+
+  openssl gendsa -out my.key -passout pass:123456 <(openssl dsaparam 512)
+
 Generate a self-signed certificate
 ==================================
 
@@ -94,3 +105,30 @@
   curl -v --cacert my.crt https://localhost:8000
 
 There is no certificate chain so the check is trivial for self-signed certificates...
+
+PKCS#12 stores
+==============
+
+PKCS#12 store keeps private keys and certificates, to combine a private key and certificates into the store::
+
+  openssl pkcs12 -export -in my.crt -inkey my.key -certfile other.crt -out my.p12 -name master
+
+To export a private key to PKCS#8 format (has header ``BEGIN PRIVATE KEY`` or ``BEGIN ENCRYPTED
+PRIVATE KEY``)::
+
+  openssl pkcs12 -info -nocerts -in my.p12 -passin pass:123456 -nodes
+
+To extract private key and convert to PKCS#1 format (has header ``BEGIN RSA PRIVATE KEY`` or ``BEGIN
+DSA PRIVATE KEY``)::
+
+  openssl pkcs12 -info -nocerts -in my.p12 -passin pass:123456 -nodes | openssl rsa
+
+To show private key info::
+
+  openssl pkcs12 -info -nocerts -in my.p12 -passin pass:123456 -nodes | openssl rsa -text -noout
+
+To show certificat info::
+
+  openssl pkcs12 -info -nokeys -in my.p12 -passin pass:123456
+  openssl pkcs12 -info -nokeys -in my.p12 -passin pass:123456 | openssl x509 -text -noout
+