I was playing around with OpenSSL again and here is some (hopefully) simple take to get familiarize with it’s capability.
Generate key pair and getting it’s modulus and exponent
Here are the openssl commands that operate to generate key pair and get the information about the generated key
- Generate key pair
openssl genrsa -aes256 -out private.pem 2048
- Get public key
openssl rsa -in private.pem -pubout -out public.pem
- Get private key (warning!)
openssl rsa -in private.pem -out private_plain.pem
the only difference with the above option is the -pubout option dropped
- Get the modulus from private.pem
openssl rsa -in private.pem -modulus -noout
- Get the modulus from public.pem
openssl rsa -pubin -in public.pem -modulus -noout
- Get modulus and exponent from public.pem
openssl rsa -pubin -in public.pem -text -noout
All commands above that operating on private.pem will require you to enter a pass phrase.
Modulus from both private.pem and public.pem are the same (as it should be).
OpenSSL default format is in PEM format, how about operating in DER format? Suppose we want to convert PEM format to DER, and operating with DER format
- Converting from PEM to DER
openssl rsa -pubin -inform PEM -in public.pem -outform DER -out public.der
- Get modulus from pu/blic.der (DER format)
openssl rsa -pubin -inform DER -in pub -modulus -noout
Print out x509 certificate information
Now that we know how to operate with different format via -inform, and we know how to print out info via -text. We generate a self sign certificate, mycert, https://www.madboa.com/geek/openssl/#how-dnerate-a-self-signed-certificate. Input the necenformation to create a cert.
- Print certificate information
openssl x509 -text -inform DER -in mycert.der -noout