-
Notifications
You must be signed in to change notification settings - Fork 0
/
CheatSheet.txt
27 lines (18 loc) · 2.69 KB
/
CheatSheet.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
Generate Private Key and Public Pem
openssl req -newkey rsa:2048 -sha256 -nodes -keyout private.key -x509 -days 365 -out server.crt -subj "/C=HK/ST=Hong Kong/L=Tuen Mun/O=Hailey Company/CN=*.appspot.com"
openssl req -newkey rsa:2048 -sha256 -nodes -keyout private.key -x509 -days 365 -out server.crt -subj "/C=HK/ST=Hong Kong/L=Tuen Mun/O=Hailey Company/CN=*.cpeg.net"
openssl req -newkey rsa:2048 -sha256 -nodes -keyout private.key -x509 -days 365 -out server.crt -subj "/C=HK/ST=Hong Kong/L=Tuen Mun/O=Hailey Company/CN=vctpi.kkkong.cpeg.net"
openssl req -newkey rsa:2048 -sha256 -nodes -keyout private.key -x509 -days 365 -out server.crt -subj "/C=HK/ST=Hong Kong/L=Tuen Mun/O=Hailey Company/CN=myhaileybot.appspot.com"
Convert Cert into Public Key
openssl x509 -pubkey -noout -in cert.pem > pubkey.pem
HTTPS Generation
openssl req -nodes -new -x509 -keyout server.key -out server.cert
openssl rsa -in YOURPRIVATE.key -outform PEM -pubout -out YOURPUBLIC.key
File extensions can be (very) loosely seen as a type system.
.pem stands for PEM, Privacy Enhanced Mail; it simply indicates a base64 encoding with header and footer lines. Mail traditionally only handles text, not binary which most cryptographic data is, so some kind of encoding is required to make the contents part of a mail message itself (rather than an encoded attachment). The contents of the PEM are detailed in the header and footer line - .pem itself doesn't specify a data type - just like .xml and .html do not specify the contents of a file, they just specify a specific encoding;
.key can be any kind of key, but usually it is the private key - OpenSSL can wrap private keys for all algorithms (RSA, DSA, EC) in a generic and standard PKCS#8 structure, but it also supports a separate 'legacy' structure for each algorithm, and both are still widely used even though the documentation has marked PKCS#8 as superior for almost 20 years; both can be stored as DER (binary) or PEM encoded, and both PEM and PKCS#8 DER can protect the key with password-based encryption or be left unencrypted;
.csr stands for Certificate Signing Request, it contains information such as the public key and common name required by a Certificate Authority to create and sign a certificate for the requester, the encoding could be PEM or DER (which is a binary encoding of an ASN.1 specified structure);
.crt stands simply for certificate, usually an X509v3 certificate, again the encoding could be PEM or DER; a certificate contains the public key, but it contains much more information (most importantly the signature by the Certificate Authority over the data and public key, of course).
subscribe - Subscribe Daily Update
unsubscribe - Unsubscribe Daily Update
stocklist - Update Stock List