OpenSSL Quick Reference
=======================

HASHING
  echo -n "text" | openssl md5
  echo -n "text" | openssl sha1
  echo -n "text" | openssl sha256
  openssl dgst -sha256 file       Hash a file

ENCODING / DECODING
  echo -n "text" | openssl base64          Encode base64
  echo "dGV4dA==" | openssl base64 -d      Decode base64
  echo -n "text" | openssl enc -base64     Same as above
  xxd -p file                              Hex encode

SYMMETRIC ENCRYPTION
  # AES-256-CBC encrypt
  openssl enc -aes-256-cbc -salt -in plain.txt -out enc.bin -k password

  # AES-256-CBC decrypt
  openssl enc -aes-256-cbc -d -in enc.bin -out plain.txt -k password

  # Specify IV and key directly
  openssl enc -aes-128-cbc -d -in enc.bin \
    -K 000102030405060708090a0b0c0d0e0f \
    -iv 00112233445566778899aabbccddeeff

RSA KEY OPERATIONS
  # Generate RSA key
  openssl genrsa -out private.pem 2048

  # Extract public key
  openssl rsa -in private.pem -pubout -out public.pem

  # View key details
  openssl rsa -in private.pem -text -noout

  # View public key details
  openssl rsa -pubin -in public.pem -text -noout

  # Encrypt with public key
  openssl rsautl -encrypt -pubin -inkey pub.pem -in plain.txt -out enc.bin

  # Decrypt with private key
  openssl rsautl -decrypt -inkey priv.pem -in enc.bin -out plain.txt

CERTIFICATES
  # View certificate
  openssl x509 -in cert.pem -text -noout

  # Extract public key from cert
  openssl x509 -in cert.pem -pubkey -noout

  # Generate self-signed cert
  openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -days 365

  # Check cert expiry
  openssl x509 -in cert.pem -noout -dates

SSL / TLS
  # Connect and show cert
  openssl s_client -connect host:443

  # Show cert chain
  openssl s_client -showcerts -connect host:443

COMMON CTF PATTERNS
  # Decode base64 encoded flag
  echo "aWNvYXtmbGFnfQ==" | openssl base64 -d

  # Extract RSA parameters for crypto challenge
  openssl rsa -pubin -in pub.pem -text -noout | grep -E "Modulus|Exponent"

  # Decrypt with known key
  openssl enc -aes-128-ecb -d -in encrypted -K "$(echo -n key | xxd -p)" -nopad
