OpenSSL

Create certificate authority (ca)

1. Create private key

   # can be created without password without -aes256 and -passout pass:<password>
   openssl genrsa -aes256 -passout pass:<password> -out ca.key 8192
   

2. Create certificate

   openssl req -x509 -new -nodes -extensions v3_ca -key ca.key -days 1 -out ca.pem -sha512
   

Create tls server certificate

1. Create private key

   # can be created without password without -aes256 and -passout pass:<password>
   openssl genrsa -aes256 -passout pass:<password> -out server.key 8192
   

2. Create certificate signing request

   openssl req -subj /CN=server -key server.key -new -out server.csr -sha512
   

3. Sign certificate

   # self signed (by private key)
   openssl x509 -sha512 -req -in server.csr -days 3650 -signkey server.key -out server.crt
   
   # signed by a ca
   openssl x509 -sha512 -req -in server.csr -days 3650 -CA ca.pem -CAkey ca.key -out server.pem
   

Converting keys

.pem to .crt

openssl x509 -in ca.pem -outform der -out ca.crt

.p12 (pkcs12 keystore container)

# combind private key and x509 certificate to pkcs12 keystore container
openssl pkcs12 -export -in client.crt -inkey client.key -out client.p12 -name client

Extract files from .p12 (pkcs12 keystore container)

# extract ca certificate
openssl pkcs12 -in filename.p12 -out newfile.ca.crt.pem -cacerts -nokeys -chain

# extract certificate
openssl pkcs12 -in filename.p12 -out newfile.crt.pem -clcerts -nokeys

# extract private key
openssl pkcs12 -in filename.p12 -out newfile.key.pem -nocerts -nodes

Extract s/mime certificate from signed email

1. Export signed message from Evolution as mbox file (context menu -> save as file)
2. Extract smime.p7s from .mbox file and add PKCS7 header

   -----BEGIN PKCS7-----
   MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgMFADCABgkqhkiG9w0BBwEAAKCAMIIH
   VjCCBT6gAwIBAgIDSRKYMA0GCSqGSIb3DQEBCwUAMFwxCzAJBgNVBAYTAkRFMRkwFwYDVQQKExBQ
   S0ktMS1WZXJ3YWx0dW5nMRMwEQYDVQQLEwpCdW5kZXN3ZWhyMR0wGwYDVQQDExRCdyBWLVBLSSBD
   ...
   ItC1Jda7G3OItYH1shivhFNKOOK1gSDErsuY8wgLwIExtKEKDhcum2ivwu2Hy0L0/wm5gzG1dUj6
   1iUYZDDXfQAAAAAAAA==
   -----END PKCS7-----
   

3. Export certificate from PKCS7 container

   openssl pkcs7 -print_certs -in smime.p7s -out smime.cer
   

Symmetric Encryption/Decryption

openssl enc -e -a -pbkdf2 -aes-256-ofb -in plain.txt -out cipher.txt
openssl enc -d -a -pbkdf2 -aes-256-ofb -in cipher.txt -out plain.txt