OpenSSL

The OpenSSL library provides access to SSL encrypted tunnels. Most of its functionality is accessible via the openssl command which is shipped with the OpenSSL package.

Digests

A digest is a one-way transformation of a string (into a hash) that can be used to ensure the integrity of the string. For example, this technique is used in PGP to sign messages. Commonly used algorithms include MD5 and SHA-1.

The following command demonstrates how to generate a MD5 hash of the content of a file:

openssl -md5 -in INFILE -out OUTFILE

Passwords

The openssl command can be used to generate hashed password as well as strings which are insusceptible by dictionary-based attacks against passwords.

Base64 encoding

What is Base64

Data encryption

Often the privacy of data that is transmitted over a private network is of major concern to the participating parties. The openssl also provides commonly used symmetrical encryption algorithms (asymmetrical encryption algorithms are covered by gnupg) which are two-way transformations of strings based on a password.

The following commands demonstrate the use of the openssl command to encrypt the content of a file using the Advanced Encryption Standard (AES) algorithm. The user is prompted for the password on the current terminal.

SSL client

In addition, the openssl command can be used to open a SSL tunnel to a remote host which can be used to tunnel sensitive protocol data:

openssl s_client -connect HOST:PORT

Feedback is always welcome! If you'd like to get in touch with me concerning the contents of this article, please use Twitter.