Random things about security
Written on 23 November 2014, 11:12pm
1. OpenSSL common commands
A list of the most common commands used in OpenSSL: https://www.sslshopper.com/article-most-common-openssl-commands.html
Generate a CSR along with a private key:
openssl req -new -newkey rsa:2048 -nodes -keyout private.key -out domain.csr
Probably the most used
openssl command because it’s the first step in moving to HTTPS.
Generate a CSR using an existing private key:
openssl req -out CSR.csr -key privateKey.key -new
Remove a passphrase from a private key (Warning: leaving a private key unencrypted is a major security risk #):
openssl rsa -in privateKey.pem -out newPrivateKey.pem
Transform a certificate from PEM (text) format to DER (bynary) format:
openssl x509 -outform der -in certificate.pem -out certificate.der
Transform a key from PEM to DER format:
openssl rsa -in key.pem -out key.der -inform pem -outform der
These last 2 commands allow you to convert certificates and keys to different formats to make them compatible with specific types of servers (ex – a PEM file for Apache to a PFX for Tomcat or IIS).
The main command options in OpenSSL – req, rsa and x509:
– req PKCS#10 X.509 Certificate Signing Request (CSR) Management.
– rsa RSA key management.
– x509 X.509 Certificate Data Management.
DER (Distinguished Encoding Rules) is a case of BER (Basic Encoding Rules)
OpenSSL as Windows binary: http://slproweb.com/products/Win32OpenSSL.html
2. Let’s encrypt!
When Let’s Encrypt launches in Summer 2015, enabling HTTPS for your site will be as easy as installing a small piece of certificate management software on the server.
The Let’s Encrypt management software will:
– Automatically prove to the Let’s Encrypt CA that you control the website
– Obtain a browser-trusted certificate and set it up on your web server
– Keep track of when your certificate is going to expire, and automatically renew it, etc
3. Some security books
If you plan to get CompTIA Security+:
– Get Certified Get Ahead
– All-in-One Exam Guide
Comparison between the two books. Amazingly, they are both from 2011 (so more than 3 years old, which in the security field should be ages).
If you know about the Fermat enigma (somehow related), then you you should probably know about its author, Simon Singh. He also wrote a very known book about code and cypher: The Code Book (I know, it’s from 1999, but we were in the context of old books about security 🙂 ). Here’s an idea out of it:
It has been said that the First World War was the chemist’s war, because mustard gas and chlorine were employed for the first time, and that the Second World War was the physicists’ war, because of the atom bomb was detonated. Similarly, it has been argued that the Third World War would be the mathematicians’ war, because they will have control over the next great weapon of war – information.
PS – iPad mini feels just right
Written by Dorin Moise (Published articles: 231)