cryptographie cheatsheet
ssh
specify keyfile if custom name is provided
remove passphrase
this will prompt you to enter the keyfile location, the old passphrase, and the new passphrase which can be left blank to have no passphrase
Danger
there is also the option to do it in one command but is it not recommend to do it like this bc ~/.bash_history
is logging the passphrase
add the public key to the server
disabling password authentification
connection to a server with ssh
passphrase
a passphrase is an additional security feature for private keys in GPG or SSH. It is entered when the key is created and protects it from unauthorized access.
tls
generate a TLS key pair (ed25519)
using openssl
openssl genpkey -algorithm ed25519 -out privatekey.pem
openssl req -new -x509 -key privatekey.pem -out certificate.pem -days 365
verify a tls certificate
mtls (with own ca for reverse proxy)
# create root ca
openssl genrsa -out ca.key 4096
openssl req -new -x509 -key ca.key -out ca.crt -days 7 -subj "/CN=<CHOOSE YOUR FANCY NAME (1)>"
# create server cert
openssl genrsa -out server.key 4096
openssl req -new -key server.key -out server.csr -subj "/CN=<DOMAIN.TLD>"
openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt -days 7
# create client cert
openssl genrsa -out client.key 4096
openssl req -new -key client.key -out client.csr -subj "/CN=Client"
openssl x509 -req -in client.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out client.crt -days 7
# create browser cert
openssl pkcs12 -export -out client.p12 -inkey client.key -in client.crt -certfile ca.crt
fingerprint
create a fingerprint (GPG, SSH, TLS):
password generation with hash
password hashing with bcrypt
generate a random password with openssl and hash with bcrypt
generate a random password
generate a random secret (token)
gpg
generate a key pair
generate a key pair
encrypt a file
decrypt a file
export a public key
signing a file
signing a file
verify the signature of a file