Convenient one-liners

Smartcard integration

Creating requests using the key on a smartcard

This was copied and modified from The OpenSC Quickstart. Execute the following commands:

$ openssl
OpenSSL> engine -t dynamic -pre SO_PATH:/usr/lib/engines/engine_pkcs11.so \
-pre ID:pkcs11 -pre LIST_ADD:1 -pre LOAD \
-pre MODULE_PATH:/usr/lib/opensc-pkcs11.so
OpenSSL> req -engine pkcs11 -new -key id_45 -keyform engine -out req.pem -text
OpenSSL> exit
$
		

Convert to PKCS#12 format

pkcs12 -in certificate.crt -out certificate.p12 -export -nokeys
		

Encrypting and decrypting data (e.g. symmetric keys) with a generated RSA key

Feed the commands below to openssl:

genrsa -out rsa.key 1024
rsa -inform PEM -in rsa.key -pubout -out rsa.pub -outform PEM
rand -out data.bin 32
rsautl -encrypt -in data.bin -pubin -inkey rsa.pub -out data.enc -pkcs
rsautl -decrypt -in data.enc -keyform PEM -inkey rsa.key -out data.dec -pkcs
dgst -sha1 -hex -c data.bin
dgst -sha1 -hex -c data.dec
exit

Encrypting and decrypting data (e.g. symmetric keys) with a USB crypto token

Feed the commands below to openssl:

engine -t dynamic -pre SO_PATH:/usr/lib/engines/engine_pkcs11.so -pre ID:pkcs11 -pre LIST_ADD:1 -pre LOAD -pre MODULE_PATH:/usr/lib/opensc-pkcs11.so
rsa -inform engine -in id_45 -pubout -out rsa.pub -outform PEM -engine pkcs11
rand -out data.bin 32
rsautl -encrypt -in data.bin -pubin -inkey rsa.pub -out data.enc -pkcs
rsautl -decrypt -in data.enc -keyform engine -inkey id_45 -out data.dec -pkcs -engine pkcs11
dgst -sha1 -hex -c data.bin
dgst -sha1 -hex -c data.dec
exit