Crypto Cheatsheet

Commands

View Single Cert or Key

Type	Operation	Command
P12	Verify	keytool -list -v -keystore store.p12 -alias alias
JKS	Verify	keytool -list -v -keystore store.jks -alias alias
PEM(Nx)	View	# PEM(Nx) -> PEM, Verify PEM
PEM	Verify Key	openssl rsa -in in.pem -check
	Verify Cert	openssl x509 -in in.pem -text
	Verify Cert Chain	# May fail if intermediate certs are not in your truststore openssl verify -CAfile cacerts.pem my.pem
	Hash Cert	openssl x509 -noout -modulus -in incert.pem \| openssl md5
	Hash Key	openssl rsa -noout -modulus -in in.key \| openssl md5
	Correlate Key and Cert	# Hash Key and Cert, then compare hashes - if equal, they are correlated
	Extract Public Key	openssl x509 -pubkey -noout -in incert.pem -out public.key
DER	Verify Either	keytool -printcert -v -file in.der

Convert Between Formats

From	To	Operation	Command
PEM	DER	Convert	openssl x509 -inform PEM -in in.pem -outform DER -out out.der
DER	PEM	Convert	openssl x509 -inform DER -in in.der -outform PEM -out out.pem
P7B	PEM	Convert	openssl pkcs7 -print_certs -in in.p7b -out out.pem
PEM (Cert)	SSH Key	Convert and Place	openssl x509 -pubkey -noout -in cert.pem > pubkey.pem rm /etc/ssh/key ssh-keygen -f pubkey.pem -i -mPKCS8 > /etc/ssh/ssh_host_rsa_key.pub cp key.pem /etc/ssh/ssh_host_rsa_key
PEM (Cert)	PEM (Pub Key)	Extract Public Key	openssl x509 -pubkey -noout -in cert.pem > pubkey.pem

View Bundle Contents

Type	Operation	Command
P12	List	keytool -list -v -keystore store.p12 # OR openssl pkcs12 -info -in store.p12
JKS	List	keytool -list -v -keystore store.jks
PEM	List Key	openssl rsa -in store.pem -check
PEM	List Cert	openssl x509 -in store.pem -text
PEM(Nx)	List Cert Subjects/Issuers	openssl crl2pkcs7 -nocrl -certfile CHAINED.pem \| openssl pkcs7 -print_certs -noout
	List Cert Details	openssl crl2pkcs7 -nocrl -certfile CHAINED.pem \| openssl pkcs7 -print_certs -text -noout
	Split Certs	csplit --prefix='cert.' --suffix-format='%03d.pem' --elide-empty-files multicert.pem '/-----BEGIN CERTIFICATE-----/' '{}' find ./cert..pem -print0 \| xargs -0r -I {} sh -c "printf {}; openssl x509 -in {} -text"

Create Bundle

Type	Operation	Command
P12	Generate/Create	keytool -genkey -alias temp -keystore store.p12
P12	Delete	keytool -delete -alias temp -keystore store.p12
JKS	Generate/Create	keytool -genkey -alias temp -keystore store.jks
JKS	Delete	keytool -delete -alias temp -keystore store.jks
PEM (1x or Nx)	Create	touch store.pem

Import to Bundle

From	To	Operation	Command
PEM	PEM(Nx)	Import via Merge	cat 1.pem >> 2.pem
	P12	Import Cert and Key	openssl pkcs12 -export -out certificate.p12 -inkey inkey.pem -in incert.pem -certfile CACert.pem
	JKS	Import	# PEM -> DER -> JKS
DER	PEM(Nx)	Import	# DER -> PEM -> PEM
	P12	Import	# DER -> PEM -> P12
	JKS	Import	keytool -import -alias alias -keystore store.jks -file in.der

Export from Bundle

From	To	Operation	Command
PEM(Nx)	PEM	Export via Split	# Use a text editor and save a new file
		Cert-only csplit	csplit --prefix='cert.' --suffix-format='%03d.pem' multicert.pem '/-----BEGIN CERTIFICATE-----/' '{*}'
		AWK Script	#!/usr/bin/awk -f # # Take a PEM format file as input and split out certs and keys into separate files # BEGIN { n=0; cert=0; key=0; if ( ARGC < 2 ) { print "Usage: pem-split FILENAME"; exit 1 } } /-----BEGIN PRIVATE KEY-----/ { key=1; cert=0 } /-----BEGIN CERTIFICATE-----/ { cert=1; key=0 } split_after == 1 { n++; split_after=0 } /-----END CERTIFICATE-----/ { split_after=1 } /-----END PRIVATE KEY-----/ { split_after=1 } key == 1 { print > FILENAME "-" n ".key" } cert == 1 { print > FILENAME "-" n ".crt" }
	DER	Export via Split	# PEM -> PEM -> DER
P12	PEM	Export	# P12 -> PEM -> PEM
P12	DER	Export	keytool -export -alias alias -file out.der -keystore store.p12
JKS	PEM	Export	# JKS -> P12 -> PEM -> PEM
JKS	DER	Export	keytool -export -alias alias -file out.der -keystore store.jks

Copy Between Bundles

From	To	Operation	Command
PEM(Nx)	P12	Convert	openssl pkcs12 -export -out store.p12 -in in.pem
		Import to Existing	openssl pkcs12 -export -out newstore.p12 -in in.pem
		Build a full-chain P12	cat cacerts.pem cert.pem >> merged.pem openssl pkcs12 -export -inkey key.pem -in merged.pem -name myname -out mergedWithKey.pem
	JKS	Convert	# PEM -> P12 -> JKS
	JKS	Import to Existing	# PEM -> P12 -> JKS
P12	PEM(Nx)	Convert	openssl pkcs12 -in in.p12 -out newstore.pem
	PEM(Nx)	Import to Existing	openssl pkcs12 -in in.p12 >> store.pem
	JKS	Convert	keytool -importkeystore -srckeystore in.p12 -srcstoretype PKCS12 -destkeystore newstore.jks -deststoretype JKS
		Import All to Existing	keytool -importkeystore -srckeystore in.p12 -srcstoretype PKCS12 -destkeystore store.jks -deststoretype JKS
		Import One to Existing	keytool -importkeystore -srckeystore in.p12 -srcstoretype PKCS12 -srcalias alias -destkeystore store.jks -deststoretype JKS
JKS	P12	Convert	keytool -importkeystore -srckeystore in.jks -srcstoretype JKS -destkeystore newstore.p12 -deststoretype PKCS12
		Import All to Existing	keytool -importkeystore -srckeystore in.jks -srcstoretype JKS -destkeystore store.p12 -deststoretype PKCS12
		Import One to Existing	keytool -importkeystore -srckeystore in.jks -srcstoretype JKS -srcalias alias -destkeystore store.p12 -deststoretype PKCS12
	PEM(Nx)	Convert	# JKS -> P12 -> PEM
	PEM(Nx)	Import to Existing	# JKS -> P12 -> PEM
PPK	PEM	Extract Public Key	puttygen in.ppk -o cert.pem -O public
PPK	PEM	Extract Private Key	puttygen in.ppk -o key.pem -O private-openssh
PEM(Nx)	PPK	Convert	puttygen inkey.pem -o out.ppk -O private

Delete from Bundle

Type	Operation	Command
P12	Delete	keytool -delete -alias temp -keystore store.p12
JKS	Delete	keytool -delete -alias temp -keystore store.jks
PEM(Nx)	Delete	# Use a text editor

Create a Self-Signed CA

Type	Operation	Command
Set up the CA	Create CA Key	openssl genrsa -out ca.key 4096
Set up the CA	Create CA Cert	openssl req -x509 -new -nodes -sha512 -days 3650 \ -subj "CN=yourdomain.com" \ -key ca.key \ -out ca.crt
Create the Key and Cert	Create Key	openssl genrsa -out yourdomain.com.key 4096
	Create CSR	openssl req -sha512 -new \ -subj "CN=yourdomain.com" \ -key yourdomain.com.key \ -out yourdomain.com.csr
	Windows: Create Policy File	; Save this as something like mypolicy.inf using Notepad [Version] Signature="$Windows NT$" [NewRequest] ;Change to your,country code, company name and common name Subject = "C=US, O=Example Co, CN=something.example.com" KeySpec = 1 KeyLength = 2048 Exportable = TRUE MachineKeySet = TRUE SMIME = False PrivateKeyArchive = FALSE UserProtected = FALSE UseExistingKeySet = FALSE ProviderName = "Microsoft RSA SChannel Cryptographic Provider" ProviderType = 12 RequestType = PKCS10 KeyUsage = 0xa0 [EnhancedKeyUsageExtension] OID=1.3.6.1.5.5.7.3.1 ; this is for Server Authentication / Token Signing
	Windows: Create and Sign Request	certreq -new policyfile.inf myrequest.req certreq -sign myrequest.req myrequest.req
	Windows: Accept/Store Cert from CSR	certreq -accept cert.pem
	Create x509 v3 ext. for SANs	cat > v3.ext <<-EOF authorityKeyIdentifier=keyid,issuer basicConstraints=CA:FALSE keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment extendedKeyUsage = serverAuth subjectAltName = @alt_names [alt_names] DNS.1=yourdomain.com DNS.2=yourdomain DNS.3=hostname EOF

Manage Local CAs

OS	Operation	Command
Red Hat / CentOS / Rocky / Oracle	Install Common CA Certificates	sudo yum install ca-certificates
Red Hat / CentOS / Rocky / Oracle	Update Common CA Certificates	sudo yum update ca-certificates
Debian / Ubuntu / PopOS	Install Common CA Certificates	sudo apt update sudo apt install ca-certificates
Debian / Ubuntu / PopOS	Update Common CA Certificates	sudo apt update sudo apt --only-upgrade install ca-certificates
Most Linux Distros	Add a Custom CA Certficate	sudo cp mycert.pem /usr/local/share/ca-certificates/mycert.pem sudo chmod 644 /usr/local/share/ca-certificates/mycert.pem sudo update-ca-certificates
	Remove a Custom CA Certficate	sudo rm /usr/local/share/ca-certificates/mycert.pem sudo update-ca-certificates
	List System CA Certs	awk -v cmd='openssl x509 -noout -subject' ' /BEGIN/{close(cmd)};{print \| cmd}' < /etc/ssl/certs/ca-certificates.crt
Mac OS / BSD	Add a Custom CA Certficate	sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain mycert.pem
	Remove a Custom CA Certficate	sudo security delete-certificate -c "<name of existing certificate>"
	List System CA Certs	sudo security dump-trust-settings -s
	List Admin CA Certs	sudo security dump-trust-settings -d
	List User CA Certs	sudo security dump-trust-settings
Windows	Add a Custom Root CA Certficate	certutil -addstore -f "ROOT" mycert.pem
	Add a Custom User Intermediate CA Certficate	certutil -user -addstore -f "CA" mycert.pem
	Remove a Custom Root CA Certficate	certutil -delstore "ROOT" serial-number-hex
	Remove a Custom User Intermediate CA Certficate	certutil -user -delstore "CA" serial-number-hex
	List User Root CA Certs	certutil -user -store "ROOT"
	List Enterprise/Domain Root CA Certs	certutil -enterprise -store "ROOT"
	List Group Policy Root CA Certs	certutil -grouppolicy -store "ROOT"
	List User Intermediate CA Certs	certutil -user -store "CA"
	List Enterprise/Domain Intermediate CA Certs	certutil -enterprise -store "CA"
	List Group Policy Intermediate CA Certs	certutil -grouppolicy -store "CA"

Revocation

Type	Operation	Command
OCSP	Check Status via Serial (Decimal)	openssl ocsp -no_nonce -serial 012345 -cert certificate.pem -text -url http://ocsp.my.ca.tld
	Check Status via Serial (Hex)	openssl ocsp -no_nonce -serial 0xAF1345 -cert certificate.pem -text -url http://ocsp.my.ca.tld
	Check Status via Certificate	openssl ocsp -no_nonce -issuer chain.pem -cert certificate.pem -text -url http://ocsp.my.ca.tld
	Save Request and Response	# Add '-respout ocsp.resp -reqout ocsp.req' to save them to the current folder
	Replay with Curl	curl -v -o /dev/null --data-binary @ocsp.req -H "Content-Type: application/ocsp-request" --url http://ocsp.my.ca.tld
CRL (PEM Nx)	List CRL Issuers	csplit --prefix='cert.' --suffix-format='%03d.pem' --elide-empty-files multicert.pem '/-----BEGIN CERTIFICATE-----/' '{}' find ./cert..pem -print0 \| xargs -0r -I {} sh -c "printf {}; openssl x509 -in {} -text"

Generate Keys

Type	Operation	Command
RSA Private Key	Generate	openssl genrsa -des3 -out id_rsa -passout pass:mys3curep4$$w0rd 2048
RSA Private Key	Extract Public Key	openssl rsa -in id_rsa -passin pass:mys3curep4$$w0rd -pubout -out id_rsa.pub
ECDSA Private Key	Generate	openssl ecparam -out id_ec -name prime256v1 -genkey
Ed25519 SSH Private Key	Generate	ssh-keygen -o -a 100 -t ed25519 -f id_ed25519 -C "john@example.com"
Any SSH Private Key	Extract Public Key	ssh-keygen -y -e -f id_rsa
PuTTY RSA Keypair	Generate	puttygen -t rsa -o out.ppk
SSH Host Key Set	Generate	ssh-keygen -f /etc/ssh/ssh_host_rsa_key -N '' -t rsa ssh-keygen -f /etc/ssh/ssh_host_dsa_key -N '' -t dsa # consider skipping ssh-keygen -f /etc/ssh/ssh_host_ecdsa_key -N '' -t ecdsa -b 521

Digest Signing

Type	Operation	Command
PEM (Private Key)	Create Signature File	openssl dgst -sign privkey.pem -out sigfile.sha256 datafile
PEM (Private Key)	Check Signature via Private Key	openssl dgst -prverify privkey.pem -signature sigfile.sha256 datafile
PEM (Public Key)	Check Signature via Public Key	# This MUST be a public key, not a cert, or you will receive a "unable to load key file" error openssl dgst -verify pubkey.pem -signature sigfile.sha256 datafile

TLS Troubleshooting

Type	Operation	Command
Basic TLS Handshake	List Accepted CAs, Confirm TLS	openssl s_client -connect remoteserver:443
Test 2-way PKI	Handshake w/ Key/Cert	openssl s_client -showcerts -cert cert.pem -key key.pem -CAfile cacerts.pem -connect remoteserver:443 -debug
Check TLS Vulns	List Ciphers, Attacks, etc.	docker run --rm -it drwetter/testssl.sh remoteserver

Passphrase Management

Type	Operation	Command
PEM(Nx)	Change Passphrase	# PEM(Nx) -> PEM, Change Passphrase, Re-merge
PEM	Change Passphrase	openssl rsa -des3 -in id_rsa -out id_rsa.new # OR ssh-keygen -p -f id_rsa

Password Prompt / Generate

Type	Operation	Command
Batch/Powershell Password	Prompt	@echo off REM See http://blogs.msdn.com/b/fpintos/archive/2009/06/12/how-to-properly-convert-securestring-to-string.aspx - this may stay in memory as an unfreed buffer REM Still better than echoing or writing to disk set "psCommand=powershell -Command "$pword = read-host 'Enter Password' -AsSecureString ; ^ $BSTR=[System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($pword); ^ [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($BSTR)"" for /f "usebackq delims=" %%p in (`%psCommand%`) do set password=%%p echo %password%
*nix Bash/zsh	Prompt	unset -v password # make sure it's not exported set +o allexport # make sure variables are not automatically exported IFS= read -rs password < /dev/tty
Generate via openssl	Generate	openssl rand -base64 32

Guides

Managing Sensitive Keys

One of the biggest risks with cert and key stores/bundles is not managing the encryption properly.

It's easy to store them encrypted (with a passphrase) or unencrypted.
A store can contain cert(s), key(s) or both.
Many of the commands to do transformations aren't entirely clear to the untrained eye.
In some cases, you need a copy of the key that is unencrypted (for example, to plug into an app that doesn't accept a passphrase).

It's helpful to separate SENSITIVITY and SECURITY:

A store is SENSITIVE if it contains a private key.
A store is SECURE only if it is encrypted and requires a password/passphrase to decrypt any and all private keys.

As a general rule:

Name files to reflect their sensitivity - one easy way is to name files with private keys with 'key' in the name or extension.
Save an unencrypted private key to disk as rarely as possible, and only on local hardware (avoid S3, NFS, etc.)
Verify the contents of any transformations you apply to a store.

PEM

To make a SECURE PEM:

Use the open SSL commands on the next tab
Make sure '-nodes' is not specified on an openssl pkcs12 export
Make sure one of the valid encryption modes from the list below are in the command (-aes256 or -camellia256 recommended)

To make an INSECURE PEM:

Use the open SSL commands on the next tab
Ensure that you are working with a non-SENSITIVE key - ie, a public key, a limited-lifespan decrypted copy of a private key, or a single-use key.
Add '-nodes' to the command to skip the encryption step in an export or generate operation
Make sure none of the valid encryption modes from the list below are in the command

OpenSSL Encryption Flags

-nodes: Do not encrypt output. Only required on exports from other formats ('openssl pkcs12) or generation ('openssl req') (completely insecure!)
-des: Usse DES encryption (insecure)
-des3: Use Triple DES encryption (default on 'openssl pkcs12' export, but must be supplied in a 'openssl rsa' operation) (potentially insecure)
-idea: Use IDEA encryption (insecure)
-seed: Use SEED encryption (not recommended unless in Korea due to low interoperability)
-aes128, -aes192, -aes256: Use CBC AES encryption with the given key strength (aes256 recommended)
-camellia128, -camellia192, -camellia256: Use CBC Camellia encryption with the given key strength (camellia256 recommended)

To examine a PEM for SENSITIVITY and SECURITY:

Use a text editor or known-good script to isolate the individual certs and keys within a PEM (ie, save each as a new file - recommend using name.pem for certs and number.key for keys until matches are verified)
For each single PEM file (in_single.pem in our examples), verify appropriately:

If any PRIVATE KEYs are present, the PEM is SENSITIVE and should be encrypted in the vast majority of circumstances; verify it with openssl rsa -in in_single.pem -check. If you aren't asked for a password, it's not encrypted and is INSECURE!
If any CERTIFICATES are present, they should be verified to ensure validity (proper issuer, expected subject, date range) verify it with openssl x509 -in in.pem -text and verified against a private key if you hold that key (openssl x509 -noout -modulus -in incert.pem | openssl md5 on the cert and openssl rsa -noout -modulus -in in.key | openssl md5 on the key should yield the same hash);
If any PUBLIC KEYs or CERTIFICATES are present, they should be verified against a private key if you hold that key (openssl x509 -noout -modulus -in incert.pem | openssl md5 on the cert and openssl rsa -noout -modulus -in in.key | openssl md5 on the key should yield the same hash);

If you are not asked for a password for each PRIVATE key, it's likely that the PEM is INSECURE

The bag attributes in a multi-object PEM can be used to help correlate but are NOT a guarantee - these sections are not secured!

Picking a Store Type

Often, you don't get to choose a cert/key store type arbitrarily - applications typically offer support for a limited number of formats. For example:

Java apps: P12 unless you MUST use JKS!
- This includes Apache, Tomcat, JBoss, and a number of other common servers.
- The Java Secure Socket Extensions (JSSE) docs can help you understand how Java manages keys and certs.
CURL: PEM or DER
Firefox: P12, PEM, DER, P7B
IE, Windows, Edge, IIS: P12, DER, P7B
Chrome
- On Windows: P12, DER, P7B
wget: PEM or DER
NGinx: PEM
Node.JS: PEM
PuTTY: PPK

But, if you get to choose:

PEM and P12 are the most portable
PEM can ber merged by hand
DER are typically the smallest

Reference Tables

File Types

Family	Description	Common Extensions	Identification	Binary?	Encrypted	References
X.690 DER	DER-encoded	.der .cer .crt .cert .key	Binary file/can't view in text editor, use posix file utility or keytool keytool -printcert -v -file in.der	BINARY	Maybe	Wikipedia
X.509 PEM	X.509 Bundle	.pem .cer .crt .cert .key .pub .crl	ASCII Text, 1+ blocks with optional 'bag info' and -----BEGIN	ASCII	Maybe	Wikipedia
PKCS #7	PKCS#7 Certificate	.p7b .crl		BINARY	No	Wikipedia
PKCS #12	PKCS#12 Certificate Bundle	.p12 .pfx	Verify via keytool -list -v -keystore store.p12 -alias alias	BINARY	Maybe	Wikipedia
JKS	Java KeyStore	.jks .keystore .truststore		BINARY	Maybe	Wikipedia
BKS	BouncyCastle KeyStore	.bks		BINARY	Maybe	Official Site
PPK	Putty Key File	.ppk	ASCII Text, starts with PuTTY-User-Key-File	ASCII	Maybe	Official Site

Object Types

Object Type	What is it?	PEM Header	P12	DER	P7B	JKS	PPK
Public Key	A shareable key used to verify something signed with a Private Key	contains -----BEGIN PUBLIC KEY-----	N	Y	N	N	N
Private Key	A key used to sign or encrypt; unless kept private, the signer can be impersonated	contains -----BEGIN PRIVATE KEY-----; may include algorithm	Y	Y	N	Y	Y
Certificate	A public key with identifying information bundled with it	contains -----BEGIN CERTIFICATE-----	Y	Y	Y	Y	N
Signing Request	A signed set of identifying information for a CA to send you a certificate of.	contains -----BEGIN CERTIFICATE REQUEST-----	N	Y	N	N	N
Revocation List	A list of certificates that should not be trusted, typically due to leakage.	contains -----BEGIN X509 CRL-----	N	Y	N	N	N

Tools

Name	Executable	Notes
OpenSSL	openssl	Jack-of-all-trades Toolbox - can handle MOST tasks
Java Keytool	keytool	Was prominent when Java KeyStores were popular; largely OBE
SSH Keygen	ssh-keygen	A popular wrapper to quickly and easily create ssh keys
PuTTYGen	puttygen	The Windows version cannot use cli flags; only the Linux package can
TestSSL.sh	testssl.sh	Command line tool to test TLS servers for vulnerabilities, etc. Run via docker: docker run --rm -it drwetter/testssl.sh remoteserver
Network Security Services	update-ca-certificates (and others)	Mozilla-led project to provide common certificate capabilities, including Linux OS-level CA Certs
BSD Security	security	BSD (and Mac OS) project that handles certificate management, including CA Certs
Certutil	certutil	Windows command-line tool to manage certificates, CAs, etc.
Windows Certificate Manager	certmgr	Windows MMC Snap-In UI to manage certificates
Certreq	certreq	Windows command-line tool to request certificates

Hashing Algorithms

Identifier	Algorithm Name	Digest Strengths	Secure As of 2021-08-07	References
MD2	Message Digest Algorithm 2	128	No	Wikipedia
MD4	Message Digest Algorithm 4	128	No	Wikipedia
MD5	Message Digest Algorithm 5	128	No	Wikipedia
MD6	Message Digest Algorithm 6	0-512	Unverified	Wikipedia
SHA-0	Secure Hash Algorithm 0	160	No	Wikipedia
SHA-1	Secure Hash Algorithm 1	160	No	Wikipedia
SHA-2	Secure Hash Algorithm 2	224, 256, 384, 512	Yes	Wikipedia
SHA-3	Secure Hash Algorithm 3		Yes	Wikipedia
SHA-224	Secure Hash Algorithm 2, 224-bit	224	Yes	Wikipedia
SHA-256	Secure Hash Algorithm 2, 256-bit	256	Yes	Wikipedia
SHA-384	Secure Hash Algorithm 2, 384-bit	384	Yes	Wikipedia
SHA-512	Secure Hash Algorithm 2, 512-bit	512	Yes	Wikipedia
SHA-512/224	Secure Hash Algorithm 2, 512-bit with 224-bit IV	512 with 224 IV	Yes	Wikipedia
SHA-512/256	Secure Hash Algorithm 2, 512-bit with 256-bit IV	512 with 256 IV	Yes	Wikipedia
SHA3-224	Secure Hash Algorithm 3, 224-bit	224	Yes	Wikipedia
SHA3-256	Secure Hash Algorithm 3, 256-bit	256	Yes	Wikipedia
SHA3-384	Secure Hash Algorithm 3, 384-bit	384	Yes	Wikipedia
SHA3-512	Secure Hash Algorithm 3, 512-bit	512	Yes	Wikipedia

Encryption Algorithms

Identifier	Algorithm Name	Key Type	Key Lengths	Block Sizes	Generally Secure	References
DSA	Digital Signature Algorithm	Asymmetric	2048		No	Wikipedia
RSA	Rivest–Shamir–Adleman Cipher	Asymmetric	1024-4096		Yes	Wikipedia
ECDSA (ECC)	Elliptic Curve Digital Signature Algorithm	Asymmetric	256, 521		Yes, if sufficiently random	Wikipedia
AES	Advanced Encryption Standard (Rijndael)	Symmetric	128, 192, 256	128	Yes	Wikipedia
Salsa	Salsa (typically 20-round Salsa20)	Symmetric	128, 256	512	Yes	Wikipedia
ChaCha	ChaCha (typically 20-round ChaCha20)	Symmetric	128, 256	512	Yes	Wikipedia
DES	Data Encryption Standard	Symmetric	56	64	No	Wikipedia
3DES	Triple Data Encryption Standard	Symmetric	56, 112, 168	64	No - Meet-in-the-middle attack	Wikipedia
Blowfish	Blowfish	Symmetric	32-448	64	No	Wikipedia
Twofish	Twofish	Symmetric	128, 192, 256	128	Yes	Wikipedia
RC2	Rivest Cipher 2	Symmetric	8-1024	64	No	Wikipedia
RC4	Rivest Cipher 4	Symmetric	40-2048		No	Wikipedia
RC5	Rivest Cipher 5	Symmetric	0-2040	32, 64, 128	Yes	Wikipedia
RC6	Rivest Cipher 6	Symmetric	128, 192, 256	128	Yes	Wikipedia
ROT	Rotational Cipher	Symmetric	4-16	1	No	Wikipedia
ROT13	Rotational Cipher (13 moves)	Symmetric	4	1	No	Wikipedia
Vigenere	Vigenere Cipher	Symmetric	Varies	Varies	No	Wikipedia
SEED	SEED	Symmetric	128	128	Yes	Wikipedia
IDEA	International Data Encryption Algorithm	Symmetric	128	64	No - Weak Keys, Generally Obsolete	Wikipedia
Camellia	Camellia	Symmetric	128, 192, 256	128	Yes	Wikipedia

TLS Key Exchange

Identifier	Algorithm Name	References
DH	Diffie Hellman	Wikipedia
DHE	Diffie Hellman Ephemeral	Wikipedia
ECDH	Elliptic Curve Diffie Hellman	Wikipedia
ECDHE	Elliptic Curve Diffie Hellman Ephemeral	Wikipedia

TLS Cipher Suites

Name	Key Exchange	Auth Type	Crypt Type	Cipher Mode	Hash	Min TLS Version	Security as of 2021-08-08
TLS_AES_128_GCM_SHA256	ECDHE	GMAC	AES-128	GCM	SHA-256	TLS 1.3	High
TLS_AES_256_GCM_SHA384	ECDHE	GMAC	AES-256	GCM	SHA-384	TLS 1.3	High
TLS_CHACHA20_POLY1305_SHA256	ECDHE	POLY1305	ChaCha20	Stream	SHA-256	TLS 1.3	High
TLS_AES_128_CCM_SHA256	ECDHE	CBC-MAC	AES-128	CCM	SHA-256	TLS 1.3	High
TLS_AES_128_CCM_8_SHA256	ECDHE	CBC-MAC	AES-128	CCM	SHA-256	TLS 1.3	High
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256	ECDHE	GMAC	AES-128	GCM	SHA-256	TLS 1.2	Moderate
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256	ECDHE	GMAC	AES-128	GCM	SHA-256	TLS 1.2	Moderate
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384	ECDHE	GMAC	AES-256	GCM	SHA-384	TLS 1.2	Moderate
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384	ECDHE	GMAC	AES-256	GCM	SHA-384	TLS 1.2	Moderate
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256	ECDHE	ECDSA	ChaCha20	Stream	SHA-256	TLS 1.2	Moderate
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256	ECDHE	RSA	ChaCha20	Stream	SHA-256	TLS 1.2	Moderate
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA	ECDHE	ECDSA	AES-128	CBC	SHA-1	TLS 1.0	Low
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA	ECDHE	RSA	AES-128	CBC	SHA-1	TLS 1.0	Low
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA	ECDHE	ECDSA	AES-256	CBC	SHA-1	TLS 1.0	Low
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA	ECDHE	RSA	AES-256	CBC	SHA-1	TLS 1.0	Low
TLS_RSA_WITH_AES_128_GCM_SHA256	RSA	RSA	AES-128	GCM	SHA-256	TLS 1.0	Low
TLS_RSA_WITH_AES_256_GCM_SHA384	RSA	RSA	AES-256	GCM	SHA-384	TLS 1.0	Low
TLS_RSA_WITH_AES_128_CBC_SHA	RSA	RSA	AES-128	CBC	SHA-1	TLS 1.0	Low
TLS_RSA_WITH_AES_256_CBC_SHA	RSA	RSA	AES-256	CBC	SHA-1	TLS 1.0	Low
TLS_RSA_WITH_3DES_EDE_CBC_SHA	RSA	RSA	3DES	CBC	SHA-1	TLS 1.0	Low
EVERYTHING ELSE	Varies	Varies	Varies	Varies	Varies	Varies	DO NOT USE!

TLS and SSL Versions

Identifier	Algorithm Name	Generally Secure of 2019-06-29	References
TLS1.3	Transport Layer Security v1.3	Yes	Wikipedia
TLS1.2	Transport Layer Security v1.2	Yes, but only if tightly configured
TLS1.1	Transport Layer Security v1.1	No, as no secure ciphers are guaranteed
TLS1.0	Transport Layer Security v1.0	No
TLS	Transport Layer Security	No, as it allows 1.0/1.1
SSLv3	Secure Sockets Layer v3	No
SSLv2	Secure Sockets Layer v2	No
SSL	Secure Sockets Layer	No

Block Cipher Modes

Identifier	Algorithm Name	AEAD (Authenticated Encryption with Associated Data)	Auth Type	Crypt Type	Cipher Mode	Parallelizable	Vulnerable to Padding Attack	Vulnerable to Chosen Plaintext	Vulnerable to Chosen Ciphertext	Status of 2021-08-07	References
GCM	Galois Counter Mode	Y, EtM	GMAC	AES	CTR	Y	N	N	N		Wikipedia
GCM-SIV	Galois Counter Mode w/Synthetic IV	Y, EtM	GMAC	AES	CTR	Y	N	N	N		Wikipedia
AES-GCM-SIV	AES Galois Counter Mode w/Synthetic IV	Y, EtM	GMAC	AES	CTR	Y	N	N	N	Slightly stronger than GCM-SIV due to better IV specifications	Wikipedia
CCM	Cipher Block Chaining - Message Authentication Mode	Y, MtE	CBC-MAC	AES	CBC		N	N	N		Wikipedia
EAX	Encrypt-then-Authenticate-then-Translate	Y, EtM	AES-OMAC	AES	CTR		N	N	N	Secure for messages longer than key	Wikipedia
CWC	Carter–Wegman + CTR	Y, E&M	CW MAC	AES	CTR	Y	N	N	N	Not heavily used	Wikipedia
ECB	Electronic Code Book	N	N/A	AES	ECB		Y	Y	Y	Not recommended, susceptible to pattern and rainbow attacks	Wikipedia
CBC	Cipher Block Chaining	N	N/A	AES	CBC	Decrypt-Only	Y	Y	N		Wikipedia
PCBC	Propagating Cipher Block Chaining	N	N/A	AES	PCBC	N	Y	Y	N	Generally uncommon	Wikipedia
CFB	Cipher Feedback	N	N/A	AES	CFB	Decrypt-Only	Y	Y	Y	N	Wikipedia
OFB	Output feedback	N	N/A	AES	OFB	N	Y	N	Y		Wikipedia
CTR	Counter mode	N	N/A	AES	CTR	Y	N	N	N		Wikipedia

Common Errors

App	Error	What does it mean?	How to address?
Java	javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate	The server has rejected your cert for 2-way PKI authentication	Run the following commands to get info: Server CA list: openssl s_client -connect remoteserver:443 (Look for "Acceptible cliend certificate CA names") Client Cert CA (PEM w/chain): openssl x509 -in my.pem -text (Look for "Issuer") Then check: 1) Ensure that the server accepts a cert signed by your cert's CA 2) Ensure that your cert is within the validity dates 3) Ensure that reverse DNS matches your cert's CN
Java	javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target	Your client cannot verify the server's certificate.	Disable certificate verification features (not recommended!) OR 1) Find the truststore for your application and make sure it's loaded. This varies based on the application, but often involves the JVM setting javax.net.ssl.truststore - look in config files or use jvisualvm. This will be a JKS or P12 store. 2) Pull the cert from the server openssl s_client -connect remoteserver:443 2>&1 \| sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > server_cert.pem 3) Check the dates openssl x509 -noout -in server_cert.pem -subject -dates 4) Check the subject openssl x509 -noout -in server_cert.pem -subject vs. nslookup remoteserver nslookup ip_addr_from_last_command 5) Check that the issuer is in your truststore openssl x509 -noout -in server_cert.pem -issuer vs. keytool -list -v -keystore truststore.p12 \| grep "CN OF THE ISSUER"

Key Usages

Key Usage Extension	Value	RFC 5280 Defintion	Meaning	Example
Digital Signature	0	The digitalSignature bit is asserted when the subject public key is used for verifying digital signatures, other than signatures on certificates (bit 5) and CRLs (bit 6), such as those used in an entity authentication service, a data origin authentication service, and/or an integrity service.		- TLS/SSL Client (Browser, Email App) - S/MIME Signing (Sign Email Encoding) - Object Signing
Non-Repudiation	1	The nonRepudiation bit is asserted when the subject public key is used to verify digital signatures, other than signatures on certificates (bit 5) and CRLs (bit 6), used to provide a non- repudiation service that protects against the signing entity falsely denying some action. In the case of later conflict, a reliable third party may determine the authenticity of the signed data. (Note that recent editions of X.509 have renamed the nonRepudiation bit to contentCommitment.)
Key Encipherment	2	The keyEncipherment bit is asserted when the subject public key is used for enciphering private or secret keys, i.e., for key transport. For example, this bit shall be set when an RSA public key is to be used for encrypting a symmetric content-decryption key or an asymmetric private key.		Assigned PKIS used for generation session keys for: - TLS/SSL Server (Web Server, Reverse Proxy) - S/MIME Encryption (Mail Server)
Data Encipherment	3	The dataEncipherment bit is asserted when the subject public key is used for directly enciphering raw user data without the use of an intermediate symmetric cipher. Note that the use of this bit is extremely uncommon; almost all applications use key transport or key agreement to establish a symmetric key.		Rarely used outside of session keys.
Key Agreement	4	The keyAgreement bit is asserted when the subject public key is used for key agreement. For example, when a Diffie-Hellman key is to be used for key management, then this bit is set.
Certificate Signing	5	The keyCertSign bit is asserted when the subject public key is used for verifying signatures on public key certificates. If the keyCertSign bit is asserted, then the cA bit in the basic constraints extension (Section 4.2.1.9) MUST also be asserted.	Used to verify that a specific certificate was signed by a specific Certificate Authority.	- A CA would use their highly secured keypair when responding to the certificate request, generating a key that is provably signed by that CA
CRL Signing	6	The cRLSign bit is asserted when the subject public key is used for verifying signatures on certificate revocation lists (e.g., CRLs, delta CRLs, or ARLs).	Used to verify a Certifificate Revocation List from a Certificate Authority	- A CA revoking a specific certifcate (due to customer expiry/contract break/etc.) or intermediary (due to compromise concern) so that it would fail verification.
Encipher Only	7	The meaning of the encipherOnly bit is undefined in the absence of the keyAgreement bit. When the encipherOnly bit is asserted and the keyAgreement bit is also set, the subject public key may be used only for enciphering data while performing key agreement.	Modifier bit for keyAgreement limiting the public key to only encrypting data.
Decipher Only	8	The meaning of the decipherOnly bit is undefined in the absence of the keyAgreement bit. When the decipherOnly bit is asserted and the keyAgreement bit is also set, the subject public key may be used only for deciphering data while performing key agreement.	Modifier bit for keyAgreement limiting the public key to only decrypting data.

Common Attacks

Attack	Scope	Year	Summary	CVEs	References
Bleichenbacher Attack	Protocol	1998	Oracle attack that allows decryption of RSA messages	N/A	Official Paper
Timing Attacks on Padding	Protocol	2002	Timing attack on TLS when using CBC ciphers	CVE-2003-0078	Wikipedia
SHAttered	Protocol	2005	SHA-1 collisions are feasible - a malicious file can be made with the same hash as a known-good	CVE-2005-4900	Official Site
Renegotiation attack	Protocol	2009	MITM attacker could downgrade session	CVE-2009-3555	Wikipedia
BEAST	Protocol	2011	Unsafe IVs in TLS 1.0 allow MITM attacks	CVE-2011-3389	Wikipedia
STARTTLS Command Injection	Implementation	2011	Some applications that start plaintext and upgrade can either be sent malicious commands or TLS can be cancelled	CVE-2011-0411	IETF RFC7457 Note
CRIME	Protocol	2012	Attack against secure cookies on HTTPS/SPDY with TLS-level data compression	CVE-2012-4929	Wikipedia
BREACH	Protocol	2013	Attack against secure cookies on HTTPS with HTTP-level data compression	CVE-2013-3587	Wikipedia, Official Site
Lucky Thirteen attack	Protocol	2013	Timing attack on TLS when using CBC ciphers	CVE-2013-0169	Wikipedia
RC4 NoMore	Protocol	2013	Generate likely cookies via RC4 weaknesses	CVE-2013-2566 CVE-2015-2808	Wikipedia, Official Site
Truncation attack	Protocol	2013	Prevent logout requests to keep a session active	N/A	Wikipedia
POODLE	Protocol	2014	Negotiate down to SSLv3 or TLS w/CBC and bad padding implementations	CVE-2014-3566	Wikipedia
Heartbleed	Implementation	2014	OpenSSL memory issue allows private key leakage.	CVE-2014-0160	Wikipedia, Official Site
3SHAKE	Protocol	2014	TLS Client Authentication pre-master secret can be forwarded by malicious server	CVE-2014-1295	MiTLS Article
Winshock	Implementation	2014	Microsoft SChannel implementation allowed Remote Code Execution	CVE-2014-6321	MS Bulletin
CCS	Implementation	2014	OpenSSL bug in ChangeCipherSpec allows attacker to force weak key material usage	CVE-2014-0224	Official Site
FREAK	Protocol	2015	Force server to downgrade to old 'export-grade' RSA	CVE-2015-0204	Wikipedia
Logjam	Protocol	2015	Force server to downgrade to old 'export-grade' Diffie-Helmann	CVE-2015-4000	Wikipedia
SLOTH	Protocol	2015	Significant collision issues in TLS 1.2 with RSA-MD5 signatures, making client auth insecure and server auth weaker	CVE-2015-7575	MiTLS Article
Unholy PAC attack	Protocol	2016	Bug in proxy discovery protocol causes URL leakage.	N/A	Wikipedia, BlackHat Presentation
Sweet32 attack	Protocol	2016	Birthday Attack on 64-bit CBC ciphers via MITM/Injection.	CVE-2016-2183 CVE-2016-6329	Wikipedia, Official Site
DROWN	Protocol	2016	Negotiate down to SSLv2, including same cert on other servers	CVE-2016-0800 CVE-2016-0703	Wikipedia, Official Site
Ticketbleed	Implementation	2016	F5 BIG-IP appliances can leak uninitialized memory during session ticket usage	CVE-2016-9244	Official Site
ROBOT	Implementation	2017	TLS servers that ONLY support RSA key exchange can decrypt traffic - at will if forward secrecy isn't enabled	Numerous	Official Site
Cloudbleed	Implementation	2017	Cloudflare bug caused reverse proxies to leak secret info.	N/A	Wikipedia
Zombie POODLE	Implementation	2019	POODLE variant on servers that inadvertantly leak padding info	Numerous	Tripwire article
GOLDENDOODLE	Implementation	2019	Accelerated POODLE variant on servers that don't pad data well, allowing MAC generation	Numerous	Tripwire article
Raccoon attack	Protocol	2020	TLS 1.2 and lower strip leading zeros on premaster secret, which allows careful recovery	CVE-2020-5929	Official Site

Reference Links

Description	URL
Stack Overflow - PEMs vs. Keys	http://serverfault.com/questions/9708/what-is-a-pem-file-and-how-does-it-differ-from-other-openssl-generated-key-file
Common OpenSSL Commands	https://www.sslshopper.com/article-most-common-openssl-commands.html
Online Key Converter (DO NOT USE!)	https://www.sslshopper.com/ssl-converter.html
Common Java Keytool Commands	https://www.sslshopper.com/article-most-common-java-keytool-keystore-commands.html
Cert usage ref: Java apps (Apache, Tomcat, etc.) using JSSE	https://docs.oracle.com/javase/8/docs/technotes/guides/security/jsse/JSSERefGuide.html
Cert usage ref: CURL	http://curl.haxx.se/docs/manpage.html
Cert usage ref: WGet	https://www.gnu.org/software/wget/manual/html_node/HTTPS-_0028SSL_002fTLS_0029-Options.html
Cert usage ref: NGinx	http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl
Cert usage ref: Node.JS	https://nodejs.org/api/https.html
Official OpenSSL Command Reference	https://wiki.openssl.org/index.php/Command_Line_Utilities
Verifying a Key and Cert PEM pair	https://kb.wisc.edu/middleware/page.php?id=4064
Creating a public key PEM	http://stackoverflow.com/questions/17143606/how-to-save-public-key-from-a-certificate-in-pem-format
StackOverflow on Securing getting passwords in a batch file	http://stackoverflow.com/questions/664957/can-i-mask-an-input-text-in-a-bat-file
MSDN Blog on SecureString conversion concerns	http://blogs.msdn.com/b/fpintos/archive/2009/06/12/how-to-properly-convert-securestring-to-string.aspx
Generic RSA Form for OpenSSL	https://en.wikibooks.org/wiki/Cryptography/Generate_a_keypair_using_OpenSSL
Passin/Passout Usage	http://stackoverflow.com/questions/4294689/how-to-generate-a-key-with-passphrase-from-the-command-line
AWK Script to split PEM	https://gist.github.com/jinnko/d6867ce326e8b6e88975
Asking a server what the CA list is	https://stackoverflow.com/questions/8484360/ssl-bad-certificate-error
Pull cert from a server	https://www.madboa.com/geek/openssl/#cert-retrieve
Bash pw prompt	https://unix.stackexchange.com/questions/232063/what-is-most-secure-and-simplest-way-to-have-a-user-typed-password-on-bash-becom
Checking certs against server	https://langui.sh/2009/03/14/checking-a-remote-certificate-chain-with-openssl/
Full fledged pems to p12	https://serverfault.com/questions/483465/import-of-pem-certificate-chain-and-key-to-java-keystore
Key Usages	https://www.ibm.com/support/knowledgecenter/en/SSKTMJ_9.0.1/admin/conf_keyusageextensionsandextendedkeyusage_r.html
Key Usage in X509 v3 spec	https://tools.ietf.org/html/rfc5280#section-4.2.1
TLS	https://en.wikipedia.org/wiki/Transport_Layer_Security
OpenSSL Digest Mode Public Key Issue	https://stackoverflow.com/questions/2385320/verifying-a-file-signature-with-openssl-dgst
OpenSSL and Curl OCSP	https://gist.github.com/vanbroup/ca7d52a1a6006b5ba03b43d891384ed1
PuttyGen CLI Conversion	https://aws.amazon.com/premiumsupport/knowledge-center/convert-pem-file-into-ppk/
HHS Securing SSL/TLS Presentation	https://www.hhs.gov/sites/default/files/securing-ssl-tls-in-healthcare-tlpwhite.pdf
RFC 7457 TLS Attacks Summary	https://datatracker.ietf.org/doc/html/rfc7457
Practical Cryptography	https://cryptobook.nakov.com/
NSA: Eliminating Obsolete TLS	https://media.defense.gov/2021/Jan/05/2002560140/-1/-1/0/ELIMINATING_OBSOLETE_TLS_UOO197443-20.PDF
OWASP TLS 1.3 Presentation	https://owasp.org/www-chapter-london/assets/slides/OWASPLondon20180125_TLSv1.3_Andy_Brodie.pdf
Mozilla SSL Config Generator	https://ssl-config.mozilla.org/
Installing CA Certs	https://askubuntu.com/questions/645818/how-to-install-certificates-for-command-line
RFC 5116 AEAD Summary	https://datatracker.ietf.org/doc/html/rfc5116#section-5.1
AES Modes	https://www.highgo.ca/2019/08/08/the-difference-in-five-modes-in-the-aes-encryption-algorithm/
Ciphersuite.info	https://ciphersuite.info/
TLS 1.3 Illustrated	https://tls13.ulfheim.net/
Cloudflare Blog: A Detailed Look a TLS 1.3	https://blog.cloudflare.com/rfc-8446-aka-tls-1-3/

About

Changelog

2021-08-25

Minor table cleanup
Switched to icon svg sprite for faster load times

2021-08-19

Improved styling for readability and clarity