Crypto Tools Notes


GnuPG, OpenSSL, and some others.

Useful crypto tools


GnuPG allows you to encrypt and sign your data and communications.

List public keys

gpg -k
gpg --list-keys

List private keys

gpg -K
gpg --list-secret-keys


gpg -c secret.txt 
gpg -o secret.txt.gpg -c secret.txt 


gpg secret.txt.gpg
gpg -o secret.txt secret.txt.gpg

Generate a key

gpg --gen-key

Generate a key (full)

gpg --full-generate-key

Export public key

gpg --output public.key --export [USER] # binary

gpg --armor --output public.key --export [USER] # ASCII armored
gpg -a -o public.key --export [USER] # short version

Export private key

gpg --output private.key --export-secret-keys [USER] # binary

gpg --armor --output private.key --export-secret-keys [USER] # ASCII armored
gpg -a -o private.key --export-secret-keys [USER] # short version

Import a public key

gpg --import public.key


gpg --encrypt --recipient Djosix secret.txt
gpg -e -r Djosix secret.txt # short

gpg --encrypt --output secret.txt.gpg --recipient Djosix secret.txt
gpg -e -r Djosix -o secret.txt.gpg secret.txt # short


gpg --output secret.txt --decrypt secret.txt.gpg
gpg -o secret.txt -d secret.txt.gpg # short




openssl enc -e -aes256 -in secret.txt -out secret.txt.enc


openssl enc -d -aes256 -in secret.txt.enc -out secret.txt

Ignoring -in or -out will enable stdin or stdout.


Generate private key

openssl genrsa -out private_key.pem 4096

Generate public key

openssl rsa -in private_key.pem -out public_key.pem -outform PEM -pubout

Encrypt using public key

openssl rsautl -encrypt -inkey public_key.pem -pubin -in secret.txt -out secret.txt.enc

Decrypt using private key

openssl rsautl -decrypt -inkey private_key.pem -in secret.txt.enc -out secret.txt

RSA With Large Files

Generate a random key for symmetric encryption

openssl rand -base64 64 > key.bin

Encrypt using that key

openssl enc -aes-256-cbc \
    -salt -in test.txt \
    -out test.txt.enc \
    -pass file:key.bin

Encrypt the key using RSA

openssl rsautl -encrypt \
    -inkey public_key.pem -pubin \
    -in key.bin \
    -out key.bin.enc

Decrypt the key using RSA

openssl rsautl -decrypt -inkey private_key.pem -in key.bin.enc -out key.bin

Decrypt files with that key

openssl enc -d -aes-256-cbc -in test.txt.enc -out test.txt -pass file:key.bin

SSL Connection

openssl s_client -connect
# "GET / HTTP/1.1\r\nHost:\r\n\r\n"

But using ncat is much easier

ncat --ssl 443