Did you know?

OpenSSL

Background

The basis for the plugin is provided by the open source software OpenSSL. The widely used toolkit primarily serves to ensure secure data transmission on the web through the implementations of the the SSL/TLS encryption protocols. In addition, OpenSSL has a command line utility that provides various cryptographic tools, including [1]:

  • Encryption and decryption
  • Calculation of hash values
  • Cryptographic key generation
  • Creation and management of digital certificates
  • SSL/TLS client and server testing

About the plugin

The plugin enables user-friendly use of cryptographic methods with the help of the OpenSSL command line program. For this purpose, the plugin implements the functions from the command line program in two different ways: in a GUI and as a command line interface (CLI = command line interface, often also called terminal).

Via the GUI it is possible to execute some of the standard commands from the OpenSSL toolkit by selecting the respective options for the command via GUI elements. The executed command is then converted into a valid OpenSSL command and appears on the command line with the result of the execution. This is intended to achieve a didactic effect, in order to get to know the functionalities of the command line and individual options of the commands more closely.

At the same time, the plugin also offers the possibility to execute all commands supported in OpenSSL directly in the displayed CLI. The aim is to provide the same user experience as the native use of the command line program in the desktop area. However, it should be noted here that the command line presented in the plugin does not support OS shell commands (with the exception of echo) and focuses only on the OpenSSL program.

About the implementation of the plugin

This plugin brings the OpenSSL toolkit into the browser as WebAssembly bytecode. The new Web standard WebAssembly serves as a compilation target for languages like C/C++ and allows client-side execution in the browser. Compared to an interpreted language such as JavaScript, WebAssembly bytecode benefits from, among other things, near-native execution speed.

The current stable release of OpenSSL in version 3.0 is used for the implementation of the plugin.

More information about the implementation and functionality of the plugin


Graphical User Interface - GUI

Tab Symmetric encryption

This tab implements the enc command from OpenSSL. The command allows file- and text-based symmetric encryption and decryption using various ciphers. The following options are available in the GUI [2]:

Option/Argument GUI option Function
-e Mode Encrypts the input
-d Mode Decrypts the input
-in <Filename> Input Name of the input file
-out <Filename> Output file Name of the output file
-<cipher> (e.g. -rc4) Cipher Selection of the cipher
-k <Password> Passphrase Password for key derivation
-kfile <Filename> Passphrase origin Password as a file for the key derivation
-iv <Hex value> Initialization vector Input parameter for encryption and decryption
-pbkdf2 Key derivation function Use of the PBKDF2 algorithm
-nosalt Key derivation function Do not use salt
Tab Hashes

This tab implements the dgst command from OpenSSL. The command allows the file- and text-based calculation of a hash value. The following options are available in the GUI [2]:

Option/Argument GUI option Function
[filename] Input Name of the input file
-<algorithm> (e.g. -md5) Hash function Selection of the algorithm
-out <Filename> Output file Name of the output file
Tab RSA key generation

This tab implements the genrsa and rsa command from OpenSSL. The command generates a private and public RSA key as a file with the specified key length. The following options are available in the GUI [2]:

Command Option/Argument GUI option Function
genrsa [numbits] Key length Bit length of the private key
-out <Filename> Output file Name of the output file
rsa -in <Filename> Private key Output of the private key
-pubin Public key Output of the public key
-pubout Public key Generating the public key
-text Information Output of key information (private and public)
-noout Information No output of the key (private u. public)
Tab Files

This tab has an overview of all created files. Additionally, the tab offers the option to load local files directly into the plugin to be used as input for corresponding commands.


Command Line Interface - CLI

The OpenSSL program can also be used in the plugin in the traditional way. For this purpose the plugin offers a CLI to execute OpenSSL commands directly by input. Here it is to note that OpenSSL commands are only supported in the following format:

openssl command [ command_opts ] [ command_args ]

An overview of all commands is provided by the following command:

openssl help

For a specific command, the entire list of options/arguments can be output as follows:

openssl command -help

To process a string directly on the command line, the plugin implements the echo command analogous to the bash shell. For this, the echo command must be called in combination with the pipe operator "|" and the respective OpenSSL command:

echo <text> | openssl command [ command_opts ] [ command_args ]

Unlike the native use of a command line, there are also some restrictions in this plugin regarding execution. All commands that require network functionality are not supported (e.g. s_client).


References

[1] OpenSSL (GitHub): https://github.com/openssl/openssl