Build openssl linux 64

Open SSL

Cryptography and SSL/TLS Toolkit

Downloads

The master sources are maintained in our git repository, which is accessible over the network and cloned on GitHub, at https://github.com/openssl/openssl. Bugs and pull patches (issues and pull requests) should be filed on the GitHub repo. Please familiarize yourself with the license.

The table below lists the latest releases for every branch. (For an explanation of the numbering, see our release strategy.) All releases can be found at /source/old. A list of mirror sites can be found here.

Note: The latest stable version is the 3.0 series. Also available is the 1.1.1 series which is our Long Term Support (LTS) version, supported until 11th September 2023. All older versions (including 1.1.0, 1.0.2, 1.0.0 and 0.9.8) are now out of support and should not be used. Users of these older versions are encouraged to upgrade to 3.0 or 1.1.1 as soon as possible. Extended support for 1.0.2 to gain access to security fixes for that version is available.

OpenSSL 3.0 is the latest major version of OpenSSL. The OpenSSL FIPS Object Module (FOM) 3.0 is an integrated part of the OpenSSL 3.0 download. You do not need to download the 3.0 FOM separately. Refer to the installation instructions inside the download, and use the «enable-fips» compile time configuration option to build it.

For an overview of some of the key concepts in OpenSSL 3.0 see the libcrypto manual page. Information and notes about migrating existing applications to OpenSSL 3.0 are available in the OpenSSL 3.0 Migration Guide

The OpenSSL FIPS Object Module (FOM) 2.0 is also available for download. It is no longer receiving updates. It must be used in conjunction with a FIPS capable version of OpenSSL (1.0.2 series).

KBytes	Date	File
14627	2021-Sep-07 12:00:26	openssl-3.0.0.tar.gz (SHA256) (PGP sign) (SHA1)
9603	2021-Aug-24 13:46:31	openssl-1.1.1l.tar.gz (SHA256) (PGP sign) (SHA1)
1457	2017-May-24 18:01:01	openssl-fips-2.0.16.tar.gz (SHA256) (PGP sign) (SHA1)
1437	2017-May-24 18:01:01	openssl-fips-ecp-2.0.16.tar.gz (SHA256) (PGP sign) (SHA1)

When building a release for the first time, please make sure to look at the INSTALL file in the distribution along with any NOTES file applicable to your platform. If you have problems, look at the FAQ, which can be found online. If you still need more help, then join the openssl-users email list and post a question there.

PGP keys for the signatures are available from the OMC page. Current members that sign releases include Richard Levitte and Matt Caswell.

Each day we make a snapshot of each development branch. They can be found at https://www.openssl.org/source/snapshot/. These daily snapshots of the source tree are provided for convenience only and not even guaranteed to compile. Note that keeping a git local repository and updating it every 24 hours is equivalent and will often be faster and more efficient.

Legalities

Please remember that export/import and/or use of strong cryptography software, providing cryptography hooks, or even just communicating technical details about cryptography software is illegal in some parts of the world. So when you import this package to your country, re-distribute it from there or even just email technical suggestions or even source patches to the authors or other people you are strongly advised to pay close attention to any laws or regulations which apply to you. The authors of OpenSSL are not liable for any violations you make here. So be careful, it is your responsibility.

Downloads

Please report problems with this website to webmaster at openssl.org.

Copyright © 1999-2021 The OpenSSL Project Authors. All Rights Reserved.

Источник

Binaries

Some people have offered to provide OpenSSL binary distributions for selected operating systems. The condition to get a link here is that the link is stable and can provide continued support for OpenSSL for a while.

Note: many Linux distributions come with pre-compiled OpenSSL packages. Those are already well-known among the users of said distributions, and will therefore not be mentioned here. If you are such a user, we ask you to get in touch with your distributor first. This service is primarily for operating systems where there are no pre-compiled OpenSSL packages.

Important Disclaimer: The listing of these third party products does not imply any endorsement by the OpenSSL project, and these organizations are not affiliated in any way with OpenSSL other than by the reference to their independent web sites here. In particular any donations or payments to any of these organizations will not be known to, seen by, or in any way benefit the OpenSSL project.

Use these OpenSSL derived products at your own risk; these products have not been evaluated or tested by the OpenSSL project.

Third Party OpenSSL Related Binary Distributions

Product	Description	URL
OpenSSL for Windows	Works with MSVC++, Builder 3/4/5, and MinGW. Comes in form of self-install executables.	https://slproweb.com/products/Win32OpenSSL.html
OpenSSL for Windows	Pre-compiled Win32/64 libraries without external dependencies to the Microsoft Visual Studio Runtime DLLs, except for the system provided msvcrt.dll.	https://indy.fulgan.com/SSL/
OpenSSL for Windows	Reproducible builds with latest MinGW-w64, 64/32-bit, static/dynamic libs and executable.	https://github.com/curl/curl-for-win
OpenSSL for Solaris	Versions for Solaris 2.5 — 11 SPARC and X86	http://www.unixpackages.com/
OpensSSL for Windows, Linux, OSX, Android	Pre-compiled packages at conan.io package manager: Windows x86/x86_64 (Visual Studio 10, 12, 14, 15) Linux x86/x86_64 (gcc 4.6, 4.8, 4.9, 5, 6, 7) OSx (Apple clang). Cross-building ready recipe: Linux ARM, Android.	https://www.conan.io https://conan.io/center/openssl
OpenSSL for Windows	Pre-compiled Win32/64 1.0.2, 1.1.0, 1.1.1 and 3.0 libraries without external dependencies, primarily built for François Piette’s Internet Component Suite (ICS) for Embarcadero (Borland) Delphi and C++ development tools, but may be used for any Windows applications. The OpenSSL DLLs and EXE files are digitally code signed ‘Open Source Developer, François PIETTE’, so applications can self verify them for corruption.	http://wiki.overbyte.eu/wiki/index.php/ICS_Download
OpenSSL for Windows	Pre-compiled 64-bit (x64) and 32-bit (x86) 1.1.1 and 3.0 executables and libraries for Microsoft Windows Operating Systems with a dependency on the Microsoft Visual Studio 2015-2019 runtime. The distribution may be used standalone or integrated into any Windows application. The distribution’s EXE and DLL files are digitally signed ‘FireDaemon Technologies Limited’.	https://kb.firedaemon.com/support/solutions/articles/4000121705
OpenSSL for NonStop	Pre-compiled NonStop ia64/x86 1.0.2, 1.1.1 executables and libraries for the HPE NonStop Operating Systems. Threaded versions are included. The SPT version depends on FLOSS, otherwise there are no other dependencies. 32-bit versions are available. The builds are done by the ITUGLIB Technical Committee as part of Connect.	https://ituglib.connect-community.org/apps/Ituglib/SrchOpenSrcLib.xhtml

Engines [ edit ]

Some third parties provide OpenSSL compatible engines. As for the binaries above the following disclaimer applies:

Important Disclaimer: The listing of these third party products does not imply any endorsement by the OpenSSL project, and these organizations are not affiliated in any way with OpenSSL other than by the reference to their independent web sites here. In particular any donations or payments to any of these organizations will not be known to, seen by, or in any way benefit the OpenSSL project.

Источник

Command Line Utilities

The openssl program provides a rich variety of commands, each of which often has a wealth of options and arguments. Many commands use an external configuration file for some or all of their arguments and have a -config option to specify that file. The environment variable OPENSSL_CONF can be used to specify the location of the configuration file. If the environment variable is not specified, a default file is created in the default certificate storage area called openssl.cnf. The settings in this default configuration file depend on the flags set when the version of OpenSSL being used was built.

This article is an overview of the available tools provided by openssl. For all of the details on usage and implementation, you can find the manpages which are automatically generated from the source code at the official OpenSSL project home. Likewise, the source code itself may be found on the OpenSSL project home page, as well as on the OpenSSL Github. The main OpenSSL site also includes an overview of the command-line utilities, as well as links to all of their respective documentation.

Contents

Getting Started [ edit ]

The entry point for the OpenSSL library is the openssl binary, usually /usr/bin/openssl on Linux. The general syntax for calling openssl is as follows:

Alternatively, you can call openssl without arguments to enter the interactive mode prompt. You may then enter commands directly, exiting with either a quit command or by issuing a termination signal with either Ctrl+C or Ctrl+D. The following is a sample interactive session in which the user invokes the prime command twice before using the quit command to terminate the session.

Basic Tasks [ edit ]

This section is a brief tutorial on performing the most basic tasks using OpenSSL. For a detailed explanation of the rationale behind the syntax and semantics of the commands shown here, see the section on Commands.

Getting Help [ edit ]

As mentioned previously, the general syntax of a command is openssl command [ command_options ] [ command_arguments ] . The help command is no different, but it does have its idiosyncrasies. To view the top-level help menu, you can call openssl as follows.

This query will print all of the available commands, like so:

Note the above output was truncated, so only the first four lines of output are shown.

A help menu for each command may be requested in two different ways. First, the same command used above may be repeated, followed by the name of the command to print help for.

The program will then display the valid options for the given command.

The second way of requesting the help menu for a particular command is by using the first option in the output shown above, namely openssl command -help . Both commands will yield the same output; the help menu displayed will be exactly the same.

For additional information on the usage of a particular command, the project manpages are a great source of information. Another excellent source of information is the project perldocs. perldoc is a utility included with most if not all Perl distributions, and it’s capable of displaying documentation information in a variety of formats, one of which is as manpages. Not surprisingly, the project documentation is generated from the pod files located in the doc directory of the source code.

Getting Library Version Information [ edit ]

As mentioned above, the version command’s help menu may be queried for additional options like so:

Using the -a option to show all version information yields the following output on my current machine:

Generating an RSA Private Key [ edit ]

Generating a private key can be done in a variety of different ways depending on the type of key, algorithm, bits, and other options your specific use case may require. In this example, we are generating a private key using RSA and a key size of 2048 bits.

To generate a password protected private key, the previous command may be slightly amended as follows:

The addition of the -aes256 option specifies the cipher to use to encrypt the private key file. For a list of available ciphers in the library, you can run the following command:

With your private key in hand, you can use the following command to see the key’s details, such as its modulus and its constituent primes. Remember to change the name of the input file to the file name of your private key.

The above command yields the following output in my specific case. Your output will differ but should be structurally similar.

Keep in mind the above key was generated solely for pedagogical purposes; never give anyone access to your private keys.

Generating a Public Key [ edit ]

Having previously generated your private key, you may generate the corresponding public key using the following command.

You may once again view the key details, using a slightly different command this time.

The output for the public key will be shorter, as it carries much less information, and it will look something like this.

For more information on generating keys, see the source code documentation, located in the doc/HOWTO/keys.txt file.

Generating Keys Based on Elliptic Curves [ edit ]

There are essentially two steps to generating a key:

1. Generate the parameters for the specific curve you are using
2. Use those parameters to generate the key

To see the list of curves instrinsically supported by openssl, you can use the -list_curves option when calling the ecparam command.

For this example I will use the prime256v1 curve, which is an X9.62/SECG curve over a 256 bit prime field.

Generating the Curve Parameters [ edit ]

Having selected our curve, we now call ecparam to generate our parameters file.

Printing Parameters to Standard Out [ edit ]

You can print the generated curve parameters to the terminal output with the following command:

Printing Parameters as C Code [ edit ]

Analogously, you may also output the generated curve parameters as C code. The parameters can then be loaded by calling the get_ec_group_XXX() function. To print the C code to the current terminal's output, the following command may be used:

Читайте также:  Windows 1251 для linux

And here are the first few lines of the corresponding output:

Generating the Key [ edit ]

With the curve parameters in hand, we are now free to generate the key. Just as with the [#Generating an RSA Private Key|RSA] example above, we may optionally specify a cipher algorithm with which to encrypt the private key. The call to generate the key using the elliptic curve parameters generated in the example above looks like this:

Putting it All Together [ edit ]

The process of generation a curve based on elliptic-curves can be streamlined by calling the genpkey command directly and specifying both the algorithm and the name of the curve to use for parameter generation. In it's simplest form, the command to generate a key based on the same curve as in the example above looks like this:

This command will result in the generated key being printed to the terminal's output.

Remember that you can specify a cipher algorithm to encrypt the key with, which something you may or may not want to do, depending on your specific use case. Here is a slightly more complete example showing a key generated with a password and written to a specific output file.

Just as with the previous example, you can use the pkey command to inspect your newly-generated key.

For more details on elliptic curve cryptography or key generation, check out the manpages.

Base64 Encoding Strings [ edit ]

For simple string encoding, you can use "here string" syntax with the base64 command as below. Intuitively, the -e flag specifies the action to be encoding.

Similarly, the base64 command's -d flag may be used to indicate decoding mode.

Note: base64 line length is limited to 76 characters by default in openssl (and generated with 64 characters per line).

To be able to decode a base64 line without line feeds that exceeds the default 76 character length restriction use the -A option.

It is recommended to actually split base64 strings into multiple lines of 64 characters, however, since the -A option is buggy, particularly with its handling of long files.

Generating a File Hash [ edit ]

One of the most basic uses of the dgst command (short for digest) is viewing the hash of a given file. To do this, simply invoke the command with the specified digest algorithm to use. For this example, I will be hashing an arbitrary file on my system using the MD5, SHA1, and SHA384 algorithms.

For a list of the available digest algorithms, you can use the following command.

You can also use a similar command to see the available digest commands:

Below are three sample invocations of the md5, sha1, and sha384 digest commands using the same file as the dgst command invocation above.

File Encryption and Decryption [ edit ]

The following example demonstrates a simple file encryption and decryption using the enc command. The first argument is the cipher algorithm to use for encrypting the file. For this example I carefully selected the AES-256 algorithm in CBC Mode by looking up the available ciphers and picking out the first one I saw. To see the list of available ciphers, you can use the following command.

You can also use the following command:

Having selected an encryption algorithm, you must then specify whether the action you are taking is either encryption or decryption via the -e or -d flags, respectively. The -iter flag specifies the number of iterations on the password used for deriving the encryption key. A higher iteration count increases the time required to brute-force the resulting file. Using this option implies enabling use of the Password-Based Key Derivation Function 2, usually set using the -pbkdf2 flag. We then use the -salt flag to enable the use of a randomly generated salt in the key-derivation function.

Putting it all together, you can see the command to encrypt a file and the corresponding output below. Note that the passwords entered by the user are blank, just as they would usually be in a terminal session.

The analogous decryption command is as follows:

Commands [ edit ]

There are three different kinds of commands. These are standard commands, cipher commands, and digest commands. Calling the OpenSSL top-level help command with no arguments will result in openssl printing all available commands by group, sorted alphabetically.

Источник