Category: OS-X

Generating private keys with openssl

Keys are the basis of public key algorithms and PKI. Keys usually come in pairs, with one half being the public key and the other half being the private key. With OpenSSL, the private key contains the public key information as well, so a public key doesn’t need to be generated separately.

Public keys come in several flavors, using different cryptographic algorithms. The most popular ones associated with certificates are RSA and DSA, and this  article will show how to generate each of them.

Generating an RSA key

A RSA key can be used both for encryption and for signing and generating a key is quite easy, all you have to do is the following:

  openssl genrsa -des3 -out privkey.pem 2048

That will generate a private key with is password protected (it will prompt you for the password during generation). If you don’t want it password protected (usually for server side use) then leave the -des3 parameter out, i.e.:

  openssl genrsa -out privkey.pem 2048
 The number 2048 is the size of the key, in bits. Today, 2048 or higher is recommended for RSA keys, as fewer amount of bits is considered insecure.

Generating a DSA key

A DSA key can be used for signing only. This is important to keep in mind to know what kind of purposes a certificate request with a DSA key can really be used for.

Generating a key for the DSA algorithm is a two-step process. First, you have to generate parameters from which to generate the key then to generate the key itself.

  openssl dsaparam -out dsaparam.pem 2048
  openssl gendsa -des3 -out privkey.pem dsaparam.pem

Again like RSA, 2048 is the size of the key, in bits with anything smaller than 2048 being insecure in todays standards.

Also the -des3 parameter will prompt you for a pass phrase – for server use leave it out:

  openssl dsaparam -out dsaparam.pem 2048
  openssl gendsa -out privkey.pem dsaparam.pem

How to flush the DNS Cache on OSX

I keep forgetting this one hence writing it up. Every so often you need to flush the local dns cache – usually you’ve made a change in some dns & you want to test it immediately etc.

dscacheutil -flushcache

It’s that simple – so simple it’s an easy one to forget 😦

How to add a static route on OSX

I’ve just had this one with a pptp vpn – one network was accessible over it but another behind it wasnt so I had to add a static route.

First you need to know the remote ip address of the vpn connection:

sabrina:table peter$ ifconfig ppp0
ppp0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1444
 inet 192.168.1.3 --> 192.168.1.1 netmask 0xffffff00

Here the address we want is the first one, 192.168.1.3

Now to create the route

sabrina:table peter$ sudo route add -net 192l168.2.0/24 192.168.1.3
Password:
add net 192.168.2.0: gateway 192.168.1.3

Thats it, now that route will work as long as the vpn connection stays up. When you disconnect it will then be removed & you’ll have to add it again later.