Merge pull request #49 from deworn/add_more_ssl_specs

alokedesai · web-flow · commit 0481ca70e461 · 2022-04-25T11:31:02.000-04:00
Added workflows for certificates and keys
diff --git a/specs/ssl/add_passwd_to_rsa_key.yml b/specs/ssl/add_passwd_to_rsa_key.yml
@@ -0,0 +1,17 @@
+---
+name: Add password to private RSA key using AES256
+command: "openssl rsa -aes256 -in {{in_key}} -out {{out_pass_key}}"
+tags:
+  - ssl
+  - openssl
+description: "Add password to private RSA key using AES256."
+arguments:
+  - name: in_key
+    description: "Input RSA key without password."
+    default_value: in.key
+  - name: "out_pass_key"
+    description: "Output RSA key protected with password."
+    default_value: "out.key"
+author: Petr Stepan (Deworn)
+author_url: "https://github.com/deworn"
+shells: []
diff --git a/specs/ssl/check_web_certs.yml b/specs/ssl/check_web_certs.yml
@@ -0,0 +1,14 @@
+---
+name: Check website certificate
+command: "openssl s_client -connect {{url}}:443 -showcerts"
+tags:
+  - ssl
+  - openssl
+description: "Check certificate of specific web site or URL."
+arguments:
+  - name: url
+    description: "URL to check."
+    default_value: ""
+author: Petr Stepan (Deworn)
+author_url: "https://github.com/deworn"
+shells: []
diff --git a/specs/ssl/convert_der_to_pem.yml b/specs/ssl/convert_der_to_pem.yml
@@ -0,0 +1,17 @@
+---
+name: Convert certificate from DER to PEM
+command: "openssl x509 -inform der -outform pem -in {{in_der_cert}} -out {{out_pem_cert}}"
+tags:
+  - ssl
+  - openssl
+description: "Convert certificate in DER binary encoding to PEM format (base64)"
+arguments:
+  - name: in_der_cert
+    description: "Input certificate file in DER encoding. Files usually have .der or .cer extensions."
+    default_value: in_cert.der
+  - name: out_pem_cert
+    description: "Output certificate file which will be in PEM format. Files usually have .pem, .crt, or .cer extensions."
+    default_value: out_cert.pem
+author: Petr Stepan (Deworn)
+author_url: "https://github.com/deworn"
+shells: []
diff --git a/specs/ssl/convert_pem_to_der.yml b/specs/ssl/convert_pem_to_der.yml
@@ -0,0 +1,17 @@
+---
+name: Convert certificate from PEM to DER
+command: "openssl x509 -inform pem -outform der -in {{in_pem_cert}} -out {{out_der_cert}}"
+tags:
+  - ssl
+  - openssl
+description: "Convert certificate in PEM format (base64) to DER binary encoding"
+arguments:
+  - name: in_pem_cert
+    description: "Input certificate file in PEM format. Files usually have .pem, .crt, or .cer extensions."
+    default_value: in_cert.pem
+  - name: out_der_cert
+    description: "Output certificate file which will be DER encoded. Files usually have .der or .cer extensions."
+    default_value: out_cert.der
+author: Petr Stepan (Deworn)
+author_url: "https://github.com/deworn"
+shells: []
diff --git a/specs/ssl/convert_pem_to_pkcs12.yml b/specs/ssl/convert_pem_to_pkcs12.yml
@@ -0,0 +1,23 @@
+---
+name: Convert certificate from PEM to PKCS#12
+command: "openssl pkcs12 -export -out {{out_pkcs12_cert}} -in {{in_pem_cert}} -inkey {{in_pem_private_key}} -certfile {{in_pem_cacert}}"
+tags:
+  - ssl
+  - openssl
+description: "Convert certificate in PKCS#12 container format (private key included) to PEM format (base64)"
+arguments:
+  - name: in_pem_cert
+    description: "Input certificate file in PEM format. Files usually have .pem, .crt, or .cer extensions."
+    default_value: in_cert.pem
+  - name: in_pem_private_key
+    description: "Input private key file (in PEM format) which fits in_pem_cert. Files usually have .key extension."
+    default_value: in_private.key
+  - name: in_pem_cacert
+    description: "Input certificate file (or file bundle) of Certification Authority (in PEM format) which signed in_pem_cert file. Files usually have .pem, .crt, or .cer extensions."
+    default_value: cacert.pem
+  - name: out_pkcs12_cert
+    description: "Output file which will be in PKCS#12 container format with private key. Files usually have .pfx or .p12 extensions."
+    default_value: out_cert.pfx
+author: Petr Stepan (Deworn)
+author_url: "https://github.com/deworn"
+shells: []
diff --git a/specs/ssl/convert_pkcs12_to_pem.yml b/specs/ssl/convert_pkcs12_to_pem.yml
@@ -0,0 +1,17 @@
+---
+name: Convert certificate from PKCS#12 to PEM
+command: "openssl pkcs12 -in {{in_pkcs12_cert}} -out {{out_pem_cert}} -nodes"
+tags:
+  - ssl
+  - openssl
+description: "Convert certificate in PKCS#12 container format (private key included) to PEM format (base64)"
+arguments:
+  - name: in_pkcs12_cert
+    description: "Input certificate file in PKCS#12 container format. Files usually have .pfx or .p12 extensions."
+    default_value: in_cert.pfx
+  - name: out_pem_cert
+    description: "Output certificate file which will be in PEM format. Files usually have .pem, .crt, or .cer extensions."
+    default_value: out_cert.pem
+author: Petr Stepan (Deworn)
+author_url: "https://github.com/deworn"
+shells: []
diff --git a/specs/ssl/export_public_rsa_key.yml b/specs/ssl/export_public_rsa_key.yml
@@ -0,0 +1,17 @@
+---
+name: Export public key from private RSA key
+command: "openssl rsa -in {{in_key}} -pubout -out {{out_pub_key}}"
+tags:
+  - ssl
+  - openssl
+description: "Export public part of the key from private RSA key."
+arguments:
+  - name: in_key
+    description: "Input private RSA key."
+    default_value: in.key
+  - name: out_pub_key
+    description: "Output key which contains only public part."
+    default_value: out.key
+author: Petr Stepan (Deworn)
+author_url: "https://github.com/deworn"
+shells: []
diff --git a/specs/ssl/generate_csr_from_config.yml b/specs/ssl/generate_csr_from_config.yml
@@ -0,0 +1,17 @@
+---
+name: Generate a CSR from configuration/template
+command: "openssl req -new -config {{conf_file}} -out {{csr_file}} -verbose"
+tags:
+  - ssl
+  - openssl
+description: "Generates a Certificate Signing Request (CSR) from configuration (template) file. This CSR is needs to be signed by Certification Authority."
+arguments:
+  - name: conf_file
+    description: "Configuration file containing all details for CSR."
+    default_value: csr_template.conf
+  - name: csr_file
+    description: "Output CSR file which needs to be signed by Certification Authority."
+    default_value: client.csr
+author: Petr Stepan (Deworn)
+author_url: "https://github.com/deworn"
+shells: []
diff --git a/specs/ssl/generate_key.yml b/specs/ssl/generate_key.yml
@@ -0,0 +1,23 @@
+---
+name: Generate RSA key
+command: 'ssh-keygen -t {{key_type}} -b {{key_size}} -o -a 100 -C "{{key_comment}}" -f "{{key_file_name}}"'
+tags:
+  - ssl
+  - openssl
+description: "Generate new RSA key with 100 KDF rounds."
+arguments:
+  - name: key_type
+    description: "Type of the new key. Options are: rsa, dsa, ed25519, ed25519-sk, ecdsa, ecdsa-sk"
+    default_value: "rsa"
+  - name: key_size
+    description: "Size of new key in bits. DSA example: 1024. RSA example: 2048, 3072, 4096. ECDSA examples: 256, 384, 512. EXDSA-SK, ED25519 and ED25519-SK have fixed length (flag will be ignored)."
+    default_value: "2048"
+  - name: key_comment
+    description: "Comment displayed at the end of the key. Optional."
+    default_value: ""
+  - name: key_file_name
+    description: "Filename of the new key."
+    default_value: ""
+author: Petr Stepan (Deworn)
+author_url: "https://github.com/deworn"
+shells: []
diff --git a/specs/ssl/remove_passwd_from_rsa_key.yml b/specs/ssl/remove_passwd_from_rsa_key.yml
@@ -0,0 +1,17 @@
+---
+name: Remove password from private RSA key
+command: "openssl rsa -in {{in_pass_key}} -out {{out_key}}"
+tags:
+  - ssl
+  - openssl
+description: "Remove password from private RSA key."
+arguments:
+  - name: in_pass_key
+    description: "Input RSA key protected with password."
+    default_value: in.key
+  - name: out_key
+    description: "Output RSA key without password."
+    default_value: out.key
+author: Petr Stepan (Deworn)
+author_url: "https://github.com/deworn"
+shells: []
