Additional cheat files (#139)

* Most common openssl commands

* Most common java keytool commands

cheats/keytool.cheat

@@ -0,0 +1,58 @@
+% java keytool, certificate, encryption
+
+## Creating
+# Generate a Java keystore and key pair
+keytool -genkey -alias <ALIAS> -keyalg RSA -keystore <OUTPUT_JKS> -keysize <RSA_LENGTH>
+
+# Generate a certificate signing request (CSR) for an existing Java keystore
+keytool -certreq -alias <ALIAS> -keystore <INPUT_JKS> -file <OUTPUT_CSR>
+
+# Import a root or intermediate CA certificate to an existing Java keystore
+keytool -import -trustcacerts -alias root -file <INPUT_CRT> -keystore <INPUT_JKS>
+
+# Import a signed primary certificate to an existing Java keystore
+keytool -import -trustcacerts -alias <ALIAS> -file <INPUT_CRT> -keystore <INPUT_JKS>
+
+# Generate a keystore and self-signed certificate
+keytool -genkey -keyalg RSA -alias <ALIAS> -keystore <OUTPUT_JKS> -storepass <PASSWORD> -validity <VALIDITY> -keysize <RSA_LENGTH>
+
+
+
+## Verifying
+# Check a stand-alone certificate
+keytool -printcert -v -file <INPUT_CRT>
+
+# Check which certificates are in a Java keystore
+keytool -list -v -keystore <INPUT_JKS>
+
+# Check a particular keystore entry using an alias
+keytool -list -v -keystore <INPUT_JKS> -alias <ALIAS>
+
+
+
+## Other
+# Remove a certificate from a keystore
+keytool -delete -alias <ALIAS> -keystore <INPUT_JKS>
+
+# Change the password of a keystore
+keytool -storepasswd -keystore <INPUT_JKS> -new <NEW_PASSWORD>
+
+# Export a certificate from a keystore
+keytool -export -alias <ALIAS> -file <OUTPUT_CRT> -keystore <INPUT_JKS>
+
+# List the trusted CA Certs from the default Java Trusted Certs Keystore
+keytool -list -v -keystore $JAVA_HOME/jre/lib/security/cacerts
+
+# Import New Certificate Authority into the default Java Trusted Certs Keystore
+keytool -import -trustcacerts -file <INPUT_PEM> -alias <ALIAS> -keystore $JAVA_HOME/jre/lib/security/cacerts
+
+
+
+# Sensible/common default alternatives
+$ VALIDITY: printf "DAYS\tCOMMENT\n1\ta day\n30\ta month\n365\ta year\n730\ttwo years" --- --column 1 --headers 1
+$ RSA_LENGTH: printf "KEY LENGTH\tCOMMENT\n2048\t\tDefault\n4096\t\tBetter\n8192\t\tSlow?" --- --column 1 --headers 1
+
+# Attempt to find files with the appropriate endings, default to everything.
+$ INPUT_CRT:    ls -a | grep -e "\(.crt\|.cer\|.der\)" || ls -a
+$ INPUT_PEM:    ls -a | grep -e "\(.pem\)"             || ls -a
+$ INPUT_JKS:    ls -a | grep -e "\(.jks\)"             || ls -a

cheats/openssl.cheat

@@ -0,0 +1,81 @@
+% openssl, certificate, encryption
+
+## General OpenSSL Commands
+# Create a new signing request and key
+openssl req -new -newkey rsa:<RSA_LENGTH> -nodes -out <OUTPUT_CSR> -keyout <OUTPUT_KEY>
+
+# Create a new self-signed certificate
+openssl req -x509 -sha256 -nodes -days <VALIDITY> -newkey rsa:<RSA_LENGTH> -out <OUTPUT_CRT> -keyout <OUTPUT_KEY>
+
+# Create a signing request from existing key
+openssl req -out <OUTPUT_CSR> -key <INPUT_KEY> -new
+
+# Create a signing request from existing certificate and key
+openssl x509 -x509toreq -out <OUTPUT_CSR> -in <INPUT_CRT> -signkey <INPUT_KEY>
+
+# Remove a passphrase from a private key
+openssl rsa -in <INPUT_KEY> -out <OUTPUT_PLAINTEXT_KEY>
+
+
+
+## Converting between the different encoding
+# Convert a DER encoded file to a PEM encoded file
+openssl x509 -inform der -in <INPUT_CRT> -out <OUTPUT_PEM>
+
+# Convert a PEM encoded file to a DER encoded file
+openssl x509 -outform der -in <INPUT_PEM> -out <OUTPUT_CRT>
+
+# Convert a PKCS12 encoded file containing a private key and certificates to PEM
+openssl pkcs12 -in <INPUT_PKCS12> -out <OUTPUT_PEM> -nodes
+
+# Extract the private key from a PKCS12 encoded file
+openssl pkcs12 -in <INPUT_PKCS12> -out <OUTPUT_PEM> -nodes -nocerts
+
+# Extract the certificate from a PKCS12 encoded file
+openssl pkcs12 -in <INPUT_PKCS12> -out <OUTPUT_PEM> -nodes -nokeys
+
+# Convert a PEM certificate file and a private key to PKCS12 encoded file
+openssl pkcs12 -export -out <OUTPUT_PKCS12> -inkey <INPUT_KEY> -in <INPUT_CRT> -certfile <INPUT_CRT>
+
+
+
+## Validating certificates and keys using OpenSSL
+# Validate a certificate signing request
+openssl req -text -noout -verify -in <OUTPUT_CSR>
+
+# Validate a private key
+openssl rsa -in <INPUT_KEY> -check
+
+# Validate a certificate
+openssl x509 -in <INPUT_CRT> -text -noout
+
+# Validate a PKCS12 file (.pfx or .p12)
+openssl pkcs12 -info -in <INPUT_PKCS12>
+
+
+
+## Debugging using OpenSSL
+# Compare the MD5 hash of a certificate
+openssl x509 -noout -modulus -in <INPUT_CRT> | openssl md5
+
+# Compare the MD5 hash of a private key
+openssl rsa -noout -modulus -in <INPUT_KEY> | openssl md5
+
+# Compare the MD5 hash of a certificate signing request
+openssl req -noout -modulus -in <INPUT_CSR> | openssl md5
+
+# Display the server certificate chain
+openssl s_client -connect <URL>:<PORT>
+
+
+
+# Sensible/common default alternatives
+$ VALIDITY: printf "DAYS\tCOMMENT\n1\ta day\n30\ta month\n365\ta year\n730\ttwo years" --- --column 1 --headers 1
+$ RSA_LENGTH: printf "KEY LENGTH\tCOMMENT\n2048\t\tDefault\n4096\t\tBetter\n8192\t\tSlow?" --- --column 1 --headers 1
+
+# Attempt to find files with the appropriate endings, default to everything.
+$ INPUT_PKCS12: ls -a | grep -e "\(.pfx\|.p12\)"       || ls -a
+$ INPUT_CSR:    ls -a | grep -e "\(.csr\)"             || ls -a
+$ INPUT_KEY:    ls -a | grep -e "\(.key\|.pem\)"       || ls -a
+$ INPUT_CRT:    ls -a | grep -e "\(.crt\|.cer\|.der\)" || ls -a
+$ INPUT_PEM:    ls -a | grep -e "\(.pem\)"             || ls -a