Posted   by 

Using Openssl To Create Keys For Mac

  1. Using Openssl To Create Keys For Mac Osx
  2. Openssl Create Key

We recommend that you use OpenSSL to create the certificate. For Windows users, you can download the tool at For Mac and Linux users, OpenSSL is available with the native command-line tools such as Terminal. The next most common use case of OpenSSL is to create certificate signing requests for requesting a certificate from a certificate authority that is trusted. Openssl req -new -newkey rsa:2048 -nodes -out request.csr -keyout private.key. Similar to the previous command to generate a self-signed certificate, this command generates a CSR.

If you want to do a quick command-line generation of a HMAC, then the openssl command is useful.
For example:
...or alternatively...
Reference:
http://stackoverflow.com/questions/7285059/hmac-sha1-in-bash

BUT, note in the above commands, the 'value' and 'key' are ascii strings.The above syntax is problematic if you want to specify a Binary value for the key,which does not correspond to printable characters.

This had been a problem reported in the past:
http://www.mail-archive.com/openssl-users@openssl.org/msg49098.html
http://www.mail-archive.com/openssl-users@openssl.org/msg49100.html

But I can report here, that certainly with openssl v1.0.0, the following method allows you to specify a binary key, by passing it as a string of hex values.

Private

To demonstate the point, let's get the hex string equivalent of the three character acsii string 'key',so that we can use the same hashes as in the examples above.To do this, I use utility 'xxd' which does a hexdump.(For further information on 'xdd' see my previousblog posts.)
Ok, so the hex-string '6b6579' corresponds to ascii string 'key'.

Using Openssl To Create Keys For Mac Osx

Using openssl to create keys for mac os

So after reading up the man page for 'openssl dgst', we try a further alternate formof the command, like this:
Note the use of the '-macopt hexkey:string' option which allows you to specify the keyin hexadecimal (two hex digits per byte).

Nice! So now we can do something like this:
I hope to show a practical use of the above in a future blog post!

Openssl Create Key

Finally, I will just confirm some details of the system that gave the above output:
By the way, if your wondering about the '(stdin)= ' that openssl is outputing, then see my previous blog post on this subject.