Why
Openssl is a great tool to generate and transform all sorts of cryptographic certificates. There isn't an official distribution on Windows, so one has to use some 3rd party version. It can be a hassle to get it installed. But, if you have docker running, you're all set. Fetch a small container, and start running it.
How
You can copy any these functions into your shell profile, the script will fetch openssl when needed, create an image.
And run openssl in your current directory. You can remove the cleanup step if you don't want the containers to be deleted after usage.
Since we're using docker run a new container will be created every time, we probably don't want them hanging around.
Script for Fish shell
function openssl
set --local images (docker images -q openssl:latest)
if test -z "$images"
echo 'openssl:latest image does not exist, creating it'
docker run --name openssl alpine apk add --no-cache openssl
docker commit openssl openssl:latest
docker rm openssl
end
# cleanup the existing containers
set --local containers (docker ps -a | grep 'openssl:latest' | awk '{ print $1}')
if test -n "$containers"
docker rm $containers > /dev/null
end
docker run -w /home -v (pwd):/home -it openssl:latest /usr/bin/openssl $argv
end
Script for Bash shell
function openssl {
images=$(docker images -q openssl:latest)
if [ -z "$images" ]; then
echo 'openssl:latest image does not exist, creating it'
docker run --name openssl alpine apk add --no-cache openssl
docker commit openssl openssl:latest
docker rm openssl
fi
# cleanup the existing containers
containers=$(docker ps -a | grep 'openssl:latest' | awk '{ print $1}')
if [ -n "$containers" ]; then
docker rm ${containers} > /dev/null
fi
docker run -w /home -v $(pwd):/home -it openssl:latest /usr/bin/openssl $@
}
Script for PowerShell
function openssl {
$images = $(docker images -q openssl:latest)
if (-not $images) {
Write-Host "openssl:latest image does not exist, creating it"
docker run --name openssl alpine apk add --no-cache openssl
docker commit openssl openssl:latest
docker run openssl
}
$containers = $(docker ps -a | selec-string 'openssl:latest' | %{ $_.ToString().Split(' ')[0]; })
if ($containers) {
docker rm $containers | Out-Null
}
docker run -w /home -v ${pwd}:/home -it openssl:latest /usr/bin/openssl $args
}
Then you can run openssl from command line.
> openssl help
Standard commands
asn1parse ca ciphers cms
crl crl2pkcs7 dgst dhparam
dsa dsaparam ec ecparam
enc engine errstr gendsa
genpkey genrsa help list
nseq ocsp passwd pkcs12
pkcs7 pkcs8 pkey pkeyparam
pkeyutl prime rand rehash
req rsa rsautl s_client
s_server s_time sess_id smime
speed spkac srp storeutl
ts verify version x509
Message Digest commands (see the `dgst' command for more details)
blake2b512 blake2s256 gost md4
md5 rmd160 sha1 sha224
sha256 sha3-224 sha3-256 sha3-384
sha3-512 sha384 sha512 sha512-224
sha512-256 shake128 shake256 sm3
Cipher commands (see the `enc' command for more details)
aes-128-cbc aes-128-ecb aes-192-cbc aes-192-ecb
aes-256-cbc aes-256-ecb aria-128-cbc aria-128-cfb
aria-128-cfb1 aria-128-cfb8 aria-128-ctr aria-128-ecb
aria-128-ofb aria-192-cbc aria-192-cfb aria-192-cfb1
aria-192-cfb8 aria-192-ctr aria-192-ecb aria-192-ofb
aria-256-cbc aria-256-cfb aria-256-cfb1 aria-256-cfb8
aria-256-ctr aria-256-ecb aria-256-ofb base64
bf bf-cbc bf-cfb bf-ecb
bf-ofb camellia-128-cbc camellia-128-ecb camellia-192-cbc
camellia-192-ecb camellia-256-cbc camellia-256-ecb cast
cast-cbc cast5-cbc cast5-cfb cast5-ecb
cast5-ofb des des-cbc des-cfb
des-ecb des-ede des-ede-cbc des-ede-cfb
des-ede-ofb des-ede3 des-ede3-cbc des-ede3-cfb
des-ede3-ofb des-ofb des3 desx
rc2 rc2-40-cbc rc2-64-cbc rc2-cbc
rc2-cfb rc2-ecb rc2-ofb rc4
rc4-40
Conclusion
Docker is a good tool to run Linux applications everywhere. Especially if the tool and the base image(in our case Alpine) are small. The scripts above will get you a openssl running locally in no time.