How to install OpenSSL in windows 10? - ssl

I have a question about how and what is the version of OpenSSl that I must install in Windows to later create certificates.
Install a one version (openssl-1.0.2d-fips-2.0.10) found in SourceForge but it does not generate the files correctly.
There is also the official website https://www.openssl.org, but I do not know how to install it and how, so that when it comes to generating the keys and .pem file, it works.
Generate some environment variables that point to the folder where I unzipped the downloaded, I do not know if it is the correct way.

I also wanted to create OPEN SSL for Windows 10. An easy way to do it without running into a risk of installing unknown software from 3rd party websites and risking entries of viruses, is by using the openssl.exe that comes inside your Git for Windows installation. In my case, I found the open SSL in the following location of Git for Windows Installation.
C:\Program Files\Git\usr\bin\openssl.exe
If you also want instructions on how to use OPENSSL to generate and use Certificates, here is a write-up on my blog. The step by step instructions first explains how to use Microsoft Windows Default Tool and also OPEN SSL and explains the difference between them.
https://kaushikghosh12.blogspot.com/2016/08/self-signed-certificates-with-microsoft.html

If you have chocolatey installed you can install openssl via a single command i.e.
choco install openssl

In case you have Git installed,
you can open the Git Bash (shift pressed + right click in the folder -> Git Bash Here) and use openssl command right in the Bash

Do you have Git installed?
You can access openssl command from Git Bash without adding any environment variable.
But, if you want to access the openssl command from Windows cmd, then follow me:
Find the path of the bin directory of Git. Normally it is at
C:\Program Files\Git\usr\bin\
Then add the path your environment variable (User variables -> Path):
Now open a new command prompt (don't use an already opened cmd, because the already opened cmd doesn't know the new environment variable).
Now write:
openssl

Either set the openssl present in Git as your default openssl and include that into your path in environmental variables (quick way)
OR
Install the system-specific openssl from this
link.
set the following variable : set
OPENSSL_CONF=LOCATION_OF_SSL_INSTALL\bin\openssl.cfg
Update the path : set Path=...Other Values
here...;LOCATION_OF_SSL_INSTALL\bin

Necroposting, but might be useful for others:
There's always the official page ([OpenSSL.Wiki]: Binaries) which contains useful URLs (pointing to unofficial resources / builds, make sure to read the Important Disclaimer)
There are other repositories which contain unofficial builds
Here I want to mention: [GitHub]: CristiFati/Prebuilt-Binaries - Prebuilt-Binaries/OpenSSL
v1.0.2u (FIPS capable) is built with OpenSSL-FIPS 2.0.16
Artefacts are .zips that should be unpacked in "C:\Program Files" (please take a look at the Readme.md file, and also at the one at the repository root)
Other 3rd-party software may bundle OpenSSL, so it gets "installed" as a side effect. Such software (mentioned by other answers): Cygwin, Git
And of course you can build it yourself from sources, but that requires some deeper knowledge
Note: when having a functional OpenSSL instance (using whatever method above), here's how you can use it (if you need it into your own projects) from VStudio: [SO]: How to include OpenSSL in Visual Studio (#CristiFati's answer)

I recently needed to document how to get a version of it installed, so I've copied my steps here, as the other answers were using different sources from what I recommend, which is Cygwin. I like Cygwin because it is well maintained and provides a wealth of other utilities for Windows. Cygwin also allows you to easily update the versions as needed when vulnerabilities are fixed. Please update your version of OpenSSL often!
Open a Windows Command prompt and check to see if you have OpenSSL installed by entering: openssl version
If you get an error message that the command is NOT recognized, then install OpenSSL by referring to Cygwin following the summary steps below:
Basically, download and run the Cygwin Windows Setup App to install and to update as needed the OpenSSL application:
Select an install directory, such as C:\cygwin64. Choose a download mirror such as: http://mirror.cs.vt.edu
Enter in openssl into the search and select it. You can also select/un-select other items of interest at this time. The click Next twice then click Finish.
After installing, you need to edit the PATH variable. On Windows, you can access the System Control Center by pressing Windows Key + Pause. In the System window, click Advanced System Settings → Advanced (tab) → Environment Variables. For Windows 10, a quick access is to enter "Edit the system environment variables" in the Start Search of Windows and click the button "Environment Variables". Change the PATH variable (double-click on it or Select and Edit), and add the path where your Cywgwin is, e.g. C:\cygwin\bin.
Verify you have it installed via a new Command Prompt window: openssl version. For example: C:\Program Files\mosquitto>openssl versionOpenSSL 1.1.1f 31 Mar 2020
If not, refer to the Cygwin documentation and also other tutorials such as: https://www.eclipse.org/4diac/documentation/html/installation/cygwin.html

Here's a solution that may delight those who have implemented WSL (Windows Subsystem for Linux). You can just use:
wsl openssl ...whatever_args...
The point is that many who've implemented WSL may not realize they can call upon ANY linux command (within their underlying WSL linux vm) right from the DOS or powershell command-line this way. (It's easy to fall into thinking the point of WSL is to use it to "shell into the vm", which is indeed an option, but the power to just run linux commands from Windows is a real value-add of WSL.)
And to be clear, in doing the command as above, whatever file names or folders you may point to (or create) will be relative to the Windows folder from which you run the command. So doing for example, openssl req to create a self-signed cert, where you may name -keyout selfsigned.key -out selfsigned.crt, those two files will be created in the Windows folder where you ran the command.
That said, there are ways this could fall down for some openssl command examples one may find, such as if they tried to use various bash-specific arguments, in which case "shelling into wsl" to run the command may well be the better choice. You could still direct things to be found or placed on the host, but I don't mean this answer to become overly-focused on such WSL aspects. I just wanted to propose it as another alternative to installing openssl.

I installed openssl 3.0.0 from https://slproweb.com/products/Win32OpenSSL.html. then I go to windows start ->openssl->Win64 OpenSSL Command Prompt, it opens a window like regular dos window, all I need is to go to the installation folder of openssl.

If you are running Windows 10 1709 (build 16299) or later versions, you can use winget command below to install OpenSSL
winget install -e --id ShiningLight.OpenSSL
Or if you have Git for Windows installed on your system, you can also find OpenSSL in Git file directory.
C:\Program Files\Git\usr\bin\openssl.exe
For more details, check this guide 3 Methods on How to Install OpenSSL on Windows.

Check openssl tool which is a collection of Openssl from the LibreSSL project and Cygwin libraries (2.5 MB). NB! We're the packager.
One liner to create a self signed certificate:
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout selfsigned.key -out selfsigned.crt

you can get it from here https://slproweb.com/products/Win32OpenSSL.html
Supported and reqognized by https://wiki.openssl.org/index.php/Binaries

Install scoop then type
scoop install openssl

Open your
Git Bash
Move to your directory if required.
Run your command. eg.
openssl

Related

Install jpeg 2000 on Windows 10

I want to investigate a new application for JPEG 2000 encoding and decoding. I downloaded openjpeg-master and managed to cobble together the ability to cmake the files. After a bunch of grinding, this resulted in the following output:
"Build files have been written to: C: openjpeg-master/build
\build> "
Any "normal" Unix installations have a multi-step installation like this:
"UNIX/LINUX - MacOS (terminal) - WINDOWS (cygwin, MinGW)
To build the library, type from source tree directory:
mkdir build
cd build
cmake .. -DCMAKE_BUILD_TYPE=Release
make
Binaries are then located in the 'bin' directory.
To install the library, type with root privileges:
make install
make clean
To build the html documentation, you need doxygen to be installed on your system. It will create an "html" directory in TOP_LEVEL/build/doc)
make doc"
But the Windows 10 equivalent is unclear, to put the most charitable spin on it. You can find it here: "https://github.com/uclouvain/openjpeg/blob/master/INSTALL.md"
Some questions arise:
is there a better starting place for installing JPEG 2000 that actually shows me how to install it and run the tests?
if not, how do I get from the build files to installing the libraries and making the test programs?
Is there more information I can dig out that would help to answer these questions?
Since I'm allergic to Visual Studio, I overlooked a nice tutorial specifying how to install something as complex as openjpeg by direct clone from github. However, in desperation, I found it and it worked. It is Visual Studio Community 2019 Version 16.8.3. I needed only to use -DTHIRDPARTY to get the third party libraries installed. There is a drop-down menu to build and install OPENJPEG. All I need to do now is figure out how to compile and run the utilities that invoke the installed libraries ...
actually, the complete line to add was -DBUILD_THIRDPARTY:bool=true.
Somewhere in my frantic random search for a way forward, I remember seeing the thought that to make the tests work, I merely need to find files like *.vsproj and run them a separate VS solutions. Some random guesswwork with .vdproj files in src/bin/... hasn't produced anything good. Is there not a document somewhere showing how to run the tests?

CMake failing to build, can't find openssl

I'm trying to build cpp-netlib 0.12.0 stable in Ubuntu 18.04, but when I get to running
$ make -j4
I get a lot of errors, such as:
error: ‘SSL_R_SHORT_READ’ was not declared in this scope
ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SHORT_READ)
Google told me this was because the make variables -DOPENSSL_INCLUDE_DIR and -DOPENSSL_SSL_LIBRARY need to be defined. However, I can't find the directories/libraries I need to set them to. Examples give /usr/lib/openssl-1.0 and /usr/include/openssl-1.0, but I can't find anything like those, even though I have the latest version of openssl installed through apt-get.
My /usr/include directory contains the folder 'openssl', but usr/lib doesn't have even that, only 'openssh', which doesn't appear to contain anything relevant.
How can I fix this?
Fixed by cloning latest version from git repository and building from that.

ownCloud Desktop Client Theming

I have been trying to build the desktop client for about a week now so that I can dig in and try to mess with some theming and turn off some features I wont be needing. In the process I have run into numerous issues and have managed to resolve them in one way or another. I have a VM running openSUSE and I have downloaded the source file ownCloudClient-2.3.2.tar.xz file and unzipped it all into my home/jwarren/client folder. I then ran:
cd admin/win/docker
docker build . -t owncloud-client-win32:
Which I was able to get through. Now I am on the second command:
docker run -v "$PWD:/home/user/client" owncloud-client-win32: \
/home/user/client/admin/win/docker/build.sh client/ $(id -u)
Here I am getting almost to the end and then I receive this error message which I cant figure out how to resolve.
CPack Error: Problem running NSIS command "user/bin/makensis"
CPack Error: Problem Compressing Directory
Can anyone help me out with this? Or maybe point me in the direction of better instructions for the ownCloud Desktop Client theming. I noticed that once you get it installed properly there is no instructions explaining where anything is to edit.
I wrote a comprehensive guide to build the Windows client using the cross-compilation toolchain in the Dockerfile some time ago in ownCloud's central: https://central.owncloud.org/t/error-using-docker-to-build-the-windows-client/5107/5
What you're probably missing out is the git-submodule initialization; i.e. running git submodule update --init on your unzipped repository. You need these to bundle on the installer some pre-compiled binaries used by the shell integrations.
Also, on a side note, there was some problems last month with mingw toolchain compiler (gcc7) - in case you get some dll error after installing the client with your self-generated installer, refer to https://central.owncloud.org/t/building-the-windows-installer/8403/4 for an snapshot of a fully working Docker image to use instead of your self-built.
About the docs to build your own theme: those can be found in https://doc.owncloud.org/branded_clients/branded_desktop_client/index.html (for enterprise installations of ownCloud) - and for an unsupported version, you can also check the source in
https://github.com/owncloud/client/blob/master/src/libsync/theme.cpp for some hints about what settings can be overwritten from there.

Building a 64bit Debian package on 32bit Ubuntu

I am trying to build a .deb package for an application my company (and me) have been developing.
I'm trying to create a 64bit package on my 32bit ubuntu (12.04 LTS) using dpkg-buildpackage and I get the following warnings/errors:
dpkg-shlibdeps: warning/error: couldn't find library X needed by Y.so (ELF format: 'elf64-x86-64'; RPATH: 'some/path/that/does/not/exist')
When X is one of our compiled shared libraries, we get a warning. When it's a system library (like libgcc_s.so.1 and libstdc++.so.6) we get an error.
Why is the RPATH refers to a path that does not exist?
By the way, when I make a 32bit package (on our files that were compiled for 32bit of course) it only shows warnings (only about our proprietary .so files) but creates the .deb file.
If I could, I would have posted my debian folder content but I cant take files out of our network. I can type the relevant parts if its needed.
You need to install the 64-bits version of the library with apt-get (actually anything do, but this is the most easy):
sudo apt-get install libyouneed-dev:amd64
The trick here is the :amd64, which tells the package manager to install the 64-bit version of that package. The same applies for 32-bits libraries in 64-bit systems. It's called multiarch.
The package is looking at that path because that is where the libraries of 64-bits (or 32-bits) gets stored, but since you don't have it installed the path do not exist.
Install an amd64 chroot environment and build your package in there. This way you avoid the various multi-arch pitfalls, with the added benefit of having a clean, reproducible build.
There is a tool that makes this very easy: mk-sbuild.
You need to install ubuntu-dev-tools and sbuild.
Then, run mk-sbuild --arch=amd64 precise, which will setup the build environment for you.
Add yourself to the sbuild group: adduser <your user name> sbuild
Log out and log back in so your group membership will be reflected.
You can then build your package in the chroot:
sbuild -d precise --arch=amd64 name_of_package.dsc
This assumes you've already build the source package with debuild -S or similar.

How can I decrypt blowfish encrypted string without using OpenSSL in Mac OS 10.5/10.6

My application is currently using SSCrypto.framework to decrypt a string encrypted with Blowfish. SSCrypto utilizes OpenSSL which is a new problem for me. Using the 10.6 base SDK while targeting 10.5 doesn't seem to work. The issue is explained in this Apple Mailing List thread: http://lists.apple.com/archives/Cocoa-dev/2009/Aug/msg01737.html
I have to use Blowfish or all copies currently in the field would stop working once they were updated (they rely on a previously stored Blowfish encrypted string which they have to be able to decrypt and verify).
OpenSSL has a very permissive license, so just link it into your app as a static library. You should then still be able to use the SSCrypto framework, or you can just call the OpenSSL libcrypto routines directly.
Step 1: Build openssl from source: Download OpenSSL
Step 2: Add a header search path to Xcode, pointing to the OpenSSL include directory for the source tree you built
Step 3: Link against libcrypto.a. Note: to prevent XCode from linking against the system's dynamic copy of libcryto, do NOT add libcrypto.a to your XCode project. If you do, that will add a -lcrypto to the linker command, and the linker will resolve that by looking for a dynamic library first (which it will find in /usr/lib - exactly what you don't want)
Instead, put the full path to the library in "Other Linker Flags"
Step 4: Build.
Blowfish is simple and common enough that you may be able to easily embed your own copy of the algorithm.