Tuesday, May 31, 2016

Using OpenSSL


Let's create a private key:


$> openssl genrsa 128 > my.key

Note: This is only a 128 bit key. Use this only for demo/educational purposes!

You can get some information about the private key with the rsa command:


$> openssl rsa -inform PEM -text -noout < my.key

However, the private key is our secret and we need the public key to encrypt a message. Extract the public key with the -pubout switch:


$> openssl rsa -pubout -in my.key > my.pub

You can get some information about the public key with the rsa command:


$> openssl rsa -inform PEM -text -noout -pubin < my.pub 

Let's encrypt a message using our public key. OpenSSL's rsautl helps with that:


$> echo -n "Hi" | openssl rsautl -encrypt -inkey my.key > message
or


$> cat message | hexdump 
0000000 e1a8 947f e1b2 e514 c8d4 b3e4 0c46 36c9
0000010

Note: This only works for messages which are smaller than the modulus. Usually the message is encrypted with a symmetric key which is in turn encrypted with RSA.
As you can see, we encrypted our message "Hi" and the result is gibberish. Only the recipient can decrypt it using his private key.


The last step is to decrypt the message with our key:


$> cat message | openssl rsautl -decrypt -inkey my.key

No comments:

Post a Comment