Let's create a private key:
$> openssl genrsa 128 > my.key
Note: This is only a 128 bit key. Use this only for demo/educational purposes!
You can get some information about the private key with the rsa command:
$> openssl rsa -inform PEM -text -noout < my.key
However, the private key is our secret and we need the public key to encrypt a message. Extract the public key with the -pubout switch:
$> openssl rsa -pubout -in my.key > my.pub
You can get some information about the public key with the rsa command:
$> openssl rsa -inform PEM -text -noout -pubin < my.pub
Let's encrypt a message using our public key. OpenSSL's rsautl helps with that:
$> echo -n "Hi" | openssl rsautl -encrypt -inkey my.key > messageor
$> cat message | hexdump
0000000 e1a8 947f e1b2 e514 c8d4 b3e4 0c46 36c9
Note: This only works for messages which are smaller than the modulus. Usually the message is encrypted with a symmetric key which is in turn encrypted with RSA.
As you can see, we encrypted our message "Hi" and the result is gibberish. Only the recipient can decrypt it using his private key.
The last step is to decrypt the message with our key:
$> cat message | openssl rsautl -decrypt -inkey my.key