The Public and Private key pair comprises of two uniquely related cryptographic
keys.The Public Key is made available to
everyone via a publicly accessible repository or directory. On the other hand,
the Private Key must remain confidential to its respective owner. Because the key pair is mathematically related, whatever is encrypted with
a Public Key may only be decrypted by its corresponding Private Key and vice
versa.In this post we will see how to generate a set of private and public keys and then test to encrypt with public and decrypt with private key.I have a Ubuntu system...and I attempt all here on the terminal.The following commands will be used as we work with RSA keys:
openssl genrsa: Generates an RSA private keys.
openssl rsautl: Encrypt and decrypt files with RSA keys.
openssl rsa: Manage RSA private keys (includes generating a public key from it).
openssl genrsa: Generates an RSA private keys.
openssl rsautl: Encrypt and decrypt files with RSA keys.
openssl rsa: Manage RSA private keys (includes generating a public key from it).
Firstly to generate the key,the terminal command will be as follows and shown in the screenshot :
:~ openssl genrsa -des3 -out private.pem 2048
: ~ openssl rsa -in private.pem -outform PEM -pubout -out public.pem
So now we have generated a set of private key and public key with the extension .pem
To just verify the generation,chk the contents inside as seen below :
:~ more public.pem
:~ more private.pem
Use the following command to generate the random key:
:~ openssl rand -base64 128 -out key.bin
Encrypt the sample pdf or any other file you want to encrypt with this key vide the following command :
:~ openssl enc -aes-256-cbc -salt -in anupam.pdf -out anupam.pdf.enc -pass file:./key.bin
So now you have the original file here anupam.pdf and the encrypted file as anupam.pdf.enc
We see that the files do not have much of a size difference but the file is encrypted.
Now use the following command to encrypt the random keyfile with the other persons public key:
:~ openssl rsautl -encrypt -inkey public.pem -pubin -in key.bin -out key.bin.enc
The key.bin is encrypted now.
: ~ openssl rsautl -decrypt -inkey private.pem -in key.bin.enc -out key.bin1
and finally we decrypt the pdf.enc file to original .pdf extension
:~ openssl enc -d -aes-256-cbc -in anupam.pdf.enc -out anupam1.pdf -pass file:./key.bin