OPENSSL Public Key En/Decryption and Signature Verification

I took some notes here for quick reference.
openssl version
man openssl

# A pub/priv key
openssl genpkey _Algorithm RSA -pkeyopt rsa_keygen_bits:2048 -pkeyopt rsa_keygen_pubexp:3 -out privkey_A.pem
openssl pkey -in privkey_A.pem -out pubkey_A.pem -pubout
# B pub/priv key
openssl genpkey _Algorithm RSA -pkeyopt rsa_keygen_bits:2048 -pkeyopt rsa_keygen_pubexp:3 -out privkey_B.pem
openssl pkey -in privkey_B.pem -out pubkey_B.pem -pubout

# inspect
openssl pkey -in -text | less

# message.txt
echo ‘This is a test message sent from A to B’ > message.txt
# signature.bin
openssl dgst -sha1 -sign privkey_A.pem -out signature.bin message.txt
# ciphertext.bin
openssl pkeyutl -encrypt -in message.txt -pubin -inkey pubkey_B.pem -out ciphertext.bin

# decrypt
openssl pkeyutl -decrypt -in ciphertext.bin -inkey privkey_B.pem -out received-message.txt
# verify
openssl dgst -sha1 -verify pubkey_A.pem -signature signature.bin received-message.txt

Here is also a quick flow chart that I drew in Gliffy:
priv_pub

Here is a few take-aways from the plot:

(1) Private key is private, use to decrypt and should never share

(2) Public key is public, you can share it with anyone who is going to send you file and they gonna use it to decrypt

(3) The sender’s keys (pubic/private) are only used to verify the signature.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s