Generate private key:
- openssl genrsa -out privatekey.pem 2048
- openssl genrsa // private key is written to stdout
Generate public key from the private key generated above:
- openssl rsa -pubout -in privatekey.pem -out publickey.pem
- openssl rsa -pubout // copy paste the private key from the stdout; public key will be displayed on the screen
You must have your public and private keys in two files to continue. I have my public key in publickey.pem and private key in privatekey.pem and data to be encrypted in data.txt. Lets now encrypt and decrypt to check the correctness.
- openssl rsautl -in data.txt -out encrypted_data.txt -inkey publickey.pem -encrypt -pubin
You will have encrypted_data.txt file created and you will see some wierd characters if you open it. Don’t worry, that is the exact purpose of encryption: make it not readable unless you decrypt with private key. So now lets use our private key to decrypt. Lets see if we get our original data back.
- openssl rsautl -in encrypted_data.txt -out decrypted_data.txt -inkey publickey.pem -encrypt -pubin
Compare data.txt and decrypted_data.txt and see the magic.. 😛