I suppose a lot of people know about Alice and Bob, the characters of many cryptographic tales. Previously I posted article “Encrypt and Decrypt Data on Linux Devices using OpenSSL” which explains how encrypt and decrypt files in symmetric way, currently I want to do the same using asymmetric cryptography, exactly how Alice and Bob suggest.
In the first step Alice generates on her computer private key file (privatekey.pem):
|
Alice # openssl genpkey -algorithm RSA -out privatekey.pem ……………………………………………….+++++ …………………..+++++ |
It is possible to view all components of privatekey.pem file using this openssl command:
|
Alice # openssl rsa -in privatekey.pem -text -noout | head -n 10 RSA Private-Key: (2048 bit, 2 primes) modulus: 00:b8:e9:d2:7a:d9:8f:92:90:2e:f5:24:11:08:bd: d5:2a:38:5b:b3:95:db:c3:75:f1:b3:6d:63:22:36: ab:30:1c:12:3a:82:a9:0a:26:8a:e7:b3:b6:9a:55: 8c:70:81:1d:1a:72:1e:f5:e7:b3:0e:57:da:f0:28: 98:fe:9e:c7:35:18:cc:ce:cc:d5:74:af:8c:0b:39: 0a:50:00:66:93:77:ad:8a:65:3e:5b:8a:c4:d3:ff: c8:70:01:2a:b8:c1:41:5c:bf:ae:8d:70:70:51:d2: 61:2d:99:38:db:c1:e2:96:83:b8:5b:39:69:79:72: |
Then she writes a message and encrypts it:
|
Alice # echo "I love you!" > a.txt Alice # openssl rsautl -sign -inkey privatekey.pem -in a.txt -out a.enc |
She also extracts public key (publickey.pem) from private key file (privatekey.pem):
|
Alice # openssl rsa -in privatekey.pem -pubout -out publickey.pem writing RSA key |
Using “openssl rsa -pubin -in publickey.pem -text -noout” command it is possible to see content of public key file, the file is shorter than privatekey.pem and actually publickey.pem is part of privatekey.pem file.
Now she sends encrypted file a.enc and public key file publickey.pem to Bob.
|
Bob # cat a.enc %?6<;UX?5i?Ҳ?c??C???#u?bA?d??0;?P???n??5??/Ǻ??????vS?_Ah?kB??n???nƔ?X???V?F?q ?}gC???Bͤ?r?,|???^D$?$??W??R4??Dɔ??SQz????)?̩??QO(?g??CA?f?sMYԣR ?{??lU?0b?pIB\ty?AZ:v,?{#(?͌?T8 |
Using publickey.pem Bob can decrypt encrypted message from Alice:
|
Bob # openssl rsautl -verify -pubin -inkey publickey.pem -in a.enc I love you! |
By the way using Alice’s public key Bob also can reply to Alice in encrypted way:
|
Bob # echo "I love you too" > b.txt Bob # openssl rsautl -encrypt -inkey publickey.pem -pubin -in b.txt -out b.enc |
Alice receives encrypted file b.enc from Bob:
|
Alice # cat b.enc ?/a!ќ?Xo%Z??+)??-e? \?T|MsH?313?Z?D???a?A?Y&?//?=@?M??oq?ѷ=)??d?$:5??b??=t ?{???/f?X3?????!??Hrh2??߃V?_<²??#W5??3ƮJ@f???m??7p3'???1~? Hނ?XҸrG??b*?????xR%5ܻ]\:~*???c)?Y?]???]扗 |
and decrypts it using private key:
|
Alice # openssl rsautl -decrypt -inkey privatekey.pem -in b.enc I love you too |