OpenSSL Generating Private and Public Key Pair

OpenSSL Generating Private and Public Key Pair

In this post I will create asymmetric encryption key pair and then demonstrate the encryption and decryption of sample test.txt file with Private and Public keys using OpenSSL in Linux

1. Generate 4096-bit RSA Private key and protect it with “secops1” pass phrase using 128-bit AES encryption and store it as private.pem file

openssl genrsa -aes128 -passout pass:secops1 -out private.pem 4096

Encryption of private key with AES and a pass phrase provides an extra layer of protection for the key. Any use of the private key will require the specification of the pass phrase.

2. Create the public key that is paired with our private key that we created and is stored in the private.pem file earlier. Store the public key as public.pem.
We will need to present pass phrase to use private key.

openssl rsa -in private.pem -passin pass:secops1 -pubout -out public.pem

3. Encrypt (sign) the test.txt file using the private key and store the output as test.sig. Pass phrase is needed.

openssl rsautl -sign -inkey private.pem -in test.txt -out test.sig

Check contents of test.sig and see that everything is scrambled.

4. Decrypt (verify) the test.sig file. Then use cat command to check whether the content is readable.

openssl rsautl -verify -inkey public.pem -pubin -in test.sig

Complete procedure looks like this.

Have a nice day!

Comments are closed.