Justin Coffman

OpenSSL RSA Commands

by

Justin
in

This is another post mainly as a reference for myself.

Generate private key

openssl genrsa -out privkey.pem

Add 1024/2048/4096 to specify length. Defaults to 2048.

Generate public key

openssl rsa -in privkey.pem -pubout -out pubkey.pem

Encrypt file

openssl pkeyutl -encrypt -pubin -inkey pubkey.pem -in file.txt -out file.txt.enc

Decrypt file

openssl pkeyutl -decrypt -inkey privkey.pem -in file.txt.enc -out file.txt

Hash file

Not technically RSA, but you need to do it to sign/verify. (You actually can sign unhashed files, but they have to be less than 64 bytes.)

openssl dgst -sha256 -binary -out file.txt.hash file.txt

Sign file

openssl pkeyutl -sign -inkey privkey.pem -in file.txt.hash -out file.txt.hash.sig

Note that the .sig file is binary encoded, not PEM encoded.

Verify file

openssl pkeyutl -verify -pubin -inkey pubkey.pem -in file.txt.hash -sigfile file.txt.hash.sig

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *