Scribd
Upload
583 views4 pages

OpenSSL RSA Key Management Guide

The document provides an introduction to OpenSSL and describes how to generate RSA keys, sign and verify messages, encrypt and decrypt files, and use symmetric encryption with OpenSSL commands. Key points include: 1) The openssl genrsa command generates an RSA private key stored in rsaprivatekey.pem, and the corresponding public key is extracted to rsapublickey.pem. 2) The openssl dgst command signs a file with the private key, and verifies the signature with the public key. 3) Files can be encrypted with the public key using openssl rsautl, and decrypted with the private key. 4) Symmetric encryption of files can be done with openssl enc

Uploaded by

Suraj Padhy
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOC, PDF, TXT or read online on Scribd
583 views4 pages

OpenSSL RSA Key Management Guide

The document provides an introduction to OpenSSL and describes how to generate RSA keys, sign and verify messages, encrypt and decrypt files, and use symmetric encryption with OpenSSL commands. Key points include: 1) The openssl genrsa command generates an RSA private key stored in rsaprivatekey.pem, and the corresponding public key is extracted to rsapublickey.pem. 2) The openssl dgst command signs a file with the private key, and verifies the signature with the public key. 3) Files can be encrypted with the public key using openssl rsautl, and decrypted with the private key. 4) Symmetric encryption of files can be done with openssl enc

Uploaded by

Suraj Padhy
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOC, PDF, TXT or read online on Scribd

OpenSSL – An Introduction

Message Digest

Command: openssl   dgst    -sha1   file1

Public Key Cryptography (asymmetric)

Generation RSA keys:


Command: openssl genrsa -out [Link] -des3 1024
This generates the private key and store it encrypted (using
password)
cash:/home/mukka>openssl genrsa -out [Link] -des3 1024
Generating RSA private key, 1024 bit long modulus
.............................................................................
..............++++++
....++++++
e is 65537 (0x10001)
Enter pass phrase for [Link]:
Verifying - Enter pass phrase for [Link]:

cash:/home/mukka>more [Link]
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,72CAC55096B708F2

gIuONZq6fmyUhHpZxIwEiQ8eXRyYR84tnHnSmL0NjLNNcaXdpe1WtLKhx9KHHkuA9A
5B0Wl3bsM4Zg0Ss6wdCy5lYmFZ0tfB04WckBd9IEILici8aZzIsBhhI91FGRuO
DLogp+qc/J3woVQ+ZvYnNt47qlWP8rsJ6Y8IRbr8haHrZovz1lUv3zkdrG98U11b
43OynbCVYKd4volPqW54HL6oIG2fEmRhoxeEC7UOaSYiiiuCdZh1giZmUyBvFZJ7
WAOjuXnBN+18BBZ0qMbvzWN9UY/6VRwVg8MRJxR2LFsHr/4/LrDMvQe0ToBAAoD
HveBYlAlZl+uKUoUBOLBm2B4ba+lcUbQftnmkM3eiMdqjGqpqi28f2VXAXpZn6RVKm
G7UhV1f3jatNyZQWei1zoj4Tb351uDp0QIwHb5PsGRXUWhhVaRWvbcSQBr1YM4F9q
wlpnMqmFIFS6U+OkXkXu+EpU5wdWRVMb6tQ+PP+UFm7xQswylCbY13QRjw6B+
Hc7mF+12P6dDdRFfN0JRcU3NSsj9qZOENgCcoJo4hojsXczCoqm/2CYCgefvSZiRkagY
GKsihDJ/NFKgfAsp2l5t/6UXgqy34QryK7V6qjzqpASRb9WIHh1C1c4Ra3I3pr7RZVlTGS
AUtcZapHaTntVwD8knFyIQ2rZKOxQT4k8x6tdmAxVHC34+XcSxgtYAMc6+wxbK+pu
Qo4Uqn+UiZd5J2PE1xmhlB3sP/JUHlEd3cJjvpH2mxXXqTaEcR/iBo
yeBnh71861Kpcr+dzjDnqUUDIURx3JlLN7KLQy4dp/H3P+GziXkcZg==
-----END RSA PRIVATE KEY-----
Command:openssl rsa -in [Link] -pubout -out
[Link]

This generate the corresponding public key if the correct


password is provided. 
cash:/home/mukka>openssl rsa -in [Link] -pubout -out [Link]
Enter pass phrase for [Link]:
writing RSA key

cash:/home/mukka>more [Link]
-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWvYson8K5BE8/UNvvmZ
t8tMkXiwPxB0h0I1bYo+0MHMQYYDbsrCywGk9bP0B0bYaaSPtOgVlf7houq1ow3sY
1IrDu/HXgfKoL8QN2dTly77w2FuaebhKV/5Wv63wKhdOQNhzfTQD5sWxaLFcssorC
1s5iyj+vqc0kiiBEgQXi0wIDAQAB
-----END PUBLIC KEY-----

Signing/Verifying message digest with RSA

Command: openssl
dgst  -sha1 -sign [Link]  -out 
mdrsasign_file1.cipher   [Link]
 
Generates signature in    mdrsasign_file1.cipher for the file [Link]

Command: openssl
dgst -sha1 -verify [Link]
-signature mdrsasign_file1.cipher [Link]
cash:/home/mukka>openssl dgst -sha1 –verify [Link] -signature
mdrsasign_file1.cipher [Link]
Verified OK

Change at least one character in [Link] and try again:

cash:/home/mukka>vi [Link] dgst -sha1 -verify [Link] -signature


mdrsasign_file1.cipher [Link]
Verification Failure

Message encryption/decryption with RSA


openssl rsautl -encrypt -pubin -inkey [Link] -in 
[Link]  -out [Link]

openssl rsautl -decrypt -inkey [Link] -in


[Link] -out  [Link]

[Link]  has to be small (<=1024 bits or 128 bytes, the


length of the RSA key), since you are
encrypting/decryption  the file itself, not its digest.

Message signature/verification with RSA

openssl rsautl   -sign    -inkey [Link]   -in


[Link]   -out  file1_signature.cipher

openssl rsautl -verify -pubin  -inkey [Link] -out


[Link] -in file1_signature.cipher
[Link]  has to be small, since you are
encrypting/decryption  [Link] itself.

Secret Key Cryptography (Symmetric)

Encrypt (-e),  Decrypt (-d),   Base64 encode/decode (-a)  

openssl enc -des3  -e -salt -a -in [Link] -out


file1sym.base64
openssl enc -des3  -d -salt -a -out [Link] -in
file1sym.base64
 Encode/decode to/from base64
 Encrypt/decrypt without -a option to produce
[Link]:
> openssl enc -des3  -e -salt  -in [Link] -out
[Link]

enter des-ede3-cbc encryption password:


Verifying password - enter des-ede3-cbc encryption password:

> openssl enc -des3  -d -salt  -out [Link] -in


[Link]
enter des-ede3-cbc decryption password:

Now you can encode/decode [Link] to/from


file1sym.cipher64:

> openssl enc -base64 -e -out file1sym.base64 -in


[Link]
> openssl enc -base64  -d -in file1sym.base64
-out [Link]

You might also like