- Create a random key.
- Encrypt the random key via an SSH RSA public key
- Send the encrypted file and encrypted key
- Encrypt the key
- Encrypt the file
openssl genrsa -out rsa.private 4096
openssl rsa -in rsa.private -out rsa.public -pubout -outform PEM
openssl rand -hex -out key.txt 64
openssl rsautl -encrypt -oaep -pubin -inkey rsa.public -in key.txt -out key.txt.enc
openssl enc -aes-256-cbc -pbkdf2 -salt -in secret.pdf -out secret.pdf.enc -pass file:./key.txt
openssl rsautl -decrypt -oaep -inkey rsa.private -in key.txt.enc -out key.txt
openssl enc -d -aes-256-cbc -pbkdf2 -in secret.pdf.enc -out secret.pdf -pass file:./key.txt