jack-om/pubkey-file-encryption.sh

## pubkey-file-encryption.sh
#!/bin/bash
#
# This demonstrates using the `openssl` CLI to encrypt and decrypt data with
# public-key cryptography (RSA), to share data across an untrusted communication
# medium.
#
# Public keys that are used to encrypt cannot be used to decrypt, so they can
# be shared freely ("public" keys).
#
# Private keys that can decrypt data are never shared, so the data cannot be
# leaked even if the encrypted contents and public keys are stolen.


#################################################################################
# 1. Receiving party generates key pair and shares PUBLIC key.
#################################################################################

# Generate RSA key pair.
openssl genrsa -out keypair.priv 2048

# Generate public key.
openssl rsa -in keypair.priv -pubout -out keypair.pub

# The receiving party shares the `keypair.pub` file with the sending party.


#################################################################################
# 2. Sending party encrypts the data with the PUBLIC key, and sends it.
#################################################################################

# Encrypt the sensitive data with the receiver's public key.
cat sensitive.txt | openssl rsautl -encrypt -pubin -inkey keypair.pub > encrypted.txt

# The sending party shares the `encrypted.txt` cipher-text (encrypted) file.


#################################################################################
# 3. Receiver decrypts the data using their PRIVATE key.
#################################################################################

# Decrypt with private key.
cat encrypted.txt | openssl rsautl -decrypt -inkey keypair.priv > decrypted.txt

# Receiving party gets the contents from the `decrypted.txt` plain-text file.
	#!/bin/bash
	#
	# This demonstrates using the `openssl` CLI to encrypt and decrypt data with
	# public-key cryptography (RSA), to share data across an untrusted communication
	# medium.
	#
	# Public keys that are used to encrypt cannot be used to decrypt, so they can
	# be shared freely ("public" keys).
	#
	# Private keys that can decrypt data are never shared, so the data cannot be
	# leaked even if the encrypted contents and public keys are stolen.


	#################################################################################
	# 1. Receiving party generates key pair and shares PUBLIC key.
	#################################################################################

	# Generate RSA key pair.
	openssl genrsa -out keypair.priv 2048

	# Generate public key.
	openssl rsa -in keypair.priv -pubout -out keypair.pub

	# The receiving party shares the `keypair.pub` file with the sending party.


	#################################################################################
	# 2. Sending party encrypts the data with the PUBLIC key, and sends it.
	#################################################################################

	# Encrypt the sensitive data with the receiver's public key.
	cat sensitive.txt \| openssl rsautl -encrypt -pubin -inkey keypair.pub > encrypted.txt

	# The sending party shares the `encrypted.txt` cipher-text (encrypted) file.


	#################################################################################
	# 3. Receiver decrypts the data using their PRIVATE key.
	#################################################################################

	# Decrypt with private key.
	cat encrypted.txt \| openssl rsautl -decrypt -inkey keypair.priv > decrypted.txt

	# Receiving party gets the contents from the `decrypted.txt` plain-text file.