Last active
April 21, 2024 10:39
-
-
Save jack-om/168595b59c78f4a982747b1ce4b7ac64 to your computer and use it in GitHub Desktop.
Demo of public key file encryption using the openssl CLI
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# | |
# This demonstrates using the `openssl` CLI to encrypt and decrypt data with | |
# public-key cryptography (RSA), to share data across an untrusted communication | |
# medium. | |
# | |
# Public keys that are used to encrypt cannot be used to decrypt, so they can | |
# be shared freely ("public" keys). | |
# | |
# Private keys that can decrypt data are never shared, so the data cannot be | |
# leaked even if the encrypted contents and public keys are stolen. | |
################################################################################# | |
# 1. Receiving party generates key pair and shares PUBLIC key. | |
################################################################################# | |
# Generate RSA key pair. | |
openssl genrsa -out keypair.priv 2048 | |
# Generate public key. | |
openssl rsa -in keypair.priv -pubout -out keypair.pub | |
# The receiving party shares the `keypair.pub` file with the sending party. | |
################################################################################# | |
# 2. Sending party encrypts the data with the PUBLIC key, and sends it. | |
################################################################################# | |
# Encrypt the sensitive data with the receiver's public key. | |
cat sensitive.txt | openssl rsautl -encrypt -pubin -inkey keypair.pub > encrypted.txt | |
# The sending party shares the `encrypted.txt` cipher-text (encrypted) file. | |
################################################################################# | |
# 3. Receiver decrypts the data using their PRIVATE key. | |
################################################################################# | |
# Decrypt with private key. | |
cat encrypted.txt | openssl rsautl -decrypt -inkey keypair.priv > decrypted.txt | |
# Receiving party gets the contents from the `decrypted.txt` plain-text file. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment