Notes related to using public/private keys to encrypt data.
This section generates a new private key and extracts the public key.
openssl genpkey -algorithm RSA -out private_key.pem -pkeyopt rsa_keygen_bits:4096
openssl rsa -pubout -in private_key.pem -out public_key.pem
openssl rsa -text -in private_key.pem
Day-to-day use and care of keys.
openssl rsa -des3 -in private_key.pem -out private_key.pem.crypted
openssl rsa -in private_key.pem.crypted -out private_key.pem
This method of encryption generates a symmetric and encrypts data using that key. The symmetric key is then encrypted with the RSA pub/piv keys.
openssl rand -base64 48 > key
openssl rsautl -encrypt -inkey public_key.pem -pubin -in key -out key.crypted
cat data | openssl enc -aes-256-cbc -salt -out data.crypted -pass file:key
This method decrypts the symmetric key using the RSA keys.
openssl rsautl -decrypt -inkey private_key.pem -in key.crypted -out key
openssl enc -d -aes-256-cbc -in data.crypted -out data -pass file:key