Notes related to using public/private keys to encrypt data

RSA-Encryption-Notes.md

RSA Encryption Notes

Notes related to using public/private keys to encrypt data.

Generate a private/public keypair

This section generates a new private key and extracts the public key.

Private & public parts

openssl genpkey -algorithm RSA -out private_key.pem -pkeyopt rsa_keygen_bits:4096

Extract public part

openssl rsa -pubout -in private_key.pem -out public_key.pem

View info about private key

openssl rsa -text -in private_key.pem

Key Management

Day-to-day use and care of keys.

Encrypt private key for storage/transmission

openssl rsa -des3 -in private_key.pem -out private_key.pem.crypted

Decrypt private key for use

openssl rsa -in private_key.pem.crypted -out private_key.pem

Encrypting data (RSA Envelope Method)

This method of encryption generates a symmetric and encrypts data using that key. The symmetric key is then encrypted with the RSA pub/piv keys.

Generate a symmetric encryption key

openssl rand -base64 48 > key

Encrypt the symmetric key with RSA public key

openssl rsautl -encrypt -inkey public_key.pem -pubin -in key -out key.crypted

Encrypt data with the symmetric key

cat data | openssl enc -aes-256-cbc -salt -out data.crypted -pass file:key

Decrypting data (RSA Envelope Method)

This method decrypts the symmetric key using the RSA keys.

Decrypt the symmetric key with the RSA private key

openssl rsautl -decrypt -inkey private_key.pem -in key.crypted -out key

Decrypt data with symmetric key

openssl enc -d -aes-256-cbc -in data.crypted -out data -pass file:key