OpenSSL 'rsautl' - Encrypt Large File with RSA Key
How to encrypt a large file with an RSA public key using OpenSSL 'rsautl' command?
Here is a collection of tutorials on using OpenSSL 'rsautl' command compiled by FYIcenter.com team to encrypt, decrypt, sign or verify data with RSA (Rivest, Shamir and Adleman) public and private keys. 2017-05-29, 3399, 0.
✍: FYIcenter.com
Later, the alias openssl-cmd(1) was introduced, which made it easier to group the openssl commands using the apropos(1) command or the shell's tab completion. In order to reduce cluttering of the global manual page namespace, the manual page entries without the 'openssl-' prefix have been deprecated in OpenSSL 3.0 and will be removed in OpenSSL. An RSA key is a private key based on RSA algorithm, used for authentication and an symmetric key exchange during establishment of an SSL/TLS session. The RSA private key in PEM format (the most common format for X.509 certificates, CSRs and cryptographic keys) can be generated from the command line using the openssl genpkey utility.
![Rsa Openssl Rsa Openssl](/uploads/1/3/8/1/138155646/916405145.jpg)
If you are trying to use an RSA public key to encrypt a file larger than the key size directly,you will get the 'data too large for key size' error.
One option to resolve the problem is to use the RSA-AES hybrid encryption process as described blow:
1. Generate a one-time random AES (Advanced Encryption Standard) symmetric encryption password shorter than the RSA public key.This can be done using the OpenSSL 'rand n' command.
2. Encrypt the large input data with the AES algorithm using the short password.This can be done using the OpenSSL 'enc -e -aes*' command.
3. Encrypt the short password with the RSA public key.This can be done using the OpenSSL 'rsautl -encrypt' command.
4. Send the AES encrypted data and the RSA encrypted password to the owner of the public key.
For example:
Commands used in this test:
- 'pkey -pubin -in my_rsa_pub.key -text -noout' - OpenSSL command confirming that the RSA public key, my_rsa_pub.key, is 1024-bit long.
- 'dir clear.txt' - Windows command confirming that the input data, clear.txt, is 138-byte (1104-bit) long, longer than the RSA public key.
- 'rand 32 -out aes256_pass.txt' -OpenSSL command generating a random password, aes256_pass.txt, of 32-byte (256-bit) long,shorter than the RSA public key.
- 'enc -e -aes256 -pass file:./aes256_pass.txt -in clear.txt -out cipher.txt' -OpenSSL command encrypting the large input data, clear.txt, with AES 256-bit algorithmusing the random password. The AES encrypted data is stored in the output file, cipher.txt.
- 'rsautl -encrypt -pubin -inkey my_rsa_pub.key -in aes256_pass.txt -out aes256_pass_cipher.txt' -OpenSSL command encrypting the random password, aes256_pass.txt, with ARS algorithmusing the RSA public key.The RSA encrypted password is stored in the output file, aes256_pass_cipher.txt.
You can publicly the AES encrypted data and the RSA encrypted password to the owner of the RSA public key. He/she can decrypt the AES password with his/her RSA private key,then decrypt the AES encrypted data with AES password.
⇒OpenSSL 'rsautl' - Decrypt Large File with RSA Key
⇐OpenSSL rsautl 'data too large for key size' Error
⇑OpenSSL 'rsautl' Command for RSA Keys
⇑⇑OpenSSL Tutorials
Rsa Openssl
2017-06-07, 4643?, 0?