Looking for public/private key encryption port/program/app

I want to use pkeyutl because I was sure I read that genrsa has been superceded by pkeyutil.
When I use your above command exactly the way you did it, by swapping in the public and private keys I get a few errors.
Code:
unable to load Private Key
padding check failed

I appreciate you trying, but don't blow some brains over it. :)
 
That is the case.


"openssl enc -d base64"

should be

"openssl enc -base64 -d"


I meant -flag option on the pkeyutl command. I'll try that just the same with the "|".
 
"openssl enc -d base64"
should be
"openssl enc -base64 -d"

Thanks for catching that, that was it.

So the 'solution' to getting it all on one line is:

Encrypt:

openssl pkeyutl -encrypt -pubin -inkey publickey.pem -in cleartext.txt | openssl enc -base64 -out encryptedtext.txt

Decrypt

openssl enc -base64 -d -in encryptedtext.txt | openssl pkeyutl -decrypt -inkey privatekey.pem -out decryptedtext.txt


Thanks a ton.
 
genrsa is just a primitive the pkeyutl works with.

You should still should not do this and use GPG because this method limits your message size to your key size / 8 minus some other junk and does not control for padding oracle attacks.
 
I found openssl a rather tough beast - not really user-friendly and comfortable in the every-day use, and expecting an experienced user to already precisely know what they are doing. So I had a very slow approach unto these matters, and only when being forced to.
Probably it is rather meant to be used as a library, under some other program - so that the coder would know what they are doing, and the gory details then hidden from the user.

Concerning RSA: yesterday I ran into another error, RSA encryption suddenly spitting failure, and a close look then showing this one: data greater than mod len. From what it seems, that whole encryption method seems to be limited to payloads about twitter size (with keylen 2560 bits). Still investigating what that means (its a low-importance side-project), but as here is a discussion already. I thought to just share this.
 
Back
Top