Openssl/Rsa - Using a Public Key to Decrypt

openssl/RSA - Using a Public key to decrypt

Let's assume you have generated a public and private RSA key using openssl genrsa:

$ openssl genrsa -out mykey
Generating RSA private key, 512 bit long modulus
...++++++++++++
..........++++++++++++
e is 65537 (0x10001)
$ openssl rsa -in mykey -pubout -out mykey.pub
writing RSA key

You can sign something with the private key like this:

$ md5sum myfile | openssl rsautl -inkey mykey -sign > checksum.signed

You can verify this data using the public key:

$ openssl rsautl -inkey mykey.pub -pubin -in checksum.signed
df713741d8e92b15977ccd6e019730a5  myfile

Is this what you're looking for?

OpenSSL, decrypting with a private key

Here you have the commands you need to encrypt or decrypt using openssl:

Decrypt:

$ openssl rsautl -decrypt -in $ENCRYPTED -out $PLAINTEXT -inkey keys/privkey.pem

Encrypt:

$ openssl rsautl -encrypt -in $PLAINTEXT -out $PLAINTEXT.encrypt -pubin -inkey keys/pubkey.pem

Hope this helps! :)

Decrypt with RSA Public Key

Encryption with the private key and decryption with the public key takes place only in the context of signing/verifying.

In contrast, what is commonly referred to as encryption/decryption (for the purpose of confidentiality) uses the public key for encryption and the private key for decryption.

Note that both processes generally cannot be converted into each other by exchanging the keys, since they use different paddings.

Typically, when verifying, decryption is performed under the hood, only the result of the verification is returned outwards: true or false.

openssl_public_decrypt(), however, supports a low level verification that explicitly allows decryption. If this is executed the resulting plaintext is:

op3f1libgh.biz:3005980741:1622505600

The corresponding PHP code is:

$publicKey = "-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDmnUhgRhvcf39f1OincMXxs6ko
+QXMuGmaSr++7jeMWHUuR1phLm+UY5wL7Ssm7qVm9wFFsDe1DyDvtkfr+oaxfhod
mqXLPSPRu1RAYk6ItgegYmdy8uvJI9aI3po7axvoP/wpMP6LBElsHklmOJyRSmuU
Cc09/RK1GYpthTw5rwIDAQAB
-----END PUBLIC KEY-----";

$signature = base64_decode("P999MR0e//emIov0Z2qtoKKKhFtb1F6l+zMxn9a3q2p18ZWeaTyPXMAlXDAQI3bz6pxmeQzGCuz1P1ms25AiPKGuqhZ+etJXVnjy9Ir4zc2UU3jyeFZhs7UEfGAcZut5LY9dt5tCJKhPhYwbz4s2ZixBVUWPbFDuODCJIi4L3fw=");
        
openssl_public_decrypt($signature, $decrypted, $publicKey, OPENSSL_PKCS1_PADDING);
print($decrypted) . PHP_EOL; // op3f1libgh.biz:3005980741:1622505600

Note that you specified the public key in PKCS#1 format and I converted it to X.509/SPKI format for the PHP code using openssl:

openssl rsa -pubout -RSAPublicKey_in -in <path to pkcs#1 public key> -out <path to x.509/spki public key>

Openssl decryption using a public key

Public keys cannot be used to decrypt, they can only be used to encrypt and to verify the encryption signature.


Related Topics

Receiving Multicast on a Server with Multiple Interfaces (Linux)

Difference Between "Machine Hardware" and "Hardware Platform"

Sed Regex Problem on Mac, Works Fine on Linux

How to Run a Windows Docker Container on Linux Host

Principle of Qemu CPU Emulation

Nslookup Reported "Can't Resolve '(Null)': Name Does Not Resolve" Though It Successfully Resolved The Dns Names

Can Multiple .Gz Files Be Combined Such That They Extract into a Single File

How to Check If Jboss Is Running on Unix Server

Linux/Perl Mmap Performance

How to Convert Fixed Size Dimension to Unlimited in a Netcdf File

What Is The Size of Coap Packet

Nm Reports Symbol Is Defined But Ldd Reports Symbol Is Undefined

Load Warning: Cannot Find Entry Symbol _Start

Ubuntu: How to Link a Binary

Using Su/Sudo When Accessing Remote Git Repositories Over Ssh

Openssl Command Hangs

How to Answer Yes in Bash Script

(Un/De)Compress a String in Bash


Leave a reply



Submit