Study OpenSSL (integrated with HSM) - lifuzu/cafe GitHub Wiki

###RSA key

  1. Create RSA key:

openssl genrsa 2048 -out key.pem
# On Mac, it turns to:
openssl genrsa -out key.pem 2048
openssl rsa -in key.pem -pubout -out pub-key.pem
  1. Print RSA components:

openssl rsa -in key.pem -text -noout
  1. Encrypt the plain file with the public RSA key:

openssl rsautl -encrypt -in plain.file -inkey pub-key.pem -pubin -out plain.file.rsa.enc
  1. Decrypt (with RSA private key) the encrypted file by RSA public key:

openssl rsautl -decrypt -in plain.file.rsa.enc -inkey key.pem -out plain.file.rsa.dec

AES key

  1. Create AES key:

touch anyfile
openssl aes-256-cbc -nosalt -P -pass pass:PASSWORD -in anyfile > aes.out
aeskey=`cat aes.out | grep key | cut -d = -f 2`
aesiv=`cat aes.out | grep iv | cut -d = -f 2`
  1. Encrypt the plain file with the AES key:

openssl enc -aes-256-cbc -in plain.file -K $aeskey -iv $aesiv -out plain.file.aes.enc
  1. Decrypt the encrypted file with AES key to get a plain file:

openssl enc -aes-256-cbc -d -in plain.file.aes.enc -K $aeskey -iv $aesiv -out plain.file.aes.dec

###Digital Signature

  1. Create a file's digest:

openssl dgst -sha1 -out plain.dig plain.file
  1. Compute the signature of the digest:

openssl rsautl -sign -in plain.dig -out plain.sig -inkey key.pem
  1. Check to validity of a given signature:

openssl rsautl -verify -in plain.sig -out plain.dig -inkey pub-key.pem -pubin

References:

  1. http://users.dcc.uchile.cl/~pcamacho/tutorial/crypto/openssl/openssl_intro.html
Add a custom footer
⚠️ **GitHub.com Fallback** ⚠️