OpenSSL "rsautl" - Encrypt Large File with RSA Key
How to encrypt a large file with an RSA public key using OpenSSL "rsautl" command?
If you are trying to use an RSA public key to encrypt a file larger than the key size directly, you will get the "data too large for key size" error.
One option to resolve the problem is to use the RSA-AES hybrid encryption process as described blow:
1. Generate a one-time random AES (Advanced Encryption Standard) symmetric encryption password shorter than the RSA public key. This can be done using the OpenSSL "rand n" command.
2. Encrypt the large input data with the AES algorithm using the short password. This can be done using the OpenSSL "enc -e -aes*" command.
3. Encrypt the short password with the RSA public key. This can be done using the OpenSSL "rsautl -encrypt" command.
4. Send the AES encrypted data and the RSA encrypted password to the owner of the public key.
C:\Users\fyicenter>type clear.txt The quick brown fox jumped over the lazy dog. The quick brown fox jumped over the lazy dog. The quick brown fox jumped over the lazy dog. C:\Users\fyicenter>dir clear.txt 138 clear.txt C:\Users\fyicenter>\local\openssl\openssl.exe OpenSSL> pkey -pubin -in my_rsa_pub.key -text -noout Public-Key: (1024 bit) ... OpenSSL> rand 32 -out aes256_pass.txt OpenSSL> enc -e -aes256 -pass file:./aes256_pass.txt -in clear.txt -out cipher.txt OpenSSL> rsautl -encrypt -pubin -inkey my_rsa_pub.key -in aes256_pass.txt -out aes256_pass_cipher.txt
Commands used in this test:
You can publicly the AES encrypted data and the RSA encrypted password to the owner of the RSA public key. He/she can decrypt the AES password with his/her RSA private key, then decrypt the AES encrypted data with AES password.
2017-06-07, 646👍, 0💬
What should I do, I deleted cert8.db for Firefox by a mistake on my computer? You don't need to do a...
How to convert a certificate file in PEM (Privacy Enhanced Mail) format to DER (Distinguished Encodi...
How to convert a certificate file in DER (Distinguished Encoding Rules) format to PEM (Privacy Enhan...
How to create a self-signed root certificate using "makecert.exe"? I want to issue and sign certific...
What is the password for the Java default trusted keystore file: "cacerts"? The Java Keytool prompts...