OpenSSL "rsautl" - Decrypt Large File with RSA Key

Q

How to decrypt a large file with an RSA private key using OpenSSL "rsautl" command? I received a large encrypted file from my friend who used the RSA-AES hybrid encryption process with my public key.

✍: FYIcenter.com

A

If your friend encrypted a large file with the RSA-AES hybrid encryption process with your public key, you should receive the large encrypted file and an encrypted AES password from him/her.

Decrypting the large encrypted file can be done use the process described blow:

1. Decrypt the encrypted AES password file to get the AES password with your RSA private key. This can be done using the OpenSSL "rsa -decrypt" command.

2. Decrypt the large encrypted with the AES password. This can be done using the OpenSSL "enc -d -aes*" command.

For example, if you are the owner of the RSA public key and received two encrypted files from your friend described in the last tutorial, you can decrypt them as shown below:

C:\Users\fyicenter>dir *cipher.txt
   128 aes_pass_cipher.txt
   160 cipher.txt

C:\Users\fyicenter>\local\openssl\openssl.exe

OpenSSL> rsautl -decrypt -inkey my_rsa.key -in aes256_pass_cipher.txt 
   -out aes256_pass_decipher.txt

OpenSSL> enc -d -aes256 -pass file:./aes256_pass_decipher.txt -in cipher.txt 
   -out decipher.txt

C:\Users\fyicenter>type decipher.txt
The quick brown fox jumped over the lazy dog.
The quick brown fox jumped over the lazy dog.
The quick brown fox jumped over the lazy dog.

Commands used in this test:

  • "dir *cipher.txt" - Windows command confirming that we have two encrypted files: aes_pass_cipher.txt and cipher.txt.
  • "rsautl -decrypt -inkey my_rsa.key -in aes256_pass_cipher.txt -out aes256_pass_decipher.txt" - OpenSSL command decrypting the AES password with the RSA private key. The decrypted AES password is stored in the output file, aes256_pass_decipher.txt.
  • "enc -d -aes256 -pass file:./aes256_pass_decipher.txt -in cipher.txt -out decipher.txt" - OpenSSL command encrypting the large encrypted data, cipher.txt, with AES 256-bit algorithm using the decrypted password. The AES decrypted data is stored in the output file, decipher.txt.
  • "type decipher.txt" - Windows command confirming that the decrypted data, decipher.txt, matches the original data file.

 

OpenSSL "rsautl" Command for RSA Keys

⇒⇒OpenSSL Tutorials

2017-05-20, 423👍, 0💬