Skip to content
Wiki
CS
Security
PKI
Encryption Workflow

Encryption Workflow

OpenSSL Tutorial

Encrypt with opposing Pub

  • 🚨 won’t work 🚨
    • Too big, use symmetric
openssl pkeyutl \
	-encrypt \
	-in largefile.txt \
	-pubin -inkey pubkey-B.pem \
	-out ciphertext.bin

1. Symmetric Key Delivery

Generate symmetric key 

openssl rand \
	-base64 32 \
	-out symkey.pem

Encrypt symmetric key 

openssl pkeyutl \
	-encrypt \
	-in symkey.pem \
	-pubin -inkey pubkey-B.pem \
	-out symkey.enc

Hash and Sign 

openssl dgst \
	-sha1 \
	-sign privkey-A.pem \
	-out signature.bin \
	symkey.pem

2. Encryption

Decrypt symmetric key 

openssl pkeyutl \
	-decrypt \
	-in symkey.enc \
	-inkey privkey-B.pem \
	-out symkey.pem

Verify hashed signature 

openssl dgst \
	-sha1 \
	-verify pubkey-A.pem \
	-signature signature.bin \
	symkey.pem

Encrypt symmetrically 

openssl enc \
	-aes-256-cbc \
	-pass file:symkey.pem \
	-p \
	-md sha256 \
	-in largefile.txt \
	-out ciphertext.bin

3. Decryption

openssl enc \
	-aes-256-cbc \
	-d \
	-pass file:symkey.pem \
	-p \
	-md sha256 \
	-in ciphertext.bin \
	-out largefile.txt
Last updated on
Cert WorkflowOpenSSL