OpenSSL - RSA Commands

Some fast notes on generating RSA keys, encrypting and decrypting via OpenSSL

Generate private key of 1024 bits

openssl genrsa -out my_private_key.pem 1024

Generate public key with the generated private key

openssl rsa -in my_private_key.pem -pubout -out my_public_key.pem

Encrypting your plaint text file (plaintext.txt) to cipher text file (ciphertext.txt) with RSA public key

openssl rsautl -encrypt -pubin -inkey my_public_key.pem -in plaintext.txt -out ciphertext.txt

Encrypting your plaint text file (plaintext.txt) to cipher text file (ciphertext.txt) with RSA private key

openssl rsautl -encrypt -inkey my_private_key.pem -in plaintext.txt -out ciphertext.txt

Decrypting your plaint text file (plaintext.txt) to cipher text file (ciphertext.txt) with RSA private key

openssl rsautl -decrypt -inkey my_public_key.pem -in plaintext.txt -out ciphertext.txt

Note: 

1. openssl does not allow you to decrypt with a public key even if you encrypt your data with a private key. If you do so, you will get an error message "A private key is needed for this operation"

2. You can decrpyt a cipher text that is encrpyted by a private key by the same private key. The reason being is public key can be derived from private key

3. In general, when using private key to encrypt a message, you are trying to sign a message to provide authenticity of the message. Use -sign and -verify for such operation. -sign and -verify is the exact operation of encrypting with private key and decrypting with public key.

Signing a message

openssl rsautl -inkey my_private_key.pem -in my_signature_digest.txt -out my_encrypted_signature.txt -sign

Verifying a message

openssl rsautl -pubin -inkey my_public_key.pem -in my_encrypted_signature.txt -out my_signature_digest.txt -verify