Okay, so I have a text file named Kryptert that is encrypted.
A key file named private with the private key. I want the output to be in a text file named Klartext.
I am about to rip my hair out, because I cannot seem to figure this out.
openssl rsautl -decrypt -inkey C:\private.key -in C:\Kryptert.txt -out C:\Klartext.txt
The command above is what I use, and I get the following output in the CMD windows:
C:\Users\Marco>openssl rsautl -decrypt -inkey C:\private.key -in C:\Kryptert.txt -out C:\Klartext.txt
Loading 'screen' into random state - done
RSA operation error
8560:error:0407106B:rsa routines:RSA_padding_check_PKCS1_type_2:block type is not 02:.\crypto\rsa\rsa_pk1.c:190:
8560:error:04065072:rsa routines:RSA_EAY_PRIVATE_DECRYPT:padding check failed:.\crypto\rsa\rsa_eay.c:592:
Anyone able to help me understand what is wrong, and how I could fix it? Thank you.
Here you have the commands you need to encrypt or decrypt using openssl:
Decrypt:
$ openssl rsautl -decrypt -in $ENCRYPTED -out $PLAINTEXT -inkey keys/privkey.pem
Encrypt:
$ openssl rsautl -encrypt -in $PLAINTEXT -out $PLAINTEXT.encrypt -pubin -inkey keys/pubkey.pem
Hope this helps! :)
For encryption:
openssl rsautl -encrypt -in /path/to/your/file -out /path/to/your/encrypted -pubin -inkey /path/to/your/public_key.pem
For decryption:
openssl rsautl -decrypt -in /path/to/your/encrypted -out /path/where/you/want/your/decrypted.txt -inkey /path/to/your/private_key.pem
Note: If you have this decryption error: RSA_EAY_PRIVATE_DECRYPT:data greater than mod len try this command before decrypt your file:
cat yourEncryptedFile| base64 -D > yourEncryptedRawFile
More information here
Related
I want to encrypt local plain text file using openssl and RSAES_OAEP_SHA_256 algorithm.
I tried to use the same approach with this blog entry but it did not work.
https://europatech.co.uk/encryption-decryption-with-kms-and-openssl/
$ echo "hello" > plaintext.txt
$ openssl pkeyutl -encrypt -pkeyopt rsa_padding_mode:oaep -pkeyopt rsa_oaep_md:sha256 \
-in plaintext.txt -pubin -inkey pubkey.pem -out plaintext.bin
-pkeyopt command before -inkey
Usage: pkeyutl [options]
-in file input file
-out file output file
-sigfile file signature file (verify operation only)
-inkey file input key
-keyform arg private key format - default PEM
-pubin input is a public key
-certin input is a certificate carrying a public key
-pkeyopt X:Y public key options
-sign sign with private key
-verify verify with public key
-verifyrecover verify with public key, recover original data
-encrypt encrypt with public key
-decrypt decrypt with private key
-derive derive shared secret
-hexdump hex dump output
-passin arg pass phrase source
am I missing something?
I was looking for the same openssl command and this worked for me:
openssl pkeyutl -in data.txt -encrypt -pubin -inkey Oaep_Pub_Rsa.pem -pkeyopt rsa_padding_mode:oaep -pkeyopt rsa_oaep_md:sha256 -pkeyopt rsa_mgf1_md:sha256 -out enc.pem
I am generating a .pem file using openssl using the command:
openssl genrsa -aes256 -out ca.key.pem 4096
It is working great but when I do this:
openssl genrsa -aes256 -out ca.key.pem 4096 -password pass:abcd
It is still asking me for a password in the terminal and not automatically taking the supplied password.
I've tried generating certificates before and it works for them eg.
openssl pkcs12 -name username -inkey cert/key.key -in abc.pem -export -out cert.p12 -password pass:abcd
You're very close to the goal ! Key size must be the last parameter and -password replace with -passout
openssl genrsa -aes256 -out ca.key.pem -passout pass:abcd 4096
This is my testcase.
$ openssl genrsa -out private.pem 2048
$ openssl rsa -in private.pem -outform PEM -pubout -out public.pem # but I don't use it.
$ touch raw_data.log && echo 123456 >> raw_data.log
$ openssl rsautl -encrypt -in raw_data.log -inkey private.pem > enc.raw_data.log
$ openssl rsautl -decrypt -in enc.raw_data.log -inkey private.pem > dec.raw_data.log
$ cat raw_data.log
$ cat dec.raw_data.log
Why I can encrypt & decrypt data only with rsa private key.(not public key to encrypt data)
Is it correct?
If you read the man page for openssl rsautl, you will find that you can use the pubin option to encrypt using the public key
-inkey file the input key file, by default it should be an RSA private key.
-pubin the input file is an RSA public key.
So you can encrypt either using the private key (default) or the public key (with the pubin option)
openssl rsautl -encrypt -inkey pubkey.pem -pubin -in raw_data.log -out enc.raw_data.log
I am currently trying to use OpenSSL to encrypt and decrypt a file, using (encrypt):
openssl rsautl -encrypt -pubin -inkey public.pem -in plaintext.txt -out encyrptiontext.txt
and for the decrypting I am using:
openssl rsautl -decrypt -inkey private.pem -in encyrptiontext.txt
The keys have been generated from the same file, though when I try and decrypt a single line I receive this error:
8952:error:0407106B:rsa routines:RSA_padding_check_PKCS1_type_2:block type is not 02:.\crypto\rsa\rs
a_pk1.c:190:
8952:error:04065072:rsa routines:RSA_EAY_PRIVATE_DECRYPT:padding check failed:.\crypto\rsa\rsa_eay.c
:592:
I am not sure why I am getting this as they are using the default settings and the keys have been generated from the same generator.
Here is what I've tried:
Encrypt message w/ my public key
openssl enc -aes-256-cbc -salt -kfile key.pub -in message.txt -out message.enc
Decrypt message using my private key
openssl enc -d -aes-256-cbc -salt -in message.enc -pass file:mykey.pem
Error from decryption
bad decrypt
452:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:evp_enc.c:330:
This code works:
openssl rsautl -pubin -inkey key.pub -encrypt -in message.txt -out message.enc
openssl rsautl -inkey privkey.pem -decrypt -in message.enc -out message.dec
For use
openssl rsautl -pubin -inkey key.pub -encrypt -in message.txt -out message.enc
You need define option -raw to ignore padding :)
openssl rsautl -pubin -inkey key.pub -encrypt -in message.txt -out message.enc -raw
enc - symmetric cipher routines so you should use rsautl
Correct solutions:
On sender side
Generate passphrase
Encrypt your message using enc with passphrase
Encrypt passphrase using rsautl with public key
Send encoded message and encoded passphrase
On receiver side
Decrypt passphrase using rsautl with private key
Decrypt message using enc with passphrase
Encrypt:
openssl enc -aes-256-cbc -salt -pass file:password.txt -in message.txt -out message.enc
Decrypt:
openssl enc -aes-256-cbc -d -salt -pass file:password.txt -in message.enc -out message.dec
Where the first line of the file password.txt contains your password.