OpenSSL provides several tools that allow you to RSA encrypt/sign arbitrary data files. Of course, directly RSA encrypting large volumes of data is impractical because the encrypted/signed data cannot exceed the size of the key material. This is one of the reasons why SSL connections typically handshake and then pass an AES (or RC4, et cetera) key to do symmetric encryption thereafter.1
Generate a private key. You can change the last number to the preferred modulus size. Keys greater than 4096-bit will take a long time to generate.2
openssl genrsa -out private.pem 4096 |
With the private key we can now encrypt the data.
openssl rsautl -encrypt -inkey private.pem -in publicfile -out privatefile |
To decrypt just reverse it.
openssl rsautl -decrypt -inkey private.pem -in privatefile -out publicfile |
If you would rather sign the data…
openssl rsautl -sign -inkey private.pem -in filetosign -out signed_data |
To verify the signature just use -verify.3
openssl rsautl -verify -inkey private.pem -in signed_data |
If you have ever wanted to encrypt a blob of data for transmission or archival, OpenSSL provides a simple way to accomplish this task without resorting to platform specific tools.
To encrypt1:
openssl enc -e -aes-256-cbc -in filename -out filename.enc |
To decrypt:
openssl enc -d -aes-256-cbc -in filename.enc -out filename.dec |
The example above uses AES256 in cipher block chaining mode, however there are almost 50 different cipher functions available for encryption. To see a list, just type openssl enc help. I would very seriously recommend staying with well-known and accepted standard ciphers like AES unless you have an explicit need to choose something more esoteric.