Openssl Generate Large Rsa Key Rating: 9,3/10 6402 votes

Symmetic encryption

For symmetic encryption, you can use the following:

I try to use OpenSSL with huge RSA keys. Last night, I generated a 65536 bit RSA key (it took me 6 hours). While OpenSSL seems to be able to generate such keys, it is not able to operate with them. The reason it won't allow use with large files (say over around 512 bytes) is performance. Generating a key pair. Generate private key openssl genrsa -out privatekey.pem 1024 Then use it to generate the public key openssl rsa -in privatekey.pem -out publickey.pem -outform PEM -pubout Encrypt file. This will encrypt using RSA and your 1024.

To encrypt:

To decrypt:

May 29, 2016  The most effective and fastest way is to use command line tools: codeopenssl genrsa -out mykey.pem 4096 openssl rsa -in mykey.pem -pubout mykey.pub /codeIt’ll generate RSA key pair in code mykey.pem/code and code mykey.pub/code.

Asymmetric encryption

For Asymmetric encryption you must first generate your private key and extract the public key.

Openssl Generate Key File

To encrypt:

To decrypt:

Encripting files

You can't directly encrypt a large file using rsautl. Instead, do the following:

  • Generate a key using openssl rand, e.g. openssl rand 32 -out keyfile.
  • Encrypt the key file using openssl rsautl.
  • Encrypt the data using openssl enc, using the generated key from step 1.
  • Package the encrypted key file with the encrypted data. The recipient will need to decrypt the key with their private key, then decrypt the data with the resulting key.

Ultimate solution for safe and high secured encode anyone file in OpenSSL and command-line:

Private key generation (encrypted private key):

With unecrypted private key:

With encrypted private key:

With existing encrypted (unecrypted) private key:

Encrypt a file

Encrypt binary file:

Encrypt text file:

What is what:

  • smime — ssl command for S/MIME utility (smime(1)).
  • -encrypt — chosen method for file process.
  • -binary — use safe file process. Normally the input message is converted to 'canonical' format as required by the S/MIME specification, this switch disable it. It is necessary for all binary files (like a images, sounds, ZIP archives).
  • -aes-256-cbc — chosen cipher AES in 256 bit for encryption (strong). If not specified 40 bit RC2 is used (very weak). (Supported ciphers).
  • -in plainfile.zip — input file name.
  • -out encrypted.zip.enc — output file name.
  • -outform DER — encode output file as binary. If is not specified, file is encoded by base64 and file size will be increased by 30%.
  • yourSslCertificate.pem — file name of your certificate's. That should be in PEM format.

That command can very effectively a strongly encrypt any file regardless of its size or format.

Decrypt a file

Decrypt binary file:

For text files:

What is what:

  • -inform DER — same as -outform above.
  • -inkey private.key — file name of your private key. That should be in PEM format and can be encrypted by password.
  • -passin pass:your_password — (optional) your password for private key encrypt.

Openssl Generate Rsa Pkcs8

Verification

Creating a signed digest of a file:

Verify a signed digest:

Source

SYNOPSIS

Openssl Rsa Public Key

opensslgenrsa [-outfilename] [-passoutarg] [-des] [-des3] [-idea] [-f4] [-3] [-randfile(s)] [numbits]

DESCRIPTION

The genrsa command generates an RSA private key.

Options

-outfilename

specifies the output file name. If this argument is not specified then standard output is used.

-passout arg

specifies the output file password source. For more information about the format of arg see the PASS PHRASE ARGUMENTS section in the openssl reference page.

-des-des3-idea

These options encrypt the private key with the DES, triple DES, or the IDEA ciphers respectively before outputting it. If none of these options is specified no encryption is used. If encryption is used a pass phrase is prompted for if it is not supplied via the -passout argument.

-F4-3

the public exponent to use, either 65537 or 3. The default is 65537.

-randfile(s)

a file or files containing random data used to seed the random number generator, or an EGD socket. Multiple files can be specified separated by a OS-dependent character. The separator is ; for MS-Windows, , for OpenVMS, and : for all others.

numbits

the size of the private key to generate in bits. This must be the last option specified. The default is 512.

NOTES

RSA private key generation essentially involves the generation of two prime numbers. When generating a private key various symbols will be output to indicate the progress of the generation. A . represents each number which has passed an initial sieve test, + means a number has passed a single round of the Miller-Rabin primality test. A newline means that the number has passed all the prime tests (the actual number depends on the key size).

Because key generation is a random process the time taken to generate a key may vary somewhat.

BUGS

A quirk of the prime generation algorithm is that it cannot generate small primes. Therefore the number of bits should not be less that 64. For typical private keys this will not matter because for security reasons they will be much larger (typically 1024 bits).

AVAILABILITY

PTC MKS Toolkit for System Administrators
PTC MKS Toolkit for Developers
PTC MKS Toolkit for Interoperability
PTC MKS Toolkit for Professional Developers
PTC MKS Toolkit for Professional Developers 64-Bit Edition
PTC MKS Toolkit for Enterprise Developers
PTC MKS Toolkit for Enterprise Developers 64-Bit Edition

SEE ALSO

Commands:
openssl gendsa

PTC MKS Toolkit 10.2 Documentation Build 28.