Encrypt with private key and decrypt with public key

c encryption openssl public-key-encryption
10,923

Encrypting with the private key is not considered signing. Using RSA, there is in fact encryption using the private key, but this is just an implementation detail of RSA, and it is not encrypting the message, but a hash of the message, so no, verifying the signature does not bring back the original plaintext message.

Yes you can sign and verify signatures in OpenSSL -- cf. https://www.openssl.org/docs/crypto/RSA_sign.html

No, you should not use "textbook RSA" with the modulus and exponent to roll your own encryption. Cf. here, for example: https://crypto.stackexchange.com/questions/1448/definition-of-textbook-rsa

No, you should not swap the use of the private and public keys by encrypting data with the private key and decrypting with the public. Cf. for example https://stackoverflow.com/a/2350959/233596.

UPDATE:

This page suggests that you can use the OpenSSL C interface to encrypt with the private key and decrypt with the public key, by way of these function prototypes:

 int RSA_public_encrypt(int flen, unsigned char *from,
    unsigned char *to, RSA *rsa, int padding);
 int RSA_private_decrypt(int flen, unsigned char *from,
    unsigned char *to, RSA *rsa, int padding);
 int RSA_private_encrypt(int flen, unsigned char *from,
    unsigned char *to, RSA *rsa,int padding);
 int RSA_public_decrypt(int flen, unsigned char *from, 
    unsigned char *to, RSA *rsa,int padding);

(I did not actually try using these functions.)

I tried using the openssl rsautl command line:

$ openssl rsautl -in HELLO -out HELLO.encrypt_by_private -inkey private.pem -encrypt

However:

$ openssl rsautl -in  HELLO.encrypt_by_private -pubin -inkey public.pem -decrypt
A private key is needed for this operation

So, I would say that the command line tool will not do it.

Share:
10,923
StackPointer
Author by

StackPointer

Updated on June 04, 2022

Comments

  • StackPointer
    StackPointer almost 2 years

    What I'd like to know is simple. Can I use OpenSSL to encrypt a string "hello" with a private key then send it to everyone who can decrypt it with the public key to retrieve the original string.

    I've searched all around and can't really find anything.

    Mathematically I can use the private exponent and public modulus to perform an encryption then use the public exponent and public modulus to perform the decryption.

    Can I do this with OpenSSL?

    I've read that this is considered signing. Then how can I sign with my private key and receive the original data from the signed file with just the public key?

    I've read a lot of the responses on the web and they're all vague. Can anyone give me clear solutions?

    If it is possible to encrypt with a private key and decrypt with public can anyone give me an example on how to do it with the openssl tool? Or do I have to write my own implementation?

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Can't link OpenSSL code
Encryption and decryption error 0x0407106B using OpenSSL
What is the role of cakey.pem and cacert.pem in addition to .key and .crt based encryption
Simple AES encryption decryption with openssl library in C
AES Encryption -Key Generation with OpenSSL
OpenSSL AES 256 CBC via EVP api in C
How to do AES decryption using OpenSSL
RSA encrypt/decrypt
How to calculate X.509 certificate's SHA-1 fingerprint?
How to translate pem public key into openssl RSA* structure