# RSA key generation and file encryption using OpenSSL

Ivan Molina Rebolledo- 2 min read

(The following notes were made as a self-guide for a U. class (Network Security), I usually use GPG for this, hehe. Everything in this document was taken from the man pages of OpenSSL)

First step: RSA private key generation. We use the following command:

```
openssl genrsa -out id_rsa 3072
```

This command is requesting an RSA 3072 bits key, without private key encryption (which can be enabled using a symmetric algorithm, i.e. -aes128, -des, -des3). Since we aren't using additional encryption, we don't need to provide a password. In practice, we should use the additional security provided.

The key will be generated:

```
[email protected] Practica 3 % openssl genrsa -out id_rsa 3072
Generating RSA private key, 3072 bit long modulus
.......................................................................++
....................................................................................++
e is 65537 (0x10001)
[email protected] Practica 3 %
```

It should look like this:

```
-----BEGIN RSA PRIVATE KEY-----
SFKFMSFK ... (output omitted for brevity) ... SFJFSKSFSKF
-----END RSA PRIVATE KEY-----
```

For public key generation, we use the OpenSSL subcommand `pkey`

:

```
openssl pkey -in id_rsa -pubout -out id_rsa.pub
```

Ok, bear with me. This command can do a lot of things, including ciphering our previous «exposed» private key. But, we just need a public key, so we'll use it to generate one from the private key. Just keep in mind that we are using the parameter `-pubout`

to request our public key.

Which should look like this:

```
[email protected] Practica 3 % cat id_rsa.pub
-----BEGIN PUBLIC KEY-----
MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAxPShSYluH29Vw7GdP77B
D4QR7wRFCjS99RGXFifpt5PVyjtqmR3F9jrKy2GM78hnrkbsmEKjN4I2vE6jUcah
PdNL3iEdjeqzyXhTHWQ+drRlDperRGnjqJgHDL0in1My+bnTBOjcSIk6wljv4r0q
GiVCEAderydHu94KZO6nmjDX2ffaqPbVrY0qMXsohweGpcQnlYIY7pW5pd3xjrfM
FkzaQXNMjzPvJXkBzJ9WRFbmXEtjAIyRCVj1phBs+jEfdqSrDLyT3RMk1SAw9F8H
dth+XGQF04LRTnfbYYmb3R6ZaJdkgLkxd8YB7tNuuWOr6izcvjyEAErPYCJqLLWS
3k2U2bs7wtu6QcM5+bbZ4+PGbNc+siUsc6AU8WHQDjO/jIIcwoya1iNNO5a+RWFe
Pxe7DP1/i/bHX2z4fQu7HunAnLB8nUBeGaO5fdHTs0wkeEGasE32KbG4BQ1fX2Xk
D5fAgwSGghmgMCSfeVp6gc7d6rhnsBS1GY4MzgXmUZEfAgMBAAE=
-----END PUBLIC KEY-----
[email protected] Practica 3 %
```

And we are done generating our private and public key!

## Encrypting a file

For this we are going to use `pkeyutl`

:

```
openssl pkeyutl -encrypt -in File -pubin -inkey id_rsa.pub -out FileCrypt
```

We ask OpenSSL's `pkeyutl`

to encrypt our file `-in File`

using the `id_rsa.pub`

`(`-pubin -inkey id_rsa.pub`

) public key. The result will be stored at `FileCrypt`

.

Decryption can be done with the same subcommand:

```
openssl pkeyutl -decrypt -in FileCrypt -inkey id_rsa
```

In this case we omit the `-pubin`

parameter since we aren't using a public key since we need our private key to decrypt files (id_rsa). I've chosen to omit the `-out`

to just get the result in the standard output; you can use it if you want to.

```
[email protected] Practica 3 % openssl pkeyutl -decrypt -in Test -inkey id_rsa
Iván Molina Rebolledò
[email protected] Practica 3 %
```

That's all!

Need more help? Fear no more:

```
man openssl
```

(Just a quick note about the manpages: in macOS, all the subcommand are included with the openssl manpage, but that's not the case for other unixes. In Ubuntu, you have to request the manpage for a specific subcommand like this: `man enc`

, for `openssl enc`

.)