New version, using certificates (and, more importantly, secrets of arbitrary length without extra commands), see here.
Note that this version can't encrypt messages longer than few words:
-
The person receiving the message generates public and private keys, like this:
openssl genpkey -out key.priv -outpubkey key.pub -algorithm RSAThen they send the public key (
key.pub) to the person sending the message, and keep the private key (key.priv) to themselves for step 3. -
The person sending the message encrypts it like this:
openssl pkeyutl -encrypt -inkey key.pub -pubin -in file.txt -out file.rsaWhere
file.txtcontains the message you want to encrypt. If you omit the-in file.txtpart, you can simply type the message in console. This command will createfile.rsafile with encrypted message. Send it to the person receiving the message. -
The person receiving the message can decrypt it using the private key generated on step 1, like this:
openssl pkeyutl -decrypt -inkey key.priv -in file.rsa # -out file.txtNote that if you add
-out file.txtpart, then the secret message will be saved infile.txt, otherwise you'll see it on screen.
Source which uses older openssl commands
To encrypt longer versions, you can combine symmetric and asymmetric crypto! Reuse step 1, and then:
-
The person sending the message encrypts it like this:
openssl rand -base64 32 > pass.txt openssl enc -aes128 -pbkdf2 -in file.txt -out file.aes -pass file:pass.txt openssl pkeyutl -encrypt -inkey key.pub -pubin -in pass.txt -out pass.rsa -
The person receiving the message can decrypt it using the private key generated on step 1, like this:
openssl pkeyutl -decrypt -inkey key.priv -in pass.rsa -out pass.txt openssl enc -aes128 -pbkdf2 -d -in file.aes -out file.txt -pass file:pass.txt