using public key cryptography to send a message

How to send a message to your friend over insecure lines and be sure that only they can read it

Very easy! If you both have Linux or Mac environment and can use command line:

The person receiving the message generates public certificate and its private key, like this:
```
openssl req -x509 -newkey rsa:2048 -nodes -subj "/CN=example" -keyout key.priv -out cert.pub
```
Then they send the public certificate (cert.pub) to the person sending the message, and keep the private key (key.priv) to themselves for step 3.
The person sending the message encrypts it like this:
```
openssl cms -encrypt -in file.txt -out file.cms cert.pub
```
Where file.txt contains the message you want to encrypt. If you omit the -in file.txt part, you can simply type the message in console. This command will create file.cms file with encrypted message. Send it to the person receiving the message.
The person receiving the message can decrypt it using the private key generated on step 1, like this:
```
openssl cms -decrypt -in file.cms -inkey key.priv # -out file.txt
```
Note that if you add -out file.txt part, then the secret message will be saved in file.txt, otherwise you'll see it on screen.

This uses certificate, you can see it like this: openssl x509 -in key.pub -text -noout, and i wonder if it's valid for one month only, or can be used after that, too?

Alternatively, if some of you don't have Linux or Mac, or are not very comfortable with command line, you could simply use a web browser: https://lex-2008.github.io/pkc/.

Older version, using raw RSA private/public keys, also with option to wrap AES symmetric encryption to support secrets of arbitraty length, see on a separate page.