Marek, Thanks for your reply. I think I understand. So it would go something like:
To encrypt: Generate Pub/Priv RSA key Generate random AES key Encrypt file using AES key Encrypt AES key using Public RSA key (maybe append encrypted AES key in front of encrypted file to have it all in one place) Destroy/forget unencrypted AES key To decrypt: Extract encrypted AES key from file Decrypt encrypted AES key using Private RSA key Use unencrypted AES key to decrypt the rest of the file Destroy/forget unencrypted AES key Does that sound about right? Please respond to openssl-users@openssl.org Sent by: [EMAIL PROTECTED] To: openssl-users@openssl.org cc: (bcc: Dan Mitton/YD/RWDOE) Subject: Re: How-To encrypt using rsautl ?? LSN: Not Relevant User Filed as: Not a Record Hello, [EMAIL PROTECTED] wrote on 06/25/2008 08:59:00 PM: > I am trying to encrypt a file using rsautl, but its generating an error. > What am I doing wrong?? > > I create a private key - > > /usr/local/ssl/bin/openssl genrsa -out rsa-priv.pem 2048 > Generating RSA private key, 2048 bit long modulus > .............................+++ > ..............................................................+++ > e is 65537 (0x10001) > > I extract the public key - > > /usr/local/ssl/bin/openssl rsa -in rsa-priv.pem -pubout -out rsa-pub.pem > > writing RSA key > > I try to encrypt a file - > > /usr/local/ssl/bin/openssl rsautl -in foo -out foo.encrypted -inkey > rsa-pub.pem -pubin -encrypt > RSA operation error > 6180:error:0406D06E:rsa routines:RSA_padding_add_PKCS1_type_2:data too > large for key size:rsa_pk1.c:151: With 2048 bit key (256 bytes) you may encrypt max 256-11 bytes of data (11 bytes for PKCS1). Because of this RSA encryption is not use for encryption whole files but for encryption symmetric keys (for AES or DES) that encrypt files with symmetric algorithm. Best regards, -- Marek Marcola <[EMAIL PROTECTED]> ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
