Hybrid Public Key Encrytion (HPKE) with OpenSSL
[OpenSSL Home][Home]
With HPKE, we encrypt a message with a random symmetric key, and then encrypt this symmetric key with Alice's public key. Alice then decrypts the symmetric key with her private key, and then decrypts the encrypted file with the decrypted symmetric key. We will use either 512-bit, 768-bit, 1,024-bit or 2,048-bit RSA key pairs.
|
Outline
The OpenSSL commands for a 512-bit RSA key pair, and a 128-bit symmetric key (16 bytes) are:
openssl genrsa -out rsa.key 512 openssl rsa -in rsa.key - pubout -out rsa.pub openssl rand -out keyfile 16 openssl pkeyutl -encrypt - pubin - inkey rsa.pub -in keyfile -out keyfile_crypted echo | set /p = hello 123 | openssl aes-256-cbc -e -out encrypted.txt -pass file:keyfile openssl pkeyutl -decrypt -inkey rsa.key -in keyfile_crypted -out keyfile openssl aes-256-cbc -d -in encrypted.txt -out plain_decrypted.txt -pass file:keyfile
A sample run is:
openssl genrsa -out rsa.key 512 openssl rsa -in rsa.key - pubout -out rsa.pub openssl rand -out keyfile 16 openssl pkeyutl -encrypt - pubin - inkey rsa.pub -in keyfile -out keyfile_crypted echo | set /p = hello 123 | openssl aes-256-cbc -e -out encrypted.txt -pass file:keyfile openssl pkeyutl -decrypt -inkey rsa.key -in keyfile_crypted -out keyfile openssl aes-256-cbc -d -in encrypted.txt -out plain_decrypted.txt -pass file:keyfile ---- Message: hello 123 RSA Key size: 512 Symmetric Key size: 16 ---- -----BEGIN PRIVATE KEY----- MIIBVQIBADANBgkqhkiG9w0BAQEFAASCAT8wggE7AgEAAkEAqEcyecYdbzl3shBQ XYmU95hjJzR7idgwZ1zg2MBmUlJN7WZl8xH+yyjQky8Wt2yI8XlcGGL9+1Uv8OSW 9ODjYwIDAQABAkABXGIKHhIK3joblIox13T+85qJrKD7ImZxz4x59ERfkgt1Rw04 wz+RN/qxTQhdSeAwBcWe/d4IZgeFqGROpHdBAiEA4Fm7jewb2DO1yYTmjKpTdun2 T+EtX9SAyPhGHNSRcvMCIQDABHKSj+lu0aFws5vHuO/IqNwYZ8IqGUZu2b9W2WqJ 0QIhALkABbMAUe20pmDooJy6D11tjFlOW/Y7637NjDNV7iKVAiEAuUCROQ1W7O+a jZz64kluLW2cSn9wOCWCalfx3dyMiMECIHg6jupiN/hUvYecUG4d1dq7HijWsbMA Fu9XmfR0PbFz -----END PRIVATE KEY----- ---- Symmetric key: 04ba0f139813e5858269f9defe542a4b Cipher: 53616c7465645f5f87ea2f963a5d77a5f4c7cce8cf0d5a3626572635ec18 04ac ---- Decrypted: hello 123