OpenSSL public key decrypts file?

0
votes

My understanding is that the public key can be used for encryption and the private for decryption and that the public key cannot decrypt the file encrypted by the same public key. Did I misunderstand or am I doing something incorrectly?

1) generate a key

openssl genrsa -out ./private.pem 2048

2) generate a public key

openssl rsa -in ./private.pem -pubout > ./public.pem

3) encrypt a small text file

openssl enc -in ./in.txt -out ./out.enc -e -aes256 -k ./public.pem

4) decrypt file using PUBLIC key

openssl enc -in ./out.enc -out ./out.txt -d -aes256 -k ./public.pem

The last step can decrypt the "out.enc" file. Not what I wanted or expected.

2
opensslpublic-key-encryptionencryption-asymmetric
aes256 is not an asymmetric/public-key algorithm btwAlex K.
since any file can be used as a pass phrase, openssl also can use public.pem, since apart from being a public key is a regular fileIljaBek

2 Answers

1
votes

Although, the question is really old, yet I must state that TS got it right: the public key cannot decrypt the file encrypted by the same public key. Only the corresponding private key can.

The real problem is that AES is not the public-key algorithm. It uses the same key for both encryption and decryption, and the key can be an arbitrary byte sequence.

0
votes

No. That's wrong. The two keys (public and private) can be used for BOTH encrypting and decrypting. The kicker is that you cannot reverse the operation with the same key.

e.g.

encrypt(doc, publickey) -> decrypt(crypteddoc, publickey)  // fails
encrypt(doc, privatekey) -> decrypt(crypteddoc, privatekey) // fails

encrypt(doc, publickey) -> decrypt(crypteddoc,privatekey) // works
encrypt(doc, privatekey) -> decrypt(crypteddoc, publickey) // works

Technically, it doesn't matter which key you share and make public, as long as once you have made one of the keys public, you cannot ever share the other, private, key.