Is RSA Encrypt & Decrypt only with Private Key by openssl, correct?

Question

This is my testcase.

$ openssl genrsa -out private.pem 2048
$ openssl rsa -in private.pem -outform PEM -pubout -out public.pem  # but I don't use it.

$ touch raw_data.log && echo 123456 >> raw_data.log
$ openssl rsautl -encrypt -in raw_data.log -inkey private.pem > enc.raw_data.log
$ openssl rsautl -decrypt -in enc.raw_data.log -inkey private.pem > dec.raw_data.log

$ cat raw_data.log
$ cat dec.raw_data.log

Why I can encrypt & decrypt data only with rsa private key.(not public key to encrypt data)

Is it correct?

Unknown Unknown · Accepted Answer · 2016-06-01T08:00:27

If you read the man page for openssl rsautl, you will find that you can use the pubin option to encrypt using the public key

-inkey file the input key file, by default it should be an RSA private key.

-pubin the input file is an RSA public key.

So you can encrypt either using the private key (default) or the public key (with the pubin option)

openssl rsautl -encrypt -inkey pubkey.pem -pubin -in raw_data.log -out enc.raw_data.log

Is RSA Encrypt & Decrypt only with Private Key by openssl, correct?

1 Answers