Use OpenSSL for RSA encryption and decryption

Source: Internet
Author: User
Tags openssl rsa asymmetric encryption

Use OpenSSL for RSA encryption and decryption

OpenSSL is a powerful toolkit that integrates many cryptographic algorithms and utility tools. You can use the console tool provided by Alibaba Cloud to Generate Keys and certificates to encrypt and decrypt files, or use the API interfaces provided by Alibaba Cloud to Encrypt transmission information in code.

RSA is an asymmetric encryption algorithm. In short, asymmetric encryption algorithms require two keys for encrypting and decrypting a file, one for encryption, the other for public key, and the other for decryption, and the other for private key. The certificate can be used to authorize the use of the public key.

Today I have studied the RSA encryption of OpenSSL, which mainly involves the use of public keys and keys to encrypt and decrypt files, and does not involve operations on certificates. You can go:



The following describes how to use the OpenSSL tool in the console:


Generate a key:

Openssl genrsa-out test. key 1024

Here-out specifies the file to be generated. Note that this file contains both the public key and the key. That is to say, this file can be used for encryption or decryption. The following 1024 is the length of the generated key.

Openssl can extract the public key from this file:

Openssl rsa-in test. key-pubout-out test_pub.key

-In indicates the input file, and-out indicates the file name to extract the generated public key. Now we have a public key, a private key (including the public key ). Now you can use the public key to encrypt the file.

I create a hello text file in the directory and then use the previously generated public key to encrypt the file:

Openssl rsautl-encrypt-in hello-inkey test_pub.key-pubin-out hello. en

-In specifies the file to be encrypted,-inkey specifies the key,-pubin indicates that the file is encrypted with a pure public key, and-out indicates the encrypted file.

Decrypt the file:

Openssl rsautl-decrypt-in hello. en-inkey test. key-out

-In indicates the encrypted file,-inkey indicates the private key file, and-out indicates the decrypted file.

So far, an encryption and decryption process has ended. In actual use, certificates may also be included, which will be available later ~

Next we will introduce how the program uses the previously generated test. key and test_pub.key for information encryption and decryption (of course, you can also directly use openssl APIs to generate key files ).

The following example uses an existing key to encrypt and decrypt the source string:

1 # include <stdio. h>
2 # include <stdlib. h> 3 # include <string. h>
4 # include <openssl/rsa. h>
5 # include <openssl/pem. h>
6 # include <openssl/err. h>
7 # define OPENSSLKEY "test. key"
8 # define PUBLICKEY "test_pub.key" 9 # define BUFFSIZE 1024
10 char * my_encrypt (char * str, char * path_key); // encrypted
11 char * my_decrypt (char * str, char * path_key); // decrypt
12 int main (void ){
13 char * source = "I like dancing! ";
14 char * ptr_en, * ptr_de;
15 printf ("source is: % s \ n", source );
16 ptr_en = my_encrypt (source, PUBLICKEY );
17 printf ("after encrypt: % s \ n", ptr_en );
18 ptr_de = my_decrypt (ptr_en, OPENSSLKEY); 19 printf ("after decrypt: % s \ n", ptr_de );
20 if (ptr_en! = NULL ){
21 free (ptr_en );
23 if (ptr_de! = NULL ){
24 free (ptr_de );
26 return 0;
28 char * my_encrypt (char * str, char * path_key ){
29 char * p_en;
30 RSA * p_rsa;
31 FILE * file;
32 int flen, rsa_len;
33 if (file = fopen (path_key, "r") = NULL ){
34 perror ("open key file error ");
35 return NULL;
37 if (p_rsa = PEM_read_RSA_PUBKEY (file, NULL) = NULL ){
38 // if (p_rsa = PEM_read_RSAPublicKey (file, NULL) = NULL) {This sentence cannot survive, whether or not the public key is separated from the source file
39 ERR_print_errors_fp (stdout );
40 return NULL;
42 flen = strlen (str );
43 rsa_len = RSA_size (p_rsa );
44 p_en = (unsigned char *) malloc (rsa_len + 1 );
45 memset (p_en, 0, rsa_len + 1 );
46 if (RSA_public_encrypt (rsa_len, (unsigned char *) str, (unsigned char *) p_en, p_rsa, RSA_NO_PADDING) <0 ){
47 return NULL;
49 RSA_free (p_rsa );
50 fclose (file );
51 return p_en;
53 char * my_decrypt (char * str, char * path_key ){
54 char * p_de;
55 RSA * p_rsa;
56 FILE * file;
57 int rsa_len;
58 if (file = fopen (path_key, "r") = NULL ){
59 perror ("open key file error ");
60 return NULL;
62 if (p_rsa = pem_read_rs1_vatekey (file, NULL) = NULL ){
63 ERR_print_errors_fp (stdout );
64 return NULL;
66 rsa_len = RSA_size (p_rsa );
67 p_de = (unsigned char *) malloc (rsa_len + 1 );
68 memset (p_de, 0, rsa_len + 1 );
69 if (RSA_private_decrypt (rsa_len, (unsigned char *) str, (unsigned char *) p_de, p_rsa, RSA_NO_PADDING) <0 ){
70 return NULL;
72 RSA_free (p_rsa );
73 fclose (file );
74 return p_de;

A strange problem:

Lines 37 and 38 get the key from the file and find that the PEM_read_RSAPublicKey method provided by openssl will always fail.

It is estimated that the file format is incorrect ~

Provides FTP + SSL/TLS authentication through OpenSSL and implements secure data transmission.

Use OpenSSL to sign multi-domain certificates

OpenSSL details: click here
OpenSSL: click here

This article permanently updates the link address:







Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.