OpenSSL:在RSA中使用私钥加密并使用公钥解密 [英] OpenSSL : Encrypt with private key and decrypt with public key in RSA

问题描述

我想使用OpenSSL和RSA算法使用私钥对文件加密:

I want to encrypt a file with the private key using OpenSSL with the RSA algorithm:

openssl rsautl -in txt.txt -out txt2.txt -inkey private.pem -encrypt

现在，如果我执行解密操作:

Now if I do a decrypt operation:

openssl rsautl -in txt2.txt -pubin -inkey public.pem -decrypt

此操作需要私钥

我知道我应该使用公共密钥进行加密，如果使用私有密钥，则会获得签名.

I know that I should use the public key to encrypt, and if I use the private key, I get a signature.

但是，我想这样做是出于学习目的.

However, I want to do that for studying purposes.

推荐答案

您错误地使用了密钥.在公钥加密中，加密使用公钥:

You are using keys wrongly. In public-key cryptography, encryption uses a public key:

openssl rsautl -in txt.txt -out txt2.txt -inkey public.pem -pubin -encrypt

对于解密，使用与公钥相关的私钥:

And for decryption, the private key related to the public key is used:

openssl rsautl -in txt2.txt -inkey private.pem -decrypt

私有密钥( without -pubin )可以用于加密，因为它实际上包含公用指数.请注意，通常不应该将RSA直接用于加密数据，而只能封装"(RSA-KEM)或包装"用于对称加密的密钥.

The private key (without -pubin) can be used for encryption since it actually contains the public exponent. Note that RSA should not normally be used to encrypt data directly, but only to 'encapsulate' (RSA-KEM) or 'wrap' the key(s) used for symmetric encryption.

但是您提到您实际上想研究签名.尽管从历史上看，RSA签名有时被描述为使用私钥加密"，但这种描述具有误导性，实际上实施起来并不安全.签名和验证实际上是不同于加密和解密的不同操作，并且 rsautl 仅执行其中的 part .例如，您可以做:

But you mention you actually want to study signature. Although historically RSA signature was sometimes described as 'encrypting with the private key', that description is misleading and actually implementing that was found to be insecure. Sign and verify are actually different operations separate from encryption and decryption, and rsautl performs only part of them. For example, you can do:

# hash the data and encode the result in ASN.1 
openssl rsautl -sign -in hashenc.dat -out sig.dat -inkey private.pem
...
# on the recipient (with signature and purportedly correct data)
openssl rsautl -verify -in sig.dat -out hashenc.dat -inkey public.pem -pubin 
# or often more appropriate use a certificate for the public key
openssl rsautl -verify -in sig.dat -out hashenc.dat -inkey cert.pem -certin
# now either decode hashenc.dat and compare the hash
# to a new hash of the data (which should be the same)
# or compare all of hashenc.dat to an encoding of a new hash

相反，最好使用 openssl dgst ，它执行PKCS1 序列.org/html/rfc8017"rel =" nofollow noreferrer>例如rfc8017 .例如，带有SHA256的RSASSA-PKCS1v1_5签名 :

Instead it is better to use openssl dgst which performs the entire signature and verification sequence as specified by PKCS1 e.g. rfc8017. For example for RSASSA-PKCS1v1_5 signature with SHA256:

openssl dgst -sha256 -sign private.pem -in data.txt -out sig.dat
# or can be abbreviated
openssl sha256 -sign private.pem -in data.txt -out sig.dat
# hashes the data, encodes the hash, does type 1 padding and modexp d
...
openssl dgst -sha256 -verify public.pem -in data.txt -signature     sig.dat
# or abbreviated 
openssl sha256 -verify public.pem -in data.txt -signature sig.dat 
# does modexp e and type 1 unpadding, and compares the result to a hash of the data

# notice you don't specify which key is public or private
# because this command knows what to expect

# however it does not accept the public key from a certificate, 
# you must extract the public key from the cert first

此表单(但不支持 rsautl )也支持更新且技术上更好但使用不广泛的PSS填充.这仅在 dgst 手册页上进行了引用，并且大多在 pkeyutl 手册页上进行了记录，这并不完全清楚.

This form (but not rsautl) also supports the newer and technically better, but not as widely used, PSS padding. This is only referenced on the dgst man page, and mostly documented on the pkeyutl man page, which isn't totally obvious.

在其他堆栈上，这是更主题的，请参见例如: https://security.stackexchange.com/questions/93603/understanding-digitial-certifications
https://security.stackexchange.com/questions/87325/如果将公用密钥不能用于解密
https://security.stackexchange.com/questions/11879/使用一个私钥危险来加密数据
https://security.stackexchange.com/questions/68822/trying-理解rsa及其术语
https://crypto.stackexchange.com/questions/2123/rsa-使用私有密钥加密和使用公共密钥解密
https://crypto.stackexchange.com/questions/15997/是rsa加密，与签名生成相同
https://crypto.stackexchange.com/questions/15295/为什么需要在签名小数据之前进行哈希处理

On other Stacks where this is more on-topic, see e.g.: https://security.stackexchange.com/questions/93603/understanding-digitial-certifications
https://security.stackexchange.com/questions/87325/if-the-public-key-cant-be-used-for-decrypting
https://security.stackexchange.com/questions/11879/is-encrypting-data-with-a-private-key-dangerous
https://security.stackexchange.com/questions/68822/trying-to-understand-rsa-and-its-terminology
https://crypto.stackexchange.com/questions/2123/rsa-encryption-with-private-key-and-decryption-with-a-public-key
https://crypto.stackexchange.com/questions/15997/is-rsa-encryption-the-same-as-signature-generation
https://crypto.stackexchange.com/questions/15295/why-the-need-to-hash-before-signing-small-data

这篇关于OpenSSL:在RSA中使用私钥加密并使用公钥解密的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！