decrypt with a public key
Hi, In public key cryptography, a message encrypted with a private key can be decrypted with a public key, and so I tried: openssl rsautl -encrypt -inkey private-key -in message -out cryptogram openssl rsautl -decrypt -inkey public-key -pubin -in cryptogram The problem is that the second command gives me: A private key is needed for this operation Why can't one decrypt with a public key? I do realize that I can convince the recipient of the message that the message is indeed mine by signing the message. Thanks, Irek -- Ireneusz (Irek) Szczesniak http://www.irkos.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: decrypt with a public key
On Wed, Dec 28, 2011, Ireneusz Szcze??niak wrote: Hi, In public key cryptography, a message encrypted with a private key can be decrypted with a public key, and so I tried: openssl rsautl -encrypt -inkey private-key -in message -out cryptogram openssl rsautl -decrypt -inkey public-key -pubin -in cryptogram The problem is that the second command gives me: A private key is needed for this operation Why can't one decrypt with a public key? I do realize that I can convince the recipient of the message that the message is indeed mine by signing the message. Try the -sign and -verify options instead. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: decrypt with a public key
Thank you, Steve, for your post. Let me explain what I'm trying to do. In the public key cryptography: message = Dprv(Epub(message)) = Dpub(Eprv(message) D stands for decrypt, E for encrypt prv - private key, pub - private key And so I tried to do this with the openssl command. On 28.12.2011 18:28, Dr. Stephen Henson wrote: On Wed, Dec 28, 2011, Ireneusz Szcze??niak wrote: Hi, In public key cryptography, a message encrypted with a private key can be decrypted with a public key, and so I tried: openssl rsautl -encrypt -inkey private-key -in message -out cryptogram openssl rsautl -decrypt -inkey public-key -pubin -in cryptogram The problem is that the second command gives me: A private key is needed for this operation Why can't one decrypt with a public key? I do realize that I can convince the recipient of the message that the message is indeed mine by signing the message. Try the -sign and -verify options instead. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org -- Ireneusz (Irek) Szczesniak http://www.irkos.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: decrypt with a public key
On Wed, Dec 28, 2011, Ireneusz Szcze??niak wrote: Thank you, Steve, for your post. Let me explain what I'm trying to do. In the public key cryptography: message = Dprv(Epub(message)) = Dpub(Eprv(message) D stands for decrypt, E for encrypt prv - private key, pub - private key And so I tried to do this with the openssl command. The public key decrypt and private encrypt operations correspond to the -verify and -sign options to rsautl which is why I suggested them. The default padding is however different in accordance with the PKCS#1 standard. That can be changed on the commmand line too. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: decrypt with a public key
When you use public key algorithms: You encrypt with the recipient's public key and the recipient decrypts with their private key. You sign with your private key and the recipient verifies with your public key. owner-openssl-us...@openssl.org wrote on 12/28/2011 01:43:17 PM: From: Ireneusz Szcześniak irek.szczesn...@gmail.com To: openssl-users@openssl.org, Date: 12/28/2011 01:45 PM Subject: Re: decrypt with a public key Sent by: owner-openssl-us...@openssl.org Thank you, Steve, for your post. Let me explain what I'm trying to do. In the public key cryptography: message = Dprv(Epub(message)) = Dpub(Eprv(message) D stands for decrypt, E for encrypt prv - private key, pub - private key And so I tried to do this with the openssl command. On 28.12.2011 18:28, Dr. Stephen Henson wrote: On Wed, Dec 28, 2011, Ireneusz Szcze??niak wrote: Hi, In public key cryptography, a message encrypted with a private key can be decrypted with a public key, and so I tried: openssl rsautl -encrypt -inkey private-key -in message -out cryptogram openssl rsautl -decrypt -inkey public-key -pubin -in cryptogram The problem is that the second command gives me: A private key is needed for this operation Why can't one decrypt with a public key? I do realize that I can convince the recipient of the message that the message is indeed mine by signing the message. Try the -sign and -verify options instead. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org -- Ireneusz (Irek) Szczesniak http://www.irkos.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: decrypt with a public key
On 28.12.2011 19:50, Dr. Stephen Henson wrote: The public key decrypt and private encrypt operations correspond to the -verify and -sign options to rsautl which is why I suggested them. Now I understand. I mistakenly thought that -sign and -verify were used to attach and examine an encrypted hash of the message, i.e. a message signature. Thank you for your help! -- Ireneusz (Irek) Szczesniak http://www.irkos.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
