8

When I use openssl genrsa -out yourdomain.key 2048 command to generate a key. I understand the yourdomain.key file contains both the private and public keys. But when I check the content of this key file, it starts and ends with -----BEGIN PRIVATE KEY----- and -----END PRIVATE KEY-----, which gives feeling that this file is just the private key. Why is that? This makes me very confused.

If I want to encrypt a message using private key, do I apply the entire yourdomain.key key? Or should I extract the private key part from it and use that?

Glorfindel
  • 2,235
  • 6
  • 18
  • 30
Zhen
  • 99
  • 1
  • 3
  • 3
    Note: [RSA signing is not decryption](https://www.cs.cornell.edu/courses/cs5430/2015sp/notes/rsa_sign_vs_dec.php) – kelalaka Sep 18 '19 at 08:30

2 Answers2

12

Do not use the OpenSSL command line to encrypt or sign anything. The OpenSSL command line is a debugging tool. To encrypt or sign a message, use a tool designed for this purpose, such as GPG.

A private key file contains all the information needed to construct the public key. If you have a private key in a format that OpenSSL understands and you want to get the corresponding public key, you can use openssl pkey -pubout …. But that's not the format GPG needs. GPG generates its own keys.

Gilles 'SO- stop being evil'
  • 50,912
  • 13
  • 120
  • 179
  • 4
    "The OpenSSL command line is a debugging tool." Why would that disqualify it? You could still use the generated key to encrypt a message, right? Whether it's compatible with GPG is another matter. – Mast Sep 18 '19 at 09:11
  • 9
    It's not a debugging tool. It's perfectly fine to use it to encrypt things. GPG is just easier to use so you're less likely to do the wrong thing. – OrangeDog Sep 18 '19 at 09:38
  • OP never even specified GPG – Lightness Races in Orbit Sep 18 '19 at 10:10
  • 2
    @LightnessRacesinOrbit Precisely: the question makes an incorrect (but excusable) assumption that `openssl` is in any way a usable tool to encrypt data. You can do it if you know exactly what you're doing and you avoid the myriad ways to do it wrong and you don't care about using any standard format. It's one of those things where if you need to ask, don't do it. – Gilles 'SO- stop being evil' Sep 18 '19 at 10:20
  • 1
    Except they did ask, and so now they know how to do it. – Lightness Races in Orbit Sep 18 '19 at 10:55
  • 4
    @LightnessRacesinOrbit No. They now know how to get something that works functionally. We're on [security.se], getting something that works functionally is not the goal. – Gilles 'SO- stop being evil' Sep 18 '19 at 11:23
  • 1
    If you can explain to us why the OpenSSL solution is insecure, or unsafe, or unsound, that would make a valid critique of Thorium's answer. But just making broad claims and assertions without explanation, and discussing unmentioned technologies as if they had been the premise of the question, is not the goal of _any_ SE site. – Lightness Races in Orbit Sep 18 '19 at 12:09
  • Gilles explained precisely why OpenSSL is insecure: It is very poorly documented, but throughout the net, you find myriads of examples which somehow work, but absolutely no warnings about security along them. For example, how does `openssl genrsa -aes256` encrypt the key? Well, it's AES-256, so it must be safe, right? BANG: It uses a ridiculous KDF (basically MD5 of your passphrase), so your password can be cracked in no time. So we have a massive safety problem (of course practically undocumented) even in the very first step (the key generation) - and that's only the beginning. – Binarus Sep 25 '20 at 14:47
  • @Binarus Your assumption of saying that OpenSSL is a debugging tool and not suitable to manage certificates doesn't make sense. Have you been "deep" to using this tool? Or have you been "disqualified" because it is not very user friendly and require some practice? There are default parameters and you should actually look into it and check the end result and finally know what you are doing. I found it hard to use at first but after some research I got into it. As far as I can say it is a good tool. – t1m0th33 Dec 24 '20 at 18:27
  • @t1m0th33 The openssl command line does many things with various degrees of quality. To encrypt messages, it's awful. To manage keys and certificates, it's passable. Modern versions have improved a bit (e.g. `pkey` rather than key-type-specific commands). I do recommend it for basic certificate management, not because it's really good, but because you can find a ton of recipes on the web. The fact that it's not user friendly disqualifies it from being good: when it comes to security and especially cryptography, non-user-friendly means it's easy to shoot yourself in the foot without noticing. – Gilles 'SO- stop being evil' Dec 24 '20 at 19:49
  • @Gilles'SO-stopbeingevil' I actually use it to manage certificates but at some point, someone would use some PKI app. In my opinion openssl was created for the SSL protocol which is now TLS. To be honest I struggled in the beginning to use the beast but I'm more comfortable now with it. It is easier with templates but it remains a mix of cli and conf file AFAIAC. Hopefully we get help from internet as it is a widely used tool. As certificates looks to be its first purpose, using it otherwise is to use it at our own risk. But anyway, the main answer is purely an opinion not very useful. – t1m0th33 Dec 24 '20 at 21:48
  • @t1m0th33 You said: *@Binarus Your assumption of saying that OpenSSL is a debugging tool ...* I didn't say that. It was Gilles who said it in his answer. The only thing I did was replying to Lightness's comment, who wanted a deeper explanation or examples of why OpenSSL is insecure. – Binarus Dec 25 '20 at 14:27
11

The private key is used to decrypt, and to sign things. You don't use it to encrypt. You use the public key for that. But openssl genrsa will not generate the public key, only the private. To encrypt things, you must first generate the public key (so you have a keypair: private and public):

openssl rsa -in yourdomain.key -outform PEM -pubout -out public.pem

This will create public.pem file with, well, the public key. Use it to encript the file:

openssl rsautl -encrypt -inkey public.pem  -pubin -in file.txt -out file.enc

To decrypt later, you use the private key:

openssl rsautl -decrypt -inkey yourdomain.key -in file.enc  -out file.dec
Benoit Esnard
  • 13,942
  • 7
  • 65
  • 65
ThoriumBR
  • 50,648
  • 13
  • 127
  • 142
  • 1
    what do you think signing is if not encrypting information? Related: https://security.stackexchange.com/questions/9957/can-i-use-a-private-key-as-a-public-key-and-vice-versa – eis Sep 18 '19 at 05:21
  • but in general, of course, you're correct, and this answer is probably what OP needs – eis Sep 18 '19 at 05:23
  • 1
    "You don't use it to encrypt" Depends on what you're trying to do, obviously. – Hugo Sep 18 '19 at 08:31
  • 2
    @eis As I understand it, signing usually involves only encrypting a _hash_ of the data being signed: the data itself usually isn't encrypted (as part of the signing process). – TripeHound Sep 18 '19 at 09:26
  • @eis Signing is not encrypting. Not at all. They're completely different operations. Even with RSA. RSA is more than just the exponentiation operation, which is the only part that works the same in both direction. Key generation and encoding are completely different. – Gilles 'SO- stop being evil' Sep 18 '19 at 10:21
  • @Gilles they are different operations, but what signing does in the process is that it encrypts information (namely, the hash of data). When signing, you do use the private key to encrypt information, which was the point. – eis Sep 18 '19 at 13:35
  • @TripeHound yes – eis Sep 18 '19 at 13:36
  • @eis No, when signing, you use the private key to _sign_ information, not to encrypt it. You aren't trying to protect the confidentiality of the message and no secret is needed to invert the operation, so this can't be encryption. – Gilles 'SO- stop being evil' Sep 18 '19 at 13:40
  • encryption is a process where you convert plain text information to a ciphertext using some algorithm (cipher). this is what happens during signing. if you disagree with that definition of encryption, you can, but I don't think we're in disagreement about the process. – eis Sep 18 '19 at 13:56
  • The issue is the terminology. @Gilles is right here. The process may be similar for *sign* and *encript*, but they are meant to different uses, so different terms. – ThoriumBR Sep 18 '19 at 14:10