2
Using OpenSSL 1.1.1.b-1, I can generate an RSA keypair and use them to encrypt content:
openssl genrsa -out private_key 4096
openssl rsa -in private_key -pubout -outform PEM -out public_key.pem
openssl rsautl -encrypt -inkey public_key.pem -pubin -in original.txt -out encrypted.enc
openssl rsautl -decrypt -inkey private_key -in encrypted.enc -out original.txt
But attempting to encrypt content with ed25519 keys,
openssl genpkey -algorithm ED25519 -out private_key
openssl pkey -in private_key -pubout -out public_key
openssl pkeyutl -encrypt -inkey public_key -pubin -in original.txt -out encrypted.enc
Results in the error:
pkeyutl: Error initializing context
140302731502080:error:0608B096:digital envelope routines:EVP_PKEY_encrypt_init:operation not supported for this keytype:crypto/evp/pmeth_fn.c:141:
Is OpenSSL 1.1.1.b-1 unable to perform the function, or am I using pkeyutl incorrectly?
What is the broader goal you are striving to achieve, in the furtherance of which you have elected to try using
openssl rsautlandopenssl pkeyutl? – None – 2019-05-16T22:41:11.270The broader goal is to allow a website visitor to leave a message, which uses the above RSA keys through PHP's openssl_public_encrypt function. This way, the visitor does not need to know anything about cryptography, but the message remains encrypted on the server until the admin retrieves it and decrypts it locally. – None – 2019-05-16T23:01:29.290
Consider using libsodium and crypto_box_seal instead. – None – 2019-05-16T23:02:08.750
My understanding of libsodium and crypto_box is that it requires more than a single asymmetric keypair, assuming two users each have a public and private key to encrypt and decrypt messages. Or is it possible to use crypto_box with a single keypair? – None – 2019-05-16T23:10:02.490
crypto_box_seal generates an ephemeral key pair, does crypto_box with it, and sends the public part alongside the ciphertext so the recipient can decrypt. – None – 2019-05-16T23:10:35.193