Mdthbs

Can one guy with a duplicator initiate a nuclear apocalypse?

What is the expected way to acquire costly material components?

The 100 soldier problem

Why are Fuji lenses more expensive than others?

Persuading players to be less attached to a pre-session 0 character concept

Why do things cool down?

Debussy as term for bathroom?

What was the deeper meaning of Hermione wanting the cloak?

How should I avoid someone patenting technology in my paper/poster?

Temporarily moving a SQL Server 2016 database to SQL Server 2017 and then moving back. Is it possible?

Which museums have artworks of all four ninja turtles' namesakes?

Why do we need to use transistors when building an OR gate?

Applications of mathematics in clinical setting

Is there any actual security benefit to restricting foreign IPs?

What is the origin of the "being immortal sucks" trope?

Are the cores of every mountain range igneous?

Escape the labyrinth!

How to ask a man to not take up more than one seat on public transport while avoiding conflict?

What did the controller say during my approach to land (audio clip)?

Is there an in-universe reason Harry says this or is this simply a Rowling mistake?

Removing rows containing NA in every column

How often is duct tape used during crewed space missions?

How to count the number of function evaluations in NIntegrate

Audire, with accusative or dative?

I have a private key file and I want to encrypt

Can I use a private key as a public key and vice versa?Risks associated with distributing encrypted private key with our software?Determine if private key belongs to certificate?Creating a private key with OpenSSL and encrypting it with AES GCMGenerate CSR and private key with password with OpenSSLSuggestion on asymmetric (hybrid encryption) encryption for big fileAssemble P12 from local cert and HSM private key pointer?Using OpenSSL to encrypt/decrypt a file?PEM, CER, CRT, P12 - what is it all about?

.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ margin-bottom:0;
}

5

When I use openssl genrsa -out yourdomain.key 2048 command to generate a key. I understand the yourdomain.key file contains both the private and public keys. But when I check the content of this key file, it starts and ends with -----BEGIN PRIVATE KEY----- and -----END PRIVATE KEY-----, which gives feeling that this file is just private key. Why is that? This makes me very confused.

If I want to encrypt a message using private key, so I apply the entire yourdomain.key key? Or should I extract the private key part from it and use that?

cryptography openssl asymmetric

share|improve this question

edited 10 hours ago

Gilles

41.6k1212 gold badges100100 silver badges155155 bronze badges

asked 10 hours ago

ZhenZhen

2911 bronze badge

New contributor

Zhen is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

add a comment
 | 

5

When I use openssl genrsa -out yourdomain.key 2048 command to generate a key. I understand the yourdomain.key file contains both the private and public keys. But when I check the content of this key file, it starts and ends with -----BEGIN PRIVATE KEY----- and -----END PRIVATE KEY-----, which gives feeling that this file is just private key. Why is that? This makes me very confused.

If I want to encrypt a message using private key, so I apply the entire yourdomain.key key? Or should I extract the private key part from it and use that?

cryptography openssl asymmetric

share|improve this question

edited 10 hours ago

Gilles

41.6k1212 gold badges100100 silver badges155155 bronze badges

asked 10 hours ago

ZhenZhen

2911 bronze badge

New contributor

Zhen is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

add a comment
 | 

When I use openssl genrsa -out yourdomain.key 2048 command to generate a key. I understand the yourdomain.key file contains both the private and public keys. But when I check the content of this key file, it starts and ends with -----BEGIN PRIVATE KEY----- and -----END PRIVATE KEY-----, which gives feeling that this file is just private key. Why is that? This makes me very confused.

If I want to encrypt a message using private key, so I apply the entire yourdomain.key key? Or should I extract the private key part from it and use that?

cryptography openssl asymmetric

share|improve this question

edited 10 hours ago

Gilles

41.6k1212 gold badges100100 silver badges155155 bronze badges

asked 10 hours ago

ZhenZhen

2911 bronze badge

New contributor

Zhen is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

share|improve this question

edited 10 hours ago

Gilles

41.6k1212 gold badges100100 silver badges155155 bronze badges

asked 10 hours ago

ZhenZhen

2911 bronze badge

New contributor

Zhen is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

share|improve this question

edited 10 hours ago

Gilles

41.6k1212 gold badges100100 silver badges155155 bronze badges

asked 10 hours ago

ZhenZhen

2911 bronze badge

New contributor

Zhen is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

edited 10 hours ago

Gilles

41.6k1212 gold badges100100 silver badges155155 bronze badges

edited 10 hours ago

Gilles

41.6k1212 gold badges100100 silver badges155155 bronze badges

asked 10 hours ago

ZhenZhen

2911 bronze badge

New contributor

Zhen is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

asked 10 hours ago

ZhenZhen

2911 bronze badge

2 Answers
2

active

oldest

votes

7

Do not use the OpenSSL command line to encrypt or sign anything. The OpenSSL command line is a debugging tool. To encrypt or sign a message, use a tool designed for this purpose, such as GPG.

A private key file contains all the information needed to construct the public key. If you have a private key in a format that OpenSSL understands and you want to get the corresponding public key, you can use openssl pkey -pubout …. But that's not the format GPG needs. GPG generates its own keys.

share|improve this answer

answered 10 hours ago

GillesGilles

41.6k1212 gold badges100100 silver badges155155 bronze badges

add a comment
 | 

2

The private key is used to decrypt, and to sign things. You don't use it to encrypt. You use the public key for that. But openssl genrsa will not generate the public key, only the private. To encrypt things, you must first generate the public key (so you have a keypair: private and public):

openssl rsa -in yourdomain.key -outform PEM -pubout -out public.pem

This will create public.pem file with, well, the public key. Use it to encript the file:

openssl rsautl -encrypt -inkey public.pem  -pubin -in file.txt -out file.enc

To decrypt later, you use the private key:

openssl rsautl -decrypt -inkey yourdomain.key -in file.enc  -out file.dec

share|improve this answer

edited 1 hour ago

Benoit Esnard

11.4k77 gold badges5656 silver badges5959 bronze badges

answered 9 hours ago

ThoriumBRThoriumBR

28k88 gold badges6868 silver badges8686 bronze badges

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  what do you think signing is if not encrypting information? Related: security.stackexchange.com/questions/9957/…
  
  – eis
  42 mins ago
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  but in general, of course, you're correct, and this answer is probably what OP needs
  
  – eis
  40 mins ago
  

  
  
  
  

add a comment
 | 

Your Answer

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "162"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/4.0/"u003ecc by-sa 4.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});

Zhen is a new contributor. Be nice, and check out our Code of Conduct.

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f218169%2fi-have-a-private-key-file-and-i-want-to-encrypt%23new-answer', 'question_page');
}
);

Post as a guest

Name

Email

Required, but never shown

7

Do not use the OpenSSL command line to encrypt or sign anything. The OpenSSL command line is a debugging tool. To encrypt or sign a message, use a tool designed for this purpose, such as GPG.

A private key file contains all the information needed to construct the public key. If you have a private key in a format that OpenSSL understands and you want to get the corresponding public key, you can use openssl pkey -pubout …. But that's not the format GPG needs. GPG generates its own keys.

share|improve this answer

answered 10 hours ago

GillesGilles

41.6k1212 gold badges100100 silver badges155155 bronze badges

add a comment
 | 

7

Do not use the OpenSSL command line to encrypt or sign anything. The OpenSSL command line is a debugging tool. To encrypt or sign a message, use a tool designed for this purpose, such as GPG.

A private key file contains all the information needed to construct the public key. If you have a private key in a format that OpenSSL understands and you want to get the corresponding public key, you can use openssl pkey -pubout …. But that's not the format GPG needs. GPG generates its own keys.

share|improve this answer

answered 10 hours ago

GillesGilles

41.6k1212 gold badges100100 silver badges155155 bronze badges

add a comment
 | 

Do not use the OpenSSL command line to encrypt or sign anything. The OpenSSL command line is a debugging tool. To encrypt or sign a message, use a tool designed for this purpose, such as GPG.

A private key file contains all the information needed to construct the public key. If you have a private key in a format that OpenSSL understands and you want to get the corresponding public key, you can use openssl pkey -pubout …. But that's not the format GPG needs. GPG generates its own keys.

share|improve this answer

answered 10 hours ago

GillesGilles

41.6k1212 gold badges100100 silver badges155155 bronze badges

share|improve this answer

answered 10 hours ago

GillesGilles

41.6k1212 gold badges100100 silver badges155155 bronze badges

answered 10 hours ago

GillesGilles

41.6k1212 gold badges100100 silver badges155155 bronze badges

answered 10 hours ago

GillesGilles

41.6k1212 gold badges100100 silver badges155155 bronze badges

2

The private key is used to decrypt, and to sign things. You don't use it to encrypt. You use the public key for that. But openssl genrsa will not generate the public key, only the private. To encrypt things, you must first generate the public key (so you have a keypair: private and public):

openssl rsa -in yourdomain.key -outform PEM -pubout -out public.pem

This will create public.pem file with, well, the public key. Use it to encript the file:

openssl rsautl -encrypt -inkey public.pem  -pubin -in file.txt -out file.enc

To decrypt later, you use the private key:

openssl rsautl -decrypt -inkey yourdomain.key -in file.enc  -out file.dec

share|improve this answer

edited 1 hour ago

Benoit Esnard

11.4k77 gold badges5656 silver badges5959 bronze badges

answered 9 hours ago

ThoriumBRThoriumBR

28k88 gold badges6868 silver badges8686 bronze badges

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  what do you think signing is if not encrypting information? Related: security.stackexchange.com/questions/9957/…
  
  – eis
  42 mins ago
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  but in general, of course, you're correct, and this answer is probably what OP needs
  
  – eis
  40 mins ago
  

  
  
  
  

add a comment
 | 

2

The private key is used to decrypt, and to sign things. You don't use it to encrypt. You use the public key for that. But openssl genrsa will not generate the public key, only the private. To encrypt things, you must first generate the public key (so you have a keypair: private and public):

openssl rsa -in yourdomain.key -outform PEM -pubout -out public.pem

This will create public.pem file with, well, the public key. Use it to encript the file:

openssl rsautl -encrypt -inkey public.pem  -pubin -in file.txt -out file.enc

To decrypt later, you use the private key:

openssl rsautl -decrypt -inkey yourdomain.key -in file.enc  -out file.dec

share|improve this answer

edited 1 hour ago

Benoit Esnard

11.4k77 gold badges5656 silver badges5959 bronze badges

answered 9 hours ago

ThoriumBRThoriumBR

28k88 gold badges6868 silver badges8686 bronze badges

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  what do you think signing is if not encrypting information? Related: security.stackexchange.com/questions/9957/…
  
  – eis
  42 mins ago
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  but in general, of course, you're correct, and this answer is probably what OP needs
  
  – eis
  40 mins ago
  

  
  
  
  

add a comment
 | 

The private key is used to decrypt, and to sign things. You don't use it to encrypt. You use the public key for that. But openssl genrsa will not generate the public key, only the private. To encrypt things, you must first generate the public key (so you have a keypair: private and public):

openssl rsa -in yourdomain.key -outform PEM -pubout -out public.pem

This will create public.pem file with, well, the public key. Use it to encript the file:

openssl rsautl -encrypt -inkey public.pem  -pubin -in file.txt -out file.enc

To decrypt later, you use the private key:

openssl rsautl -decrypt -inkey yourdomain.key -in file.enc  -out file.dec

share|improve this answer

edited 1 hour ago

Benoit Esnard

11.4k77 gold badges5656 silver badges5959 bronze badges

answered 9 hours ago

ThoriumBRThoriumBR

28k88 gold badges6868 silver badges8686 bronze badges

openssl rsa -in yourdomain.key -outform PEM -pubout -out public.pem

openssl rsautl -encrypt -inkey public.pem  -pubin -in file.txt -out file.enc

openssl rsautl -decrypt -inkey yourdomain.key -in file.enc  -out file.dec

share|improve this answer

edited 1 hour ago

Benoit Esnard

11.4k77 gold badges5656 silver badges5959 bronze badges

answered 9 hours ago

ThoriumBRThoriumBR

28k88 gold badges6868 silver badges8686 bronze badges

edited 1 hour ago

Benoit Esnard

11.4k77 gold badges5656 silver badges5959 bronze badges

edited 1 hour ago

Benoit Esnard

11.4k77 gold badges5656 silver badges5959 bronze badges

answered 9 hours ago

ThoriumBRThoriumBR

28k88 gold badges6868 silver badges8686 bronze badges

answered 9 hours ago

ThoriumBRThoriumBR

28k88 gold badges6868 silver badges8686 bronze badges