4

What I'd like to know is simple. Can I use OpenSSL to encrypt a string "hello" with a private key then send it to everyone who can decrypt it with the public key to retrieve the original string.

I've searched all around and can't really find anything.

Mathematically I can use the private exponent and public modulus to perform an encryption then use the public exponent and public modulus to perform the decryption.

Can I do this with OpenSSL?

I've read that this is considered signing. Then how can I sign with my private key and receive the original data from the signed file with just the public key?

I've read a lot of the responses on the web and they're all vague. Can anyone give me clear solutions?

If it is possible to encrypt with a private key and decrypt with public can anyone give me an example on how to do it with the openssl tool? Or do I have to write my own implementation?

jww
  • 97,681
  • 90
  • 411
  • 885
StackPointer
  • 69
  • 1
  • 1
  • 5
  • OpenSSL comes with a command line tool that performs various functions, including signing and signature validation. Since OpenSSL is open source, you can simply examine how that code does those things. See [this question](http://stackoverflow.com/q/20813730/315052) for a start. – jxh Jun 08 '15 at 20:14
  • When you say, "Can I do this with OpenSSL", do you mean the command-line tool `openssl` or `libcrypto`, the cryptographic algorithms library? There is a difference. One involves writing code. The answer to *both* is *yes*, but the mechanics in doing so are obviously different. – WhozCraig Jun 08 '15 at 20:22
  • If you're trying to do this through libcrypto, look into the RSA functions for example. Like [generating key pairs](https://www.openssl.org/docs/crypto/RSA_generate_key.html), and [encrypting](https://www.openssl.org/docs/crypto/RSA_private_encrypt.html) and [decrypting](https://www.openssl.org/docs/crypto/RSA_public_encrypt.html). – Michael Jun 08 '15 at 20:25
  • http://stackoverflow.com/a/17302168/1462337 – rhashimoto Jun 08 '15 at 21:55
  • Well I did mean the command-line tool openssl. But libcrypto would be fine too. But @WhozCraig you said the answer to both is yes. Could you provide any examples on how to do this? And I don't mind writing my own implementation, I'm wondering if the means to do so is currently available. – StackPointer Jun 08 '15 at 22:16
  • Please don't clobber your own question like this. I've rolled back your edit. If you think the question is not useful, you can delete it. – Keith Thompson Jun 08 '15 at 23:10
  • "Encrypt with the private key" is not a vlid crypto operation, despite the results of `grep -R -i private_encrypt *` in OpenSSL. Perhaps you want a [Signature Scheme with Recovery](http://www.google.com/search?q="Signature+Scheme+with+Recovery"). – jww Jun 09 '15 at 01:56
  • 1
    This question appears to be off-topic because it is not about programming or development. See [What topics can I ask about here](http://stackoverflow.com/help/on-topic) in the Help Center. Perhaps [Cryptography Stack Exchange](http://crypto.stackexchange.com/) or [Information Security Stack Exchange](http://security.stackexchange.com/) would be a better place to ask. – jww Jun 09 '15 at 01:57
  • Yes. I already flagged it, now I need it to be deleted. – StackPointer Jun 09 '15 at 02:20
  • @StackPointer - I rolled back the changes; please don't take it personally. Its easier on everyone when the questions stays about the same. If you want to delete it, then flag it for the moderators (which you did). They will get to it in time. I'll up vote it for you since you are trying to do the right thing. That will offset the down vote. – jww Jun 09 '15 at 03:35

2 Answers2

1

Encrypting with the private key is not considered signing. Using RSA, there is in fact encryption using the private key, but this is just an implementation detail of RSA, and it is not encrypting the message, but a hash of the message, so no, verifying the signature does not bring back the original plaintext message.

Yes you can sign and verify signatures in OpenSSL -- cf. https://www.openssl.org/docs/crypto/RSA_sign.html

No, you should not use "textbook RSA" with the modulus and exponent to roll your own encryption. Cf. here, for example: https://crypto.stackexchange.com/questions/1448/definition-of-textbook-rsa

No, you should not swap the use of the private and public keys by encrypting data with the private key and decrypting with the public. Cf. for example https://stackoverflow.com/a/2350959/233596.

UPDATE:

This page suggests that you can use the OpenSSL C interface to encrypt with the private key and decrypt with the public key, by way of these function prototypes:

 int RSA_public_encrypt(int flen, unsigned char *from,
    unsigned char *to, RSA *rsa, int padding);
 int RSA_private_decrypt(int flen, unsigned char *from,
    unsigned char *to, RSA *rsa, int padding);
 int RSA_private_encrypt(int flen, unsigned char *from,
    unsigned char *to, RSA *rsa,int padding);
 int RSA_public_decrypt(int flen, unsigned char *from, 
    unsigned char *to, RSA *rsa,int padding);

(I did not actually try using these functions.)

I tried using the openssl rsautl command line:

$ openssl rsautl -in HELLO -out HELLO.encrypt_by_private -inkey private.pem -encrypt

However:

$ openssl rsautl -in  HELLO.encrypt_by_private -pubin -inkey public.pem -decrypt
A private key is needed for this operation

So, I would say that the command line tool will not do it.

Community
  • 1
  • 1
Jim Flood
  • 8,144
  • 3
  • 36
  • 48
  • Thank you for the reply. It's not really a matter of "playing with fire" it's just a simple yes or no, can I do it. I want to be able to encrypt with my private key. I was refering to the openssl tool, not the library it had used. But does the current implementation not support encrypting the actual data, rather than the hash of the data? – StackPointer Jun 08 '15 at 22:14
  • @StackPointer I updated my answer. I would guess that the C interface will do it (I did not actually try it), but that the command-line tool will not let you swap the keys around. – Jim Flood Jun 09 '15 at 20:02
  • The "This page" link in the update is now a dead link. – JWWalker Aug 30 '18 at 17:49
  • @JWWalker argh. Anyway, I had copied the info of interest. I doubt there was much more interesting on that page than the prototypes. – Jim Flood Aug 30 '18 at 21:47
0

Signing and encrypting are two entirely different concepts. It wouldn't make much sense to encrypt something with your private key and then distribute it to be encrypted with your public key. Your public key is inherently available, being that it is public, which defeats the purpose of encrypting.

Traditionally, encryption is done with someone else's public key in a way that permits the message to be decrypted only with the private key.

Signing, on the other, generally involves hashing the message using your private key as a seed value. Using the public key you hash the message again and compare your hash to the original hash. If they correspond (they won't be identical), then you have verified that the only possible sender is the holder of the private key (which may or may not be who you believe it is, if that has been compromised)

Jonathon Anderson
  • 1,162
  • 1
  • 8
  • 24
  • 4
    Yes but it's not a matter of why I should or shouldn't do it. I have reasons for wanting to do it. – StackPointer Jun 08 '15 at 22:13
  • This is a bad answer. There are scenarios where it totally makes sense to encrypt the data with the private key and decrypt it with the public key. – Arwed Mett Oct 24 '20 at 17:50