LabEx
Log InJoin Free

Asymmetric Encryption with RSA in Cryptography

LinuxBeginner
Practice Now

Introduction

In this lab, you will explore the principles of asymmetric encryption, a cornerstone of modern cryptography. Unlike symmetric encryption which uses a single key for both encryption and decryption, asymmetric encryption utilizes a pair of keys: a public key and a private key.

The public key is used for encryption and can be shared with anyone. The private key is kept secret and is used for decryption. This mechanism allows for secure communication without the need to share a secret key beforehand.

We will use the widely-adopted RSA algorithm and the powerful openssl command-line tool to demonstrate this process. You will learn how to generate a key pair, encrypt a message with the public key, and decrypt it with the private key. All operations will be performed in the terminal within your ~/project directory.

Asymmetric Encryption Fundamentals

In this step, you will learn the core concepts of asymmetric encryption, also known as public-key cryptography. This is a conceptual step with no commands to execute, but understanding these principles is crucial for the hands-on tasks that follow.

Asymmetric encryption relies on two distinct but mathematically linked keys:

  • Public Key: This key is made available to everyone. Its primary function is to encrypt data. Anyone who has the public key can encrypt a message, but they cannot use it to decrypt that same message. Think of it as an open mailbox slot: anyone can drop a letter in.

  • Private Key: This key must be kept secret and secure by its owner. Its function is to decrypt data that has been encrypted with its corresponding public key. Only the person holding the private key can decrypt the message. In our mailbox analogy, the private key is the unique key that can open the mailbox and retrieve the letters.

This one-way relationship is the foundation of secure communication over insecure networks. In the following steps, you will generate your own public/private key pair and use them to encrypt and decrypt a message.

Generate RSA Key Pair

In this step, you will generate an RSA key pair using the openssl command-line tool. This command will create a single file that contains both the private and public key components.

Execute the following command in your terminal. All commands in this lab should be run from the default ~/project directory.

openssl genrsa -out private.pem 2048

Let's break down this command:

  • openssl: The command to invoke the OpenSSL toolkit.
  • genrsa: The specific command to generate an RSA private key.
  • -out private.pem: This flag specifies the output file name for the key. We are naming it private.pem.
  • 2048: This is the length of the key in bits. 2048 bits is a standard, secure length for RSA keys.

Now, verify that the file private.pem has been created in your current directory using the ls command.

ls

You should see private.pem listed in the output.

private.pem

Extract Public Key

In this step, you will extract the public key from the private.pem file you created. While the private key file contains all the necessary components, you need a separate public key file that you can safely share with others for encrypting messages.

Use the following command to extract the public key:

openssl rsa -in private.pem -pubout -out public.pem

Here is a breakdown of the command:

  • openssl rsa: This command is used for processing RSA keys.
  • -in private.pem: Specifies the input file, which is our private key.
  • -pubout: This flag instructs openssl to extract and output the public part of the key.
  • -out public.pem: Specifies the name of the output file for the public key.

The command will produce a short output confirming the operation.

writing RSA key

Now, list the files in your directory again to see both the private and public keys.

ls

You should now see both private.pem and public.pem.

private.pem  public.pem

You can view the contents of the public key file. It's a text file in PEM format.

cat public.pem

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA...
...
-----END PUBLIC KEY-----

Encrypt Message with Public Key

In this step, you will create a secret message and then encrypt it using the public key you just extracted. Only someone with the corresponding private key will be able to decrypt it.

First, let's create a simple text file containing our secret message.

echo "This is a secret message." > message.txt

This command creates a file named message.txt with the specified content. Now, let's encrypt this file using the public key.

openssl pkeyutl -encrypt -pubin -inkey public.pem -in message.txt -out encrypted.bin

Let's examine this command:

  • openssl pkeyutl: A utility for performing public key operations like encryption and decryption.
  • -encrypt: Specifies that we want to perform an encryption operation.
  • -pubin: Indicates that the input key (-inkey) is a public key.
  • -inkey public.pem: Specifies the public key to use for encryption.
  • -in message.txt: The input file containing the plaintext message.
  • -out encrypted.bin: The output file where the encrypted data (ciphertext) will be stored.

After running the command, a new file encrypted.bin will be created. If you try to view its content, you will see unreadable binary data, which is the encrypted form of your message.

cat encrypted.bin

The output will be a string of garbled characters, confirming the message is encrypted.

Decrypt Message with Private Key

In this final step, you will decrypt the encrypted message using your private key to retrieve the original plaintext. This demonstrates that only the holder of the private key can access the secret information.

Use the following command to decrypt encrypted.bin:

openssl pkeyutl -decrypt -inkey private.pem -in encrypted.bin -out decrypted.txt

Let's review the command options:

  • openssl pkeyutl: The same utility as before.
  • -decrypt: This time, we specify the decryption operation.
  • -inkey private.pem: Specifies the private key to use for decryption.
  • -in encrypted.bin: The input file containing the encrypted ciphertext.
  • -out decrypted.txt: The output file where the recovered plaintext will be saved.

This command will create a new file named decrypted.txt. To verify that the decryption was successful, display the contents of this new file.

cat decrypted.txt

You should see your original message perfectly restored.

This is a secret message.

Congratulations! You have successfully performed a full asymmetric encryption and decryption cycle using RSA and OpenSSL.

Summary

In this lab, you have gained hands-on experience with asymmetric encryption using the RSA algorithm and the OpenSSL toolkit.

You have learned the fundamental difference between public and private keys and their respective roles in securing communication.

Specifically, you have practiced the following key skills:

  • Generating a 2048-bit RSA key pair using openssl genrsa.
  • Extracting a public key from a private key file using openssl rsa.
  • Encrypting a plaintext message with a public key using openssl pkeyutl.
  • Decrypting the resulting ciphertext with the corresponding private key using openssl pkeyutl.

These skills are fundamental to understanding and implementing secure systems in various applications, from secure web browsing (HTTPS) to encrypted email and digital signatures.

Related Linux Courses
Quick Start with Linux

Quick Start with Linux

linux
Become a Junior System Administrator

Become a Junior System Administrator

linuxshell
Linux for Noobs

Linux for Noobs

linux