1. Use openssl rsautl for encryption, decryption, signature, and verification
[kyzjj@yyzc-zjjcs04 openssl]$ openssl rsautl --help
Usage: rsautl [options]
-in file input file
-out file output file
-inkey file input key
-keyform arg private key format - default PEM
-pubin input is an RSA public
-certin input is a certificate carrying an RSA public key
-ssl use SSL v2 padding
-raw use no padding
-pkcs use PKCS#1 v1.5 padding (default)
-oaep use PKCS#1 OAEP
-sign sign with private key
-verify verify with public key
-encrypt encrypt with public key
-decrypt decrypt with private key
-hexdump hex dump output
-engine e use engine e, possibly a hardware device.
-passin arg pass phrase source
[kyzjj@yyzc-zjjcs04 openssl]$
2. Use private key to sign openssl rsautl -sign
[kyzjj@yyzc-zjjcs04 openssl]$ cat test
hello world
[kyzjj@yyzc-zjjcs04 openssl]$ openssl rsautl -sign -inkey private.key -in test -out sign-test
[kyzjj@yyzc-zjjcs04 openssl]$
3. Use public key to verify openssl rsautl -verify
[kyzjj@yyzc-zjjcs04 openssl]$ openssl rsautl -sign -inkey private.key -in test -out sign-test
[kyzjj@yyzc-zjjcs04 openssl]$ openssl rsautl -verify -inkey public.key -pubin -in sign-test
hello world
[kyzjj@yyzc-zjjcs04 openssl]$
The above method can confirm the identity. If I can decrypt it with this public key, it must be sent by you, because only you have the private key.
4. Use public key encryption
[kyzjj@yyzc-zjjcs04 openssl]$ openssl rsautl -encrypt -inkey public.key -pubin -in test -out en-test
[kyzjj@yyzc-zjjcs04 openssl]$
5. Decrypt using private key
[kyzjj@yyzc-zjjcs04 openssl]$ openssl rsautl -decrypt -inkey private.key -in en-test
hello world
[kyzjj@yyzc-zjjcs04 openssl]$