How to decrypt with public key after encrypt with private key

encryptionopenssl

I encrypted a file with a symmetric key using the openssl command line, and then I encrypted that symmetric key with a RSA public key. I experimented a bit with the encryption and decryption, and then I accidentally encrypted the symmetric key with my RSA private key. The encryption went on with no errors.

So now I can't decrypt the symmetric key so to get to my file. Is there any openssl command that decrypts with the public key?

The command line that I have used for encryption:

openssl rsautl -encrypt -inkey private_key.pem -in symmKey.key -out symmKey.enc

and for the decryption I tried to use:

openssl rsautl -decrypt -inkey public_key.pem -pubin -in symmKey.enc -out symmKey.key

I also tried to verify the symmKey.encwith:

openssl rsautl -verify -inkey public_key.pem -pubin -in symmKey.enc -out symmKey.key

but then I am getting the following error:

RSA operation error
    5968:error:0407008A:rsa routines:RSA_padding_check_PKCS1_type_1:invalid padding:crypto\rsa\rsa_pk1.c:67:
    5968:error:04067072:rsa routines:rsa_ossl_public_decrypt:padding check failed:crypto\rsa\rsa_ossl.c:586:`

Best Answer

You actually haven't encrypted with the private key at all. The encoding of the private key contains both the components required for the private and the public key. The OpenSSL command line is smart enough to select the public key components in the encoded private key when encrypting.

So you can simply decrypt using the private key:

openssl rsautl -decrypt -inkey private_key.pem -in symmKey.enc -out symmKey.key

Note that the modulus is already present in the private key. The public key consists of the modulus and the public exponent, which is generally set to the fifth prime of Fermat: F4 with the value 0x010001 (65537). So it is easy to store it in the private key, if just for convenience.

Related Solutions

How to encrypt a file with an ec public key

The high level strategy for this is as follows:

Generate a temporary EC private key using openssl ec
Use the recipient's public key to derive a shared secret using openssl pkeyutl
Encrypt the plaintext using openssl enc using the derived secret key
Generate the EC public key from the private key using openssl ecparam
Generate the HMAC of the cipher text into a third file using openssl dgst
Delete the EC private key and the shared secret

The manual flow for this should roughly look at follows:

openssl ec -genkey -param_enc explicit -out temppriv.pem -name brainpool512r1
openssl pkeyutl -derive -inkey temppriv.pem -peerkey RecipientsPublicKey.pem -out SharedSecret.bin
openssl dgst -sha256 -out HashedSharedSecret SharedSecret.bin
openssl enc -aes-256-ofb -iv "00000000000000000000000000000000" -K "<Enter Hex From HashedSharedSecret here>" -in YourPlaintextFile -out ciphertext.enc
openssl ecparam -in tempprivkey.pem -pubout -out temppubkey.pem
openssl dgst -sha256 -hmac "<Enter Hex From HashedSharedSecret here>" -out MAC.bin ciphertext.enc
#strip the everything non-hex using your editor from MAC.bin
rm SharedSecret.bin
rm tempprivkey.pem

The script doing the encryption should roughly look like the following:

    #!/bin/sh
    EphemeralPrivateKey=$(openssl ecparam -genkey -param_enc explicit -name brainpool512r1) #generate the ephmeral private key
PrivateKeyBuffer=$(mktemp) #allocate a file to bufer the private key for the derive operation
    PeerPublicKey="$1"
    PlainTextFile="$2"
    EphemeralPublicKeyFile="$3"
    CipherTextFile="$4"
    MACFile="$5"
echo -n "$EphemeralPrivateKey" > $PrivateKeyBuffer  #buffer the private key
    ProcessedDerivedSharedSecret=$(openssl pkeyutl -derive -inkey $PrivateKeyBuffer -peerkey $PeerPublicKey|openssl dgst -sha256) #derive the symmetric key using SHA-256 from the established secret
        rm $PrivateKeyBuffer #remove the temporary file
        ProcessedDerivedSharedSecret=${ProcessedDerivedSharedSecret#*= } #strip the (stdin)=
        openssl enc -aes-256-ofb -iv "0000000000000000000000000000000" -K "$ProcessedDerivedSharedSecret" -in "$PlainTextFile" -out "$CipherTextFile" #encrypt using 0 IV and SHA-256 as key
        MACValue=$(openssl dgst -sha256 -hmac "$ProcessedDerivedSharedSecret" "$CipherTextFile") #MAC it
        MACValue=${MACValue#*= } #strip the (stdin)=
        echo -n "$MACValue" > $MACFile #write the MAC
        echo -n "$EphemeralPrivateKey" | openssl ec -param_enc explicit -pubout -out "$EphemeralPublicKeyFile" #write the ephemeral public key

The above code should work, but may not be optimal. The final message is composed from temppubkey.pem, ciphertext.enc and MAC.bin, you may combine this in whatever way you prefer. Note that my choice for AES-256-OFB is no accident but intentional as CTR, CCM and GCM mode aren't available via the command line. Note further that I preferred AES-256 over the standard choice of AES-128 here because we can simply plug the output of SHA-256 in there. Note even further that using an all-zero IV is secure here as OFB "only" requires unique IVs per key and each key is fully random.

As for the security considerations: This method will generate a temporary private key for each file, ensuring all encryptions are unique and leakage of one shared secret won't leak all shared secrets for the same pair of communication partners. You could use digital signatures to ensure the message actually came from the same source.

Decrypt with GPG, says I need a passphrase when I am inputting passphrase

You need to set the trust level of the key that you imported:

gpg --edit-key <KEY_ID>
gpg> trust

You will be asked to select the trust level from the following:

1 = I don't know or won't say
2 = I do NOT trust
3 = I trust marginally
4 = I trust fully
5 = I trust ultimately
m = back to the main menu

Select 5 since you trust yourself ultimately. It will ask you to confirm your decision:

Your decision? 5
Do you really want to set this key to ultimate trust? (y/N) y

After confirming, you should be able to encrypt using that key.

Best Answer

Related Solutions

How to encrypt a file with an ec public key

Decrypt with GPG, says I need a passphrase when I am inputting passphrase

Related Question