Duplicate openssl rsautl -encrypt –in mytext.txt -out mytest.enc -inkey mycertificate.cer -certin –pkcs
See more OpenSSL Examples
Demonstrates how to duplicate this OpenSSL command:openssl.exe rsautl -encrypt –in mytext.txt -out mytest.enc -inkey mycertificate.cer -certin –pkcs
Important: The RSA encryption algorithm produces different results for each call, even when encrypting the same data with the same key. Decryption however, will produce the correct results. This example demonstrates.
The reason this occurs is that RSA encryption uses PKCS1 v1.5 padding, and this padding scheme uses random bytes. It is random bytes in the padding that causes the result to be different each time.
The mytext.txt file is a small file. (RSA can only be used to encrypt or sign small amounts of data.)
How much data can be encrypted with "openssl rsautl"? The maximum size (in bytes) is the key size minus the overhead for the padding. The overhead size depends on the padding. With OAEP padding, the overhead is 42 bytes. With the default PKCSv1.5 padding, the overhead is 11 bytes.
Given a 2048-bit RSA key (256 bytes) and using PKCSv1.5 padding, the max data size that can be signed is 256 - 11 = 245 bytes.
Chilkat DataFlex Downloads
Use ChilkatAx-win32.pkg
Procedure Test
Boolean iSuccess
Handle hoCert
Variant vBd
Handle hoBd
Handle hoRsa
Variant vPubkey
Handle hoPubkey
Boolean iBUsePrivateKey
String sTemp1
Move False To iSuccess
// This example requires the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.
Get Create (RefClass(cComChilkatCert)) To hoCert
If (Not(IsComObjectCreated(hoCert))) Begin
Send CreateComObject of hoCert
End
// Load the certificate from a file.
Get ComLoadFromFile Of hoCert "mycertificate.cer" To iSuccess
If (iSuccess = False) Begin
Get ComLastErrorText Of hoCert To sTemp1
Showln sTemp1
Procedure_Return
End
// Load the file to be encrypted.
Get Create (RefClass(cComChilkatBinData)) To hoBd
If (Not(IsComObjectCreated(hoBd))) Begin
Send CreateComObject of hoBd
End
Get ComLoadFile Of hoBd "mytext.txt" To iSuccess
Get Create (RefClass(cComChilkatRsa)) To hoRsa
If (Not(IsComObjectCreated(hoRsa))) Begin
Send CreateComObject of hoRsa
End
// Get the cert's public key.
Get Create (RefClass(cComChilkatPublicKey)) To hoPubkey
If (Not(IsComObjectCreated(hoPubkey))) Begin
Send CreateComObject of hoPubkey
End
Get pvComObject of hoPubkey to vPubkey
Get ComGetPublicKey Of hoCert vPubkey To iSuccess
// Import the public key into the RSA component:
Get pvComObject of hoPubkey to vPubkey
Get ComUsePublicKey Of hoRsa vPubkey To iSuccess
If (iSuccess <> True) Begin
Get ComLastErrorText Of hoRsa To sTemp1
Showln sTemp1
Procedure_Return
End
// OpenSSL uses big-endian.
Set ComLittleEndian Of hoRsa To False
// Encrypt the contents of bd, replacing it with the encrypted data.
Move False To iBUsePrivateKey
Get pvComObject of hoBd to vBd
Get ComEncryptBd Of hoRsa vBd iBUsePrivateKey To iSuccess
If (iSuccess = False) Begin
Get ComLastErrorText Of hoRsa To sTemp1
Showln sTemp1
Procedure_Return
End
// Save the RSA encrypted data to a file.
Get ComWriteFile Of hoBd "mytest.enc" To iSuccess
If (iSuccess <> True) Begin
Showln "Failed to write RSA encrypted output file."
Procedure_Return
End
Showln "Success."
End_Procedure