Using OpenSSL to decrypt an encrypted message exported by Python

This tutorial involves three parts:

(1) OpenSSL: Generate a private and public key pair using. 
(2) Python: Use the public key to export an encrypted message.
(3) OpenSSL: Decrypt the message using the private key.

(1) OpenSSL

Generate an RSA private and public key pair in PEM format.

1. Generate a 1024-bit private key:

sudo openssl genrsa -out private_key.pem 1024

2. Obtain a public key from the private key:

sudo openssl rsa -in private_key.pem -pubout -out public_key.pem

(2) Python

1. Edit a Python file called encrypt.py as:

from Crypto.PublicKey import RSA

from Crypto.Cipher import PKCS1_v1_5

f = open("public_key.pem","r")

public_key = RSA.importKey(f.read())

f.close()

# Generate a cypher using the PKCS1 v1.5 standard.
# See: GitHub: EncryptionExample/python/encrypt.py

cipher = PKCS1_v1_5.new(public_key)

message = "Secret message in Python file"

encrypted = cipher.encrypt(message)

f = open("encrypted.txt","w")

f.write(encrypted)

f.close()

print "OK"

2. Produce the  file with this command:

sudo python encrypt.py

(3) OpenSSL


Decrypt encrypted.txt with private_key.pem using this command:

openssl rsautl -in encrypted.txt -decrypt -inkey private_key.pem

Note


PKCS#1 v1.5 padding is required in encrypt.py. Without it, this error may happen with the OpenSSL decryption command:

RSA operation error

rsa routines:RSA_EAY_PRIVATE_DECRYPT:data greater than mod len:rsa_eay.c:523:

References:

Encrypt/decrypt a string with code-generated RSA public/private keys in Python
Encrypt/decrypt a string with RSA public/private PEM files using Python
OpenSSL RSA commands to encrypt/decrypt a message in terminal

Read/Write a file in Python

The Python code below shows how to write a string to a storage file and then print the file content by reading:

open("storage.txt","w").write("Hello, World!")

readStr = open("storage.txt","r").read()

print readStr

iOS version:

Read/Write a file in an iOS app (Swift 2)

OpenSSL RSA commands to encrypt/decrypt a message in terminal

It is possible to use OpenSSL commands to:

(1) generate an RSA private/public key pair.
(2) encrypt and decrypt a message using the private/public keys generated.

Some explanations:
(1) Generate an RSA private key first. The public key can then be obtained from the private key.
(2) Use different keys of the same key pair for encrypting/decrypting. For example, encrypt a message with the public key and then decrypt the encrypted message with the private A cryptosystem using this public-private key mechanism is known as asymmetric because different keys are used for encrypting/decrypting.

The following terminal commands have been tested on a Raspberry Pi and a Mac.

For Raspberry Pi, commands may need an extra sudo word in front of openssl or executed in the desktop folder.

1. Generate an RSA private and public key pair in PEM format:

Generate a 1024-bit private key:

openssl genrsa -out private_key.pem 1024

Obtain a public key from the private key:

openssl rsa -in private_key.pem -pubout -out public_key.pem

2. Create a message.txt file and edit its content:

sudo nano message.txt



3. Encrypt message.txt with public_key.pem using this command:

openssl rsautl -in message.txt -encrypt -pubin -inkey public_key.pem > encrypted.txt

4. Decrypt encrypted.txt with private_key.pem using this command:

openssl rsautl -in encrypted.txt -decrypt -inkey private_key.pem

References:

Raspberry Pi / Linux:
Encrypt/decrypt a string with RSA public/private keys in PHP
Encrypt/decrypt a string with RSA public/private PEM files using Python
Sending an RSA encrypted message from client to Python socket server

iOS:
Encrypt/decrypt a string with RSA public/private keys in Swift
Encrypt/decrypt a string with public/private keys imported from PEM files

Go back to Communication between iOS device (Client) and Raspberry Pi (Server)