Implementing RSA Encryption with OpenSSL: A Hands-On Guide

Implementing RSA Encryption with OpenSSL: A Hands-On Guide

In our previous article, we delved into the fundamentals of RSA encryption, explored the key generation process, and demonstrated how encryption and decryption work with RSA. Now that we have a solid understanding of the RSA process, let's take our knowledge a step further by implementing RSA encryption and decryption using OpenSSL. This follow-up article will guide you through the practical steps of using OpenSSL to generate RSA keys, encrypt data, and decrypt data.

Step 1: Install OpenSSL

Before we begin, make sure OpenSSL is installed on your system. OpenSSL is a robust toolkit for SSL/TLS and general-purpose cryptography.

For Linux users, OpenSSL can be installed using the package manager. For example, on Ubuntu, you can install OpenSSL by running:

sudo apt-get update
sudo apt-get install openssl

For other operating systems, you can download and install OpenSSL from OpenSSL's official website.

Step 2: Generate RSA Keys

In our series, we discussed the importance of generating RSA keys. Here’s how to do it using OpenSSL.

  1. Generate a Private Key

    The private key is crucial for decrypting data and should be kept secure.

     openssl genrsa -out private_key.pem 2048

    This command generates a 2048-bit RSA private key and saves it to private_key.pem.

  2. Generate a Public Key

    The public key is used to encrypt data. It is derived from the private key.

     openssl rsa -pubout -in private_key.pem -out public_key.pem

    This command reads the private key from private_key.pem and writes the corresponding public key to public_key.pem.

Step 3: Encrypt a Message

With the public key ready, we can now encrypt a message.

  1. Create a Message File

    First, create a file named message.txt containing the message you want to encrypt:

     This is a secret message.
  2. Encrypt the Message

    Use the public key to encrypt the message:

     openssl rsautl -encrypt -inkey public_key.pem -pubin -in message.txt -out encrypted_message.bin

    This command encrypts the content of message.txt using the public key and saves the encrypted data to encrypted_message.bin.

Step 4: Decrypt the Message

To read the encrypted message, you'll need to decrypt it using the private key.

  1. Decrypt the Encrypted Message

    Use the private key to decrypt the message:

     openssl rsautl -decrypt -inkey private_key.pem -in encrypted_message.bin -out decrypted_message.txt

    This command decrypts the content of encrypted_message.bin using the private key and saves the decrypted data to decrypted_message.txt.

  2. View the Decrypted Message

    Open decrypted_message.txt to see the original message:

     This is a secret message.


This hands-on guide has demonstrated how to implement RSA encryption and decryption using OpenSSL. By generating RSA keys, encrypting a message with the public key, and decrypting it with the private key, we've seen the practical application of RSA encryption in securing data.

OpenSSL provides a powerful set of tools for these cryptographic operations, making it an essential resource for developers, security professionals, and anyone interested in cryptography. With this knowledge, you're well-equipped to apply RSA encryption to protect sensitive information in your digital communications.