Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

openssl/RSA - Using a Public key to decrypt

Tags:

linux

openssl

rsa

I'm looking to secure the software update procedure for a little device I'm maintaining that runs Linux. I want to generate an md5sum of the update package's contents and then encrypt that hash with a private key before sending it out to the customer. When they load the update, the device should then decrypt the hash, verify it, and proceed with installation of the package.

I'm trying to do this with OpenSSL and RSA. I found this thread, and was discouraged. I then found this thread and wondered how Perl gets around the purported impossibility of it all. I'm doing this in C, so perhaps there's a parallel function in an SSL library somewhere?

So my question really is: can I force command line Linux to take a public key as the decryption input, or perhaps use C to circumvent that limitation?

Thanks in advance, all.

like image 663
pdm Avatar asked Jan 14 '13 21:01

pdm

People also ask

Can you decrypt with a public key RSA?

RSA(Rivest-Shamir-Adleman) is an Asymmetric encryption technique that uses two different keys as public and private keys to perform the encryption and decryption. With RSA, you can encrypt sensitive information with a public key and a matching private key is used to decrypt the encrypted message.

Can public key be used to decrypt?

Public key encryption is also called asymmetric encryption, because the same key cannot be used to encrypt and decrypt the message.

Can we use the public key to decrypt a RSA message encrypted by the private key that pairs with the public key?

Once it has been encrypted with a public key, it can only be decrypted by the private key from the same key pair. Even the same public key can't be used to decrypt the data.

1 Answers

Let's assume you have generated a public and private RSA key using openssl genrsa:

$ openssl genrsa -out mykey
Generating RSA private key, 512 bit long modulus
...++++++++++++
..........++++++++++++
e is 65537 (0x10001)
$ openssl rsa -in mykey -pubout -out mykey.pub
writing RSA key

You can sign something with the private key like this:

$ md5sum myfile | openssl rsautl -inkey mykey -sign > checksum.signed

You can verify this data using the public key:

$ openssl rsautl -inkey mykey.pub -pubin -in checksum.signed
df713741d8e92b15977ccd6e019730a5  myfile

Is this what you're looking for?

like image 120
larsks Avatar answered Sep 28 '22 06:09

larsks
Sign in to Comment

Related questions

backlog value in listen system call
How to use F# with mono on linux?
Can you pass an argument to sigaction?
How does porting between Linux and Windows work?
Does anybody know of a USB Postage Scale that's Linux compatible?
How to obtain total available disk space in Posix systems?
Linux: where to install/unpack programs manually
Write output out of grep into a file on Linux?
NASM Guessing Number Game Gone Wrong
Rationale for system calls that allow request of size_t but result of only ssize_t?
Vimdiff: How to put all changes inside a particular function from one file to another?
Is there a way to find leaked memory using a core file?
Why is this kernel module marked at permanent on 2.6.39
Why does this ptrace program say syscall returned -38?
How to copy only symbolic links through rsync
c & gcc : Stack growth and alignment - for a 64 bit machine
Tomcat starts without errors but not listening on 8080
How does copy-on-write in fork() handle multiple fork?
Serially process XML data in perl
Install Yeoman on C9.io

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!