# How do I do public-key encryption with `openssl`

?

OpenSSL is a public-key crypto library (plus some other random stuff). Here’s how to do the basics: key generation, encryption and decryption. We’ll use RSA keys, which means the relevant `openssl`

commands are `genrsa`

, `rsa`

, and `rsautl`

.

```
# Alice generates her private key `priv_key.pem`
openssl genrsa -out priv_key.pem 2048
# Alice extracts the public key `pub_key.pem` and sends it to Bob
openssl rsa -pubout -in priv_key.pem -out pub_key.pem
# Bob encrypts a message and sends `encrypted_with_pub_key` to Alice
openssl rsautl -encrypt -in cleartext -out encrypted_with_pub_key -inkey pub_key.pem -pubin
# Alice decrypts Bob's message
openssl rsautl -decrypt -in encrypted_with_pub_key -inkey priv_key.pem
```

### More by Jim

- Project C-43: the lost origins of asymmetric crypto
- How Hacker News stays interesting
- My parents are Flat-Earthers
- The dots do matter: how to scam a Gmail user
- The sorry state of OpenSSL usability
- I hate telephones
- The Three Ts of Time, Thought and Typing: measuring cost on the web
- Granddad died today
- Your syntax highlighter is wrong

I wrote this because I'm learning about SSL/TLS by going through the `openssl` commands. This post is not associated with my employer. Found an error? Edit this page.