Asymmetric key encryption/decryption using openssl

Spread the love

Tutorial By :- Abhishek Pandey (abhishek@firmcodes.com)

Hello friends, you must have listen somewhere about “asymmetric key cryptography”. So let me explain you what each word says.

Cryptography refers to techniques used for secure communication between two people in presence of some third person who might steal our secret data and may use it in a wrong way.

So basically cryptography deals with encryption and decryption of data which could only be possible with some keys which sender and receiver both have their own.

So here, a question arises, how much secure is this cryptography. It all depends on key size. Greater the size of keys, greater is the encryption and harder to guess the keys.

Now if we discuss about asymmetric keys, these are a pair of keys that are used to encrypt(lock) or decrypt(unlock) the data. That different keys are called as private key (which is kept private) and public key(that can be given to anyone to decrypt the data.)

There is one very important concept about the asymmetric key encryption is that, data once encrypted with a private key can only be decrypted with its public key and vice versa is also true.

But you must be thinking that if I decrypted the data with private key then anyone can access that using my public key. Yes it’s 100 % true but if you backtrack this, you’ll find that the data which I decrypted using that public key, the sender of that data can be the only one person, who encrypted that data using the private key.

By this property of asymmetric key encryption, if someone encrypted the data using private key, in future he cannot deny that he encrypted that specific data.

Now if we go through the reverse way, means if we encrypted the data using public key, it can only be decrypted using the private key.

At this point of time, I think you must be very confused which public key and private key I’m talking about. So clearing that thing, let me tell you that any user can generate it’s private key, and from that private key, a public key is also generated. And whatever the encryption and decryption is performed, is with help of those pair of keys. You cannot do like encrypt data using your private key and decrypt it using your friend’s public key.

Now let’s see how to generate private and public key pair.

For this you must have a Linux based PC with openssl package installed in it.

Go to terminal and create a directory named ‘rsa’ or whatever you want.

Then type in command :

openssl genrsa -out private.pem 4096

Above command will generate your private key in file name private.pem . Here 4096 refers to the no of bits of key you want to generate.

Output :-

Again type in command :

openssl rsa -in private.pem -outform PEM -pubout -out public.pem

This command will generate your public key in file name public.pem

Output:-

Now we will use the same key files for encrypting the text files or any given file using a C program:

Now create a file that contains data to encrypt.

For example,

echo "Welcome to Firmcode" > data
cat data
Welcome to Firmcode

Create a file , encrypt.c

#include <openssl/pem.h>
#include <openssl/ssl.h>
#include <openssl/rsa.h>
#include <openssl/evp.h>
#include <openssl/bio.h>
#include <openssl/err.h>
#include <stdio.h>

int padding = RSA_PKCS1_PADDING;

/*Create RSA structue to pass inside 'RSA_private_encrypt' API method*/
RSA * createRSA(unsigned char * key,int isPublic)
{
    RSA *rsa= NULL;
    BIO *keybio ;
    keybio = BIO_new_mem_buf(key, -1);
    if (keybio==NULL)
    {
        printf( "Failed to create BIO of key");
        return 0;
    }
    if(isPublic)
    {
        rsa = PEM_read_bio_RSA_PUBKEY(keybio, &rsa,NULL, NULL);
    }
    else
    {
        rsa = PEM_read_bio_RSAPrivateKey(keybio, &rsa,NULL, NULL);
    }
    if(rsa == NULL)
    {
        printf( "Failed to create RSA structure info");
    }

    return rsa;
}

/*Function to perform encryption on data*/
int private_encrypt(unsigned char * data,int data_len,unsigned char * key, unsigned char *encrypted)
{
    RSA * rsa = createRSA(key,0);
    int result = RSA_private_encrypt(data_len,data,encrypted,rsa,padding);
    return result;
}

/*Function to print previous error returned by the API method if any error caused*/
void printLastError(char *msg)
{
    char * err = malloc(130);;
    ERR_load_crypto_strings();
    ERR_error_string(ERR_get_error(), err);
    printf("%s ERROR: %s\n",msg, err);
    free(err);
}

/*main method*/
int main(int argc,char *argv[]){

 char buff;
 char plainText[2000];
 int size;
 FILE *fp;

char privateKey[4096];

unsigned char  encrypted[4096]={};
int encrypted_length;

/*Reading data from file which we want to encrypt*/
if(argc<2){
printf("Provide a file to encrypt\n");
exit(0);}
fp = fopen(argv[1],"r");
fseek(fp,0,SEEK_END);
size= ftell(fp);
fseek(fp,0,SEEK_SET);
fread(plainText,size,1,fp);
fclose(fp);

/*Reading private key from file*/

fp = fopen("private.pem","r");
if(fp==NULL)
{
	printf("First create private key\n");
	exit(0);
}
fseek(fp,0,SEEK_END);
size= ftell(fp);
fseek(fp,0,SEEK_SET);
fread(privateKey,size,1,fp);
fclose(fp);

/*Calling function to encrypt the plaintext and getting output inside buffer named 'encrypted'*/
encrypted_length = private_encrypt(plainText,strlen(plainText),privateKey,encrypted);

if(encrypted_length == -1)
{
    printLastError("Private Encrypt failed");
    exit(0);
}

/*Print encrypted text on console and write it in a file named 'encData'*/

fp = fopen("encData","w+");
printf("Encrypted Text =%s\n",encrypted);
fwrite(encrypted,sizeof(encrypted),1,fp);
fclose(fp);

/*Print encrypted length of data signature on console and write it in a file named 'encDataLen'
	It can also be calculed using API function 'RSA_size(rsa)' and pasing RSA structure as argument*/

fp = fopen("encDataLen","w+");
printf("Encrypted length =%d\n",encrypted_length);
fwrite(&encrypted_length,sizeof(encrypted_length),1,fp);
fclose(fp);

}

Compile using command –

gcc -o encrypt encrypt.c -lcrypto
./encrypt data

Output : –

Now create another file,let say decrypt.c

#include <openssl/pem.h>
#include <openssl/ssl.h>
#include <openssl/rsa.h>
#include <openssl/evp.h>
#include <openssl/bio.h>
#include <openssl/err.h>
#include <stdio.h>

int padding = RSA_PKCS1_PADDING;

RSA * createRSA(unsigned char * key,int public)
{
    RSA *rsa= NULL;
    BIO *keybio ;
    keybio = BIO_new_mem_buf(key, -1);
    if (keybio==NULL)
    {
        printf( "Failed to create key BIO");
        return 0;
    }
    if(public)
    {
        rsa = PEM_read_bio_RSA_PUBKEY(keybio, &rsa,NULL, NULL);
    }
    else
    {
        rsa = PEM_read_bio_RSAPrivateKey(keybio, &rsa,NULL, NULL);
    }
    if(rsa == NULL)
    {
        printf( "Failed to create RSA");
    }

    return rsa;
}

int public_decrypt(unsigned char * enc_data,int data_len,unsigned char * key, unsigned char *decrypted)
{
    RSA * rsa = createRSA(key,1);
    int  result = RSA_public_decrypt(data_len,enc_data,decrypted,rsa,padding);
    printf("\n RSA Length :%d \n",RSA_size(rsa));
    return result;
}

void printLastError(char *msg)
{
    char * err = malloc(130);;
    ERR_load_crypto_strings();
    ERR_error_string(ERR_get_error(), err);
    printf("%s ERROR: %s\n",msg, err);
    free(err);
}

int main(){

char publicKey[4096];

unsigned char decrypted[4098]={};
unsigned char encrypted[4098]={};
int decrypted_length;
int encrypted_length;
int size;
FILE *fp;

/*Reading data from file which we want to decrypt*/
 
 fp = fopen("encData","r");
 fseek(fp,0,SEEK_END);
 size= ftell(fp);
 fseek(fp,0,SEEK_SET);
 fread(encrypted,size,1,fp);
 fclose(fp);

/*Reading public key from file*/

 fp = fopen("public.pem","r");
 if(fp==NULL)
 {
   printf("First create a Public Key file\n");
   exit(0);
 }

 fseek(fp,0,SEEK_END);
 size= ftell(fp);
 fseek(fp,0,SEEK_SET);
 fread(publicKey,size,1,fp);
 fclose(fp);

/*Reading encrypted data length from file*/

 fp = fopen("encDataLen","r");
 fread(&encrypted_length,sizeof(encrypted_length),1,fp);
 fclose(fp);

/*Calling function to decrypt the encrypted text and getting output inside buffer named 'decrypted'*/

decrypted_length = public_decrypt(encrypted,encrypted_length,publicKey, decrypted);
if(decrypted_length == -1)
{
    printLastError("Public Decrypt failed");
    exit(0);
}

/*Writing decrypted data in file named 'origData'*/
fp = fopen("origData","w+");
printf("Decrypted Text =%s\n",decrypted);
printf("Decrypted Length =%d\n",decrypted_length);
fwrite(&decrypted,decrypted_length,1,fp);


}

Compile code using –

gcc -o decrypt decrypt.c

Run binary file –

./decrypt

Output –

RSA Length :512
Decrypted Text =Welcome to Firmcode
Decrypted Length =22

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~