We start with two files, cert.pfx which is the PKCS#12 keystore with the certificate and secretfile.txt which holds some text content that should be kept secret.
Encrypt
If you have a certificate in an keystore, like PKCS#12, the first step is to extract the certificate that contains the public key.# extract certificate -> certificate in cert.pem
openssl pkcs12 -in cert.pfx -nokeys -out cert.pem
Now do the encryption using the S/MIME functionality of OpenSSL, the result is a PKCS#7 file. We use the AES 256 cipher which is pretty safe.
# using pkcs#7 format, using the S/MIME option in OpenSSL
openssl smime -encrypt -aes256 -in secretfile.txt -outform pem -out secretfile.txt.p7 cert.pem
Decrypt
The receiver is the only one who holds the private key, so the only one who can decrypt the content. First we need to extract the private key from the keystore.#extract private key from keystore -> private key in key.pem
openssl pkcs12 -in cert.pfx -nocerts -out key.pem -nodes
Decrypt the content using the private key.
# using pkcs#7 format, using the S/MIME option in OpenSSL
openssl smime -decrypt -aes256 -inform pem -in secretfile.txt.p7 -out secretfile_receiver.txt -inkey key.pem
Don't forget to keep the private key in a save place or simply delete it after using it.
Keine Kommentare:
Kommentar veröffentlichen