Menu
I'm trying to encrypt a file using public key crypto with OpenSSL. I know enough to know that for a file of any reasonable size, this can't/shouldn't be done with public key. Instead:
1) Generate random key (e.g. 256 bit)
2) Encrypt key with public key
3) Symmetric encrypt file with random key from (1) e.g AES
4) Join (2) and (3) together
5) Send (4) to wherever/whoever
This process is replicated in OpenSSL's EVP routines as "envelope encryption". I've managed to implement a decryption/encryption program using this API in C, which works fine :)
I'm wondering if you can do this process directly through OpenSSL commands rather than through the low-level API. I've tried and can generate the random key, encrypt the file etc. I then get stuck when joining the two files together - at the moment I just cat the two together but this doesn't seem to work. Is this possible?
819
asked Nov 26 '25 15:11
Well, you can define your own container format, but it is probably easier to just use CMS which handles that use case just fine.
89
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
