On 13 December 2013 17:33, andreas <andreas.moro...@gmx.net> wrote: > Hello, > > in our public hospital we have a application that has to encrypt data > with a certificate. > At the moment we call a batch files that does > > openssl.exe rsautl -encrypt -in %1 -out %1.enc -inkey SanitelCF.cer > -certin -pkcs
I don't know what it is that you are encrypting, however normally you would not directly encrypt messages in this way. RSA is usually used to encrypt some symmetric session key, and then your message is encrypted using this session key. Here you are directly encrypting files using RSA...if those files are actually raw keys then thats probably ok. > IS it possible to implement this in our application using openssl > libraries ? Yes: To load the certificate you can use PEM_read_X509 (or one of the other similar variants). See https://www.openssl.org/docs/crypto/pem.html This will give you an X509 structure. To obtain the public key from the certificate use X509_get_pubkey. This function is defined in x509.h and is apparently undocumented as far as I can see. Its quite straight forward though - just pass the X509 structure in and you get an EVP_PKEY structure back. To encrypt use EVP_PKEY_encrypt. See https://www.openssl.org/docs/crypto/EVP_PKEY_encrypt.html The manual page above gives some example code for encrypting. It shows how to set the padding type. For your particular situation you need to use RSA_PKCS1_PADDING. Don't forget to free up your EVP_PKEY and X509 structures using EVP_PKEY_free and X509_free. > > Can anyone please tell me if there are sample file that implement that > encryption ? You can take a look at how the rsautl app does it in apps/rsautl.c. This essentially works the same way as I have outlined above except that it uses RSA_public_encrypt to do the encryption, rather than EVP_PKEY_encrypt that I have suggested. Hope that helps, Matt > > Thanks > Andreas > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
