Duplicate openssl rsautl -encrypt –in mytext.txt -out mytest.enc -inkey mycertificate.cer -certin –pkcs
See more OpenSSL Examples
Demonstrates how to duplicate this OpenSSL command:openssl.exe rsautl -encrypt –in mytext.txt -out mytest.enc -inkey mycertificate.cer -certin –pkcs
Important: The RSA encryption algorithm produces different results for each call, even when encrypting the same data with the same key. Decryption however, will produce the correct results. This example demonstrates.
The reason this occurs is that RSA encryption uses PKCS1 v1.5 padding, and this padding scheme uses random bytes. It is random bytes in the padding that causes the result to be different each time.
The mytext.txt file is a small file. (RSA can only be used to encrypt or sign small amounts of data.)
How much data can be encrypted with "openssl rsautl"? The maximum size (in bytes) is the key size minus the overhead for the padding. The overhead size depends on the padding. With OAEP padding, the overhead is 42 bytes. With the default PKCSv1.5 padding, the overhead is 11 bytes.
Given a 2048-bit RSA key (256 bytes) and using PKCSv1.5 padding, the max data size that can be signed is 256 - 11 = 245 bytes.
Chilkat SQL Server Downloads
-- Important: See this note about string length limitations for strings returned by sp_OAMethod calls.
--
CREATE PROCEDURE ChilkatSample
AS
BEGIN
DECLARE @hr int
-- Important: Do not use nvarchar(max). See the warning about using nvarchar(max).
DECLARE @sTmp0 nvarchar(4000)
DECLARE @success int
SELECT @success = 0
-- This example requires the Chilkat API to have been previously unlocked.
-- See Global Unlock Sample for sample code.
DECLARE @cert int
EXEC @hr = sp_OACreate 'Chilkat.Cert', @cert OUT
IF @hr <> 0
BEGIN
PRINT 'Failed to create ActiveX component'
RETURN
END
-- Load the certificate from a file.
EXEC sp_OAMethod @cert, 'LoadFromFile', @success OUT, 'mycertificate.cer'
IF @success = 0
BEGIN
EXEC sp_OAGetProperty @cert, 'LastErrorText', @sTmp0 OUT
PRINT @sTmp0
EXEC @hr = sp_OADestroy @cert
RETURN
END
-- Load the file to be encrypted.
DECLARE @bd int
EXEC @hr = sp_OACreate 'Chilkat.BinData', @bd OUT
EXEC sp_OAMethod @bd, 'LoadFile', @success OUT, 'mytext.txt'
DECLARE @rsa int
EXEC @hr = sp_OACreate 'Chilkat.Rsa', @rsa OUT
-- Get the cert's public key.
DECLARE @pubkey int
EXEC @hr = sp_OACreate 'Chilkat.PublicKey', @pubkey OUT
EXEC sp_OAMethod @cert, 'GetPublicKey', @success OUT, @pubkey
-- Import the public key into the RSA component:
EXEC sp_OAMethod @rsa, 'UsePublicKey', @success OUT, @pubkey
IF @success <> 1
BEGIN
EXEC sp_OAGetProperty @rsa, 'LastErrorText', @sTmp0 OUT
PRINT @sTmp0
EXEC @hr = sp_OADestroy @cert
EXEC @hr = sp_OADestroy @bd
EXEC @hr = sp_OADestroy @rsa
EXEC @hr = sp_OADestroy @pubkey
RETURN
END
-- OpenSSL uses big-endian.
EXEC sp_OASetProperty @rsa, 'LittleEndian', 0
-- Encrypt the contents of bd, replacing it with the encrypted data.
DECLARE @bUsePrivateKey int
SELECT @bUsePrivateKey = 0
EXEC sp_OAMethod @rsa, 'EncryptBd', @success OUT, @bd, @bUsePrivateKey
IF @success = 0
BEGIN
EXEC sp_OAGetProperty @rsa, 'LastErrorText', @sTmp0 OUT
PRINT @sTmp0
EXEC @hr = sp_OADestroy @cert
EXEC @hr = sp_OADestroy @bd
EXEC @hr = sp_OADestroy @rsa
EXEC @hr = sp_OADestroy @pubkey
RETURN
END
-- Save the RSA encrypted data to a file.
EXEC sp_OAMethod @bd, 'WriteFile', @success OUT, 'mytest.enc'
IF @success <> 1
BEGIN
PRINT 'Failed to write RSA encrypted output file.'
EXEC @hr = sp_OADestroy @cert
EXEC @hr = sp_OADestroy @bd
EXEC @hr = sp_OADestroy @rsa
EXEC @hr = sp_OADestroy @pubkey
RETURN
END
PRINT 'Success.'
EXEC @hr = sp_OADestroy @cert
EXEC @hr = sp_OADestroy @bd
EXEC @hr = sp_OADestroy @rsa
EXEC @hr = sp_OADestroy @pubkey
END
GO