Home/ Questions/Q 8330629
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-09T02:10:49+00:00

So I have generated a self signed certificate and a private key with OpenSSL.

  • 0

So I have generated a self signed certificate and a private key with OpenSSL.

Right now I am trying to:

a) print the public key as a string. This:

f = open(CERT_FILE)
cert_buffer = f.read()
f.close()
cert = crypto.load_certificate(crypto.FILETYPE_PEM, cert_buffer)
pub_key = cert.get_pubkey()
print pub_key

Prints something like:

<OpenSSL.crypto.PKey object at 0x7f059864d058>

b) encrypt a string with this public key

c) decrypt the encrypted string with a private key

I would like to see some code examples. Please use only OpenSSL, no wrappers.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Is this what you want? It uses PyCrypto, not PyOpenSSL (I’m not sure if this is what you wanted to avoid when you mention no wrappers)

    #!/usr/bin/env python

from Crypto.Cipher import AES
from Crypto.Cipher import PKCS1_OAEP
from Crypto.PublicKey import RSA

def step1():
    rsaKey = RSA.importKey(open("./myKey.der", 'r'))
    print "Step 1: This is my rsa-key:\n%s" % rsaKey.exportKey()

def step2_encrypt(string):
    rsaKey = RSA.importKey(open("./myKey.der", 'r'))
    pkcs1CipherTmp = PKCS1_OAEP.new(rsaKey)
    encryptedString = pkcs1CipherTmp.encrypt(string)
    print "Step 2: encrypted %s is %s" % (string, encryptedString)
    return encryptedString

def step3_decrypt(encryptedString):
    rsaKey = RSA.importKey(open("./myKey.der", 'r'))
    pkcs1CipherTmp = PKCS1_OAEP.new(rsaKey)
    decryptedString = pkcs1CipherTmp.decrypt(encryptedString)
    print "Step 3: decryptedString %s is %s" % (encryptedString, decryptedString)
    return decryptedString


if __name__ == "__main__":
    step1()
    encryptedString = step2_encrypt("hello, duuude")
    decryptedString = step3_decrypt(encryptedString)
    print "Tadaaaa: %s" % decryptedString

    The key files contain the public/private parts, so the encryption/decryption modules will know what to do.

    Do you need the public/private key in two separate files (should be kind of straight forward, right)?

    Be aware that when using asymmetric encryption, the maximum number of characters you can encrypt depends on the modulus used in your key. In the example above, if you use a regular RSA key (SHA-1, with 20 bytes modulus), you’ll get errors for strings bigger than 214 bytes. As cyroxx pointed out in the comments, there’s not theoretical limitation to the algorithm (you can encrypt long strings with very long keys) but the computational time it would take makes it pretty inviable for practical purposes.

    If you need to cypher big chunks of data, you’ll probably want to encrypt that data with a symmetric algorithm (like AES) and send the password encrypted with the RSA (asymmetric) keys along in the transferred data… but that’s a different matter with a number of other issues 🙂

    • 0