1. 产生私钥 (private key)

$ openssl genrsa -out key.pem 1024

结果是生成一个私钥文件: key.pem

$ file key.pem 
key.pem: PEM RSA private key

2. 产生对应的公钥 (public key)

$ openssl rsa -in key.pem -pubout -out pub.pem

结果是生成一个公钥文件: pub.pem

$ file pub.pem 
pub.pem: ASCII text

3. 使用公钥来加密字符串

因为openssl加密的是字节流, 为了便于观察, 我们的例子把所有的输入输出变成可读字符串，对于密文使用base64进行编码

$ echo -n "abcd" | openssl rsautl -encrypt -oaep -pubin -inkey pub.pem | openssl enc -A -base64
V6OdcZsflfYmQw0hMmf1Vg/X3N92JU7uIg2DxXQCJLoybo1TYvP+Nh944MuoVy+Z9BxE5h1sea8TIS81RXYAhif3rIy0FPNThNZcy1ryVu5odNLX/P01WdMYzYZvj5opoWka23cw5s5DnQJBklh9hLDiPcFR+8vuf0oEj+RsB24=

4. 使用私钥来解密前面生成的加密串

$ export CIPHER="V6OdcZsflfYmQw0hMmf1Vg/X3N92JU7uIg2DxXQCJLoybo1TYvP+Nh944MuoVy+Z9BxE5h1sea8TIS81RXYAhif3rIy0FPNThNZcy1ryVu5odNLX/P01WdMYzYZvj5opoWka23cw5s5DnQJBklh9hLDiPcFR+8vuf0oEj+RsB24="
$ echo -n ${CIPHER} | openssl enc -A -base64 -d | openssl rsautl -decrypt -oaep -inkey key.pem
abcd

5. 参数说明

• -inkey file
  the input key file, by default it should be an RSA private key.
• -pubin
  the input file is an RSA public key.
• -encrypt
  encrypt the input data using an RSA public key.
• -decrypt
  decrypt the input data using an RSA private key.
• -oaep
  the padding algorithm is used, optimal asymmetric encryption padding (OAEP)