Secure Data Sharing with Asymmetric Encryption

TL;DR

This guide shows you how to securely share data using asymmetric encryption (public/private key pairs). You’ll learn how to generate keys, encrypt data for a specific recipient, and decrypt it if you have the correct private key. This is much safer than sending unencrypted information.

Generating Key Pairs

1. Using OpenSSL: OpenSSL is a common tool for working with encryption. If you don’t have it installed, you’ll need to install it first (search online for instructions specific to your operating system).
2. Generate the key pair: Use the following command to create a private key and a corresponding public key.

   openssl genrsa -out private.pem 2048

   This creates a 2048-bit RSA private key named ‘private.pem’. Keep this file extremely safe!

3. Extract the public key: You need to extract the public key from the private key.

   openssl rsa -in private.pem -pubout -out public.pem

   This creates a public key named ‘public.pem’. This is the key you share with others.

4. Important: Never share your private key!

Encrypting Data

1. Using OpenSSL: We’ll use OpenSSL to encrypt data using the recipient’s public key.

   openssl rsautl -encrypt -inkey public.pem -pubin -in message.txt -out encrypted_message.enc

   Replace ‘public.pem’ with the actual filename of the recipient’s public key and ‘message.txt’ with the file you want to encrypt. This creates an encrypted file named ‘encrypted_message.enc’.

2. Alternative Encryption (Python): You can also use Python libraries like cryptography.

   from cryptography.fernet import Fernet
   with open('public.pem', 'rb') as f:
       public_key = f.read()
   # Load the public key (implementation details depend on the format)
   # ...
   encrypted_data = encrypt(message, public_key) # Implement your encryption function

Decrypting Data

1. Using OpenSSL: Use the following command to decrypt data using your private key.

   openssl rsautl -decrypt -inkey private.pem -in encrypted_message.enc -out decrypted_message.txt

   Replace ‘private.pem’ with the filename of your private key and ‘encrypted_message.enc’ with the file you want to decrypt. This creates a decrypted file named ‘decrypted_message.txt’.

2. Alternative Decryption (Python): Using Python, decrypt the data.

   from cryptography.fernet import Fernet
   with open('private.pem', 'rb') as f:
       private_key = f.read()
   # Load the private key (implementation details depend on the format)
   # ...
   decrypted_data = decrypt(encrypted_data, private_key) # Implement your decryption function

Data Sharing Workflow

1. Recipient generates keys: The person you want to share data with creates a public/private key pair.
2. Share Public Key: They send you their public key.
3. Encrypt Data: You encrypt the data using their public key.
4. Send Encrypted Data: You send them the encrypted file.
5. Decrypt Data: They decrypt the data using their private key.

Important Considerations

• Key Security: Protect your private key at all costs! Store it securely (e.g., with a strong password, hardware security module).
• Algorithm Choice: RSA is commonly used but consider other algorithms like ECC for better performance and security in some cases.
• Data Size Limits: Asymmetric encryption can be slow for large files. Consider hybrid approaches (encrypting with a symmetric key, then encrypting the symmetric key with the recipient’s public key).
• cyber security best practices: Always verify the authenticity of public keys before using them to ensure you are communicating with the intended recipient.