A Simple Foundation for Data Security: Public-Key Encryption with OpenSSL

In today’s world, keeping data safe is more important than ever. Public-key encryption is one of the basic building blocks for data security. It lets two people share secret messages over an open network without ever sharing a password. We’ll work in a Linux environment and use the openssl command-line tool, which is installed by default on most distributions.

To keep things clear, we create two separate folders with restricted permissions:

• Professor’s folder (~/Desktop/Prof): only the professor can read or write here.
• Student’s folder (~/Desktop/Student): only the student can read or write here.

This setup mimics real-world security: each user protects their private keys in their own secure directory.

---

1. Create and Protect Workspaces

mkdir ~/Desktop/Prof
chmod 700 ~/Desktop/Prof

mkdir ~/Desktop/Student
chmod 700 ~/Desktop/Student

---

2. Professor Generates an RSA Key Pair

cd ~/Desktop/Prof

# Generate a 2048-bit private key
openssl genrsa -out PrivateKeyA.pem 2048

# Derive the public key from that private key
openssl rsa -in PrivateKeyA.pem -pubout -out PublicKeyA.pem

# Verify the files exist
ls -l

Example output:

total 12
-rw------- 1 you you 1679 Jun 30 09:00 PrivateKeyA.pem
-rw-r--r-- 1 you you  450 Jun 30 09:00 PublicKeyA.pem

• PrivateKeyA.pem is the secret key (owner-only permissions).
• PublicKeyA.pem is the public key (readable by others).

---

3. Student Generates Their RSA Key Pair

cd ~/Desktop/Student

openssl genrsa -out PrivateKeyB.pem 2048
openssl rsa -in PrivateKeyB.pem -pubout -out PublicKeyB.pem

ls -l

Example output:

total 12
-rw------- 1 you you 1679 Jun 30 09:05 PrivateKeyB.pem
-rw-r--r-- 1 you you  450 Jun 30 09:05 PublicKeyB.pem

---

4. Professor Encrypts a Message for the Student

cd ~/Desktop/Prof

# Create a plaintext file
cat > secret.txt
This is a secret message.
^D

# Encrypt it with the student’s public key
openssl rsautl -encrypt \
  -in secret.txt \
  -out secret.enc \
  -inkey ~/Desktop/Student/PublicKeyB.pem \
  -pubin

ls -l

Example output:

total 16
-rw-r--r-- 1 you you   28 Jun 30 09:10 secret.txt
-rw------- 1 you you 1679 Jun 30 09:00 PrivateKeyA.pem
-rw-r--r-- 1 you you  450 Jun 30 09:00 PublicKeyA.pem
-rw-r--r-- 1 you you  256 Jun 30 09:10 secret.enc

To peek at the encrypted file:

cat secret.enc

Example output (binary gibberish):

�����V�j���x�u...�^�

---

5. Student Decrypts the Message

cd ~/Desktop/Student

# Copy secret.enc from Prof folder (or share it)
# Then decrypt with the student’s private key
openssl rsautl -decrypt \
  -in ~/Desktop/Prof/secret.enc \
  -out secret.dec \
  -inkey PrivateKeyB.pem

ls -l

Example output:

total 20
-rw-r--r-- 1 you you   28 Jun 30 09:05 secret.txt      # if student made one
-rw-r--r-- 1 you you  256 Jun 30 09:10 secret.enc
-rw-r--r-- 1 you you   28 Jun 30 09:10 secret.dec
-rw------- 1 you you 1679 Jun 30 09:05 PrivateKeyB.pem
-rw-r--r-- 1 you you  450 Jun 30 09:05 PublicKeyB.pem

To view the recovered message:

cat secret.dec

Example output:

This is a secret message.

---

Conclusion

This simple workflow shows the foundation of public-key encryption in data security:

1. Generate a private/public key pair (openssl genrsa + openssl rsa -pubout).
2. Encrypt with the recipient’s public key (openssl rsautl -encrypt).
3. Decrypt with the matching private key (openssl rsautl -decrypt).

Because each private key never leaves its owner’s protected folder, this method secures data even over untrusted networks. Public-key encryption like this is the basic building block for many secure systems, HTTPS websites, secure email, VPNs, and more.

At its core, this example illustrates asymmetric cryptography in its purest form, anyone can encrypt a message using a public key, yet only the holder of the corresponding private key can unlock it. Real-world systems add certificates, use faster symmetric ciphers for large data, and automate key management, but they all still rely on these same three steps.

Try it yourself in a Linux lab, generate your own keys, lock and unlock a file, and you’ll see how public-key cryptography keeps information safe from prying eyes.