1 Generate RSA keys

You can generate a public and private RSA key pair like this

Copy
$ openssl genrsa -out server.key 2048
$ openssl rsa -in server.key -out server.key
 

2 Generate Certificate Signing request

A CSR or Certificate Signing request is a block of encoded text that is given to a Certificate Authority when applying for an SSL Certificate. It is usually generated on the server where the certificate will be installed and contains information that will be included in the certificate such as the organization name, common name (domain name), locality, and country. It also contains the public key that will be included in the certificate. A private key is usually created at the same time that you create the CSR, making a key pair. A CSR is generally encoded using ASN.1 according to the PKCS #10 specification.

Copy
$ openssl req -sha256 -new -key server.key -out server.csr -subj '/CN=localhost'
Copy
$ openssl x509 -req -sha256 -days 365 -in server.csr -signkey server.key -out server.crt
 

2.1 Generate public key

To generate a public key pem file simply do:

Copy
openssl rsa -in cert.pem -outform PEM -pubout -out public_key.pem
 

2.2 Generate private key

To generate a private key pem file simply do:

Copy
openssl pkcs8 -topk8 -inform PEM -outform PEM -in cert.pem -out private_key.pem -nocrypt
 

3 Example

Encrypt and decrypt using a keypair stored in a p12 cert with alias name 1.

Copy
<?xml version="1.0" encoding="iso-8859-1"?>
<xsql-script>
<body>
  	
    <set name='secret'>secret message: hello world</set>
      
    <set name="ks">
    	<keystore.load password="1234567890">
            <file type='absolute' name='payload.p12' />
    	</keystore.load>
    </set>		
    
    <println>Keystore:<ks/></println>
    
    <set name='priKey'><keystore.getPrivateKey alias='1'><ks/></keystore.getPrivateKey></set>
    <set name='pubKey'><keystore.getPublicKey alias='1'><ks/></keystore.getPublicKey></set>
    
    <println>Private : <priKey /></println>
    <println>Public  : <pubKey /></println>
    
    <set name='msgEncrypted'>
    	<crypt.rsa.encrypt>
            <pubKey />
            <secret />
    	</crypt.rsa.encrypt>
    </set>	
    
    <set name='msgDecrypted'>
    	<crypt.rsa.decrypt>
            <priKey />
            <msgEncrypted/>
    	</crypt.rsa.decrypt>
    </set>	
    
    <println>Decrypted message: <msgDecrypted /></println>
    <assert.equals><secret/><string><msgDecrypted/></string></assert.equals>

</body>
</xsql-script>