Celeb Glow
general | March 14, 2026

How to use ssh-rsa public key to encrypt a text?

So, the scenario is: Given I'm Bob, I want to encrypt some message for Alice. The only public key I have is her ssh-rsa id_rsa.pub like this:

ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAyb+qaZLwgC7KAQJzYikf3XtOWuhlMXVv2mbTKa5dp0sHPRd2RaYnH8ZRkt7V8bjqct1IHGCuxI8xyoEp4at3FHe6j9RfWiarc1ldLUCmTtryI0GGpRs6Zpvqdtpcq/1NCIYtUQAvsImyEFCtqmB2suDo1ZSllZQ0x9TCKHdCANYIOeaniuFzR57POgE3vxk/r6PO24oy8BIWqxvi29r0n1LUigVBJ7CmMHuzb4/+i1v6PxV1Lqnj6osPP9GpXpsh8kLUCby/KcmcryWNdSP0esyCdDxkA5hlIuk8qL1vzsyPluUQuc0BEHu6nuw8WQlCF1mFFxcpJL+MhWEr01WIIw==

So, is there a way to encrypt a string using this public key so she can use her private key from id_rsa (generated from ssh-keygen) to decrypt the message?

(I know that it's possible right away if you're using .pem key pair file. If you can show me how to convert this to the format that openssl supports, that'd be great as well!)

Thanks!

2

3 Answers

It's possible to convert your ssh public key to PEM format(that 'openssl rsautl' can read it):

Example: 

ssh-keygen -f ~/.ssh/id_rsa.pub -e -m PKCS8 > id_rsa.pem.pub

Assuming 'myMessage.txt' is your message which should be public-key encrypted.

Then just encrypt your message with openssl rsautl and your converted PEM public-key as you would normally do: 

openssl rsautl -encrypt -pubin -inkey id_rsa.pem.pub -ssl -in myMessage.txt -out myEncryptedMessage.txt

The result is your encrypted message in 'myEncryptedMessage.txt'

To test your work to decrypt the with Alice' private key: 

openssl rsautl -decrypt -inkey ~/.ssh/id_rsa -in myEncryptedMessage.txt -out myDecryptedMessage.txt
9

Give a try to ssh-vault it uses ssh-rsa public keys to encrypt "create a vault" and the ssh-rsa private key to decrypt "view content of the vault"

1

Why not do this the super obvious way that doesn't require rolling your own crypto.

Alice sftps to which is setup to only allow public key authentication for the account alice. The properties of ssh nicely ensure that only alice can authemticate. Even a man in the middle attack fails since (assuming you disable ssh1 and insist on the right settings) the initial communication using DH creates a value known to both alice and bob but not to any man in the middle and this can be used to authenticate that no reply or MITM attack can see the contents of the communicatino.

So have alice sftp into your box and download the file.

5

Your Answer

Sign up or log in

Sign up using Google Sign up using Facebook Sign up using Email and Password

Post as a guest

By clicking “Post Your Answer”, you agree to our terms of service, privacy policy and cookie policy

You Might Also Like

What are Dragons most vulnerable to?

What is the significance of II.9 in a Kingdom Hearts 3 scene?

Is there a way to craft Podzol in Minecraft?