chgeuer · April 20, 2021 09:14
diff --git a/device-rsa-key-exchange.sh b/device-rsa-key-exchange.sh
 #!/bin/bash

 mkdir device server


 cd device

 # Create a key pair
 openssl genrsa -out device-priv.pem 2048

 openssl rsa -in device-priv.pem -pubout -out device-public-key.pem

 # Server needs device's public key
 cp device-public-key.pem ../server

 cd ../server
 bits="256"

 # server generates symmetric key

 openssl rand "$(expr $bits / 8)" > symmetric.bin.generated-on-server

 # server wraps / encrypts symmetric key under device's public key

 openssl rsautl \
   -encrypt \
   -pubin \
   -inkey device-public-key.pem \
   -in    symmetric.bin.generated-on-server \
   -out   symmetric.bin.encrypted \
   -oaep

 # encrypted symmetric key needs to be tranferred to device

 cp symmetric.bin.encrypted ../device

 cd ../device

 # On the device, the device's private key is used to decrypt the symmetric key again

 openssl rsautl \
   -decrypt \
   -inkey device-priv.pem \
   -in    symmetric.bin.encrypted\
   -out   symmetric.bin.decrypted-on-device \
   -oaep

 cd ..

 # now, for demo purposes, let's check that the symmetric keys on server and device are the same

 diff \
   server/symmetric.bin.generated-on-server \
   device/symmetric.bin.decrypted-on-device \
   > /dev/null 2>&1

 error=$?
 if [ $error -eq 0 ]
 then
   echo "Device and server now have same symmetric key"
 elif [ $error -eq 1 ]
 then
   echo "keys differ, that's bad. "
 else
   echo "There was something wrong with the diff command"
 fi
	#!/bin/bash

	mkdir device server


	cd device

	# Create a key pair
	openssl genrsa -out device-priv.pem 2048

	openssl rsa -in device-priv.pem -pubout -out device-public-key.pem

	# Server needs device's public key
	cp device-public-key.pem ../server

	cd ../server
	bits="256"

	# server generates symmetric key

	openssl rand "$(expr $bits / 8)" > symmetric.bin.generated-on-server

	# server wraps / encrypts symmetric key under device's public key

	openssl rsautl \
	-encrypt \
	-pubin \
	-inkey device-public-key.pem \
	-in symmetric.bin.generated-on-server \
	-out symmetric.bin.encrypted \
	-oaep

	# encrypted symmetric key needs to be tranferred to device

	cp symmetric.bin.encrypted ../device

	cd ../device

	# On the device, the device's private key is used to decrypt the symmetric key again

	openssl rsautl \
	-decrypt \
	-inkey device-priv.pem \
	-in symmetric.bin.encrypted\
	-out symmetric.bin.decrypted-on-device \
	-oaep

	cd ..

	# now, for demo purposes, let's check that the symmetric keys on server and device are the same

	diff \
	server/symmetric.bin.generated-on-server \
	device/symmetric.bin.decrypted-on-device \
	> /dev/null 2>&1

	error=$?
	if [ $error -eq 0 ]
	then
	echo "Device and server now have same symmetric key"
	elif [ $error -eq 1 ]
	then
	echo "keys differ, that's bad. "
	else
	echo "There was something wrong with the diff command"
	fi