Manual rsa encryption with transit pub key

[Serge]

Hi everyone,

I have an idea to encrypt some data at client that has no direct and indirect access to vault using rsa public key from transit engine of vault. Vault is needed to decrypt this data later using stored private key.

I created transit engine with rsa2048, took a public key from key versions. Next I’m trying to encrypt a string with command “openssl rsautl -encrypt -pubin -inkey rsa2048.pub | base64”.
Then I trying to decrypt result “vault:v1:open…ssl…result==” and having an error “1 error occurred: * failed to RSA decrypt the ciphertext: crypto/rsa: decryption error”.

Am I doing something wrong or it’s impossible to encrypt string with public key and openssl outside vault?

Thanks.

[Jeff Mitchell]

Hi,

See https://groups.google.com/d/msgid/vault-tool/e794f4fa-040f-4f49-84ad-ca5ea8e67956%40googlegroups.com

Best,
Jeff

> --
> This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
>
> GitHub Issues: https://github.com/hashicorp/vault/issues
> IRC: #vault-tool on Freenode
> ---
> You received this message because you are subscribed to the Google Groups "Vault" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to vault-tool+...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/vault-tool/7abce360-6213-4e08-afb4-674082c98f9b%40googlegroups.com.