How can I decrypt ciphertext from openssl aes-256 using an RSA keyfile

Question

I'm devising an encryption scheme to send files to an embedded device. Developers can log in via a shared public key, so it makes sense to use this same key to encrypt/decrypt files sent to it. Files are only packaged by the developers, so this public key is never given out.

The files sent only need to be secure enough to make it difficult to decrypt, not anything NSA quality or anything.

I can encrypt/decrypt using something like this:

cat file | openssl [-d] aes-256-cbc -kfile path/to/public/key > outfile.aes

This is working great, except that I'd like to do this in the server code. I can shell out, but I'd rather do it in code.

I grabbed the base64 data from the key, but when I decode it, I get a 279 byte array, but I need a 256-bit key (32 bytes).

What exactly does openssl do with the keyfile and how can I emulate it in code?

I tried man openssl, but I didn't find anything useful.

If it matters, I'm doing this in Go.

Answer 1

OpenSSL uses a specific key derivation function to calculate the key from the "password" it is given. This function is called EVP_BytesToKey. It is part of the OpenSSL API, so if you can call C/C++ functions you could use it directly. Otherwise there are also other implementations available (and it is actually not that hard to implement, I created an object oriented Java version of it).

I'll let you do the stackoverflow searches for this algorithm yourself, if you don't mind :)