Openssl rsautl output to base64

Question

I have this command within a shell script

echo -n $2 | openssl rsautl -encrypt -pubin -inkey $1

where $2 stands for a string argument and $1 is the public key that is to be used.

I would like the output to be the equivalent base64 string of the binary encryption, but adding | base64 at the end of the command does not seem to work (probably because the encrypted output contains null characters and cuts the base64 input short.

Is it possible to accomplish the base64 encoding without creating a cyphertext intermediary file to dump the data in the first place?

For example, I would like to make

echo -n "asdf" | openssl rsautl -encrypt -pubin -inkey key.pub.pem

to output something along the lines of

stWslUhRRCk/bZveABLG7fA8z9ZkYc+lBBd5QhvyGNwuI2T5v2sk8aJL3X3Xerrogsu35Wk5O839..........

instead of binary unreadable characters without requiring an intermediate file to be created (I truncated the output for brevity)

Answer 1

echo "foo" | openssl rsautl -encrypt -inkey rsa_key.pub -pubin | openssl base64

the openssl base64 will take the binary encrypted code as an input and produces the base64 that is the human-readable format.

Answer 2

First, I have to state that I could not reproduce your problem, it is probably dependent on the bash version.

I am aware of two ways to pass the output of openssl rsautl to base64 without piping stdout and using a file.

Bash process substitution

Bash is able to directly pass the output of an operation to some command while the program believes, it is writing the output to a file.

echo "foo"|openssl rsautl -encrypt -pubin -inkey key -out >(base64)

Named Pipes

You can create a named pipe usign the mkfifo command and then use that, as if it was a file.

mkfifo /tmp/mypipe
echo "foo" | openssl rsautl -encrypt -pubin -inkey key -out /tmp/mypipe &
base64 /tmp/mypipe
rm /tmp/mypipe