Encrypt the symmetric key, using the recipient’s public SSH key:
$ openssl rsautl -encrypt -oaep -pubin -inkey <(ssh-keygen -e -f recipients-key.pub -m PKCS8) -in secret.key -out secret.key.enc
Replace recipients-key.pub with the recipient’s public SSH key.First decrypt the symmetric.key:
$ openssl rsautl -decrypt -oaep -inkey ~/.ssh/id_rsa -in secret.key.enc -out secret.key
The recipient should replace ~/.ssh/id_rsa with the path to their secret key if needed. But this is the path to where it usually is located.vasilyev@vasilyev-NB:~/ssh_crypt_test$ openssl rand -out secret.key 32
vasilyev@vasilyev-NB:~/ssh_crypt_test$ ll
итого 12
drwxr-xr-x 2 vasilyev vasilyev 4096 июл 9 13:01 ./
drwxr-xr-x 37 vasilyev vasilyev 4096 июл 9 13:01 ../
-rw-r--r-- 1 vasilyev vasilyev 32 июл 9 13:01 secret.key
vasilyev@vasilyev-NB:~/ssh_crypt_test$ nano secret_file.txt
vasilyev@vasilyev-NB:~/ssh_crypt_test$ cat secret_file.txt
test data
vasilyev@vasilyev-NB:~/ssh_crypt_test$ openssl aes-256-cbc -in secret_file.txt -out secret_file.txt.enc -pass file:secret.key
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
vasilyev@vasilyev-NB:~/ssh_crypt_test$ cat secret_file.txt.enc
Salted__ ����=�ՙ i ,�O2x� ����