You give other people your public (encryption) key. Other people can encrypt data with your public key which you can only decrypt because you have the private (decryption) key for the public key that is used.

Generate a key pair (private / public) with 2048 bits length:

openssl genrsa 2048 > key.pem

Generate a password protected key pair (private / public) with 4096 bits length:

openssl genrsa -des3 -out key.pem 4096

Generate the public key from the private key:

openssl rsa -in key.pem -pubout > pub.key

Create a symmetric key (base 64 for convenience) and store in file:

openssl rand -base64 32 > symmetrickey.txt

Encrypt the symmetric key file with your public key:

openssl rsautl -in symmetrickey.txt -out symmetrickey.bin -pubin -inkey mypubkey.pem -encrypt

Decrypt the symmetric key with your private key:

openssl rsautl -in symmetrickey.bin -out symmetrickey.txt -inkey myprivkey.pem -decrypt

**Public-key cryptography**, also known as **asymmetric cryptography**, refers to a cryptographic algorithm which requires two separate keys, one of which is *secret* (or *private*) and one of which is *public*.

Although different, the two parts of this key pair are mathematically linked. The public key is used to encrypt plaintext or to verify a digital signature; whereas the private key is used to decrypt ciphertext or to create a digital signature.

The term “asymmetric” stems from the use of different keys to perform these opposite functions, each the inverse of the other – as contrasted with conventional (“symmetric”) cryptography which relies on the same key to perform both.

The strength lies in the fact that it is “impossible” (computationally unfeasible) for a properly generated private key to be determined from its corresponding public key.

Thus the public key may be published without compromising security, whereas the private key must not be revealed to anyone not authorized to read messages or perform digital signatures.

Public key algorithms, unlike symmetric key algorithms, do *not* require a secure initial exchange of one (or more) secret keys between the parties.

Each user has a pair of cryptographic keys – a **public encryption key** and a **private decryption key**. Similarly, a key pair used for digital signatures consists of a **private signing key** and a **public verification key**.

In **symmetric-key encryption**, each computer has a secret key (code) that it can use to encrypt a packet of information before it is sent over the network to another computer. Symmetric-key requires that you know which computers will be talking to each other so you can install the key on each one. Symmetric-key encryption is essentially the same as a secret code that each of the two computers must know in order to decode the information. The code provides the key to decoding the message.

The first major symmetric algorithm developed for computers in the United States was the Data Encryption Standard (DES), approved for use in the 1970s. The DES uses a 56-bit key.

DES has been replaced by the Advanced Encryption Standard (AES), which uses 128-, 192- or 256-bit keys. Most people believe that AES will be a sufficient encryption standard for a long time coming: A 128-bit key, for instance, can have more than 300,000,000,000,000,000,000,000,000,000,000,000 key combinations