<p class="shortdesc">Using the public key you downloaded to encrypt the key material. In this example, the key material is encrypted using OpenSSL. </p> <section class="section prereq" id="Encryptionkeymaterial__prereq_kjb_k14_xkb"><div class="tasklabel"><h2 class="doc-tairway">Before you begin</h2></div> <p class="p">You need to prepare the key material before you encrypt it. The key material must be a 256-bit symmetric key. You can also use the following command to generate a 256-bit symmetric key and save it in a file named KeyMaterial.bin. </p> <pre class="pre codeblock"><code>openssl rand -out Plain KeyMaterial.bin 32 </code></pre> </section> <section class="section context" id="Encryptionkeymaterial__context_cjv_4yh_flb"><div class="tasklabel"><h2 class="doc-tairway">About this task</h2></div> <p class="p">The public key is a BASE64-encoded string, so you need to decode it before using it to encrypt the key material. </p> <p class="p">Encode the encrypted key material to a BASE64 string and save it. Import the encoded key material and the import token as key material parameters. </p> </section> <section id="Encryptionkeymaterial__steps_nmq_gn5_jlb"><div class="tasklabel"><h2 class="doc-tairway">Procedure</h2></div><ol class="ol steps" id="Encryptionkeymaterial__steps_nmq_gn5_jlb"><li class="li step stepexpand"> <span class="ph cmd">Decode the BASE64-encoded public key. </span> <div class="itemgroup info"> <pre class="pre codeblock"><code>openssl enc -d -base64 -A -in PublicKey_base64.txt -out PublicKey.bin </code></pre> </div> </li><li class="li step stepexpand"> <span class="ph cmd">Encrypt the key material with an encryption algorithm. </span> <div class="itemgroup info"> <div class="note important note_important"><span class="note__title">Important:</span> <p class="p">The encryption algorithm you use to encrypt the key material must be the same as the one you specified when getting the parameters for import. </p> </div> <ul class="ul" id="Encryptionkeymaterial__ul_hc3_345_jlb"> <li class="li"><strong class="ph b">RSAES_PKCS1_V1_5</strong>: <pre class="pre codeblock"><code>openssl rsautl -encrypt -in KeyMaterial.bin -pkcs -inkey PublicKey.bin -keyform DER -pubin -out EncryptedKeyMaterial.bin </code></pre></li> <li class="li"><strong class="ph b">RSAES_OAEP_SHA_1</strong>: <pre class="pre codeblock"><code>openssl rsautl -encrypt -in KeyMaterial.bin -oaep -inkey PublicKey.bin -keyform DER -pubin -out EncryptedKeyMaterial.bin </code></pre></li> <li class="li"><strong class="ph b">RSAES_OAEP_SHA_256</strong>: <pre class="pre codeblock"><code>openssl pkeyutl -in KeyMaterial.bin -encrypt -inkey PublicKey.bin -keyform DER -pkeyopt rsa_padding_mode:oaep -pkeyopt rsa_oaep_md:sha256 -pkeyopt rsa_mgf1_md:sha256 -out EncryptedKeyMaterial.bin -pubin </code></pre></li> </ul> </div> </li><li class="li step stepexpand"> <span class="ph cmd">Encode the encrypted key material to a BASE64 string. Save it as a text file. </span> <div class="itemgroup info"> <pre class="pre codeblock"><code>openssl enc -e -base64 -A -in EncryptedKeyMaterial.bin -out EncryptedKeyMaterial_base64.txt </code></pre> <div class="note note note_note"><span class="note__title">Note:</span> <p class="p">If you need to use the openssl pkeyutl command, use OpenSSL Version 1.0.2 or above. </p> </div> </div> </li></ol></section>