Cryptographic operations
This guide shows how to perform cryptographic operations using Virgil CLI.
Generate private key
This command generates a private Key:
virgil keygen -o <file> -p <password>| Flag | Description |
|---|---|
| -o <file> | Key file name. If omitted, stdout is used. |
| -p <password> | Use password to encrypt Private Key. If omitted (not recommended), private key will be generated without password. |
Example
Alice generates herself a private key:
> virgil keygen -o alices_private_key -p 12345678To check if the private key has been created, she uses the command cat:
> cat alices_private_key
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIGhMF0GCSqGSIb3DQ...rwZT3hvIIquoXoFMsgAcwq228oDzG77A=
-----END ENCRYPTED PRIVATE KEY-----Extract public key
This command extracts a public Key from a private Key:
virgil key2pub -i <file> -o <file> -p <password>| Flag | Description |
|---|---|
| -i <file> | Name of the file with private key which the public key must be exported from. If omitted, stdin is used. |
| -o <file> | Name of the file where the public key will be exported to. If omitted, stdout is used. |
| -p <password> | Use password to encrypt Private Key. If omitted (not recommended), private key will be generated without password. |
Example
Alice extracts public key from her previously generated private key:
> virgil key2pub -i alices_private_key -o alices_public_key -p 12345678Now she checks if the key was extracted using command cat:
> cat alices_public_key
-----BEGIN PUBLIC KEY-----
MCowBQYDK2VwAy...WLohNExC9g8olt6GovRck=
-----END PUBLIC KEY-----Encrypt data
This command encrypts any data for the specified public key(s):
virgil encrypt -i <file> -o <file> -key <public_key_file_1> -key <public_key_file_2> ...| Flag | Description |
|---|---|
| -i <file> | Data to encrypt. If omitted, stdin is used. |
| -o <file> | Encrypted data. If omitted, stdout is used. |
| -key <public_key_file> | Public key file (could be many files). |
Example
Alice wants to encrypt her secret_message file, so that only Bob could decrypt it. She uses Bob's public key for that:
> virgil secret_message -i info -o encrypted_secret_message -key bobs_public_keyDecrypt data
This command decrypts the encrypted data with a private Key:
virgil decrypt -i <file> -o <file> -key <private_key_file> -p <password>| Flag | Description |
|---|---|
| -i <file> | Data to decrypt. If omitted, stdin is used. |
| -o <file> | Decrypted data. If omitted, stdout is used. |
| -key <private_key_file> | Private key file. |
| -p <password> | Use password to decrypt Private Key. |
Example
Bob decrypts the file previously encrypted with his public key using his private key:
> virgil decrypt -i encrypted_secret_message -o decrypted_secret_message -key bobs_private_key -p 12345678Sign data
This command signs data with a provided user’s private key:
virgil sign -i <file> -o <file> -key <private_key_file> -p <password>| Flag | Description |
|---|---|
| -i <file> | Data to sign. If omitted, stdin is used. |
| -o <file> | The signed data. If omitted, stdout is used. |
| -key <private_key_file> | Private key file. |
| -p <password> | Use password to decrypt Private Key. |
Example
Alice signs a file using her private key to prevent it from being changed:
> virgil secret_message -i info -o signed_secret_message -key alices_private_key -p 12345678Verify signature
This command signs data with a provided User’s Private Key:
virgil verify -i <file> -s <file> -key <public_key_file>| Flag | Description |
|---|---|
| -i <file> | Data to verify. |
| -s <file> | Signature file. |
| -key <public_key_file> | Public key file. If omitted, stdin is used. |
Example
Bob verifies if the signature belongs to Alice using her public key:
> virgil verify -i secret_message -s signed_secret_message -key alices_public_key
Signature OK