openssl rand -base64 32 > key.bin
2. Encrypt key openssl rsautl -encrypt -inkey id_rsa.pub.pem -pubin -in key.bin -out key.bin.enc
3. Encrypt file using key openssl enc -aes-256-cbc -salt -in SECRET_FILE -out SECRET_FILE.enc -pass file:./key.bin
-- other side -- openssl rsautl -decrypt -inkey id_rsa.pem -in key.bin.enc -out key.bin
5. Decrypt file openssl enc -d -aes-256-cbc -in SECRET_FILE.enc -out SECRET_FILE -pass file:./key.bin
Without that, Bob could potentially receive any pair of (key,file), which would just decrypt into garbage data.
BTW, variations on that sequence appear all over the internet when searching for "openssl encrypt file with public key"...