1RSAUTL(1)                           OpenSSL                          RSAUTL(1)
2
3
4

NAME

6       openssl-rsautl, rsautl - RSA utility
7

SYNOPSIS

9       openssl rsautl [-help] [-in file] [-out file] [-inkey file] [-keyform
10       PEM|DER|ENGINE] [-pubin] [-certin] [-sign] [-verify] [-encrypt]
11       [-decrypt] [-rand file...]  [-writerand file] [-pkcs] [-ssl] [-raw]
12       [-hexdump] [-asn1parse]
13

DESCRIPTION

15       The rsautl command can be used to sign, verify, encrypt and decrypt
16       data using the RSA algorithm.
17

OPTIONS

19       -help
20           Print out a usage message.
21
22       -in filename
23           This specifies the input filename to read data from or standard
24           input if this option is not specified.
25
26       -out filename
27           Specifies the output filename to write to or standard output by
28           default.
29
30       -inkey file
31           The input key file, by default it should be an RSA private key.
32
33       -keyform PEM|DER|ENGINE
34           The key format PEM, DER or ENGINE.
35
36       -pubin
37           The input file is an RSA public key.
38
39       -certin
40           The input is a certificate containing an RSA public key.
41
42       -sign
43           Sign the input data and output the signed result. This requires an
44           RSA private key.
45
46       -verify
47           Verify the input data and output the recovered data.
48
49       -encrypt
50           Encrypt the input data using an RSA public key.
51
52       -decrypt
53           Decrypt the input data using an RSA private key.
54
55       -rand file...
56           A file or files containing random data used to seed the random
57           number generator.  Multiple files can be specified separated by an
58           OS-dependent character.  The separator is ; for MS-Windows, , for
59           OpenVMS, and : for all others.
60
61       [-writerand file]
62           Writes random data to the specified file upon exit.  This can be
63           used with a subsequent -rand flag.
64
65       -pkcs, -oaep, -ssl, -raw
66           The padding to use: PKCS#1 v1.5 (the default), PKCS#1 OAEP, special
67           padding used in SSL v2 backwards compatible handshakes, or no
68           padding, respectively.  For signatures, only -pkcs and -raw can be
69           used.
70
71       -hexdump
72           Hex dump the output data.
73
74       -asn1parse
75           Parse the ASN.1 output data, this is useful when combined with the
76           -verify option.
77

NOTES

79       rsautl because it uses the RSA algorithm directly can only be used to
80       sign or verify small pieces of data.
81

EXAMPLES

83       Sign some data using a private key:
84
85        openssl rsautl -sign -in file -inkey key.pem -out sig
86
87       Recover the signed data
88
89        openssl rsautl -verify -in sig -inkey key.pem
90
91       Examine the raw signed data:
92
93        openssl rsautl -verify -in sig -inkey key.pem -raw -hexdump
94
95        0000 - 00 01 ff ff ff ff ff ff-ff ff ff ff ff ff ff ff   ................
96        0010 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff   ................
97        0020 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff   ................
98        0030 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff   ................
99        0040 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff   ................
100        0050 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff   ................
101        0060 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff   ................
102        0070 - ff ff ff ff 00 68 65 6c-6c 6f 20 77 6f 72 6c 64   .....hello world
103
104       The PKCS#1 block formatting is evident from this. If this was done
105       using encrypt and decrypt the block would have been of type 2 (the
106       second byte) and random padding data visible instead of the 0xff bytes.
107
108       It is possible to analyse the signature of certificates using this
109       utility in conjunction with asn1parse. Consider the self signed example
110       in certs/pca-cert.pem . Running asn1parse as follows yields:
111
112        openssl asn1parse -in pca-cert.pem
113
114           0:d=0  hl=4 l= 742 cons: SEQUENCE
115           4:d=1  hl=4 l= 591 cons:  SEQUENCE
116           8:d=2  hl=2 l=   3 cons:   cont [ 0 ]
117          10:d=3  hl=2 l=   1 prim:    INTEGER           :02
118          13:d=2  hl=2 l=   1 prim:   INTEGER           :00
119          16:d=2  hl=2 l=  13 cons:   SEQUENCE
120          18:d=3  hl=2 l=   9 prim:    OBJECT            :md5WithRSAEncryption
121          29:d=3  hl=2 l=   0 prim:    NULL
122          31:d=2  hl=2 l=  92 cons:   SEQUENCE
123          33:d=3  hl=2 l=  11 cons:    SET
124          35:d=4  hl=2 l=   9 cons:     SEQUENCE
125          37:d=5  hl=2 l=   3 prim:      OBJECT            :countryName
126          42:d=5  hl=2 l=   2 prim:      PRINTABLESTRING   :AU
127         ....
128         599:d=1  hl=2 l=  13 cons:  SEQUENCE
129         601:d=2  hl=2 l=   9 prim:   OBJECT            :md5WithRSAEncryption
130         612:d=2  hl=2 l=   0 prim:   NULL
131         614:d=1  hl=3 l= 129 prim:  BIT STRING
132
133       The final BIT STRING contains the actual signature. It can be extracted
134       with:
135
136        openssl asn1parse -in pca-cert.pem -out sig -noout -strparse 614
137
138       The certificate public key can be extracted with:
139
140        openssl x509 -in test/testx509.pem -pubkey -noout >pubkey.pem
141
142       The signature can be analysed with:
143
144        openssl rsautl -in sig -verify -asn1parse -inkey pubkey.pem -pubin
145
146           0:d=0  hl=2 l=  32 cons: SEQUENCE
147           2:d=1  hl=2 l=  12 cons:  SEQUENCE
148           4:d=2  hl=2 l=   8 prim:   OBJECT            :md5
149          14:d=2  hl=2 l=   0 prim:   NULL
150          16:d=1  hl=2 l=  16 prim:  OCTET STRING
151             0000 - f3 46 9e aa 1a 4a 73 c9-37 ea 93 00 48 25 08 b5   .F...Js.7...H%..
152
153       This is the parsed version of an ASN1 DigestInfo structure. It can be
154       seen that the digest used was md5. The actual part of the certificate
155       that was signed can be extracted with:
156
157        openssl asn1parse -in pca-cert.pem -out tbs -noout -strparse 4
158
159       and its digest computed with:
160
161        openssl md5 -c tbs
162        MD5(tbs)= f3:46:9e:aa:1a:4a:73:c9:37:ea:93:00:48:25:08:b5
163
164       which it can be seen agrees with the recovered value above.
165

SEE ALSO

167       dgst(1), rsa(1), genrsa(1)
168
170       Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.
171
172       Licensed under the OpenSSL license (the "License").  You may not use
173       this file except in compliance with the License.  You can obtain a copy
174       in the file LICENSE in the source distribution or at
175       <https://www.openssl.org/source/license.html>.
176
177
178
1791.1.1c                            2019-05-28                         RSAUTL(1)
Impressum