1RSAUTL(1)                           OpenSSL                          RSAUTL(1)
2
3
4

NAME

6       rsautl - RSA utility
7

SYNOPSIS

9       openssl rsautl [-in file] [-out file] [-inkey file] [-pubin] [-certin]
10       [-sign] [-verify] [-encrypt] [-decrypt] [-pkcs] [-ssl] [-raw]
11       [-hexdump] [-asn1parse]
12

DESCRIPTION

14       The rsautl command can be used to sign, verify, encrypt and decrypt
15       data using the RSA algorithm.
16

COMMAND OPTIONS

18       -in filename
19           This specifies the input filename to read data from or standard
20           input if this option is not specified.
21
22       -out filename
23           specifies the output filename to write to or standard output by
24           default.
25
26       -inkey file
27           the input key file, by default it should be an RSA private key.
28
29       -pubin
30           the input file is an RSA public key.
31
32       -certin
33           the input is a certificate containing an RSA public key.
34
35       -sign
36           sign the input data and output the signed result. This requires and
37           RSA private key.
38
39       -verify
40           verify the input data and output the recovered data.
41
42       -encrypt
43           encrypt the input data using an RSA public key.
44
45       -decrypt
46           decrypt the input data using an RSA private key.
47
48       -pkcs, -oaep, -ssl, -raw
49           the padding to use: PKCS#1 v1.5 (the default), PKCS#1 OAEP, special
50           padding used in SSL v2 backwards compatible handshakes, or no
51           padding, respectively.  For signatures, only -pkcs and -raw can be
52           used.
53
54       -hexdump
55           hex dump the output data.
56
57       -asn1parse
58           asn1parse the output data, this is useful when combined with the
59           -verify option.
60

NOTES

62       rsautl because it uses the RSA algorithm directly can only be used to
63       sign or verify small pieces of data.
64

EXAMPLES

66       Sign some data using a private key:
67
68        openssl rsautl -sign -in file -inkey key.pem -out sig
69
70       Recover the signed data
71
72        openssl rsautl -verify -in sig -inkey key.pem
73
74       Examine the raw signed data:
75
76        openssl rsautl -verify -in file -inkey key.pem -raw -hexdump
77
78        0000 - 00 01 ff ff ff ff ff ff-ff ff ff ff ff ff ff ff   ................
79        0010 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff   ................
80        0020 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff   ................
81        0030 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff   ................
82        0040 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff   ................
83        0050 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff   ................
84        0060 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff   ................
85        0070 - ff ff ff ff 00 68 65 6c-6c 6f 20 77 6f 72 6c 64   .....hello world
86
87       The PKCS#1 block formatting is evident from this. If this was done
88       using encrypt and decrypt the block would have been of type 2 (the
89       second byte) and random padding data visible instead of the 0xff bytes.
90
91       It is possible to analyse the signature of certificates using this
92       utility in conjunction with asn1parse. Consider the self signed example
93       in certs/pca-cert.pem . Running asn1parse as follows yields:
94
95        openssl asn1parse -in pca-cert.pem
96
97           0:d=0  hl=4 l= 742 cons: SEQUENCE
98           4:d=1  hl=4 l= 591 cons:  SEQUENCE
99           8:d=2  hl=2 l=   3 cons:   cont [ 0 ]
100          10:d=3  hl=2 l=   1 prim:    INTEGER           :02
101          13:d=2  hl=2 l=   1 prim:   INTEGER           :00
102          16:d=2  hl=2 l=  13 cons:   SEQUENCE
103          18:d=3  hl=2 l=   9 prim:    OBJECT            :md5WithRSAEncryption
104          29:d=3  hl=2 l=   0 prim:    NULL
105          31:d=2  hl=2 l=  92 cons:   SEQUENCE
106          33:d=3  hl=2 l=  11 cons:    SET
107          35:d=4  hl=2 l=   9 cons:     SEQUENCE
108          37:d=5  hl=2 l=   3 prim:      OBJECT            :countryName
109          42:d=5  hl=2 l=   2 prim:      PRINTABLESTRING   :AU
110         ....
111         599:d=1  hl=2 l=  13 cons:  SEQUENCE
112         601:d=2  hl=2 l=   9 prim:   OBJECT            :md5WithRSAEncryption
113         612:d=2  hl=2 l=   0 prim:   NULL
114         614:d=1  hl=3 l= 129 prim:  BIT STRING
115
116       The final BIT STRING contains the actual signature. It can be extracted
117       with:
118
119        openssl asn1parse -in pca-cert.pem -out sig -noout -strparse 614
120
121       The certificate public key can be extracted with:
122
123        openssl x509 -in test/testx509.pem -pubkey -noout >pubkey.pem
124
125       The signature can be analysed with:
126
127        openssl rsautl -in sig -verify -asn1parse -inkey pubkey.pem -pubin
128
129           0:d=0  hl=2 l=  32 cons: SEQUENCE
130           2:d=1  hl=2 l=  12 cons:  SEQUENCE
131           4:d=2  hl=2 l=   8 prim:   OBJECT            :md5
132          14:d=2  hl=2 l=   0 prim:   NULL
133          16:d=1  hl=2 l=  16 prim:  OCTET STRING
134             0000 - f3 46 9e aa 1a 4a 73 c9-37 ea 93 00 48 25 08 b5   .F...Js.7...H%..
135
136       This is the parsed version of an ASN1 DigestInfo structure. It can be
137       seen that the digest used was md5. The actual part of the certificate
138       that was signed can be extracted with:
139
140        openssl asn1parse -in pca-cert.pem -out tbs -noout -strparse 4
141
142       and its digest computed with:
143
144        openssl md5 -c tbs
145        MD5(tbs)= f3:46:9e:aa:1a:4a:73:c9:37:ea:93:00:48:25:08:b5
146
147       which it can be seen agrees with the recovered value above.
148

SEE ALSO

150       dgst(1), rsa(1), genrsa(1)
151
152
153
1541.0.1e                            2013-02-11                         RSAUTL(1)
Impressum