1RSAUTL(1) OpenSSL RSAUTL(1)
2
3
4
6 rsautl - RSA utility
7
9 openssl rsautl [-in file] [-out file] [-inkey file] [-pubin] [-certin]
10 [-sign] [-verify] [-encrypt] [-decrypt] [-pkcs] [-ssl] [-raw] [-hex‐
11 dump] [-asn1parse]
12
14 The rsautl command can be used to sign, verify, encrypt and decrypt
15 data using the RSA algorithm.
16
18 -in filename
19 This specifies the input filename to read data from or standard
20 input if this option is not specified.
21
22 -out filename
23 specifies the output filename to write to or standard output by
24 default.
25
26 -inkey file
27 the input key file, by default it should be an RSA private key.
28
29 -pubin
30 the input file is an RSA public key.
31
32 -certin
33 the input is a certificate containing an RSA public key.
34
35 -sign
36 sign the input data and output the signed result. This requires and
37 RSA private key.
38
39 -verify
40 verify the input data and output the recovered data.
41
42 -encrypt
43 encrypt the input data using an RSA public key.
44
45 -decrypt
46 decrypt the input data using an RSA private key.
47
48 -pkcs, -oaep, -ssl, -raw
49 the padding to use: PKCS#1 v1.5 (the default), PKCS#1 OAEP, special
50 padding used in SSL v2 backwards compatible handshakes, or no pad‐
51 ding, respectively. For signatures, only -pkcs and -raw can be
52 used.
53
54 -hexdump
55 hex dump the output data.
56
57 -asn1parse
58 asn1parse the output data, this is useful when combined with the
59 -verify option.
60
62 rsautl because it uses the RSA algorithm directly can only be used to
63 sign or verify small pieces of data.
64
66 Sign some data using a private key:
67
68 openssl rsautl -sign -in file -inkey key.pem -out sig
69
70 Recover the signed data
71
72 openssl rsautl -verify -in sig -inkey key.pem
73
74 Examine the raw signed data:
75
76 openssl rsautl -verify -in file -inkey key.pem -raw -hexdump
77
78 0000 - 00 01 ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
79 0010 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
80 0020 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
81 0030 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
82 0040 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
83 0050 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
84 0060 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
85 0070 - ff ff ff ff 00 68 65 6c-6c 6f 20 77 6f 72 6c 64 .....hello world
86
87 The PKCS#1 block formatting is evident from this. If this was done
88 using encrypt and decrypt the block would have been of type 2 (the sec‐
89 ond byte) and random padding data visible instead of the 0xff bytes.
90
91 It is possible to analyse the signature of certificates using this
92 utility in conjunction with asn1parse. Consider the self signed example
93 in certs/pca-cert.pem . Running asn1parse as follows yields:
94
95 openssl asn1parse -in pca-cert.pem
96
97 0:d=0 hl=4 l= 742 cons: SEQUENCE
98 4:d=1 hl=4 l= 591 cons: SEQUENCE
99 8:d=2 hl=2 l= 3 cons: cont [ 0 ]
100 10:d=3 hl=2 l= 1 prim: INTEGER :02
101 13:d=2 hl=2 l= 1 prim: INTEGER :00
102 16:d=2 hl=2 l= 13 cons: SEQUENCE
103 18:d=3 hl=2 l= 9 prim: OBJECT :md5WithRSAEncryption
104 29:d=3 hl=2 l= 0 prim: NULL
105 31:d=2 hl=2 l= 92 cons: SEQUENCE
106 33:d=3 hl=2 l= 11 cons: SET
107 35:d=4 hl=2 l= 9 cons: SEQUENCE
108 37:d=5 hl=2 l= 3 prim: OBJECT :countryName
109 42:d=5 hl=2 l= 2 prim: PRINTABLESTRING :AU
110 ....
111 599:d=1 hl=2 l= 13 cons: SEQUENCE
112 601:d=2 hl=2 l= 9 prim: OBJECT :md5WithRSAEncryption
113 612:d=2 hl=2 l= 0 prim: NULL
114 614:d=1 hl=3 l= 129 prim: BIT STRING
115
116 The final BIT STRING contains the actual signature. It can be extracted
117 with:
118
119 openssl asn1parse -in pca-cert.pem -out sig -noout -strparse 614
120
121 The certificate public key can be extracted with:
122
123 openssl x509 -in test/testx509.pem -pubout -noout >pubkey.pem
124
125 The signature can be analysed with:
126
127 openssl rsautl -in sig -verify -asn1parse -inkey pubkey.pem -pubin
128
129 0:d=0 hl=2 l= 32 cons: SEQUENCE
130 2:d=1 hl=2 l= 12 cons: SEQUENCE
131 4:d=2 hl=2 l= 8 prim: OBJECT :md5
132 14:d=2 hl=2 l= 0 prim: NULL
133 16:d=1 hl=2 l= 16 prim: OCTET STRING
134 0000 - f3 46 9e aa 1a 4a 73 c9-37 ea 93 00 48 25 08 b5 .F...Js.7...H%..
135
136 This is the parsed version of an ASN1 DigestInfo structure. It can be
137 seen that the digest used was md5. The actual part of the certificate
138 that was signed can be extracted with:
139
140 openssl asn1parse -in pca-cert.pem -out tbs -noout -strparse 4
141
142 and its digest computed with:
143
144 openssl md5 -c tbs
145 MD5(tbs)= f3:46:9e:aa:1a:4a:73:c9:37:ea:93:00:48:25:08:b5
146
147 which it can be seen agrees with the recovered value above.
148
150 dgst(1), rsa(1), genrsa(1)
151
152
153
1540.9.8b 2001-04-25 RSAUTL(1)