5 pkeyutl - public key algorithm utility
16 [B<-peerform PEM|DER>]
26 [B<-pkeyopt opt:value>]
32 The B<pkeyutl> command can be used to perform public key operations using
33 any supported algorithm.
35 =head1 COMMAND OPTIONS
41 This specifies the input filename to read data from or standard input
42 if this option is not specified.
44 =item B<-out filename>
46 specifies the output filename to write to or standard output by
51 the input key file, by default it should be a private key.
53 =item B<-keyform PEM|DER>
55 the key format PEM or DER.
57 =item B<-peerkey file>
59 the peer key file, used by key derivation (agreement) operations.
61 =item B<-peerform PEM|DER>
63 the peer key format PEM or DER.
67 the input file is a public key.
71 the input is a certificate containing a public key.
75 sign the input data and output the signed result. This requires
80 verify the input data against the signature file and indicate if the
81 verification succeeded or failed.
83 =item B<-verifyrecover>
85 verify the input data and output the recovered data.
89 encrypt the input data using a public key.
93 decrypt the input data using a private key.
97 derive a shared secret using the peer key.
101 hex dump the output data.
105 asn1parse the output data, this is useful when combined with the
106 B<-verifyrecover> option when an ASN1 structure is signed.
112 The operations and options supported vary according to the key algorithm
113 and its implementation. The OpenSSL operations and options are indicated below.
117 The RSA algorithm supports encrypt, decrypt, sign, verify and verifyrecover
118 operations in general. Some padding modes only support some of these
121 [NB: more to be added later]
126 Sign some data using a private key:
128 openssl pkeyutl -sign -in file -inkey key.pem -out sig
130 Recover the signed data (e.g. if an RSA key is used):
132 openssl pkeyutl -verifyrecover -in sig -inkey key.pem
134 Verify the signature (e.g. a DSA key):
136 openssl pkeyutl -verify -in file -sigfile sig -inkey key.pem
140 L<genpkey(1)|genpkey(1)>, L<pkey(1)|pkey(1)>, L<rsautl(1)|rsautl(1)>
141 L<dgst(1)|dgst(1)>, L<rsa(1)|rsa(1)>, L<genrsa(1)|genrsa(1)>