27 The B<rsautl> command can be used to sign, verify, encrypt and decrypt
28 data using the RSA algorithm.
30 =head1 COMMAND OPTIONS
36 This specifies the input filename to read data from or standard input
37 if this option is not specified.
39 =item B<-out filename>
41 specifies the output filename to write to or standard output by
46 the input key file, by default it should be an RSA private key.
50 the input file is an RSA public key.
54 the input is a certificate containing an RSA public key.
58 sign the input data and output the signed result. This requires
63 verify the input data and output the recovered data.
67 encrypt the input data using an RSA public key.
71 decrypt the input data using an RSA private key.
73 =item B<-pkcs, -ssl, -raw>
75 the padding to use, PKCS#1 v1.5 (the default) SSL v2 or no padding
80 hex dump the output data.
84 asn1parse the output data, this is useful when combined with the
91 B<rsautl> because it uses the RSA algorithm directly can only be
92 used to sign or verify small pieces of data.
96 Sign the some data using a private key:
98 openssl rsautl -sign -in file -inkey key.pem -out sig
100 Recover the signed data
102 openssl rsautl -sign -in sig -inkey key.pem
104 Examine the raw signed data:
106 openssl rsautl -sign -in file -inkey key.pem -raw -hexdump
108 0000 - 00 01 ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
109 0010 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
110 0020 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
111 0030 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
112 0040 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
113 0050 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
114 0060 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
115 0070 - ff ff ff ff 00 68 65 6c-6c 6f 20 77 6f 72 6c 64 .....hello world
117 The PKCS#1 block formatting is evident from this. If this was done using
118 encrypt and decrypt the block would have been of type 2 (the second byte)
119 and random padding data visible instead of the 0xff bytes.
121 It is possible to analyse the signature of certificates using this
122 utility in conjunction with B<asn1parse>. Consider the self signed
123 example in certs/pca-cert.pem . Running B<asn1parse> as follows yields:
125 openssl asn1parse -in pca-cert.pem
127 0:d=0 hl=4 l= 742 cons: SEQUENCE
128 4:d=1 hl=4 l= 591 cons: SEQUENCE
129 8:d=2 hl=2 l= 3 cons: cont [ 0 ]
130 10:d=3 hl=2 l= 1 prim: INTEGER :02
131 13:d=2 hl=2 l= 1 prim: INTEGER :00
132 16:d=2 hl=2 l= 13 cons: SEQUENCE
133 18:d=3 hl=2 l= 9 prim: OBJECT :md5WithRSAEncryption
134 29:d=3 hl=2 l= 0 prim: NULL
135 31:d=2 hl=2 l= 92 cons: SEQUENCE
136 33:d=3 hl=2 l= 11 cons: SET
137 35:d=4 hl=2 l= 9 cons: SEQUENCE
138 37:d=5 hl=2 l= 3 prim: OBJECT :countryName
139 42:d=5 hl=2 l= 2 prim: PRINTABLESTRING :AU
141 599:d=1 hl=2 l= 13 cons: SEQUENCE
142 601:d=2 hl=2 l= 9 prim: OBJECT :md5WithRSAEncryption
143 612:d=2 hl=2 l= 0 prim: NULL
144 614:d=1 hl=3 l= 129 prim: BIT STRING
147 The final BIT STRING contains the actual signature. It can be extracted with:
149 openssl asn1parse -in pca-cert.pem -out sig -noout -strparse 614
151 The certificate public key can be extracted with:
153 openssl x509 -in test/testx509.pem -pubout -noout >pubkey.pem
155 The signature can be analysed with:
157 openssl rsautl -in sig -verify -asn1parse -inkey pubkey.pem -pubin
159 0:d=0 hl=2 l= 32 cons: SEQUENCE
160 2:d=1 hl=2 l= 12 cons: SEQUENCE
161 4:d=2 hl=2 l= 8 prim: OBJECT :md5
162 14:d=2 hl=2 l= 0 prim: NULL
163 16:d=1 hl=2 l= 16 prim: OCTET STRING
164 0000 - f3 46 9e aa 1a 4a 73 c9-37 ea 93 00 48 25 08 b5 .F...Js.7...H%..
166 This is the parsed version of an ASN1 DigestInfo structure. It can be seen that
167 the digest used was md5. The actual part of the certificate that was signed can
170 openssl asn1parse -in pca-cert.pem -out tbs -noout -strparse 4
172 and its digest computed with:
175 MD5(tbs)= f3:46:9e:aa:1a:4a:73:c9:37:ea:93:00:48:25:08:b5
177 which it can be seen agrees with the recovered value above.
181 L<dgst(1)|dgst(1)>, L<rsa(1)|rsa(1)>, L<genrsa(1)|genrsa(1)>