2 {- OpenSSL::safe::output_do_not_edit_headers(); -}
6 openssl-rsautl - RSA utility
17 [B<-keyform> B<DER>|B<PEM>|B<ENGINE>]
34 {- $OpenSSL::safe::opt_engine_synopsis -}
35 {- $OpenSSL::safe::opt_r_synopsis -}
37 =for openssl ifdef engine
41 This command has been deprecated.
42 The L<openssl-pkeyutl(1)> command should be used instead.
44 This command can be used to sign, verify, encrypt and decrypt
45 data using the RSA algorithm.
53 Print out a usage message.
55 =item B<-in> I<filename>
57 This specifies the input filename to read data from or standard input
58 if this option is not specified.
60 =item B<-passin> I<arg>
62 The passphrase used in the output file.
63 See see L<openssl(1)/Pass Phrase Options>.
67 Reverse the order of the input.
69 =item B<-out> I<filename>
71 Specifies the output filename to write to or standard output by
74 =item B<-inkey> I<file>
76 The input key file, by default it should be an RSA private key.
78 =item B<-keyform> B<DER>|B<PEM>|B<ENGINE>
80 The key format; the default is B<PEM>.
81 See L<openssl(1)/Format Options> for details.
85 The input file is an RSA public key.
89 The input is a certificate containing an RSA public key.
93 Sign the input data and output the signed result. This requires
98 Verify the input data and output the recovered data.
102 Encrypt the input data using an RSA public key.
106 Decrypt the input data using an RSA private key.
108 =item B<-pkcs>, B<-oaep>, B<-x931> B<-ssl>, B<-raw>
110 The padding to use: PKCS#1 v1.5 (the default), PKCS#1 OAEP,
112 special padding used in SSL v2 backwards compatible handshakes,
113 or no padding, respectively.
114 For signatures, only B<-pkcs> and B<-raw> can be used.
118 Hex dump the output data.
122 Parse the ASN.1 output data, this is useful when combined with the
125 {- $OpenSSL::safe::opt_engine_item -}
127 {- $OpenSSL::safe::opt_r_item -}
133 Since this command uses the RSA algorithm directly, it can only be
134 used to sign or verify small pieces of data.
138 Examples equivalent to these can be found in the documentation for the
139 non-deprecated L<openssl-pkeyutl(1)> command.
141 Sign some data using a private key:
143 openssl rsautl -sign -in file -inkey key.pem -out sig
145 Recover the signed data
147 openssl rsautl -verify -in sig -inkey key.pem
149 Examine the raw signed data:
151 openssl rsautl -verify -in sig -inkey key.pem -raw -hexdump
153 0000 - 00 01 ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
154 0010 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
155 0020 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
156 0030 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
157 0040 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
158 0050 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
159 0060 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
160 0070 - ff ff ff ff 00 68 65 6c-6c 6f 20 77 6f 72 6c 64 .....hello world
162 The PKCS#1 block formatting is evident from this. If this was done using
163 encrypt and decrypt the block would have been of type 2 (the second byte)
164 and random padding data visible instead of the 0xff bytes.
166 It is possible to analyse the signature of certificates using this
167 utility in conjunction with L<openssl-asn1parse(1)>. Consider the self signed
168 example in F<certs/pca-cert.pem>. Running L<openssl-asn1parse(1)> as follows
171 openssl asn1parse -in pca-cert.pem
173 0:d=0 hl=4 l= 742 cons: SEQUENCE
174 4:d=1 hl=4 l= 591 cons: SEQUENCE
175 8:d=2 hl=2 l= 3 cons: cont [ 0 ]
176 10:d=3 hl=2 l= 1 prim: INTEGER :02
177 13:d=2 hl=2 l= 1 prim: INTEGER :00
178 16:d=2 hl=2 l= 13 cons: SEQUENCE
179 18:d=3 hl=2 l= 9 prim: OBJECT :md5WithRSAEncryption
180 29:d=3 hl=2 l= 0 prim: NULL
181 31:d=2 hl=2 l= 92 cons: SEQUENCE
182 33:d=3 hl=2 l= 11 cons: SET
183 35:d=4 hl=2 l= 9 cons: SEQUENCE
184 37:d=5 hl=2 l= 3 prim: OBJECT :countryName
185 42:d=5 hl=2 l= 2 prim: PRINTABLESTRING :AU
187 599:d=1 hl=2 l= 13 cons: SEQUENCE
188 601:d=2 hl=2 l= 9 prim: OBJECT :md5WithRSAEncryption
189 612:d=2 hl=2 l= 0 prim: NULL
190 614:d=1 hl=3 l= 129 prim: BIT STRING
193 The final BIT STRING contains the actual signature. It can be extracted with:
195 openssl asn1parse -in pca-cert.pem -out sig -noout -strparse 614
197 The certificate public key can be extracted with:
199 openssl x509 -in test/testx509.pem -pubkey -noout >pubkey.pem
201 The signature can be analysed with:
203 openssl rsautl -in sig -verify -asn1parse -inkey pubkey.pem -pubin
205 0:d=0 hl=2 l= 32 cons: SEQUENCE
206 2:d=1 hl=2 l= 12 cons: SEQUENCE
207 4:d=2 hl=2 l= 8 prim: OBJECT :md5
208 14:d=2 hl=2 l= 0 prim: NULL
209 16:d=1 hl=2 l= 16 prim: OCTET STRING
210 0000 - f3 46 9e aa 1a 4a 73 c9-37 ea 93 00 48 25 08 b5 .F...Js.7...H%..
212 This is the parsed version of an ASN1 DigestInfo structure. It can be seen that
213 the digest used was md5. The actual part of the certificate that was signed can
216 openssl asn1parse -in pca-cert.pem -out tbs -noout -strparse 4
218 and its digest computed with:
221 MD5(tbs)= f3:46:9e:aa:1a:4a:73:c9:37:ea:93:00:48:25:08:b5
223 which it can be seen agrees with the recovered value above.
228 L<openssl-pkeyutl(1)>,
235 This command was deprecated in OpenSSL 3.0.
239 Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
241 Licensed under the Apache License 2.0 (the "License"). You may not use
242 this file except in compliance with the License. You can obtain a copy
243 in the file LICENSE in the source distribution or at
244 L<https://www.openssl.org/source/license.html>.