2 {- OpenSSL::safe::output_do_not_edit_headers(); -}
6 openssl-rsautl - RSA utility
17 [B<-keyform> B<DER>|B<PEM>|B<ENGINE>]
34 {- $OpenSSL::safe::opt_engine_synopsis -}
35 {- $OpenSSL::safe::opt_r_synopsis -}
36 {- $OpenSSL::safe::opt_provider_synopsis -}
38 =for openssl ifdef engine
42 This command has been deprecated.
43 The L<openssl-pkeyutl(1)> command should be used instead.
45 This command can be used to sign, verify, encrypt and decrypt
46 data using the RSA algorithm.
54 Print out a usage message.
56 =item B<-in> I<filename>
58 This specifies the input filename to read data from or standard input
59 if this option is not specified.
61 =item B<-passin> I<arg>
63 The passphrase used in the output file.
64 See see L<openssl(1)/Pass Phrase Options>.
68 Reverse the order of the input.
70 =item B<-out> I<filename>
72 Specifies the output filename to write to or standard output by
75 =item B<-inkey> I<file>
77 The input key file, by default it should be an RSA private key.
79 =item B<-keyform> B<DER>|B<PEM>|B<ENGINE>
81 The key format; the default is B<PEM>.
82 See L<openssl(1)/Format Options> for details.
86 The input file is an RSA public key.
90 The input is a certificate containing an RSA public key.
94 Sign the input data and output the signed result. This requires
99 Verify the input data and output the recovered data.
103 Encrypt the input data using an RSA public key.
107 Decrypt the input data using an RSA private key.
109 =item B<-pkcs>, B<-oaep>, B<-x931> B<-ssl>, B<-raw>
111 The padding to use: PKCS#1 v1.5 (the default), PKCS#1 OAEP,
113 special padding used in SSL v2 backwards compatible handshakes,
114 or no padding, respectively.
115 For signatures, only B<-pkcs> and B<-raw> can be used.
119 Hex dump the output data.
123 Parse the ASN.1 output data, this is useful when combined with the
126 {- $OpenSSL::safe::opt_engine_item -}
128 {- $OpenSSL::safe::opt_r_item -}
130 {- $OpenSSL::safe::opt_provider_item -}
136 Since this command uses the RSA algorithm directly, it can only be
137 used to sign or verify small pieces of data.
141 Examples equivalent to these can be found in the documentation for the
142 non-deprecated L<openssl-pkeyutl(1)> command.
144 Sign some data using a private key:
146 openssl rsautl -sign -in file -inkey key.pem -out sig
148 Recover the signed data
150 openssl rsautl -verify -in sig -inkey key.pem
152 Examine the raw signed data:
154 openssl rsautl -verify -in sig -inkey key.pem -raw -hexdump
156 0000 - 00 01 ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
157 0010 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
158 0020 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
159 0030 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
160 0040 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
161 0050 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
162 0060 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
163 0070 - ff ff ff ff 00 68 65 6c-6c 6f 20 77 6f 72 6c 64 .....hello world
165 The PKCS#1 block formatting is evident from this. If this was done using
166 encrypt and decrypt the block would have been of type 2 (the second byte)
167 and random padding data visible instead of the 0xff bytes.
169 It is possible to analyse the signature of certificates using this
170 utility in conjunction with L<openssl-asn1parse(1)>. Consider the self signed
171 example in F<certs/pca-cert.pem>. Running L<openssl-asn1parse(1)> as follows
174 openssl asn1parse -in pca-cert.pem
176 0:d=0 hl=4 l= 742 cons: SEQUENCE
177 4:d=1 hl=4 l= 591 cons: SEQUENCE
178 8:d=2 hl=2 l= 3 cons: cont [ 0 ]
179 10:d=3 hl=2 l= 1 prim: INTEGER :02
180 13:d=2 hl=2 l= 1 prim: INTEGER :00
181 16:d=2 hl=2 l= 13 cons: SEQUENCE
182 18:d=3 hl=2 l= 9 prim: OBJECT :md5WithRSAEncryption
183 29:d=3 hl=2 l= 0 prim: NULL
184 31:d=2 hl=2 l= 92 cons: SEQUENCE
185 33:d=3 hl=2 l= 11 cons: SET
186 35:d=4 hl=2 l= 9 cons: SEQUENCE
187 37:d=5 hl=2 l= 3 prim: OBJECT :countryName
188 42:d=5 hl=2 l= 2 prim: PRINTABLESTRING :AU
190 599:d=1 hl=2 l= 13 cons: SEQUENCE
191 601:d=2 hl=2 l= 9 prim: OBJECT :md5WithRSAEncryption
192 612:d=2 hl=2 l= 0 prim: NULL
193 614:d=1 hl=3 l= 129 prim: BIT STRING
196 The final BIT STRING contains the actual signature. It can be extracted with:
198 openssl asn1parse -in pca-cert.pem -out sig -noout -strparse 614
200 The certificate public key can be extracted with:
202 openssl x509 -in test/testx509.pem -pubkey -noout >pubkey.pem
204 The signature can be analysed with:
206 openssl rsautl -in sig -verify -asn1parse -inkey pubkey.pem -pubin
208 0:d=0 hl=2 l= 32 cons: SEQUENCE
209 2:d=1 hl=2 l= 12 cons: SEQUENCE
210 4:d=2 hl=2 l= 8 prim: OBJECT :md5
211 14:d=2 hl=2 l= 0 prim: NULL
212 16:d=1 hl=2 l= 16 prim: OCTET STRING
213 0000 - f3 46 9e aa 1a 4a 73 c9-37 ea 93 00 48 25 08 b5 .F...Js.7...H%..
215 This is the parsed version of an ASN1 DigestInfo structure. It can be seen that
216 the digest used was md5. The actual part of the certificate that was signed can
219 openssl asn1parse -in pca-cert.pem -out tbs -noout -strparse 4
221 and its digest computed with:
224 MD5(tbs)= f3:46:9e:aa:1a:4a:73:c9:37:ea:93:00:48:25:08:b5
226 which it can be seen agrees with the recovered value above.
231 L<openssl-pkeyutl(1)>,
238 This command was deprecated in OpenSSL 3.0.
242 Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
244 Licensed under the Apache License 2.0 (the "License"). You may not use
245 this file except in compliance with the License. You can obtain a copy
246 in the file LICENSE in the source distribution or at
247 L<https://www.openssl.org/source/license.html>.