2 {- OpenSSL::safe::output_do_not_edit_headers(); -}
6 openssl-rsautl - RSA command
16 [B<-inkey> I<filename>|I<uri>]
17 [B<-keyform> B<DER>|B<PEM>|B<P12>|B<ENGINE>]
30 {- $OpenSSL::safe::opt_engine_synopsis -}{- $OpenSSL::safe::opt_r_synopsis -}
31 {- $OpenSSL::safe::opt_provider_synopsis -}
35 This command has been deprecated.
36 The L<openssl-pkeyutl(1)> command should be used instead.
38 This command can be used to sign, verify, encrypt and decrypt
39 data using the RSA algorithm.
47 Print out a usage message.
49 =item B<-in> I<filename>
51 This specifies the input filename to read data from or standard input
52 if this option is not specified.
54 =item B<-passin> I<arg>
56 The passphrase used in the output file.
57 See see L<openssl-passphrase-options(1)>.
61 Reverse the order of the input.
63 =item B<-out> I<filename>
65 Specifies the output filename to write to or standard output by
68 =item B<-inkey> I<filename>|I<uri>
70 The input key, by default it should be an RSA private key.
72 =item B<-keyform> B<DER>|B<PEM>|B<P12>|B<ENGINE>
74 The key format; unspecified by default.
75 See L<openssl-format-options(1)> for details.
79 The input file is an RSA public key.
83 The input is a certificate containing an RSA public key.
87 Sign the input data and output the signed result. This requires
92 Verify the input data and output the recovered data.
96 Encrypt the input data using an RSA public key.
100 Decrypt the input data using an RSA private key.
102 =item B<-pkcs>, B<-oaep>, B<-x931> B<-raw>
104 The padding to use: PKCS#1 v1.5 (the default), PKCS#1 OAEP,
105 ANSI X9.31, or no padding, respectively.
106 For signatures, only B<-pkcs> and B<-raw> can be used.
110 Hex dump the output data.
114 Parse the ASN.1 output data, this is useful when combined with the
117 {- $OpenSSL::safe::opt_engine_item -}
119 {- $OpenSSL::safe::opt_r_item -}
121 {- $OpenSSL::safe::opt_provider_item -}
127 Since this command uses the RSA algorithm directly, it can only be
128 used to sign or verify small pieces of data.
132 Examples equivalent to these can be found in the documentation for the
133 non-deprecated L<openssl-pkeyutl(1)> command.
135 Sign some data using a private key:
137 openssl rsautl -sign -in file -inkey key.pem -out sig
139 Recover the signed data
141 openssl rsautl -verify -in sig -inkey key.pem
143 Examine the raw signed data:
145 openssl rsautl -verify -in sig -inkey key.pem -raw -hexdump
147 0000 - 00 01 ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
148 0010 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
149 0020 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
150 0030 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
151 0040 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
152 0050 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
153 0060 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
154 0070 - ff ff ff ff 00 68 65 6c-6c 6f 20 77 6f 72 6c 64 .....hello world
156 The PKCS#1 block formatting is evident from this. If this was done using
157 encrypt and decrypt the block would have been of type 2 (the second byte)
158 and random padding data visible instead of the 0xff bytes.
160 It is possible to analyse the signature of certificates using this
161 command in conjunction with L<openssl-asn1parse(1)>. Consider the self signed
162 example in F<certs/pca-cert.pem>. Running L<openssl-asn1parse(1)> as follows
165 openssl asn1parse -in pca-cert.pem
167 0:d=0 hl=4 l= 742 cons: SEQUENCE
168 4:d=1 hl=4 l= 591 cons: SEQUENCE
169 8:d=2 hl=2 l= 3 cons: cont [ 0 ]
170 10:d=3 hl=2 l= 1 prim: INTEGER :02
171 13:d=2 hl=2 l= 1 prim: INTEGER :00
172 16:d=2 hl=2 l= 13 cons: SEQUENCE
173 18:d=3 hl=2 l= 9 prim: OBJECT :md5WithRSAEncryption
174 29:d=3 hl=2 l= 0 prim: NULL
175 31:d=2 hl=2 l= 92 cons: SEQUENCE
176 33:d=3 hl=2 l= 11 cons: SET
177 35:d=4 hl=2 l= 9 cons: SEQUENCE
178 37:d=5 hl=2 l= 3 prim: OBJECT :countryName
179 42:d=5 hl=2 l= 2 prim: PRINTABLESTRING :AU
181 599:d=1 hl=2 l= 13 cons: SEQUENCE
182 601:d=2 hl=2 l= 9 prim: OBJECT :md5WithRSAEncryption
183 612:d=2 hl=2 l= 0 prim: NULL
184 614:d=1 hl=3 l= 129 prim: BIT STRING
187 The final BIT STRING contains the actual signature. It can be extracted with:
189 openssl asn1parse -in pca-cert.pem -out sig -noout -strparse 614
191 The certificate public key can be extracted with:
193 openssl x509 -in test/testx509.pem -pubkey -noout >pubkey.pem
195 The signature can be analysed with:
197 openssl rsautl -in sig -verify -asn1parse -inkey pubkey.pem -pubin
199 0:d=0 hl=2 l= 32 cons: SEQUENCE
200 2:d=1 hl=2 l= 12 cons: SEQUENCE
201 4:d=2 hl=2 l= 8 prim: OBJECT :md5
202 14:d=2 hl=2 l= 0 prim: NULL
203 16:d=1 hl=2 l= 16 prim: OCTET STRING
204 0000 - f3 46 9e aa 1a 4a 73 c9-37 ea 93 00 48 25 08 b5 .F...Js.7...H%..
206 This is the parsed version of an ASN1 DigestInfo structure. It can be seen that
207 the digest used was md5. The actual part of the certificate that was signed can
210 openssl asn1parse -in pca-cert.pem -out tbs -noout -strparse 4
212 and its digest computed with:
215 MD5(tbs)= f3:46:9e:aa:1a:4a:73:c9:37:ea:93:00:48:25:08:b5
217 which it can be seen agrees with the recovered value above.
222 L<openssl-pkeyutl(1)>,
229 This command was deprecated in OpenSSL 3.0.
231 The B<-engine> option was deprecated in OpenSSL 3.0.
235 Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
237 Licensed under the Apache License 2.0 (the "License"). You may not use
238 this file except in compliance with the License. You can obtain a copy
239 in the file LICENSE in the source distribution or at
240 L<https://www.openssl.org/source/license.html>.