5 openssl-rsautl - RSA utility
14 [B<-keyform> B<DER>|B<PEM>|B<ENGINE>]
22 [B<-writerand> I<file>]
29 =for openssl ifdef engine
33 This command can be used to sign, verify, encrypt and decrypt
34 data using the RSA algorithm.
42 Print out a usage message.
44 =item B<-in> I<filename>
46 This specifies the input filename to read data from or standard input
47 if this option is not specified.
49 =item B<-out> I<filename>
51 Specifies the output filename to write to or standard output by
54 =item B<-inkey> I<file>
56 The input key file, by default it should be an RSA private key.
58 =item B<-keyform> B<DER>|B<PEM>|B<ENGINE>
60 The key format; the default is B<PEM>.
61 See L<openssl(1)/Format Options> for details.
65 The input file is an RSA public key.
69 The input is a certificate containing an RSA public key.
73 Sign the input data and output the signed result. This requires
78 Verify the input data and output the recovered data.
82 Encrypt the input data using an RSA public key.
86 Decrypt the input data using an RSA private key.
88 =item B<-rand> I<files>, B<-writerand> I<file>
90 See L<openssl(1)/Random State Options> for more information.
92 =item B<-pkcs>, B<-oaep>, B<-ssl>, B<-raw>
94 The padding to use: PKCS#1 v1.5 (the default), PKCS#1 OAEP,
95 special padding used in SSL v2 backwards compatible handshakes,
96 or no padding, respectively.
97 For signatures, only B<-pkcs> and B<-raw> can be used.
101 Hex dump the output data.
105 Parse the ASN.1 output data, this is useful when combined with the
112 Since this command uses the RSA algorithm directly, it can only be
113 used to sign or verify small pieces of data.
117 Sign some data using a private key:
119 openssl rsautl -sign -in file -inkey key.pem -out sig
121 Recover the signed data
123 openssl rsautl -verify -in sig -inkey key.pem
125 Examine the raw signed data:
127 openssl rsautl -verify -in sig -inkey key.pem -raw -hexdump
129 0000 - 00 01 ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
130 0010 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
131 0020 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
132 0030 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
133 0040 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
134 0050 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
135 0060 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
136 0070 - ff ff ff ff 00 68 65 6c-6c 6f 20 77 6f 72 6c 64 .....hello world
138 The PKCS#1 block formatting is evident from this. If this was done using
139 encrypt and decrypt the block would have been of type 2 (the second byte)
140 and random padding data visible instead of the 0xff bytes.
142 It is possible to analyse the signature of certificates using this
143 utility in conjunction with L<openssl-asn1parse(1)>. Consider the self signed
144 example in F<certs/pca-cert.pem>. Running L<openssl-asn1parse(1)> as follows
147 openssl asn1parse -in pca-cert.pem
149 0:d=0 hl=4 l= 742 cons: SEQUENCE
150 4:d=1 hl=4 l= 591 cons: SEQUENCE
151 8:d=2 hl=2 l= 3 cons: cont [ 0 ]
152 10:d=3 hl=2 l= 1 prim: INTEGER :02
153 13:d=2 hl=2 l= 1 prim: INTEGER :00
154 16:d=2 hl=2 l= 13 cons: SEQUENCE
155 18:d=3 hl=2 l= 9 prim: OBJECT :md5WithRSAEncryption
156 29:d=3 hl=2 l= 0 prim: NULL
157 31:d=2 hl=2 l= 92 cons: SEQUENCE
158 33:d=3 hl=2 l= 11 cons: SET
159 35:d=4 hl=2 l= 9 cons: SEQUENCE
160 37:d=5 hl=2 l= 3 prim: OBJECT :countryName
161 42:d=5 hl=2 l= 2 prim: PRINTABLESTRING :AU
163 599:d=1 hl=2 l= 13 cons: SEQUENCE
164 601:d=2 hl=2 l= 9 prim: OBJECT :md5WithRSAEncryption
165 612:d=2 hl=2 l= 0 prim: NULL
166 614:d=1 hl=3 l= 129 prim: BIT STRING
169 The final BIT STRING contains the actual signature. It can be extracted with:
171 openssl asn1parse -in pca-cert.pem -out sig -noout -strparse 614
173 The certificate public key can be extracted with:
175 openssl x509 -in test/testx509.pem -pubkey -noout >pubkey.pem
177 The signature can be analysed with:
179 openssl rsautl -in sig -verify -asn1parse -inkey pubkey.pem -pubin
181 0:d=0 hl=2 l= 32 cons: SEQUENCE
182 2:d=1 hl=2 l= 12 cons: SEQUENCE
183 4:d=2 hl=2 l= 8 prim: OBJECT :md5
184 14:d=2 hl=2 l= 0 prim: NULL
185 16:d=1 hl=2 l= 16 prim: OCTET STRING
186 0000 - f3 46 9e aa 1a 4a 73 c9-37 ea 93 00 48 25 08 b5 .F...Js.7...H%..
188 This is the parsed version of an ASN1 DigestInfo structure. It can be seen that
189 the digest used was md5. The actual part of the certificate that was signed can
192 openssl asn1parse -in pca-cert.pem -out tbs -noout -strparse 4
194 and its digest computed with:
197 MD5(tbs)= f3:46:9e:aa:1a:4a:73:c9:37:ea:93:00:48:25:08:b5
199 which it can be seen agrees with the recovered value above.
210 Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
212 Licensed under the Apache License 2.0 (the "License"). You may not use
213 this file except in compliance with the License. You can obtain a copy
214 in the file LICENSE in the source distribution or at
215 L<https://www.openssl.org/source/license.html>.