[B<-verify>]
[B<-encrypt>]
[B<-decrypt>]
+[B<-rand file...>]
+[B<-writerand file>]
[B<-pkcs>]
[B<-ssl>]
[B<-raw>]
The B<rsautl> command can be used to sign, verify, encrypt and decrypt
data using the RSA algorithm.
-=head1 COMMAND OPTIONS
+=head1 OPTIONS
=over 4
=item B<-out filename>
-specifies the output filename to write to or standard output by
+Specifies the output filename to write to or standard output by
default.
=item B<-inkey file>
-the input key file, by default it should be an RSA private key.
+The input key file, by default it should be an RSA private key.
=item B<-keyform PEM|DER|ENGINE>
-the key format PEM, DER or ENGINE.
+The key format PEM, DER or ENGINE.
=item B<-pubin>
-the input file is an RSA public key.
+The input file is an RSA public key.
=item B<-certin>
-the input is a certificate containing an RSA public key.
+The input is a certificate containing an RSA public key.
=item B<-sign>
-sign the input data and output the signed result. This requires
+Sign the input data and output the signed result. This requires
an RSA private key.
=item B<-verify>
-verify the input data and output the recovered data.
+Verify the input data and output the recovered data.
=item B<-encrypt>
-encrypt the input data using an RSA public key.
+Encrypt the input data using an RSA public key.
=item B<-decrypt>
-decrypt the input data using an RSA private key.
+Decrypt the input data using an RSA private key.
+
+=item B<-rand file...>
+
+A file or files containing random data used to seed the random number
+generator.
+Multiple files can be specified separated by an OS-dependent character.
+The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
+all others.
+
+=item [B<-writerand file>]
+
+Writes random data to the specified I<file> upon exit.
+This can be used with a subsequent B<-rand> flag.
=item B<-pkcs, -oaep, -ssl, -raw>
-the padding to use: PKCS#1 v1.5 (the default), PKCS#1 OAEP,
+The padding to use: PKCS#1 v1.5 (the default), PKCS#1 OAEP,
special padding used in SSL v2 backwards compatible handshakes,
or no padding, respectively.
For signatures, only B<-pkcs> and B<-raw> can be used.
=item B<-hexdump>
-hex dump the output data.
+Hex dump the output data.
=item B<-asn1parse>
-asn1parse the output data, this is useful when combined with the
+Parse the ASN.1 output data, this is useful when combined with the
B<-verify> option.
=back
=head1 COPYRIGHT
-Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy