rsautl.pod revision 325337
1=pod 2 3=head1 NAME 4 5openssl-rsautl, 6rsautl - RSA utility 7 8=head1 SYNOPSIS 9 10B<openssl> B<rsautl> 11[B<-in file>] 12[B<-out file>] 13[B<-inkey file>] 14[B<-pubin>] 15[B<-certin>] 16[B<-sign>] 17[B<-verify>] 18[B<-encrypt>] 19[B<-decrypt>] 20[B<-pkcs>] 21[B<-ssl>] 22[B<-raw>] 23[B<-hexdump>] 24[B<-asn1parse>] 25 26=head1 DESCRIPTION 27 28The B<rsautl> command can be used to sign, verify, encrypt and decrypt 29data using the RSA algorithm. 30 31=head1 COMMAND OPTIONS 32 33=over 4 34 35=item B<-in filename> 36 37This specifies the input filename to read data from or standard input 38if this option is not specified. 39 40=item B<-out filename> 41 42specifies the output filename to write to or standard output by 43default. 44 45=item B<-inkey file> 46 47the input key file, by default it should be an RSA private key. 48 49=item B<-pubin> 50 51the input file is an RSA public key. 52 53=item B<-certin> 54 55the input is a certificate containing an RSA public key. 56 57=item B<-sign> 58 59sign the input data and output the signed result. This requires 60and RSA private key. 61 62=item B<-verify> 63 64verify the input data and output the recovered data. 65 66=item B<-encrypt> 67 68encrypt the input data using an RSA public key. 69 70=item B<-decrypt> 71 72decrypt the input data using an RSA private key. 73 74=item B<-pkcs, -oaep, -ssl, -raw> 75 76the padding to use: PKCS#1 v1.5 (the default), PKCS#1 OAEP, 77special padding used in SSL v2 backwards compatible handshakes, 78or no padding, respectively. 79For signatures, only B<-pkcs> and B<-raw> can be used. 80 81=item B<-hexdump> 82 83hex dump the output data. 84 85=item B<-asn1parse> 86 87asn1parse the output data, this is useful when combined with the 88B<-verify> option. 89 90=back 91 92=head1 NOTES 93 94B<rsautl> because it uses the RSA algorithm directly can only be 95used to sign or verify small pieces of data. 96 97=head1 EXAMPLES 98 99Sign some data using a private key: 100 101 openssl rsautl -sign -in file -inkey key.pem -out sig 102 103Recover the signed data 104 105 openssl rsautl -verify -in sig -inkey key.pem 106 107Examine the raw signed data: 108 109 openssl rsautl -verify -in sig -inkey key.pem -raw -hexdump 110 111 0000 - 00 01 ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................ 112 0010 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................ 113 0020 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................ 114 0030 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................ 115 0040 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................ 116 0050 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................ 117 0060 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................ 118 0070 - ff ff ff ff 00 68 65 6c-6c 6f 20 77 6f 72 6c 64 .....hello world 119 120The PKCS#1 block formatting is evident from this. If this was done using 121encrypt and decrypt the block would have been of type 2 (the second byte) 122and random padding data visible instead of the 0xff bytes. 123 124It is possible to analyse the signature of certificates using this 125utility in conjunction with B<asn1parse>. Consider the self signed 126example in certs/pca-cert.pem . Running B<asn1parse> as follows yields: 127 128 openssl asn1parse -in pca-cert.pem 129 130 0:d=0 hl=4 l= 742 cons: SEQUENCE 131 4:d=1 hl=4 l= 591 cons: SEQUENCE 132 8:d=2 hl=2 l= 3 cons: cont [ 0 ] 133 10:d=3 hl=2 l= 1 prim: INTEGER :02 134 13:d=2 hl=2 l= 1 prim: INTEGER :00 135 16:d=2 hl=2 l= 13 cons: SEQUENCE 136 18:d=3 hl=2 l= 9 prim: OBJECT :md5WithRSAEncryption 137 29:d=3 hl=2 l= 0 prim: NULL 138 31:d=2 hl=2 l= 92 cons: SEQUENCE 139 33:d=3 hl=2 l= 11 cons: SET 140 35:d=4 hl=2 l= 9 cons: SEQUENCE 141 37:d=5 hl=2 l= 3 prim: OBJECT :countryName 142 42:d=5 hl=2 l= 2 prim: PRINTABLESTRING :AU 143 .... 144 599:d=1 hl=2 l= 13 cons: SEQUENCE 145 601:d=2 hl=2 l= 9 prim: OBJECT :md5WithRSAEncryption 146 612:d=2 hl=2 l= 0 prim: NULL 147 614:d=1 hl=3 l= 129 prim: BIT STRING 148 149 150The final BIT STRING contains the actual signature. It can be extracted with: 151 152 openssl asn1parse -in pca-cert.pem -out sig -noout -strparse 614 153 154The certificate public key can be extracted with: 155 156 openssl x509 -in test/testx509.pem -pubkey -noout >pubkey.pem 157 158The signature can be analysed with: 159 160 openssl rsautl -in sig -verify -asn1parse -inkey pubkey.pem -pubin 161 162 0:d=0 hl=2 l= 32 cons: SEQUENCE 163 2:d=1 hl=2 l= 12 cons: SEQUENCE 164 4:d=2 hl=2 l= 8 prim: OBJECT :md5 165 14:d=2 hl=2 l= 0 prim: NULL 166 16:d=1 hl=2 l= 16 prim: OCTET STRING 167 0000 - f3 46 9e aa 1a 4a 73 c9-37 ea 93 00 48 25 08 b5 .F...Js.7...H%.. 168 169This is the parsed version of an ASN1 DigestInfo structure. It can be seen that 170the digest used was md5. The actual part of the certificate that was signed can 171be extracted with: 172 173 openssl asn1parse -in pca-cert.pem -out tbs -noout -strparse 4 174 175and its digest computed with: 176 177 openssl md5 -c tbs 178 MD5(tbs)= f3:46:9e:aa:1a:4a:73:c9:37:ea:93:00:48:25:08:b5 179 180which it can be seen agrees with the recovered value above. 181 182=head1 SEE ALSO 183 184L<dgst(1)|dgst(1)>, L<rsa(1)|rsa(1)>, L<genrsa(1)|genrsa(1)> 185