1*ebfedea0SLionel Sambuc=pod 2*ebfedea0SLionel Sambuc 3*ebfedea0SLionel Sambuc=head1 NAME 4*ebfedea0SLionel Sambuc 5*ebfedea0SLionel Sambucrsautl - RSA utility 6*ebfedea0SLionel Sambuc 7*ebfedea0SLionel Sambuc=head1 SYNOPSIS 8*ebfedea0SLionel Sambuc 9*ebfedea0SLionel SambucB<openssl> B<rsautl> 10*ebfedea0SLionel Sambuc[B<-in file>] 11*ebfedea0SLionel Sambuc[B<-out file>] 12*ebfedea0SLionel Sambuc[B<-inkey file>] 13*ebfedea0SLionel Sambuc[B<-pubin>] 14*ebfedea0SLionel Sambuc[B<-certin>] 15*ebfedea0SLionel Sambuc[B<-sign>] 16*ebfedea0SLionel Sambuc[B<-verify>] 17*ebfedea0SLionel Sambuc[B<-encrypt>] 18*ebfedea0SLionel Sambuc[B<-decrypt>] 19*ebfedea0SLionel Sambuc[B<-pkcs>] 20*ebfedea0SLionel Sambuc[B<-ssl>] 21*ebfedea0SLionel Sambuc[B<-raw>] 22*ebfedea0SLionel Sambuc[B<-hexdump>] 23*ebfedea0SLionel Sambuc[B<-asn1parse>] 24*ebfedea0SLionel Sambuc 25*ebfedea0SLionel Sambuc=head1 DESCRIPTION 26*ebfedea0SLionel Sambuc 27*ebfedea0SLionel SambucThe B<rsautl> command can be used to sign, verify, encrypt and decrypt 28*ebfedea0SLionel Sambucdata using the RSA algorithm. 29*ebfedea0SLionel Sambuc 30*ebfedea0SLionel Sambuc=head1 COMMAND OPTIONS 31*ebfedea0SLionel Sambuc 32*ebfedea0SLionel Sambuc=over 4 33*ebfedea0SLionel Sambuc 34*ebfedea0SLionel Sambuc=item B<-in filename> 35*ebfedea0SLionel Sambuc 36*ebfedea0SLionel SambucThis specifies the input filename to read data from or standard input 37*ebfedea0SLionel Sambucif this option is not specified. 38*ebfedea0SLionel Sambuc 39*ebfedea0SLionel Sambuc=item B<-out filename> 40*ebfedea0SLionel Sambuc 41*ebfedea0SLionel Sambucspecifies the output filename to write to or standard output by 42*ebfedea0SLionel Sambucdefault. 43*ebfedea0SLionel Sambuc 44*ebfedea0SLionel Sambuc=item B<-inkey file> 45*ebfedea0SLionel Sambuc 46*ebfedea0SLionel Sambucthe input key file, by default it should be an RSA private key. 47*ebfedea0SLionel Sambuc 48*ebfedea0SLionel Sambuc=item B<-pubin> 49*ebfedea0SLionel Sambuc 50*ebfedea0SLionel Sambucthe input file is an RSA public key. 51*ebfedea0SLionel Sambuc 52*ebfedea0SLionel Sambuc=item B<-certin> 53*ebfedea0SLionel Sambuc 54*ebfedea0SLionel Sambucthe input is a certificate containing an RSA public key. 55*ebfedea0SLionel Sambuc 56*ebfedea0SLionel Sambuc=item B<-sign> 57*ebfedea0SLionel Sambuc 58*ebfedea0SLionel Sambucsign the input data and output the signed result. This requires 59*ebfedea0SLionel Sambucand RSA private key. 60*ebfedea0SLionel Sambuc 61*ebfedea0SLionel Sambuc=item B<-verify> 62*ebfedea0SLionel Sambuc 63*ebfedea0SLionel Sambucverify the input data and output the recovered data. 64*ebfedea0SLionel Sambuc 65*ebfedea0SLionel Sambuc=item B<-encrypt> 66*ebfedea0SLionel Sambuc 67*ebfedea0SLionel Sambucencrypt the input data using an RSA public key. 68*ebfedea0SLionel Sambuc 69*ebfedea0SLionel Sambuc=item B<-decrypt> 70*ebfedea0SLionel Sambuc 71*ebfedea0SLionel Sambucdecrypt the input data using an RSA private key. 72*ebfedea0SLionel Sambuc 73*ebfedea0SLionel Sambuc=item B<-pkcs, -oaep, -ssl, -raw> 74*ebfedea0SLionel Sambuc 75*ebfedea0SLionel Sambucthe padding to use: PKCS#1 v1.5 (the default), PKCS#1 OAEP, 76*ebfedea0SLionel Sambucspecial padding used in SSL v2 backwards compatible handshakes, 77*ebfedea0SLionel Sambucor no padding, respectively. 78*ebfedea0SLionel SambucFor signatures, only B<-pkcs> and B<-raw> can be used. 79*ebfedea0SLionel Sambuc 80*ebfedea0SLionel Sambuc=item B<-hexdump> 81*ebfedea0SLionel Sambuc 82*ebfedea0SLionel Sambuchex dump the output data. 83*ebfedea0SLionel Sambuc 84*ebfedea0SLionel Sambuc=item B<-asn1parse> 85*ebfedea0SLionel Sambuc 86*ebfedea0SLionel Sambucasn1parse the output data, this is useful when combined with the 87*ebfedea0SLionel SambucB<-verify> option. 88*ebfedea0SLionel Sambuc 89*ebfedea0SLionel Sambuc=back 90*ebfedea0SLionel Sambuc 91*ebfedea0SLionel Sambuc=head1 NOTES 92*ebfedea0SLionel Sambuc 93*ebfedea0SLionel SambucB<rsautl> because it uses the RSA algorithm directly can only be 94*ebfedea0SLionel Sambucused to sign or verify small pieces of data. 95*ebfedea0SLionel Sambuc 96*ebfedea0SLionel Sambuc=head1 EXAMPLES 97*ebfedea0SLionel Sambuc 98*ebfedea0SLionel SambucSign some data using a private key: 99*ebfedea0SLionel Sambuc 100*ebfedea0SLionel Sambuc openssl rsautl -sign -in file -inkey key.pem -out sig 101*ebfedea0SLionel Sambuc 102*ebfedea0SLionel SambucRecover the signed data 103*ebfedea0SLionel Sambuc 104*ebfedea0SLionel Sambuc openssl rsautl -verify -in sig -inkey key.pem 105*ebfedea0SLionel Sambuc 106*ebfedea0SLionel SambucExamine the raw signed data: 107*ebfedea0SLionel Sambuc 108*ebfedea0SLionel Sambuc openssl rsautl -verify -in file -inkey key.pem -raw -hexdump 109*ebfedea0SLionel Sambuc 110*ebfedea0SLionel Sambuc 0000 - 00 01 ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................ 111*ebfedea0SLionel Sambuc 0010 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................ 112*ebfedea0SLionel Sambuc 0020 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................ 113*ebfedea0SLionel Sambuc 0030 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................ 114*ebfedea0SLionel Sambuc 0040 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................ 115*ebfedea0SLionel Sambuc 0050 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................ 116*ebfedea0SLionel Sambuc 0060 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................ 117*ebfedea0SLionel Sambuc 0070 - ff ff ff ff 00 68 65 6c-6c 6f 20 77 6f 72 6c 64 .....hello world 118*ebfedea0SLionel Sambuc 119*ebfedea0SLionel SambucThe PKCS#1 block formatting is evident from this. If this was done using 120*ebfedea0SLionel Sambucencrypt and decrypt the block would have been of type 2 (the second byte) 121*ebfedea0SLionel Sambucand random padding data visible instead of the 0xff bytes. 122*ebfedea0SLionel Sambuc 123*ebfedea0SLionel SambucIt is possible to analyse the signature of certificates using this 124*ebfedea0SLionel Sambucutility in conjunction with B<asn1parse>. Consider the self signed 125*ebfedea0SLionel Sambucexample in certs/pca-cert.pem . Running B<asn1parse> as follows yields: 126*ebfedea0SLionel Sambuc 127*ebfedea0SLionel Sambuc openssl asn1parse -in pca-cert.pem 128*ebfedea0SLionel Sambuc 129*ebfedea0SLionel Sambuc 0:d=0 hl=4 l= 742 cons: SEQUENCE 130*ebfedea0SLionel Sambuc 4:d=1 hl=4 l= 591 cons: SEQUENCE 131*ebfedea0SLionel Sambuc 8:d=2 hl=2 l= 3 cons: cont [ 0 ] 132*ebfedea0SLionel Sambuc 10:d=3 hl=2 l= 1 prim: INTEGER :02 133*ebfedea0SLionel Sambuc 13:d=2 hl=2 l= 1 prim: INTEGER :00 134*ebfedea0SLionel Sambuc 16:d=2 hl=2 l= 13 cons: SEQUENCE 135*ebfedea0SLionel Sambuc 18:d=3 hl=2 l= 9 prim: OBJECT :md5WithRSAEncryption 136*ebfedea0SLionel Sambuc 29:d=3 hl=2 l= 0 prim: NULL 137*ebfedea0SLionel Sambuc 31:d=2 hl=2 l= 92 cons: SEQUENCE 138*ebfedea0SLionel Sambuc 33:d=3 hl=2 l= 11 cons: SET 139*ebfedea0SLionel Sambuc 35:d=4 hl=2 l= 9 cons: SEQUENCE 140*ebfedea0SLionel Sambuc 37:d=5 hl=2 l= 3 prim: OBJECT :countryName 141*ebfedea0SLionel Sambuc 42:d=5 hl=2 l= 2 prim: PRINTABLESTRING :AU 142*ebfedea0SLionel Sambuc .... 143*ebfedea0SLionel Sambuc 599:d=1 hl=2 l= 13 cons: SEQUENCE 144*ebfedea0SLionel Sambuc 601:d=2 hl=2 l= 9 prim: OBJECT :md5WithRSAEncryption 145*ebfedea0SLionel Sambuc 612:d=2 hl=2 l= 0 prim: NULL 146*ebfedea0SLionel Sambuc 614:d=1 hl=3 l= 129 prim: BIT STRING 147*ebfedea0SLionel Sambuc 148*ebfedea0SLionel Sambuc 149*ebfedea0SLionel SambucThe final BIT STRING contains the actual signature. It can be extracted with: 150*ebfedea0SLionel Sambuc 151*ebfedea0SLionel Sambuc openssl asn1parse -in pca-cert.pem -out sig -noout -strparse 614 152*ebfedea0SLionel Sambuc 153*ebfedea0SLionel SambucThe certificate public key can be extracted with: 154*ebfedea0SLionel Sambuc 155*ebfedea0SLionel Sambuc openssl x509 -in test/testx509.pem -pubkey -noout >pubkey.pem 156*ebfedea0SLionel Sambuc 157*ebfedea0SLionel SambucThe signature can be analysed with: 158*ebfedea0SLionel Sambuc 159*ebfedea0SLionel Sambuc openssl rsautl -in sig -verify -asn1parse -inkey pubkey.pem -pubin 160*ebfedea0SLionel Sambuc 161*ebfedea0SLionel Sambuc 0:d=0 hl=2 l= 32 cons: SEQUENCE 162*ebfedea0SLionel Sambuc 2:d=1 hl=2 l= 12 cons: SEQUENCE 163*ebfedea0SLionel Sambuc 4:d=2 hl=2 l= 8 prim: OBJECT :md5 164*ebfedea0SLionel Sambuc 14:d=2 hl=2 l= 0 prim: NULL 165*ebfedea0SLionel Sambuc 16:d=1 hl=2 l= 16 prim: OCTET STRING 166*ebfedea0SLionel Sambuc 0000 - f3 46 9e aa 1a 4a 73 c9-37 ea 93 00 48 25 08 b5 .F...Js.7...H%.. 167*ebfedea0SLionel Sambuc 168*ebfedea0SLionel SambucThis is the parsed version of an ASN1 DigestInfo structure. It can be seen that 169*ebfedea0SLionel Sambucthe digest used was md5. The actual part of the certificate that was signed can 170*ebfedea0SLionel Sambucbe extracted with: 171*ebfedea0SLionel Sambuc 172*ebfedea0SLionel Sambuc openssl asn1parse -in pca-cert.pem -out tbs -noout -strparse 4 173*ebfedea0SLionel Sambuc 174*ebfedea0SLionel Sambucand its digest computed with: 175*ebfedea0SLionel Sambuc 176*ebfedea0SLionel Sambuc openssl md5 -c tbs 177*ebfedea0SLionel Sambuc MD5(tbs)= f3:46:9e:aa:1a:4a:73:c9:37:ea:93:00:48:25:08:b5 178*ebfedea0SLionel Sambuc 179*ebfedea0SLionel Sambucwhich it can be seen agrees with the recovered value above. 180*ebfedea0SLionel Sambuc 181*ebfedea0SLionel Sambuc=head1 SEE ALSO 182*ebfedea0SLionel Sambuc 183*ebfedea0SLionel SambucL<dgst(1)|dgst(1)>, L<rsa(1)|rsa(1)>, L<genrsa(1)|genrsa(1)> 184