1*2175Sjp161948=pod 2*2175Sjp161948 3*2175Sjp161948=head1 NAME 4*2175Sjp161948 5*2175Sjp161948rsautl - RSA utility 6*2175Sjp161948 7*2175Sjp161948=head1 SYNOPSIS 8*2175Sjp161948 9*2175Sjp161948B<openssl> B<rsautl> 10*2175Sjp161948[B<-in file>] 11*2175Sjp161948[B<-out file>] 12*2175Sjp161948[B<-inkey file>] 13*2175Sjp161948[B<-pubin>] 14*2175Sjp161948[B<-certin>] 15*2175Sjp161948[B<-sign>] 16*2175Sjp161948[B<-verify>] 17*2175Sjp161948[B<-encrypt>] 18*2175Sjp161948[B<-decrypt>] 19*2175Sjp161948[B<-pkcs>] 20*2175Sjp161948[B<-ssl>] 21*2175Sjp161948[B<-raw>] 22*2175Sjp161948[B<-hexdump>] 23*2175Sjp161948[B<-asn1parse>] 24*2175Sjp161948 25*2175Sjp161948=head1 DESCRIPTION 26*2175Sjp161948 27*2175Sjp161948The B<rsautl> command can be used to sign, verify, encrypt and decrypt 28*2175Sjp161948data using the RSA algorithm. 29*2175Sjp161948 30*2175Sjp161948=head1 COMMAND OPTIONS 31*2175Sjp161948 32*2175Sjp161948=over 4 33*2175Sjp161948 34*2175Sjp161948=item B<-in filename> 35*2175Sjp161948 36*2175Sjp161948This specifies the input filename to read data from or standard input 37*2175Sjp161948if this option is not specified. 38*2175Sjp161948 39*2175Sjp161948=item B<-out filename> 40*2175Sjp161948 41*2175Sjp161948specifies the output filename to write to or standard output by 42*2175Sjp161948default. 43*2175Sjp161948 44*2175Sjp161948=item B<-inkey file> 45*2175Sjp161948 46*2175Sjp161948the input key file, by default it should be an RSA private key. 47*2175Sjp161948 48*2175Sjp161948=item B<-pubin> 49*2175Sjp161948 50*2175Sjp161948the input file is an RSA public key. 51*2175Sjp161948 52*2175Sjp161948=item B<-certin> 53*2175Sjp161948 54*2175Sjp161948the input is a certificate containing an RSA public key. 55*2175Sjp161948 56*2175Sjp161948=item B<-sign> 57*2175Sjp161948 58*2175Sjp161948sign the input data and output the signed result. This requires 59*2175Sjp161948and RSA private key. 60*2175Sjp161948 61*2175Sjp161948=item B<-verify> 62*2175Sjp161948 63*2175Sjp161948verify the input data and output the recovered data. 64*2175Sjp161948 65*2175Sjp161948=item B<-encrypt> 66*2175Sjp161948 67*2175Sjp161948encrypt the input data using an RSA public key. 68*2175Sjp161948 69*2175Sjp161948=item B<-decrypt> 70*2175Sjp161948 71*2175Sjp161948decrypt the input data using an RSA private key. 72*2175Sjp161948 73*2175Sjp161948=item B<-pkcs, -oaep, -ssl, -raw> 74*2175Sjp161948 75*2175Sjp161948the padding to use: PKCS#1 v1.5 (the default), PKCS#1 OAEP, 76*2175Sjp161948special padding used in SSL v2 backwards compatible handshakes, 77*2175Sjp161948or no padding, respectively. 78*2175Sjp161948For signatures, only B<-pkcs> and B<-raw> can be used. 79*2175Sjp161948 80*2175Sjp161948=item B<-hexdump> 81*2175Sjp161948 82*2175Sjp161948hex dump the output data. 83*2175Sjp161948 84*2175Sjp161948=item B<-asn1parse> 85*2175Sjp161948 86*2175Sjp161948asn1parse the output data, this is useful when combined with the 87*2175Sjp161948B<-verify> option. 88*2175Sjp161948 89*2175Sjp161948=back 90*2175Sjp161948 91*2175Sjp161948=head1 NOTES 92*2175Sjp161948 93*2175Sjp161948B<rsautl> because it uses the RSA algorithm directly can only be 94*2175Sjp161948used to sign or verify small pieces of data. 95*2175Sjp161948 96*2175Sjp161948=head1 EXAMPLES 97*2175Sjp161948 98*2175Sjp161948Sign some data using a private key: 99*2175Sjp161948 100*2175Sjp161948 openssl rsautl -sign -in file -inkey key.pem -out sig 101*2175Sjp161948 102*2175Sjp161948Recover the signed data 103*2175Sjp161948 104*2175Sjp161948 openssl rsautl -verify -in sig -inkey key.pem 105*2175Sjp161948 106*2175Sjp161948Examine the raw signed data: 107*2175Sjp161948 108*2175Sjp161948 openssl rsautl -verify -in file -inkey key.pem -raw -hexdump 109*2175Sjp161948 110*2175Sjp161948 0000 - 00 01 ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................ 111*2175Sjp161948 0010 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................ 112*2175Sjp161948 0020 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................ 113*2175Sjp161948 0030 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................ 114*2175Sjp161948 0040 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................ 115*2175Sjp161948 0050 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................ 116*2175Sjp161948 0060 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................ 117*2175Sjp161948 0070 - ff ff ff ff 00 68 65 6c-6c 6f 20 77 6f 72 6c 64 .....hello world 118*2175Sjp161948 119*2175Sjp161948The PKCS#1 block formatting is evident from this. If this was done using 120*2175Sjp161948encrypt and decrypt the block would have been of type 2 (the second byte) 121*2175Sjp161948and random padding data visible instead of the 0xff bytes. 122*2175Sjp161948 123*2175Sjp161948It is possible to analyse the signature of certificates using this 124*2175Sjp161948utility in conjunction with B<asn1parse>. Consider the self signed 125*2175Sjp161948example in certs/pca-cert.pem . Running B<asn1parse> as follows yields: 126*2175Sjp161948 127*2175Sjp161948 openssl asn1parse -in pca-cert.pem 128*2175Sjp161948 129*2175Sjp161948 0:d=0 hl=4 l= 742 cons: SEQUENCE 130*2175Sjp161948 4:d=1 hl=4 l= 591 cons: SEQUENCE 131*2175Sjp161948 8:d=2 hl=2 l= 3 cons: cont [ 0 ] 132*2175Sjp161948 10:d=3 hl=2 l= 1 prim: INTEGER :02 133*2175Sjp161948 13:d=2 hl=2 l= 1 prim: INTEGER :00 134*2175Sjp161948 16:d=2 hl=2 l= 13 cons: SEQUENCE 135*2175Sjp161948 18:d=3 hl=2 l= 9 prim: OBJECT :md5WithRSAEncryption 136*2175Sjp161948 29:d=3 hl=2 l= 0 prim: NULL 137*2175Sjp161948 31:d=2 hl=2 l= 92 cons: SEQUENCE 138*2175Sjp161948 33:d=3 hl=2 l= 11 cons: SET 139*2175Sjp161948 35:d=4 hl=2 l= 9 cons: SEQUENCE 140*2175Sjp161948 37:d=5 hl=2 l= 3 prim: OBJECT :countryName 141*2175Sjp161948 42:d=5 hl=2 l= 2 prim: PRINTABLESTRING :AU 142*2175Sjp161948 .... 143*2175Sjp161948 599:d=1 hl=2 l= 13 cons: SEQUENCE 144*2175Sjp161948 601:d=2 hl=2 l= 9 prim: OBJECT :md5WithRSAEncryption 145*2175Sjp161948 612:d=2 hl=2 l= 0 prim: NULL 146*2175Sjp161948 614:d=1 hl=3 l= 129 prim: BIT STRING 147*2175Sjp161948 148*2175Sjp161948 149*2175Sjp161948The final BIT STRING contains the actual signature. It can be extracted with: 150*2175Sjp161948 151*2175Sjp161948 openssl asn1parse -in pca-cert.pem -out sig -noout -strparse 614 152*2175Sjp161948 153*2175Sjp161948The certificate public key can be extracted with: 154*2175Sjp161948 155*2175Sjp161948 openssl x509 -in test/testx509.pem -pubout -noout >pubkey.pem 156*2175Sjp161948 157*2175Sjp161948The signature can be analysed with: 158*2175Sjp161948 159*2175Sjp161948 openssl rsautl -in sig -verify -asn1parse -inkey pubkey.pem -pubin 160*2175Sjp161948 161*2175Sjp161948 0:d=0 hl=2 l= 32 cons: SEQUENCE 162*2175Sjp161948 2:d=1 hl=2 l= 12 cons: SEQUENCE 163*2175Sjp161948 4:d=2 hl=2 l= 8 prim: OBJECT :md5 164*2175Sjp161948 14:d=2 hl=2 l= 0 prim: NULL 165*2175Sjp161948 16:d=1 hl=2 l= 16 prim: OCTET STRING 166*2175Sjp161948 0000 - f3 46 9e aa 1a 4a 73 c9-37 ea 93 00 48 25 08 b5 .F...Js.7...H%.. 167*2175Sjp161948 168*2175Sjp161948This is the parsed version of an ASN1 DigestInfo structure. It can be seen that 169*2175Sjp161948the digest used was md5. The actual part of the certificate that was signed can 170*2175Sjp161948be extracted with: 171*2175Sjp161948 172*2175Sjp161948 openssl asn1parse -in pca-cert.pem -out tbs -noout -strparse 4 173*2175Sjp161948 174*2175Sjp161948and its digest computed with: 175*2175Sjp161948 176*2175Sjp161948 openssl md5 -c tbs 177*2175Sjp161948 MD5(tbs)= f3:46:9e:aa:1a:4a:73:c9:37:ea:93:00:48:25:08:b5 178*2175Sjp161948 179*2175Sjp161948which it can be seen agrees with the recovered value above. 180*2175Sjp161948 181*2175Sjp161948=head1 SEE ALSO 182*2175Sjp161948 183*2175Sjp161948L<dgst(1)|dgst(1)>, L<rsa(1)|rsa(1)>, L<genrsa(1)|genrsa(1)> 184