RSAUTL(1)                   OpenSSL                   RSAUTL(1)





NAME
       rsautl - RSA utility

SYNOPSIS
       openssl rsautl [-in file] [-out file] [-inkey file]
       [-pubin] [-certin] [-sign] [-verify] [-encrypt]
       [-decrypt] [-pkcs] [-ssl] [-raw] [-hexdump] [-asn1parse]

DESCRIPTION
       The rsautl command can be used to sign, verify, encrypt
       and decrypt data using the RSA algorithm.

COMMAND OPTIONS
       -in filename
           This specifies the input filename to read data from
           or standard input if this option is not specified.

       -out filename
           specifies the output filename to write to or stan-
           dard output by default.

       -inkey file
           the input key file, by default it should be an RSA
           private key.

       -pubin
           the input file is an RSA public key.

       -certin
           the input is a certificate containing an RSA public
           key.

       -sign
           sign the input data and output the signed result.
           This requires and RSA private key.

       -verify
           verify the input data and output the recovered data.

       -encrypt
           encrypt the input data using an RSA public key.

       -decrypt
           decrypt the input data using an RSA private key.

       -pkcs, -oaep, -ssl, -raw
           the padding to use: PKCS#1 v1.5 (the default),
           PKCS#1 OAEP, special padding used in SSL v2 back-
           wards compatible handshakes, or no padding, respec-
           tively.  For signatures, only -pkcs and -raw can be
           used.

       -hexdump
           hex dump the output data.

       -asn1parse
           asn1parse the output data, this is useful when com-
           bined with the -verify option.

NOTES
       rsautl because it uses the RSA algorithm directly can
       only be used to sign or verify small pieces of data.

EXAMPLES
       Sign some data using a private key:

        openssl rsautl -sign -in file -inkey key.pem -out sig

       Recover the signed data

        openssl rsautl -verify -in sig -inkey key.pem

       Examine the raw signed data:

        openssl rsautl -verify -in file -inkey key.pem -raw -hexdump

        0000 - 00 01 ff ff ff ff ff ff-ff ff ff ff ff ff ff ff   ................
        0010 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff   ................
        0020 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff   ................
        0030 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff   ................
        0040 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff   ................
        0050 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff   ................
        0060 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff   ................
        0070 - ff ff ff ff 00 68 65 6c-6c 6f 20 77 6f 72 6c 64   .....hello world

       The PKCS#1 block formatting is evident from this. If
       this was done using encrypt and decrypt the block would
       have been of type 2 (the second byte) and random padding
       data visible instead of the 0xff bytes.

       It is possible to analyse the signature of certificates
       using this utility in conjunction with asn1parse. Con-
       sider the self signed example in certs/pca-cert.pem .
       Running asn1parse as follows yields:

        openssl asn1parse -in pca-cert.pem

           0:d=0  hl=4 l= 742 cons: SEQUENCE
           4:d=1  hl=4 l= 591 cons:  SEQUENCE
           8:d=2  hl=2 l=   3 cons:   cont [ 0 ]
          10:d=3  hl=2 l=   1 prim:    INTEGER           :02
          13:d=2  hl=2 l=   1 prim:   INTEGER           :00
          16:d=2  hl=2 l=  13 cons:   SEQUENCE
          18:d=3  hl=2 l=   9 prim:    OBJECT            :md5WithRSAEncryption
          29:d=3  hl=2 l=   0 prim:    NULL
          31:d=2  hl=2 l=  92 cons:   SEQUENCE
          33:d=3  hl=2 l=  11 cons:    SET
          35:d=4  hl=2 l=   9 cons:     SEQUENCE
          37:d=5  hl=2 l=   3 prim:      OBJECT            :countryName
          42:d=5  hl=2 l=   2 prim:      PRINTABLESTRING   :AU
         ....
         599:d=1  hl=2 l=  13 cons:  SEQUENCE
         601:d=2  hl=2 l=   9 prim:   OBJECT            :md5WithRSAEncryption
         612:d=2  hl=2 l=   0 prim:   NULL
         614:d=1  hl=3 l= 129 prim:  BIT STRING

       The final BIT STRING contains the actual signature. It
       can be extracted with:

        openssl asn1parse -in pca-cert.pem -out sig -noout -strparse 614

       The certificate public key can be extracted with:

        openssl x509 -in test/testx509.pem -pubout -noout >pubkey.pem

       The signature can be analysed with:

        openssl rsautl -in sig -verify -asn1parse -inkey pubkey.pem -pubin






           0:d=0  hl=2 l=  32 cons: SEQUENCE
           2:d=1  hl=2 l=  12 cons:  SEQUENCE
           4:d=2  hl=2 l=   8 prim:   OBJECT            :md5
          14:d=2  hl=2 l=   0 prim:   NULL
          16:d=1  hl=2 l=  16 prim:  OCTET STRING
             0000 - f3 46 9e aa 1a 4a 73 c9-37 ea 93 00 48 25 08 b5   .F...Js.7...H%..

       This is the parsed version of an ASN1 DigestInfo struc-
       ture. It can be seen that the digest used was md5. The
       actual part of the certificate that was signed can be
       extracted with:

        openssl asn1parse -in pca-cert.pem -out tbs -noout -strparse 4

       and its digest computed with:

        openssl md5 -c tbs
        MD5(tbs)= f3:46:9e:aa:1a:4a:73:c9:37:ea:93:00:48:25:08:b5

       which it can be seen agrees with the recovered value
       above.

SEE ALSO
       dgst(1), rsa(1), genrsa(1)



0.9.7c                     2001-04-25                 RSAUTL(1)
