2 {- OpenSSL::safe::output_do_not_edit_headers(); -}
6 openssl-rsautl - RSA command
16 [B<-inkey> I<filename>|I<uri>]
17 [B<-keyform> B<DER>|B<PEM>|B<P12>|B<ENGINE>]
30 {- $OpenSSL::safe::opt_engine_synopsis -}{- $OpenSSL::safe::opt_r_synopsis -}
31 {- $OpenSSL::safe::opt_provider_synopsis -}
35 This command has been deprecated.
36 The L<openssl-pkeyutl(1)> command should be used instead.
38 This command can be used to sign, verify, encrypt and decrypt
39 data using the RSA algorithm.
47 Print out a usage message.
49 =item B<-in> I<filename>
51 This specifies the input filename to read data from or standard input
52 if this option is not specified.
54 =item B<-passin> I<arg>
56 The passphrase used in the output file.
57 See see L<openssl-passphrase-options(1)>.
61 Reverse the order of the input.
63 =item B<-out> I<filename>
65 Specifies the output filename to write to or standard output by
68 =item B<-inkey> I<filename>|I<uri>
70 The input key, by default it should be an RSA private key.
72 =item B<-keyform> B<DER>|B<PEM>|B<P12>|B<ENGINE>
74 The key format; unspecified by default.
75 See L<openssl-format-options(1)> for details.
79 By default a private key is read from the key input.
80 With this option a public key is read instead.
81 If the input contains no public key but a private key, its public part is used.
85 The input is a certificate containing an RSA public key.
89 Sign the input data and output the signed result. This requires
94 Verify the input data and output the recovered data.
98 Encrypt the input data using an RSA public key.
102 Decrypt the input data using an RSA private key.
104 =item B<-pkcs>, B<-oaep>, B<-x931> B<-raw>
106 The padding to use: PKCS#1 v1.5 (the default), PKCS#1 OAEP,
107 ANSI X9.31, or no padding, respectively.
108 For signatures, only B<-pkcs> and B<-raw> can be used.
110 Note: because of protection against Bleichenbacher attacks, decryption
111 using PKCS#1 v1.5 mode will not return errors in case padding check failed.
112 Use B<-raw> and inspect the returned value manually to check if the
117 Hex dump the output data.
121 Parse the ASN.1 output data, this is useful when combined with the
124 {- $OpenSSL::safe::opt_engine_item -}
126 {- $OpenSSL::safe::opt_r_item -}
128 {- $OpenSSL::safe::opt_provider_item -}
134 Since this command uses the RSA algorithm directly, it can only be
135 used to sign or verify small pieces of data.
139 Examples equivalent to these can be found in the documentation for the
140 non-deprecated L<openssl-pkeyutl(1)> command.
142 Sign some data using a private key:
144 openssl rsautl -sign -in file -inkey key.pem -out sig
146 Recover the signed data
148 openssl rsautl -verify -in sig -inkey key.pem
150 Examine the raw signed data:
152 openssl rsautl -verify -in sig -inkey key.pem -raw -hexdump
154 0000 - 00 01 ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
155 0010 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
156 0020 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
157 0030 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
158 0040 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
159 0050 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
160 0060 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
161 0070 - ff ff ff ff 00 68 65 6c-6c 6f 20 77 6f 72 6c 64 .....hello world
163 The PKCS#1 block formatting is evident from this. If this was done using
164 encrypt and decrypt the block would have been of type 2 (the second byte)
165 and random padding data visible instead of the 0xff bytes.
167 It is possible to analyse the signature of certificates using this
168 command in conjunction with L<openssl-asn1parse(1)>. Consider the self signed
169 example in F<certs/pca-cert.pem>. Running L<openssl-asn1parse(1)> as follows
172 openssl asn1parse -in pca-cert.pem
174 0:d=0 hl=4 l= 742 cons: SEQUENCE
175 4:d=1 hl=4 l= 591 cons: SEQUENCE
176 8:d=2 hl=2 l= 3 cons: cont [ 0 ]
177 10:d=3 hl=2 l= 1 prim: INTEGER :02
178 13:d=2 hl=2 l= 1 prim: INTEGER :00
179 16:d=2 hl=2 l= 13 cons: SEQUENCE
180 18:d=3 hl=2 l= 9 prim: OBJECT :md5WithRSAEncryption
181 29:d=3 hl=2 l= 0 prim: NULL
182 31:d=2 hl=2 l= 92 cons: SEQUENCE
183 33:d=3 hl=2 l= 11 cons: SET
184 35:d=4 hl=2 l= 9 cons: SEQUENCE
185 37:d=5 hl=2 l= 3 prim: OBJECT :countryName
186 42:d=5 hl=2 l= 2 prim: PRINTABLESTRING :AU
188 599:d=1 hl=2 l= 13 cons: SEQUENCE
189 601:d=2 hl=2 l= 9 prim: OBJECT :md5WithRSAEncryption
190 612:d=2 hl=2 l= 0 prim: NULL
191 614:d=1 hl=3 l= 129 prim: BIT STRING
194 The final BIT STRING contains the actual signature. It can be extracted with:
196 openssl asn1parse -in pca-cert.pem -out sig -noout -strparse 614
198 The certificate public key can be extracted with:
200 openssl x509 -in test/testx509.pem -pubkey -noout >pubkey.pem
202 The signature can be analysed with:
204 openssl rsautl -in sig -verify -asn1parse -inkey pubkey.pem -pubin
206 0:d=0 hl=2 l= 32 cons: SEQUENCE
207 2:d=1 hl=2 l= 12 cons: SEQUENCE
208 4:d=2 hl=2 l= 8 prim: OBJECT :md5
209 14:d=2 hl=2 l= 0 prim: NULL
210 16:d=1 hl=2 l= 16 prim: OCTET STRING
211 0000 - f3 46 9e aa 1a 4a 73 c9-37 ea 93 00 48 25 08 b5 .F...Js.7...H%..
213 This is the parsed version of an ASN1 DigestInfo structure. It can be seen that
214 the digest used was md5. The actual part of the certificate that was signed can
217 openssl asn1parse -in pca-cert.pem -out tbs -noout -strparse 4
219 and its digest computed with:
222 MD5(tbs)= f3:46:9e:aa:1a:4a:73:c9:37:ea:93:00:48:25:08:b5
224 which it can be seen agrees with the recovered value above.
229 L<openssl-pkeyutl(1)>,
236 This command was deprecated in OpenSSL 3.0.
238 The B<-engine> option was deprecated in OpenSSL 3.0.
242 Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
244 Licensed under the Apache License 2.0 (the "License"). You may not use
245 this file except in compliance with the License. You can obtain a copy
246 in the file LICENSE in the source distribution or at
247 L<https://www.openssl.org/source/license.html>.