]>
Commit | Line | Data |
---|---|---|
bbb72003 DSH |
1 | =pod |
2 | ||
3 | =head1 NAME | |
4 | ||
b6b66573 | 5 | openssl-rsautl - RSA utility |
bbb72003 DSH |
6 | |
7 | =head1 SYNOPSIS | |
8 | ||
9 | B<openssl> B<rsautl> | |
169394d4 | 10 | [B<-help>] |
e8769719 RS |
11 | [B<-in> I<file>] |
12 | [B<-out> I<file>] | |
13 | [B<-inkey> I<file>] | |
14 | [B<-keyform> B<DER>|B<PEM>|B<ENGINE>] | |
bbb72003 DSH |
15 | [B<-pubin>] |
16 | [B<-certin>] | |
17 | [B<-sign>] | |
18 | [B<-verify>] | |
19 | [B<-encrypt>] | |
20 | [B<-decrypt>] | |
fed8bd90 | 21 | [B<-rand> I<files>] |
e8769719 | 22 | [B<-writerand> I<file>] |
bbb72003 DSH |
23 | [B<-pkcs>] |
24 | [B<-ssl>] | |
25 | [B<-raw>] | |
26 | [B<-hexdump>] | |
27 | [B<-asn1parse>] | |
28 | ||
9f3c076b | 29 | =for openssl ifdef engine |
1738c0ce | 30 | |
bbb72003 DSH |
31 | =head1 DESCRIPTION |
32 | ||
35a810bb | 33 | This command can be used to sign, verify, encrypt and decrypt |
bbb72003 DSH |
34 | data using the RSA algorithm. |
35 | ||
3dfda1a6 | 36 | =head1 OPTIONS |
bbb72003 DSH |
37 | |
38 | =over 4 | |
39 | ||
169394d4 MR |
40 | =item B<-help> |
41 | ||
42 | Print out a usage message. | |
43 | ||
e8769719 | 44 | =item B<-in> I<filename> |
bbb72003 DSH |
45 | |
46 | This specifies the input filename to read data from or standard input | |
47 | if this option is not specified. | |
48 | ||
e8769719 | 49 | =item B<-out> I<filename> |
bbb72003 | 50 | |
c4de074e | 51 | Specifies the output filename to write to or standard output by |
bbb72003 DSH |
52 | default. |
53 | ||
e8769719 | 54 | =item B<-inkey> I<file> |
bbb72003 | 55 | |
c4de074e | 56 | The input key file, by default it should be an RSA private key. |
bbb72003 | 57 | |
e8769719 | 58 | =item B<-keyform> B<DER>|B<PEM>|B<ENGINE> |
0c20802c | 59 | |
777182a0 RS |
60 | The key format; the default is B<PEM>. |
61 | See L<openssl(1)/Format Options> for details. | |
0c20802c | 62 | |
bbb72003 DSH |
63 | =item B<-pubin> |
64 | ||
c4de074e | 65 | The input file is an RSA public key. |
bbb72003 DSH |
66 | |
67 | =item B<-certin> | |
68 | ||
c4de074e | 69 | The input is a certificate containing an RSA public key. |
bbb72003 DSH |
70 | |
71 | =item B<-sign> | |
72 | ||
c4de074e | 73 | Sign the input data and output the signed result. This requires |
9f07c405 | 74 | an RSA private key. |
bbb72003 DSH |
75 | |
76 | =item B<-verify> | |
77 | ||
c4de074e | 78 | Verify the input data and output the recovered data. |
bbb72003 DSH |
79 | |
80 | =item B<-encrypt> | |
81 | ||
c4de074e | 82 | Encrypt the input data using an RSA public key. |
bbb72003 DSH |
83 | |
84 | =item B<-decrypt> | |
85 | ||
c4de074e | 86 | Decrypt the input data using an RSA private key. |
bbb72003 | 87 | |
a397aca4 | 88 | =item B<-rand> I<files>, B<-writerand> I<file> |
3ee1eac2 | 89 | |
a397aca4 | 90 | See L<openssl(1)/Random State Options> for more information. |
3ee1eac2 | 91 | |
8dc57d76 | 92 | =item B<-pkcs>, B<-oaep>, B<-ssl>, B<-raw> |
bbb72003 | 93 | |
c4de074e | 94 | The padding to use: PKCS#1 v1.5 (the default), PKCS#1 OAEP, |
2b40660e BM |
95 | special padding used in SSL v2 backwards compatible handshakes, |
96 | or no padding, respectively. | |
97 | For signatures, only B<-pkcs> and B<-raw> can be used. | |
bbb72003 DSH |
98 | |
99 | =item B<-hexdump> | |
100 | ||
c4de074e | 101 | Hex dump the output data. |
bbb72003 DSH |
102 | |
103 | =item B<-asn1parse> | |
104 | ||
c4de074e | 105 | Parse the ASN.1 output data, this is useful when combined with the |
bbb72003 DSH |
106 | B<-verify> option. |
107 | ||
108 | =back | |
109 | ||
110 | =head1 NOTES | |
111 | ||
35a810bb | 112 | Since this command uses the RSA algorithm directly, it can only be |
bbb72003 DSH |
113 | used to sign or verify small pieces of data. |
114 | ||
115 | =head1 EXAMPLES | |
116 | ||
2b40660e | 117 | Sign some data using a private key: |
bbb72003 DSH |
118 | |
119 | openssl rsautl -sign -in file -inkey key.pem -out sig | |
120 | ||
121 | Recover the signed data | |
122 | ||
0ea65947 | 123 | openssl rsautl -verify -in sig -inkey key.pem |
bbb72003 DSH |
124 | |
125 | Examine the raw signed data: | |
126 | ||
f70c22eb | 127 | openssl rsautl -verify -in sig -inkey key.pem -raw -hexdump |
bbb72003 DSH |
128 | |
129 | 0000 - 00 01 ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................ | |
130 | 0010 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................ | |
131 | 0020 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................ | |
132 | 0030 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................ | |
133 | 0040 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................ | |
134 | 0050 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................ | |
135 | 0060 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................ | |
136 | 0070 - ff ff ff ff 00 68 65 6c-6c 6f 20 77 6f 72 6c 64 .....hello world | |
137 | ||
138 | The PKCS#1 block formatting is evident from this. If this was done using | |
139 | encrypt and decrypt the block would have been of type 2 (the second byte) | |
140 | and random padding data visible instead of the 0xff bytes. | |
141 | ||
142 | It is possible to analyse the signature of certificates using this | |
35a810bb | 143 | utility in conjunction with L<openssl-asn1parse(1)>. Consider the self signed |
1948394d | 144 | example in F<certs/pca-cert.pem>. Running L<openssl-asn1parse(1)> as follows |
35a810bb | 145 | yields: |
bbb72003 DSH |
146 | |
147 | openssl asn1parse -in pca-cert.pem | |
148 | ||
1bc74519 RS |
149 | 0:d=0 hl=4 l= 742 cons: SEQUENCE |
150 | 4:d=1 hl=4 l= 591 cons: SEQUENCE | |
151 | 8:d=2 hl=2 l= 3 cons: cont [ 0 ] | |
bbb72003 DSH |
152 | 10:d=3 hl=2 l= 1 prim: INTEGER :02 |
153 | 13:d=2 hl=2 l= 1 prim: INTEGER :00 | |
1bc74519 | 154 | 16:d=2 hl=2 l= 13 cons: SEQUENCE |
bbb72003 | 155 | 18:d=3 hl=2 l= 9 prim: OBJECT :md5WithRSAEncryption |
1bc74519 RS |
156 | 29:d=3 hl=2 l= 0 prim: NULL |
157 | 31:d=2 hl=2 l= 92 cons: SEQUENCE | |
158 | 33:d=3 hl=2 l= 11 cons: SET | |
159 | 35:d=4 hl=2 l= 9 cons: SEQUENCE | |
bbb72003 DSH |
160 | 37:d=5 hl=2 l= 3 prim: OBJECT :countryName |
161 | 42:d=5 hl=2 l= 2 prim: PRINTABLESTRING :AU | |
162 | .... | |
1bc74519 | 163 | 599:d=1 hl=2 l= 13 cons: SEQUENCE |
bbb72003 | 164 | 601:d=2 hl=2 l= 9 prim: OBJECT :md5WithRSAEncryption |
1bc74519 RS |
165 | 612:d=2 hl=2 l= 0 prim: NULL |
166 | 614:d=1 hl=3 l= 129 prim: BIT STRING | |
bbb72003 DSH |
167 | |
168 | ||
169 | The final BIT STRING contains the actual signature. It can be extracted with: | |
170 | ||
171 | openssl asn1parse -in pca-cert.pem -out sig -noout -strparse 614 | |
172 | ||
173 | The certificate public key can be extracted with: | |
1bc74519 | 174 | |
a529a801 | 175 | openssl x509 -in test/testx509.pem -pubkey -noout >pubkey.pem |
bbb72003 DSH |
176 | |
177 | The signature can be analysed with: | |
178 | ||
179 | openssl rsautl -in sig -verify -asn1parse -inkey pubkey.pem -pubin | |
180 | ||
1bc74519 RS |
181 | 0:d=0 hl=2 l= 32 cons: SEQUENCE |
182 | 2:d=1 hl=2 l= 12 cons: SEQUENCE | |
bbb72003 | 183 | 4:d=2 hl=2 l= 8 prim: OBJECT :md5 |
1bc74519 RS |
184 | 14:d=2 hl=2 l= 0 prim: NULL |
185 | 16:d=1 hl=2 l= 16 prim: OCTET STRING | |
bbb72003 DSH |
186 | 0000 - f3 46 9e aa 1a 4a 73 c9-37 ea 93 00 48 25 08 b5 .F...Js.7...H%.. |
187 | ||
188 | This is the parsed version of an ASN1 DigestInfo structure. It can be seen that | |
189 | the digest used was md5. The actual part of the certificate that was signed can | |
190 | be extracted with: | |
191 | ||
192 | openssl asn1parse -in pca-cert.pem -out tbs -noout -strparse 4 | |
193 | ||
194 | and its digest computed with: | |
195 | ||
196 | openssl md5 -c tbs | |
197 | MD5(tbs)= f3:46:9e:aa:1a:4a:73:c9:37:ea:93:00:48:25:08:b5 | |
198 | ||
199 | which it can be seen agrees with the recovered value above. | |
200 | ||
201 | =head1 SEE ALSO | |
202 | ||
b6b66573 DMSP |
203 | L<openssl(1)>, |
204 | L<openssl-dgst(1)>, | |
205 | L<openssl-rsa(1)>, | |
206 | L<openssl-genrsa(1)> | |
99ec4fdb | 207 | |
e2f92610 RS |
208 | =head1 COPYRIGHT |
209 | ||
b6b66573 | 210 | Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. |
e2f92610 | 211 | |
449040b4 | 212 | Licensed under the Apache License 2.0 (the "License"). You may not use |
e2f92610 RS |
213 | this file except in compliance with the License. You can obtain a copy |
214 | in the file LICENSE in the source distribution or at | |
215 | L<https://www.openssl.org/source/license.html>. | |
216 | ||
217 | =cut |