1 | =pod
2 | {- OpenSSL::safe::output_do_not_edit_headers(); -}
3 |
4 | =head1 NAME
5 |
6 | openssl-rsautl - RSA command
7 |
8 | =head1 SYNOPSIS
9 |
10 | B<openssl> B<rsautl>
11 | [B<-help>]
12 | [B<-in> I<file>]
13 | [B<-passin> I<arg>]
14 | [B<-rev>]
15 | [B<-out> I<file>]
16 | [B<-inkey> I<filename>|I<uri>]
17 | [B<-keyform> B<DER>|B<PEM>|B<P12>|B<ENGINE>]
18 | [B<-pubin>]
19 | [B<-certin>]
20 | [B<-sign>]
21 | [B<-verify>]
22 | [B<-encrypt>]
23 | [B<-decrypt>]
24 | [B<-pkcs>]
25 | [B<-x931>]
26 | [B<-oaep>]
27 | [B<-raw>]
28 | [B<-hexdump>]
29 | [B<-asn1parse>]
30 | {- $OpenSSL::safe::opt_engine_synopsis -}{- $OpenSSL::safe::opt_r_synopsis -}
31 | {- $OpenSSL::safe::opt_provider_synopsis -}
32 |
33 | =head1 DESCRIPTION
34 |
35 | This command has been deprecated.
36 | The L<openssl-pkeyutl(1)> command should be used instead.
37 |
38 | This command can be used to sign, verify, encrypt and decrypt
39 | data using the RSA algorithm.
40 |
41 | =head1 OPTIONS
42 |
43 | =over 4
44 |
45 | =item B<-help>
46 |
47 | Print out a usage message.
48 |
49 | =item B<-in> I<filename>
50 |
51 | This specifies the input filename to read data from or standard input
52 | if this option is not specified.
53 |
54 | =item B<-passin> I<arg>
55 |
56 | The passphrase used in the output file.
57 | See see L<openssl-passphrase-options(1)>.
58 |
59 | =item B<-rev>
60 |
61 | Reverse the order of the input.
62 |
63 | =item B<-out> I<filename>
64 |
65 | Specifies the output filename to write to or standard output by
66 | default.
67 |
68 | =item B<-inkey> I<filename>|I<uri>
69 |
70 | The input key, by default it should be an RSA private key.
71 |
72 | =item B<-keyform> B<DER>|B<PEM>|B<P12>|B<ENGINE>
73 |
74 | The key format; unspecified by default.
75 | See L<openssl-format-options(1)> for details.
76 |
77 | =item B<-pubin>
78 |
79 | The input file is an RSA public key.
80 |
81 | =item B<-certin>
82 |
83 | The input is a certificate containing an RSA public key.
84 |
85 | =item B<-sign>
86 |
87 | Sign the input data and output the signed result. This requires
88 | an RSA private key.
89 |
90 | =item B<-verify>
91 |
92 | Verify the input data and output the recovered data.
93 |
94 | =item B<-encrypt>
95 |
96 | Encrypt the input data using an RSA public key.
97 |
98 | =item B<-decrypt>
99 |
100 | Decrypt the input data using an RSA private key.
101 |
102 | =item B<-pkcs>, B<-oaep>, B<-x931> B<-raw>
103 |
104 | The padding to use: PKCS#1 v1.5 (the default), PKCS#1 OAEP,
105 | ANSI X9.31, or no padding, respectively.
106 | For signatures, only B<-pkcs> and B<-raw> can be used.
107 |
108 | =item B<-hexdump>
109 |
110 | Hex dump the output data.
111 |
112 | =item B<-asn1parse>
113 |
114 | Parse the ASN.1 output data, this is useful when combined with the
115 | B<-verify> option.
116 |
117 | {- $OpenSSL::safe::opt_engine_item -}
118 |
119 | {- $OpenSSL::safe::opt_r_item -}
120 |
121 | {- $OpenSSL::safe::opt_provider_item -}
122 |
123 | =back
124 |
125 | =head1 NOTES
126 |
127 | Since this command uses the RSA algorithm directly, it can only be
128 | used to sign or verify small pieces of data.
129 |
130 | =head1 EXAMPLES
131 |
132 | Examples equivalent to these can be found in the documentation for the
133 | non-deprecated L<openssl-pkeyutl(1)> command.
134 |
135 | Sign some data using a private key:
136 |
137 | openssl rsautl -sign -in file -inkey key.pem -out sig
138 |
139 | Recover the signed data
140 |
141 | openssl rsautl -verify -in sig -inkey key.pem
142 |
143 | Examine the raw signed data:
144 |
145 | openssl rsautl -verify -in sig -inkey key.pem -raw -hexdump
146 |
147 | 0000 - 00 01 ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
148 | 0010 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
149 | 0020 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
150 | 0030 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
151 | 0040 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
152 | 0050 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
153 | 0060 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
154 | 0070 - ff ff ff ff 00 68 65 6c-6c 6f 20 77 6f 72 6c 64 .....hello world
155 |
156 | The PKCS#1 block formatting is evident from this. If this was done using
157 | encrypt and decrypt the block would have been of type 2 (the second byte)
158 | and random padding data visible instead of the 0xff bytes.
159 |
160 | It is possible to analyse the signature of certificates using this
161 | command in conjunction with L<openssl-asn1parse(1)>. Consider the self signed
162 | example in F<certs/pca-cert.pem>. Running L<openssl-asn1parse(1)> as follows
163 | yields:
164 |
165 | openssl asn1parse -in pca-cert.pem
166 |
167 | 0:d=0 hl=4 l= 742 cons: SEQUENCE
168 | 4:d=1 hl=4 l= 591 cons: SEQUENCE
169 | 8:d=2 hl=2 l= 3 cons: cont [ 0 ]
170 | 10:d=3 hl=2 l= 1 prim: INTEGER :02
171 | 13:d=2 hl=2 l= 1 prim: INTEGER :00
172 | 16:d=2 hl=2 l= 13 cons: SEQUENCE
173 | 18:d=3 hl=2 l= 9 prim: OBJECT :md5WithRSAEncryption
174 | 29:d=3 hl=2 l= 0 prim: NULL
175 | 31:d=2 hl=2 l= 92 cons: SEQUENCE
176 | 33:d=3 hl=2 l= 11 cons: SET
177 | 35:d=4 hl=2 l= 9 cons: SEQUENCE
178 | 37:d=5 hl=2 l= 3 prim: OBJECT :countryName
179 | 42:d=5 hl=2 l= 2 prim: PRINTABLESTRING :AU
180 | ....
181 | 599:d=1 hl=2 l= 13 cons: SEQUENCE
182 | 601:d=2 hl=2 l= 9 prim: OBJECT :md5WithRSAEncryption
183 | 612:d=2 hl=2 l= 0 prim: NULL
184 | 614:d=1 hl=3 l= 129 prim: BIT STRING
185 |
186 |
187 | The final BIT STRING contains the actual signature. It can be extracted with:
188 |
189 | openssl asn1parse -in pca-cert.pem -out sig -noout -strparse 614
190 |
191 | The certificate public key can be extracted with:
192 |
193 | openssl x509 -in test/testx509.pem -pubkey -noout >pubkey.pem
194 |
195 | The signature can be analysed with:
196 |
197 | openssl rsautl -in sig -verify -asn1parse -inkey pubkey.pem -pubin
198 |
199 | 0:d=0 hl=2 l= 32 cons: SEQUENCE
200 | 2:d=1 hl=2 l= 12 cons: SEQUENCE
201 | 4:d=2 hl=2 l= 8 prim: OBJECT :md5
202 | 14:d=2 hl=2 l= 0 prim: NULL
203 | 16:d=1 hl=2 l= 16 prim: OCTET STRING
204 | 0000 - f3 46 9e aa 1a 4a 73 c9-37 ea 93 00 48 25 08 b5 .F...Js.7...H%..
205 |
206 | This is the parsed version of an ASN1 DigestInfo structure. It can be seen that
207 | the digest used was md5. The actual part of the certificate that was signed can
208 | be extracted with:
209 |
210 | openssl asn1parse -in pca-cert.pem -out tbs -noout -strparse 4
211 |
212 | and its digest computed with:
213 |
214 | openssl md5 -c tbs
215 | MD5(tbs)= f3:46:9e:aa:1a:4a:73:c9:37:ea:93:00:48:25:08:b5
216 |
217 | which it can be seen agrees with the recovered value above.
218 |
219 | =head1 SEE ALSO
220 |
221 | L<openssl(1)>,
222 | L<openssl-pkeyutl(1)>,
223 | L<openssl-dgst(1)>,
224 | L<openssl-rsa(1)>,
225 | L<openssl-genrsa(1)>
226 |
227 | =head1 HISTORY
228 |
229 | This command was deprecated in OpenSSL 3.0.
230 |
231 | The B<-engine> option was deprecated in OpenSSL 3.0.
232 |
233 | =head1 COPYRIGHT
234 |
235 | Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
236 |
237 | Licensed under the Apache License 2.0 (the "License"). You may not use
238 | this file except in compliance with the License. You can obtain a copy
239 | in the file LICENSE in the source distribution or at
240 | L<https://www.openssl.org/source/license.html>.
241 |
242 | =cut