openssl-rsautl.pod.in 6.0 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235
  1. =pod
  2. {- OpenSSL::safe::output_do_not_edit_headers(); -}
  3. =head1 NAME
  4. openssl-rsautl - RSA utility
  5. =head1 SYNOPSIS
  6. B<openssl> B<rsautl>
  7. [B<-help>]
  8. [B<-in> I<file>]
  9. [B<-passin> I<arg>]
  10. [B<-rev>]
  11. [B<-out> I<file>]
  12. [B<-inkey> I<file>]
  13. [B<-keyform> B<DER>|B<PEM>|B<ENGINE>]
  14. [B<-pubin>]
  15. [B<-certin>]
  16. [B<-sign>]
  17. [B<-verify>]
  18. [B<-encrypt>]
  19. [B<-decrypt>]
  20. [B<-pkcs>]
  21. [B<-x931>]
  22. [B<-oaep>]
  23. [B<-ssl>]
  24. [B<-raw>]
  25. [B<-pkcs>]
  26. [B<-ssl>]
  27. [B<-raw>]
  28. [B<-hexdump>]
  29. [B<-asn1parse>]
  30. {- $OpenSSL::safe::opt_engine_synopsis -}
  31. {- $OpenSSL::safe::opt_r_synopsis -}
  32. =for openssl ifdef engine
  33. =head1 DESCRIPTION
  34. This command can be used to sign, verify, encrypt and decrypt
  35. data using the RSA algorithm.
  36. =head1 OPTIONS
  37. =over 4
  38. =item B<-help>
  39. Print out a usage message.
  40. =item B<-in> I<filename>
  41. This specifies the input filename to read data from or standard input
  42. if this option is not specified.
  43. =item B<-passin> I<arg>
  44. The passphrase used in the output file.
  45. See see L<openssl(1)/Pass Phrase Options>.
  46. =item B<-rev>
  47. Reverse the order of the input.
  48. =item B<-out> I<filename>
  49. Specifies the output filename to write to or standard output by
  50. default.
  51. =item B<-inkey> I<file>
  52. The input key file, by default it should be an RSA private key.
  53. =item B<-keyform> B<DER>|B<PEM>|B<ENGINE>
  54. The key format; the default is B<PEM>.
  55. See L<openssl(1)/Format Options> for details.
  56. =item B<-pubin>
  57. The input file is an RSA public key.
  58. =item B<-certin>
  59. The input is a certificate containing an RSA public key.
  60. =item B<-sign>
  61. Sign the input data and output the signed result. This requires
  62. an RSA private key.
  63. =item B<-verify>
  64. Verify the input data and output the recovered data.
  65. =item B<-encrypt>
  66. Encrypt the input data using an RSA public key.
  67. =item B<-decrypt>
  68. Decrypt the input data using an RSA private key.
  69. =item B<-pkcs>, B<-oaep>, B<-x931> B<-ssl>, B<-raw>
  70. The padding to use: PKCS#1 v1.5 (the default), PKCS#1 OAEP,
  71. ANSI X9.31,
  72. special padding used in SSL v2 backwards compatible handshakes,
  73. or no padding, respectively.
  74. For signatures, only B<-pkcs> and B<-raw> can be used.
  75. =item B<-hexdump>
  76. Hex dump the output data.
  77. =item B<-asn1parse>
  78. Parse the ASN.1 output data, this is useful when combined with the
  79. B<-verify> option.
  80. {- $OpenSSL::safe::opt_engine_item -}
  81. {- $OpenSSL::safe::opt_r_item -}
  82. =back
  83. =head1 NOTES
  84. Since this command uses the RSA algorithm directly, it can only be
  85. used to sign or verify small pieces of data.
  86. =head1 EXAMPLES
  87. Sign some data using a private key:
  88. openssl rsautl -sign -in file -inkey key.pem -out sig
  89. Recover the signed data
  90. openssl rsautl -verify -in sig -inkey key.pem
  91. Examine the raw signed data:
  92. openssl rsautl -verify -in sig -inkey key.pem -raw -hexdump
  93. 0000 - 00 01 ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
  94. 0010 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
  95. 0020 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
  96. 0030 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
  97. 0040 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
  98. 0050 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
  99. 0060 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
  100. 0070 - ff ff ff ff 00 68 65 6c-6c 6f 20 77 6f 72 6c 64 .....hello world
  101. The PKCS#1 block formatting is evident from this. If this was done using
  102. encrypt and decrypt the block would have been of type 2 (the second byte)
  103. and random padding data visible instead of the 0xff bytes.
  104. It is possible to analyse the signature of certificates using this
  105. utility in conjunction with L<openssl-asn1parse(1)>. Consider the self signed
  106. example in F<certs/pca-cert.pem>. Running L<openssl-asn1parse(1)> as follows
  107. yields:
  108. openssl asn1parse -in pca-cert.pem
  109. 0:d=0 hl=4 l= 742 cons: SEQUENCE
  110. 4:d=1 hl=4 l= 591 cons: SEQUENCE
  111. 8:d=2 hl=2 l= 3 cons: cont [ 0 ]
  112. 10:d=3 hl=2 l= 1 prim: INTEGER :02
  113. 13:d=2 hl=2 l= 1 prim: INTEGER :00
  114. 16:d=2 hl=2 l= 13 cons: SEQUENCE
  115. 18:d=3 hl=2 l= 9 prim: OBJECT :md5WithRSAEncryption
  116. 29:d=3 hl=2 l= 0 prim: NULL
  117. 31:d=2 hl=2 l= 92 cons: SEQUENCE
  118. 33:d=3 hl=2 l= 11 cons: SET
  119. 35:d=4 hl=2 l= 9 cons: SEQUENCE
  120. 37:d=5 hl=2 l= 3 prim: OBJECT :countryName
  121. 42:d=5 hl=2 l= 2 prim: PRINTABLESTRING :AU
  122. ....
  123. 599:d=1 hl=2 l= 13 cons: SEQUENCE
  124. 601:d=2 hl=2 l= 9 prim: OBJECT :md5WithRSAEncryption
  125. 612:d=2 hl=2 l= 0 prim: NULL
  126. 614:d=1 hl=3 l= 129 prim: BIT STRING
  127. The final BIT STRING contains the actual signature. It can be extracted with:
  128. openssl asn1parse -in pca-cert.pem -out sig -noout -strparse 614
  129. The certificate public key can be extracted with:
  130. openssl x509 -in test/testx509.pem -pubkey -noout >pubkey.pem
  131. The signature can be analysed with:
  132. openssl rsautl -in sig -verify -asn1parse -inkey pubkey.pem -pubin
  133. 0:d=0 hl=2 l= 32 cons: SEQUENCE
  134. 2:d=1 hl=2 l= 12 cons: SEQUENCE
  135. 4:d=2 hl=2 l= 8 prim: OBJECT :md5
  136. 14:d=2 hl=2 l= 0 prim: NULL
  137. 16:d=1 hl=2 l= 16 prim: OCTET STRING
  138. 0000 - f3 46 9e aa 1a 4a 73 c9-37 ea 93 00 48 25 08 b5 .F...Js.7...H%..
  139. This is the parsed version of an ASN1 DigestInfo structure. It can be seen that
  140. the digest used was md5. The actual part of the certificate that was signed can
  141. be extracted with:
  142. openssl asn1parse -in pca-cert.pem -out tbs -noout -strparse 4
  143. and its digest computed with:
  144. openssl md5 -c tbs
  145. MD5(tbs)= f3:46:9e:aa:1a:4a:73:c9:37:ea:93:00:48:25:08:b5
  146. which it can be seen agrees with the recovered value above.
  147. =head1 SEE ALSO
  148. L<openssl(1)>,
  149. L<openssl-dgst(1)>,
  150. L<openssl-rsa(1)>,
  151. L<openssl-genrsa(1)>
  152. =head1 COPYRIGHT
  153. Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
  154. Licensed under the Apache License 2.0 (the "License"). You may not use
  155. this file except in compliance with the License. You can obtain a copy
  156. in the file LICENSE in the source distribution or at
  157. L<https://www.openssl.org/source/license.html>.
  158. =cut