rsautl.pod 5.0 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183
  1. =pod
  2. =head1 NAME
  3. rsautl - RSA utility
  4. =head1 SYNOPSIS
  5. B<openssl> B<rsautl>
  6. [B<-in file>]
  7. [B<-out file>]
  8. [B<-inkey file>]
  9. [B<-pubin>]
  10. [B<-certin>]
  11. [B<-sign>]
  12. [B<-verify>]
  13. [B<-encrypt>]
  14. [B<-decrypt>]
  15. [B<-pkcs>]
  16. [B<-ssl>]
  17. [B<-raw>]
  18. [B<-hexdump>]
  19. [B<-asn1parse>]
  20. =head1 DESCRIPTION
  21. The B<rsautl> command can be used to sign, verify, encrypt and decrypt
  22. data using the RSA algorithm.
  23. =head1 COMMAND OPTIONS
  24. =over 4
  25. =item B<-in filename>
  26. This specifies the input filename to read data from or standard input
  27. if this option is not specified.
  28. =item B<-out filename>
  29. specifies the output filename to write to or standard output by
  30. default.
  31. =item B<-inkey file>
  32. the input key file, by default it should be an RSA private key.
  33. =item B<-pubin>
  34. the input file is an RSA public key.
  35. =item B<-certin>
  36. the input is a certificate containing an RSA public key.
  37. =item B<-sign>
  38. sign the input data and output the signed result. This requires
  39. and RSA private key.
  40. =item B<-verify>
  41. verify the input data and output the recovered data.
  42. =item B<-encrypt>
  43. encrypt the input data using an RSA public key.
  44. =item B<-decrypt>
  45. decrypt the input data using an RSA private key.
  46. =item B<-pkcs, -oaep, -ssl, -raw>
  47. the padding to use: PKCS#1 v1.5 (the default), PKCS#1 OAEP,
  48. special padding used in SSL v2 backwards compatible handshakes,
  49. or no padding, respectively.
  50. For signatures, only B<-pkcs> and B<-raw> can be used.
  51. =item B<-hexdump>
  52. hex dump the output data.
  53. =item B<-asn1parse>
  54. asn1parse the output data, this is useful when combined with the
  55. B<-verify> option.
  56. =back
  57. =head1 NOTES
  58. B<rsautl> because it uses the RSA algorithm directly can only be
  59. used to sign or verify small pieces of data.
  60. =head1 EXAMPLES
  61. Sign some data using a private key:
  62. openssl rsautl -sign -in file -inkey key.pem -out sig
  63. Recover the signed data
  64. openssl rsautl -verify -in sig -inkey key.pem
  65. Examine the raw signed data:
  66. openssl rsautl -verify -in file -inkey key.pem -raw -hexdump
  67. 0000 - 00 01 ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
  68. 0010 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
  69. 0020 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
  70. 0030 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
  71. 0040 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
  72. 0050 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
  73. 0060 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
  74. 0070 - ff ff ff ff 00 68 65 6c-6c 6f 20 77 6f 72 6c 64 .....hello world
  75. The PKCS#1 block formatting is evident from this. If this was done using
  76. encrypt and decrypt the block would have been of type 2 (the second byte)
  77. and random padding data visible instead of the 0xff bytes.
  78. It is possible to analyse the signature of certificates using this
  79. utility in conjunction with B<asn1parse>. Consider the self signed
  80. example in certs/pca-cert.pem . Running B<asn1parse> as follows yields:
  81. openssl asn1parse -in pca-cert.pem
  82. 0:d=0 hl=4 l= 742 cons: SEQUENCE
  83. 4:d=1 hl=4 l= 591 cons: SEQUENCE
  84. 8:d=2 hl=2 l= 3 cons: cont [ 0 ]
  85. 10:d=3 hl=2 l= 1 prim: INTEGER :02
  86. 13:d=2 hl=2 l= 1 prim: INTEGER :00
  87. 16:d=2 hl=2 l= 13 cons: SEQUENCE
  88. 18:d=3 hl=2 l= 9 prim: OBJECT :md5WithRSAEncryption
  89. 29:d=3 hl=2 l= 0 prim: NULL
  90. 31:d=2 hl=2 l= 92 cons: SEQUENCE
  91. 33:d=3 hl=2 l= 11 cons: SET
  92. 35:d=4 hl=2 l= 9 cons: SEQUENCE
  93. 37:d=5 hl=2 l= 3 prim: OBJECT :countryName
  94. 42:d=5 hl=2 l= 2 prim: PRINTABLESTRING :AU
  95. ....
  96. 599:d=1 hl=2 l= 13 cons: SEQUENCE
  97. 601:d=2 hl=2 l= 9 prim: OBJECT :md5WithRSAEncryption
  98. 612:d=2 hl=2 l= 0 prim: NULL
  99. 614:d=1 hl=3 l= 129 prim: BIT STRING
  100. The final BIT STRING contains the actual signature. It can be extracted with:
  101. openssl asn1parse -in pca-cert.pem -out sig -noout -strparse 614
  102. The certificate public key can be extracted with:
  103. openssl x509 -in test/testx509.pem -pubkey -noout >pubkey.pem
  104. The signature can be analysed with:
  105. openssl rsautl -in sig -verify -asn1parse -inkey pubkey.pem -pubin
  106. 0:d=0 hl=2 l= 32 cons: SEQUENCE
  107. 2:d=1 hl=2 l= 12 cons: SEQUENCE
  108. 4:d=2 hl=2 l= 8 prim: OBJECT :md5
  109. 14:d=2 hl=2 l= 0 prim: NULL
  110. 16:d=1 hl=2 l= 16 prim: OCTET STRING
  111. 0000 - f3 46 9e aa 1a 4a 73 c9-37 ea 93 00 48 25 08 b5 .F...Js.7...H%..
  112. This is the parsed version of an ASN1 DigestInfo structure. It can be seen that
  113. the digest used was md5. The actual part of the certificate that was signed can
  114. be extracted with:
  115. openssl asn1parse -in pca-cert.pem -out tbs -noout -strparse 4
  116. and its digest computed with:
  117. openssl md5 -c tbs
  118. MD5(tbs)= f3:46:9e:aa:1a:4a:73:c9:37:ea:93:00:48:25:08:b5
  119. which it can be seen agrees with the recovered value above.
  120. =head1 SEE ALSO
  121. L<dgst(1)|dgst(1)>, L<rsa(1)|rsa(1)>, L<genrsa(1)|genrsa(1)>