openssl-rsautl.pod.in 6.6 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254
  1. =pod
  2. {- OpenSSL::safe::output_do_not_edit_headers(); -}
  3. =head1 NAME
  4. openssl-rsautl - RSA command
  5. =head1 SYNOPSIS
  6. B<openssl> B<rsautl>
  7. [B<-help>]
  8. [B<-in> I<file>]
  9. [B<-passin> I<arg>]
  10. [B<-rev>]
  11. [B<-out> I<file>]
  12. [B<-inkey> I<filename>|I<uri>]
  13. [B<-keyform> B<DER>|B<PEM>|B<P12>|B<ENGINE>]
  14. [B<-pubin>]
  15. [B<-certin>]
  16. [B<-sign>]
  17. [B<-verify>]
  18. [B<-encrypt>]
  19. [B<-decrypt>]
  20. [B<-pkcs>]
  21. [B<-x931>]
  22. [B<-oaep>]
  23. [B<-ssl>]
  24. [B<-raw>]
  25. [B<-pkcs>]
  26. [B<-ssl>]
  27. [B<-raw>]
  28. [B<-hexdump>]
  29. [B<-asn1parse>]
  30. {- $OpenSSL::safe::opt_engine_synopsis -}{- $OpenSSL::safe::opt_r_synopsis -}
  31. {- $OpenSSL::safe::opt_provider_synopsis -}
  32. =for openssl ifdef engine
  33. =head1 DESCRIPTION
  34. This command has been deprecated.
  35. The L<openssl-pkeyutl(1)> command should be used instead.
  36. This command can be used to sign, verify, encrypt and decrypt
  37. data using the RSA algorithm.
  38. =head1 OPTIONS
  39. =over 4
  40. =item B<-help>
  41. Print out a usage message.
  42. =item B<-in> I<filename>
  43. This specifies the input filename to read data from or standard input
  44. if this option is not specified.
  45. =item B<-passin> I<arg>
  46. The passphrase used in the output file.
  47. See see L<openssl-passphrase-options(1)>.
  48. =item B<-rev>
  49. Reverse the order of the input.
  50. =item B<-out> I<filename>
  51. Specifies the output filename to write to or standard output by
  52. default.
  53. =item B<-inkey> I<filename>|I<uri>
  54. The input key, by default it should be an RSA private key.
  55. =item B<-keyform> B<DER>|B<PEM>|B<P12>|B<ENGINE>
  56. The key format; the default is B<PEM>.
  57. The only value with effect is B<ENGINE>; all others have become obsolete.
  58. See L<openssl-format-options(1)> for details.
  59. =item B<-pubin>
  60. The input file is an RSA public key.
  61. =item B<-certin>
  62. The input is a certificate containing an RSA public key.
  63. =item B<-sign>
  64. Sign the input data and output the signed result. This requires
  65. an RSA private key.
  66. =item B<-verify>
  67. Verify the input data and output the recovered data.
  68. =item B<-encrypt>
  69. Encrypt the input data using an RSA public key.
  70. =item B<-decrypt>
  71. Decrypt the input data using an RSA private key.
  72. =item B<-pkcs>, B<-oaep>, B<-x931> B<-ssl>, B<-raw>
  73. The padding to use: PKCS#1 v1.5 (the default), PKCS#1 OAEP,
  74. ANSI X9.31,
  75. special padding used in SSL v2 backwards compatible handshakes,
  76. or no padding, respectively.
  77. For signatures, only B<-pkcs> and B<-raw> can be used.
  78. =item B<-hexdump>
  79. Hex dump the output data.
  80. =item B<-asn1parse>
  81. Parse the ASN.1 output data, this is useful when combined with the
  82. B<-verify> option.
  83. {- $OpenSSL::safe::opt_engine_item -}
  84. {- $OpenSSL::safe::opt_r_item -}
  85. {- $OpenSSL::safe::opt_provider_item -}
  86. =back
  87. =head1 NOTES
  88. Since this command uses the RSA algorithm directly, it can only be
  89. used to sign or verify small pieces of data.
  90. =head1 EXAMPLES
  91. Examples equivalent to these can be found in the documentation for the
  92. non-deprecated L<openssl-pkeyutl(1)> command.
  93. Sign some data using a private key:
  94. openssl rsautl -sign -in file -inkey key.pem -out sig
  95. Recover the signed data
  96. openssl rsautl -verify -in sig -inkey key.pem
  97. Examine the raw signed data:
  98. openssl rsautl -verify -in sig -inkey key.pem -raw -hexdump
  99. 0000 - 00 01 ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
  100. 0010 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
  101. 0020 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
  102. 0030 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
  103. 0040 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
  104. 0050 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
  105. 0060 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
  106. 0070 - ff ff ff ff 00 68 65 6c-6c 6f 20 77 6f 72 6c 64 .....hello world
  107. The PKCS#1 block formatting is evident from this. If this was done using
  108. encrypt and decrypt the block would have been of type 2 (the second byte)
  109. and random padding data visible instead of the 0xff bytes.
  110. It is possible to analyse the signature of certificates using this
  111. command in conjunction with L<openssl-asn1parse(1)>. Consider the self signed
  112. example in F<certs/pca-cert.pem>. Running L<openssl-asn1parse(1)> as follows
  113. yields:
  114. openssl asn1parse -in pca-cert.pem
  115. 0:d=0 hl=4 l= 742 cons: SEQUENCE
  116. 4:d=1 hl=4 l= 591 cons: SEQUENCE
  117. 8:d=2 hl=2 l= 3 cons: cont [ 0 ]
  118. 10:d=3 hl=2 l= 1 prim: INTEGER :02
  119. 13:d=2 hl=2 l= 1 prim: INTEGER :00
  120. 16:d=2 hl=2 l= 13 cons: SEQUENCE
  121. 18:d=3 hl=2 l= 9 prim: OBJECT :md5WithRSAEncryption
  122. 29:d=3 hl=2 l= 0 prim: NULL
  123. 31:d=2 hl=2 l= 92 cons: SEQUENCE
  124. 33:d=3 hl=2 l= 11 cons: SET
  125. 35:d=4 hl=2 l= 9 cons: SEQUENCE
  126. 37:d=5 hl=2 l= 3 prim: OBJECT :countryName
  127. 42:d=5 hl=2 l= 2 prim: PRINTABLESTRING :AU
  128. ....
  129. 599:d=1 hl=2 l= 13 cons: SEQUENCE
  130. 601:d=2 hl=2 l= 9 prim: OBJECT :md5WithRSAEncryption
  131. 612:d=2 hl=2 l= 0 prim: NULL
  132. 614:d=1 hl=3 l= 129 prim: BIT STRING
  133. The final BIT STRING contains the actual signature. It can be extracted with:
  134. openssl asn1parse -in pca-cert.pem -out sig -noout -strparse 614
  135. The certificate public key can be extracted with:
  136. openssl x509 -in test/testx509.pem -pubkey -noout >pubkey.pem
  137. The signature can be analysed with:
  138. openssl rsautl -in sig -verify -asn1parse -inkey pubkey.pem -pubin
  139. 0:d=0 hl=2 l= 32 cons: SEQUENCE
  140. 2:d=1 hl=2 l= 12 cons: SEQUENCE
  141. 4:d=2 hl=2 l= 8 prim: OBJECT :md5
  142. 14:d=2 hl=2 l= 0 prim: NULL
  143. 16:d=1 hl=2 l= 16 prim: OCTET STRING
  144. 0000 - f3 46 9e aa 1a 4a 73 c9-37 ea 93 00 48 25 08 b5 .F...Js.7...H%..
  145. This is the parsed version of an ASN1 DigestInfo structure. It can be seen that
  146. the digest used was md5. The actual part of the certificate that was signed can
  147. be extracted with:
  148. openssl asn1parse -in pca-cert.pem -out tbs -noout -strparse 4
  149. and its digest computed with:
  150. openssl md5 -c tbs
  151. MD5(tbs)= f3:46:9e:aa:1a:4a:73:c9:37:ea:93:00:48:25:08:b5
  152. which it can be seen agrees with the recovered value above.
  153. =head1 SEE ALSO
  154. L<openssl(1)>,
  155. L<openssl-pkeyutl(1)>,
  156. L<openssl-dgst(1)>,
  157. L<openssl-rsa(1)>,
  158. L<openssl-genrsa(1)>
  159. =head1 HISTORY
  160. This command was deprecated in OpenSSL 3.0.
  161. All B<-keyform> values except B<ENGINE> have become obsolete in OpenSSL 3.0.0
  162. and have no effect.
  163. The B<-engine> option was deprecated in OpenSSL 3.0.
  164. =head1 COPYRIGHT
  165. Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
  166. Licensed under the Apache License 2.0 (the "License"). You may not use
  167. this file except in compliance with the License. You can obtain a copy
  168. in the file LICENSE in the source distribution or at
  169. L<https://www.openssl.org/source/license.html>.
  170. =cut