Index Index for
Section 1ssl
Index Alphabetical
listing for R
Bottom of page Bottom of
page		 

rsautl(1ssl)


NAME

  rsautl - RSA utility


SYNOPSIS

  openssl rsautl [-in filename] [-out filename] [-inkey filename] [-pubin]
  [-certin] [-sign] [-verify] [-encrypt] [-decrypt] [-pkcs] [-ssl] [-raw]
  [-hexdump] [-asn1parse]


OPTIONS

  -infilename
	  Specifies the input filename to read data from or standard input if
	  this option is not specified.

  -outfilename
	  Specifies the output filename to write to or standard output by
	  default.

  -inkey-file
	  Input key file. By default it should be an RSA private key.

  -pubin  The input file is an RSA public key.

  -certin The input is a certificate containing an RSA public key.

  -sign	  Signs the input data and outputs the signed result. This requires
	  and RSA private key.

  -verify Verifies the input data and output the recovered data.

  -encrypt
	  Encrypts the input data using an RSA public key.

  -decrypt
	  Decrypts the input data using an RSA private key.

  -pkcs, -oaep, -ssl, -raw
	  The padding to use: PKCS#1 v1.5 (the default), PKCS#1 OAEP, special
	  padding used in SSL v2 backwards compatible handshakes, or no
	  padding, respectively. For signatures, only -pkcs and -raw can be
	  used.

  -hexdump
	  Hex dumps the output data.

  -asn1parse
	  Asn1parses the output data. This is useful when combined with the
	  -verify option.


DESCRIPTION

  The rsautl command can be used to sign, verify, encrypt and decrypt data
  using the RSA algorithm.


NOTES

  Because rsautl uses the RSA algorithm directly, it can only be used to sign
  or verify small pieces of data.


EXAMPLES

  Sign some data using a private key:

	openssl rsautl -sign -in file -inkey key.pem -out sig

  Recover the signed data

	openssl rsautl -verify -in sig -inkey key.pem

  Examine the raw signed data:

	openssl rsautl -verify -in file -inkey key.pem -raw -hexdump

	0000 - 00 01 ff ff ff ff ff ff-ff ff ff ff ff ff ff ff	 ................
	0010 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff	 ................
	0020 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff	 ................
	0030 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff	 ................
	0040 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff	 ................
	0050 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff	 ................
	0060 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff	 ................
	0070 - ff ff ff ff 00 68 65 6c-6c 6f 20 77 6f 72 6c 64	 .....hello world

  The PKCS#1 block formatting is evident from this. If this was done using
  encrypt and decrypt the block would have been of type 2 (the second byte)
  and random padding data visible instead of the 0xff bytes.

  It is possible to analyze the signature of certificates using this utility
  in conjunction with asn1parse. Consider the self-signed example in
  certs/pca-cert.pem. Running asn1parse yields the following:

	openssl asn1parse -in pca-cert.pem

	   0:d=0  hl=4 l= 742 cons: SEQUENCE
	   4:d=1  hl=4 l= 591 cons:  SEQUENCE
	   8:d=2  hl=2 l=   3 cons:   cont [ 0 ]
	  10:d=3  hl=2 l=   1 prim:    INTEGER		 :02
	  13:d=2  hl=2 l=   1 prim:   INTEGER		:00
	  16:d=2  hl=2 l=  13 cons:   SEQUENCE
	  18:d=3  hl=2 l=   9 prim:    OBJECT		 :md5WithRSAEncryption
	  29:d=3  hl=2 l=   0 prim:    NULL
	  31:d=2  hl=2 l=  92 cons:   SEQUENCE
	  33:d=3  hl=2 l=  11 cons:    SET
	  35:d=4  hl=2 l=   9 cons:	SEQUENCE
	  37:d=5  hl=2 l=   3 prim:	 OBJECT		   :countryName
	  42:d=5  hl=2 l=   2 prim:	 PRINTABLESTRING   :AU
	 ....
	 599:d=1  hl=2 l=  13 cons:  SEQUENCE
	 601:d=2  hl=2 l=   9 prim:   OBJECT		:md5WithRSAEncryption
	 612:d=2  hl=2 l=   0 prim:   NULL
	 614:d=1  hl=3 l= 129 prim:  BIT STRING

  The final BIT STRING contains the actual signature. It can be extracted
  using the following command:

	openssl asn1parse -in pca-cert.pem -out sig -noout -strparse 614

  The certificate public key can be extracted using the following command:

       openssl x509 -in test/testx509.pem -pubout -noout >pubkey.pem

  The signature can be analyzed with:

	openssl rsautl -in sig -verify -asn1parse -inkey pubkey.pem -pubin

	   0:d=0  hl=2 l=  32 cons: SEQUENCE
	   2:d=1  hl=2 l=  12 cons:  SEQUENCE
	   4:d=2  hl=2 l=   8 prim:   OBJECT		:md5
	  14:d=2  hl=2 l=   0 prim:   NULL
	  16:d=1  hl=2 l=  16 prim:  OCTET STRING
	     0000 - f3 46 9e aa 1a 4a 73 c9-37 ea 93 00 48 25 08 b5   .F...Js.7...H%..

  This is the parsed version of an ASN1 DigestInfo structure. The digest used
  was md5. The part of the certificate that was signed can be extracted with
  the following command:

	openssl asn1parse -in pca-cert.pem -out tbs -noout -strparse 4

  Its digest can be computed with the following command:

	openssl md5 -c tbs
	MD5(tbs)= f3:46:9e:aa:1a:4a:73:c9:37:ea:93:00:48:25:08:b5

  This agrees with the recovered value above.


SEE ALSO

  Commands: dgst(1ssl), rsa(1ssl), genrsa(1ssl)

Index Index for
Section 1ssl
Index Alphabetical
listing for R
Top of page Top of
page