OpenSSL RSAUTL(1openssl) NNNNAAAAMMMMEEEE
rsautl - RSA utility
SSSSYYYYNNNNOOOOPPPPSSSSIIIISSSSooooppppeeeennnnssssssssllll rrrrssssaaaauuuuttttllll [---iiinnnn ffffiiiilllleeee] [---ooouuuutttt ffffiiiilllleeee] [---iiinnnnkkkkeeeeyyyy ffffiiiilllleeee] [---pppuuuubbbbiiiinnnn]
[---ccceeeerrrrttttiiiinnnn] [---sssiiiiggggnnnn] [---vvveeeerrrriiiiffffyyyy] [---eeennnnccccrrrryyyypppptttt] [---dddeeeeccccrrrryyyypppptttt] [---pppkkkkccccssss]
[---sssssssllll] [---rrraaaawwww] [---hhheeeexxxxdddduuuummmmpppp] [---aaassssnnnn1111ppppaaaarrrrsssseeee]
DDDDEEEESSSSCCCCRRRRIIIIPPPPTTTTIIIIOOOONNNN The rrrrssssaaaauuuuttttllll command can be used to sign, verify, encrypt and decrypt data using the RSA algorithm. CCCCOOOOMMMMMMMMAAAANNNNDDDD OOOOPPPPTTTTIIIIOOOONNNNSSSS-iiiinnnn ffffiiiilllleeeennnnaaaammmmeeee
This specifies the input filename to read data from or standard input if this option is not specified.-oooouuuutttt ffffiiiilllleeeennnnaaaammmmeeee
specifies the output filename to write to or standard output by default.-iiiinnnnkkkkeeeeyyyy ffffiiiilllleeee
the input key file, by default it should be an RSA private key.-ppppuuuubbbbiiiinnnn
the input file is an RSA public key.-cccceeeerrrrttttiiiinnnn
the input is a certificate containing an RSA public key.-ssssiiiiggggnnnn
sign the input data and output the signed result. This requires and RSA private key.-vvvveeeerrrriiiiffffyyyy
verify the input data and output the recovered data.-eeeennnnccccrrrryyyypppptttt
encrypt the input data using an RSA public key.-ddddeeeeccccrrrryyyypppptttt
decrypt the input data using an RSA private key.-ppppkkkkccccssss,,,, -ooooaaaaeeeepppp,,,, -ssssssssllll,,,, -rrrraaaawwww
the padding to use: PKCS#1 v1.5 (the default), PKCS#1
OAEP, special padding used in SSL v2 backwards compatible handshakes, or no padding, respectively. Forsignatures, only ---pppkkkkccccssss and ---rrraaaawwww can be used.
-hhhheeeexxxxdddduuuummmmpppp
hex dump the output data.17/Sep/2007 Last change: 0.9.8o 1 OpenSSL RSAUTL(1openssl)
-aaaassssnnnn1111ppppaaaarrrrsssseeee
asn1parse the output data, this is useful when combinedwith the ---vvveeeerrrriiiiffffyyyy option.
NNNNOOOOTTTTEEEESSSS rrrrssssaaaauuuuttttllll because it uses the RSA algorithm directly can only be used to sign or verify small pieces of data. EEEEXXXXAAAAMMMMPPPPLLLLEEEESSSS Sign some data using a private key:openssl rsautl -sign -in file -inkey key.pem -out sig
Recover the signed dataopenssl rsautl -verify -in sig -inkey key.pem
Examine the raw signed data:openssl rsautl -verify -in file -inkey key.pem -raw -hexdump
0000 - 00 01 ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
0010 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
0020 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
0030 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
0040 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
0050 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
0060 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
0070 - ff ff ff ff 00 68 65 6c-6c 6f 20 77 6f 72 6c 64 .....hello world
The PKCS#1 block formatting is evident from this. If this
was done using encrypt and decrypt the block would have been of type 2 (the second byte) and random padding data visible instead of the 0xff bytes. It is possible to analyse the signature of certificates using this utility in conjunction with aaaassssnnnn1111ppppaaaarrrrsssseeee. Considerthe self signed example in certs/pca-cert.pem . Running
aaaassssnnnn1111ppppaaaarrrrsssseeee as follows yields:openssl asn1parse -in pca-cert.pem
17/Sep/2007 Last change: 0.9.8o 2 OpenSSL RSAUTL(1openssl) 0:d=0 hl=4 l= 742 cons: SEQUENCE 4:d=1 hl=4 l= 591 cons: SEQUENCE 8:d=2 hl=2 l= 3 cons: cont [ 0 ] 10:d=3 hl=2 l= 1 prim: INTEGER :02 13:d=2 hl=2 l= 1 prim: INTEGER :00 16:d=2 hl=2 l= 13 cons: SEQUENCE 18:d=3 hl=2 l= 9 prim: OBJECT :md5WithRSAEncryption 29:d=3 hl=2 l= 0 prim: NULL 31:d=2 hl=2 l= 92 cons: SEQUENCE 33:d=3 hl=2 l= 11 cons: SET 35:d=4 hl=2 l= 9 cons: SEQUENCE 37:d=5 hl=2 l= 3 prim: OBJECT :countryName 42:d=5 hl=2 l= 2 prim: PRINTABLESTRING :AU .... 599:d=1 hl=2 l= 13 cons: SEQUENCE 601:d=2 hl=2 l= 9 prim: OBJECT :md5WithRSAEncryption 612:d=2 hl=2 l= 0 prim: NULL 614:d=1 hl=3 l= 129 prim: BIT STRING The final BIT STRING contains the actual signature. It can be extracted with:
openssl asn1parse -in pca-cert.pem -out sig -noout -strparse 614
The certificate public key can be extracted with:openssl x509 -in test/testx509.pem -pubkey -noout
>pubkey.pem The signature can be analysed with:openssl rsautl -in sig -verify -asn1parse -inkey pubkey.pem -pubin
0:d=0 hl=2 l= 32 cons: SEQUENCE 2:d=1 hl=2 l= 12 cons: SEQUENCE 4:d=2 hl=2 l= 8 prim: OBJECT :md5 14:d=2 hl=2 l= 0 prim: NULL 16:d=1 hl=2 l= 16 prim: OCTET STRING0000 - f3 46 9e aa 1a 4a 73 c9-37 ea 93 00 48 25 08 b5 .F...Js.7...H%..
This is the parsed version of an ASN1 DigestInfo structure. It can be seen that the digest used was md5. The actual part of the certificate that was signed can be extracted with:openssl asn1parse -in pca-cert.pem -out tbs -noout -strparse 4
and its digest computed with:openssl md5 -c tbs
MD5(tbs)= f3:46:9e:aa:1a:4a:73:c9:37:ea:93:00:48:25:08:b5 which it can be seen agrees with the recovered value above.17/Sep/2007 Last change: 0.9.8o 3 OpenSSL RSAUTL(1openssl) SSSSEEEEEEEE AAAALLLLSSSSOOOO dgst(1), rsa(1), genrsa(1)
17/Sep/2007 Last change: 0.9.8o 4