1=pod 2{- OpenSSL::safe::output_do_not_edit_headers(); -} 3 4=head1 NAME 5 6openssl-rsautl - RSA command 7 8=head1 SYNOPSIS 9 10B<openssl> B<rsautl> 11[B<-help>] 12[B<-in> I<file>] 13[B<-passin> I<arg>] 14[B<-rev>] 15[B<-out> I<file>] 16[B<-inkey> I<filename>|I<uri>] 17[B<-keyform> B<DER>|B<PEM>|B<P12>|B<ENGINE>] 18[B<-pubin>] 19[B<-certin>] 20[B<-sign>] 21[B<-verify>] 22[B<-encrypt>] 23[B<-decrypt>] 24[B<-pkcs>] 25[B<-x931>] 26[B<-oaep>] 27[B<-raw>] 28[B<-hexdump>] 29[B<-asn1parse>] 30{- $OpenSSL::safe::opt_engine_synopsis -}{- $OpenSSL::safe::opt_r_synopsis -} 31{- $OpenSSL::safe::opt_provider_synopsis -} 32 33=head1 DESCRIPTION 34 35This command has been deprecated. 36The L<openssl-pkeyutl(1)> command should be used instead. 37 38This command can be used to sign, verify, encrypt and decrypt 39data using the RSA algorithm. 40 41=head1 OPTIONS 42 43=over 4 44 45=item B<-help> 46 47Print out a usage message. 48 49=item B<-in> I<filename> 50 51This specifies the input filename to read data from or standard input 52if this option is not specified. 53 54=item B<-passin> I<arg> 55 56The passphrase used in the output file. 57See see L<openssl-passphrase-options(1)>. 58 59=item B<-rev> 60 61Reverse the order of the input. 62 63=item B<-out> I<filename> 64 65Specifies the output filename to write to or standard output by 66default. 67 68=item B<-inkey> I<filename>|I<uri> 69 70The input key, by default it should be an RSA private key. 71 72=item B<-keyform> B<DER>|B<PEM>|B<P12>|B<ENGINE> 73 74The key format; unspecified by default. 75See L<openssl-format-options(1)> for details. 76 77=item B<-pubin> 78 79The input file is an RSA public key. 80 81=item B<-certin> 82 83The input is a certificate containing an RSA public key. 84 85=item B<-sign> 86 87Sign the input data and output the signed result. This requires 88an RSA private key. 89 90=item B<-verify> 91 92Verify the input data and output the recovered data. 93 94=item B<-encrypt> 95 96Encrypt the input data using an RSA public key. 97 98=item B<-decrypt> 99 100Decrypt the input data using an RSA private key. 101 102=item B<-pkcs>, B<-oaep>, B<-x931>, B<-raw> 103 104The padding to use: PKCS#1 v1.5 (the default), PKCS#1 OAEP, 105ANSI X9.31, or no padding, respectively. 106For signatures, only B<-pkcs> and B<-raw> can be used. 107 108=item B<-hexdump> 109 110Hex dump the output data. 111 112=item B<-asn1parse> 113 114Parse the ASN.1 output data, this is useful when combined with the 115B<-verify> option. 116 117{- $OpenSSL::safe::opt_engine_item -} 118 119{- $OpenSSL::safe::opt_r_item -} 120 121{- $OpenSSL::safe::opt_provider_item -} 122 123=back 124 125=head1 NOTES 126 127Since this command uses the RSA algorithm directly, it can only be 128used to sign or verify small pieces of data. 129 130=head1 EXAMPLES 131 132Examples equivalent to these can be found in the documentation for the 133non-deprecated L<openssl-pkeyutl(1)> command. 134 135Sign some data using a private key: 136 137 openssl rsautl -sign -in file -inkey key.pem -out sig 138 139Recover the signed data 140 141 openssl rsautl -verify -in sig -inkey key.pem 142 143Examine the raw signed data: 144 145 openssl rsautl -verify -in sig -inkey key.pem -raw -hexdump 146 147 0000 - 00 01 ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................ 148 0010 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................ 149 0020 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................ 150 0030 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................ 151 0040 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................ 152 0050 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................ 153 0060 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................ 154 0070 - ff ff ff ff 00 68 65 6c-6c 6f 20 77 6f 72 6c 64 .....hello world 155 156The PKCS#1 block formatting is evident from this. If this was done using 157encrypt and decrypt the block would have been of type 2 (the second byte) 158and random padding data visible instead of the 0xff bytes. 159 160It is possible to analyse the signature of certificates using this 161command in conjunction with L<openssl-asn1parse(1)>. Consider the self signed 162example in F<certs/pca-cert.pem>. Running L<openssl-asn1parse(1)> as follows 163yields: 164 165 openssl asn1parse -in pca-cert.pem 166 167 0:d=0 hl=4 l= 742 cons: SEQUENCE 168 4:d=1 hl=4 l= 591 cons: SEQUENCE 169 8:d=2 hl=2 l= 3 cons: cont [ 0 ] 170 10:d=3 hl=2 l= 1 prim: INTEGER :02 171 13:d=2 hl=2 l= 1 prim: INTEGER :00 172 16:d=2 hl=2 l= 13 cons: SEQUENCE 173 18:d=3 hl=2 l= 9 prim: OBJECT :md5WithRSAEncryption 174 29:d=3 hl=2 l= 0 prim: NULL 175 31:d=2 hl=2 l= 92 cons: SEQUENCE 176 33:d=3 hl=2 l= 11 cons: SET 177 35:d=4 hl=2 l= 9 cons: SEQUENCE 178 37:d=5 hl=2 l= 3 prim: OBJECT :countryName 179 42:d=5 hl=2 l= 2 prim: PRINTABLESTRING :AU 180 .... 181 599:d=1 hl=2 l= 13 cons: SEQUENCE 182 601:d=2 hl=2 l= 9 prim: OBJECT :md5WithRSAEncryption 183 612:d=2 hl=2 l= 0 prim: NULL 184 614:d=1 hl=3 l= 129 prim: BIT STRING 185 186 187The final BIT STRING contains the actual signature. It can be extracted with: 188 189 openssl asn1parse -in pca-cert.pem -out sig -noout -strparse 614 190 191The certificate public key can be extracted with: 192 193 openssl x509 -in test/testx509.pem -pubkey -noout >pubkey.pem 194 195The signature can be analysed with: 196 197 openssl rsautl -in sig -verify -asn1parse -inkey pubkey.pem -pubin 198 199 0:d=0 hl=2 l= 32 cons: SEQUENCE 200 2:d=1 hl=2 l= 12 cons: SEQUENCE 201 4:d=2 hl=2 l= 8 prim: OBJECT :md5 202 14:d=2 hl=2 l= 0 prim: NULL 203 16:d=1 hl=2 l= 16 prim: OCTET STRING 204 0000 - f3 46 9e aa 1a 4a 73 c9-37 ea 93 00 48 25 08 b5 .F...Js.7...H%.. 205 206This is the parsed version of an ASN1 DigestInfo structure. It can be seen that 207the digest used was md5. The actual part of the certificate that was signed can 208be extracted with: 209 210 openssl asn1parse -in pca-cert.pem -out tbs -noout -strparse 4 211 212and its digest computed with: 213 214 openssl md5 -c tbs 215 MD5(tbs)= f3:46:9e:aa:1a:4a:73:c9:37:ea:93:00:48:25:08:b5 216 217which it can be seen agrees with the recovered value above. 218 219=head1 SEE ALSO 220 221L<openssl(1)>, 222L<openssl-pkeyutl(1)>, 223L<openssl-dgst(1)>, 224L<openssl-rsa(1)>, 225L<openssl-genrsa(1)> 226 227=head1 HISTORY 228 229This command was deprecated in OpenSSL 3.0. 230 231The B<-engine> option was deprecated in OpenSSL 3.0. 232 233=head1 COPYRIGHT 234 235Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved. 236 237Licensed under the Apache License 2.0 (the "License"). You may not use 238this file except in compliance with the License. You can obtain a copy 239in the file LICENSE in the source distribution or at 240L<https://www.openssl.org/source/license.html>. 241 242=cut 243