xref: /freebsd/crypto/openssl/doc/man1/openssl-rsautl.pod.in (revision fe75646a0234a261c0013bf1840fdac4acaf0cec)
1=pod
2{- OpenSSL::safe::output_do_not_edit_headers(); -}
3
4=head1 NAME
5
6openssl-rsautl - RSA command
7
8=head1 SYNOPSIS
9
10B<openssl> B<rsautl>
11[B<-help>]
12[B<-in> I<file>]
13[B<-passin> I<arg>]
14[B<-rev>]
15[B<-out> I<file>]
16[B<-inkey> I<filename>|I<uri>]
17[B<-keyform> B<DER>|B<PEM>|B<P12>|B<ENGINE>]
18[B<-pubin>]
19[B<-certin>]
20[B<-sign>]
21[B<-verify>]
22[B<-encrypt>]
23[B<-decrypt>]
24[B<-pkcs>]
25[B<-x931>]
26[B<-oaep>]
27[B<-raw>]
28[B<-hexdump>]
29[B<-asn1parse>]
30{- $OpenSSL::safe::opt_engine_synopsis -}{- $OpenSSL::safe::opt_r_synopsis -}
31{- $OpenSSL::safe::opt_provider_synopsis -}
32
33=head1 DESCRIPTION
34
35This command has been deprecated.
36The L<openssl-pkeyutl(1)> command should be used instead.
37
38This command can be used to sign, verify, encrypt and decrypt
39data using the RSA algorithm.
40
41=head1 OPTIONS
42
43=over 4
44
45=item B<-help>
46
47Print out a usage message.
48
49=item B<-in> I<filename>
50
51This specifies the input filename to read data from or standard input
52if this option is not specified.
53
54=item B<-passin> I<arg>
55
56The passphrase used in the output file.
57See see L<openssl-passphrase-options(1)>.
58
59=item B<-rev>
60
61Reverse the order of the input.
62
63=item B<-out> I<filename>
64
65Specifies the output filename to write to or standard output by
66default.
67
68=item B<-inkey> I<filename>|I<uri>
69
70The input key, by default it should be an RSA private key.
71
72=item B<-keyform> B<DER>|B<PEM>|B<P12>|B<ENGINE>
73
74The key format; unspecified by default.
75See L<openssl-format-options(1)> for details.
76
77=item B<-pubin>
78
79The input file is an RSA public key.
80
81=item B<-certin>
82
83The input is a certificate containing an RSA public key.
84
85=item B<-sign>
86
87Sign the input data and output the signed result. This requires
88an RSA private key.
89
90=item B<-verify>
91
92Verify the input data and output the recovered data.
93
94=item B<-encrypt>
95
96Encrypt the input data using an RSA public key.
97
98=item B<-decrypt>
99
100Decrypt the input data using an RSA private key.
101
102=item B<-pkcs>, B<-oaep>, B<-x931>, B<-raw>
103
104The padding to use: PKCS#1 v1.5 (the default), PKCS#1 OAEP,
105ANSI X9.31, or no padding, respectively.
106For signatures, only B<-pkcs> and B<-raw> can be used.
107
108=item B<-hexdump>
109
110Hex dump the output data.
111
112=item B<-asn1parse>
113
114Parse the ASN.1 output data, this is useful when combined with the
115B<-verify> option.
116
117{- $OpenSSL::safe::opt_engine_item -}
118
119{- $OpenSSL::safe::opt_r_item -}
120
121{- $OpenSSL::safe::opt_provider_item -}
122
123=back
124
125=head1 NOTES
126
127Since this command uses the RSA algorithm directly, it can only be
128used to sign or verify small pieces of data.
129
130=head1 EXAMPLES
131
132Examples equivalent to these can be found in the documentation for the
133non-deprecated L<openssl-pkeyutl(1)> command.
134
135Sign some data using a private key:
136
137 openssl rsautl -sign -in file -inkey key.pem -out sig
138
139Recover the signed data
140
141 openssl rsautl -verify -in sig -inkey key.pem
142
143Examine the raw signed data:
144
145 openssl rsautl -verify -in sig -inkey key.pem -raw -hexdump
146
147 0000 - 00 01 ff ff ff ff ff ff-ff ff ff ff ff ff ff ff   ................
148 0010 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff   ................
149 0020 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff   ................
150 0030 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff   ................
151 0040 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff   ................
152 0050 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff   ................
153 0060 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff   ................
154 0070 - ff ff ff ff 00 68 65 6c-6c 6f 20 77 6f 72 6c 64   .....hello world
155
156The PKCS#1 block formatting is evident from this. If this was done using
157encrypt and decrypt the block would have been of type 2 (the second byte)
158and random padding data visible instead of the 0xff bytes.
159
160It is possible to analyse the signature of certificates using this
161command in conjunction with L<openssl-asn1parse(1)>. Consider the self signed
162example in F<certs/pca-cert.pem>. Running L<openssl-asn1parse(1)> as follows
163yields:
164
165 openssl asn1parse -in pca-cert.pem
166
167    0:d=0  hl=4 l= 742 cons: SEQUENCE
168    4:d=1  hl=4 l= 591 cons:  SEQUENCE
169    8:d=2  hl=2 l=   3 cons:   cont [ 0 ]
170   10:d=3  hl=2 l=   1 prim:    INTEGER           :02
171   13:d=2  hl=2 l=   1 prim:   INTEGER           :00
172   16:d=2  hl=2 l=  13 cons:   SEQUENCE
173   18:d=3  hl=2 l=   9 prim:    OBJECT            :md5WithRSAEncryption
174   29:d=3  hl=2 l=   0 prim:    NULL
175   31:d=2  hl=2 l=  92 cons:   SEQUENCE
176   33:d=3  hl=2 l=  11 cons:    SET
177   35:d=4  hl=2 l=   9 cons:     SEQUENCE
178   37:d=5  hl=2 l=   3 prim:      OBJECT            :countryName
179   42:d=5  hl=2 l=   2 prim:      PRINTABLESTRING   :AU
180  ....
181  599:d=1  hl=2 l=  13 cons:  SEQUENCE
182  601:d=2  hl=2 l=   9 prim:   OBJECT            :md5WithRSAEncryption
183  612:d=2  hl=2 l=   0 prim:   NULL
184  614:d=1  hl=3 l= 129 prim:  BIT STRING
185
186
187The final BIT STRING contains the actual signature. It can be extracted with:
188
189 openssl asn1parse -in pca-cert.pem -out sig -noout -strparse 614
190
191The certificate public key can be extracted with:
192
193 openssl x509 -in test/testx509.pem -pubkey -noout >pubkey.pem
194
195The signature can be analysed with:
196
197 openssl rsautl -in sig -verify -asn1parse -inkey pubkey.pem -pubin
198
199    0:d=0  hl=2 l=  32 cons: SEQUENCE
200    2:d=1  hl=2 l=  12 cons:  SEQUENCE
201    4:d=2  hl=2 l=   8 prim:   OBJECT            :md5
202   14:d=2  hl=2 l=   0 prim:   NULL
203   16:d=1  hl=2 l=  16 prim:  OCTET STRING
204      0000 - f3 46 9e aa 1a 4a 73 c9-37 ea 93 00 48 25 08 b5   .F...Js.7...H%..
205
206This is the parsed version of an ASN1 DigestInfo structure. It can be seen that
207the digest used was md5. The actual part of the certificate that was signed can
208be extracted with:
209
210 openssl asn1parse -in pca-cert.pem -out tbs -noout -strparse 4
211
212and its digest computed with:
213
214 openssl md5 -c tbs
215 MD5(tbs)= f3:46:9e:aa:1a:4a:73:c9:37:ea:93:00:48:25:08:b5
216
217which it can be seen agrees with the recovered value above.
218
219=head1 SEE ALSO
220
221L<openssl(1)>,
222L<openssl-pkeyutl(1)>,
223L<openssl-dgst(1)>,
224L<openssl-rsa(1)>,
225L<openssl-genrsa(1)>
226
227=head1 HISTORY
228
229This command was deprecated in OpenSSL 3.0.
230
231The B<-engine> option was deprecated in OpenSSL 3.0.
232
233=head1 COPYRIGHT
234
235Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved.
236
237Licensed under the Apache License 2.0 (the "License").  You may not use
238this file except in compliance with the License.  You can obtain a copy
239in the file LICENSE in the source distribution or at
240L<https://www.openssl.org/source/license.html>.
241
242=cut
243