| lh | 9ed821d | 2023-04-07 01:36:19 -0700 | [diff] [blame] | 1 | =pod |
| 2 | |
| 3 | =head1 NAME |
| 4 | |
| 5 | openssl-rsautl, |
| 6 | rsautl - RSA utility |
| 7 | |
| 8 | =head1 SYNOPSIS |
| 9 | |
| 10 | B<openssl> B<rsautl> |
| 11 | [B<-help>] |
| 12 | [B<-in file>] |
| 13 | [B<-out file>] |
| 14 | [B<-inkey file>] |
| 15 | [B<-keyform PEM|DER|ENGINE>] |
| 16 | [B<-pubin>] |
| 17 | [B<-certin>] |
| 18 | [B<-sign>] |
| 19 | [B<-verify>] |
| 20 | [B<-encrypt>] |
| 21 | [B<-decrypt>] |
| 22 | [B<-rand file...>] |
| 23 | [B<-writerand file>] |
| 24 | [B<-pkcs>] |
| 25 | [B<-ssl>] |
| 26 | [B<-raw>] |
| 27 | [B<-hexdump>] |
| 28 | [B<-asn1parse>] |
| 29 | |
| 30 | =head1 DESCRIPTION |
| 31 | |
| 32 | The B<rsautl> command can be used to sign, verify, encrypt and decrypt |
| 33 | data using the RSA algorithm. |
| 34 | |
| 35 | =head1 OPTIONS |
| 36 | |
| 37 | =over 4 |
| 38 | |
| 39 | =item B<-help> |
| 40 | |
| 41 | Print out a usage message. |
| 42 | |
| 43 | =item B<-in filename> |
| 44 | |
| 45 | This specifies the input filename to read data from or standard input |
| 46 | if this option is not specified. |
| 47 | |
| 48 | =item B<-out filename> |
| 49 | |
| 50 | Specifies the output filename to write to or standard output by |
| 51 | default. |
| 52 | |
| 53 | =item B<-inkey file> |
| 54 | |
| 55 | The input key file, by default it should be an RSA private key. |
| 56 | |
| 57 | =item B<-keyform PEM|DER|ENGINE> |
| 58 | |
| 59 | The key format PEM, DER or ENGINE. |
| 60 | |
| 61 | =item B<-pubin> |
| 62 | |
| 63 | The input file is an RSA public key. |
| 64 | |
| 65 | =item B<-certin> |
| 66 | |
| 67 | The input is a certificate containing an RSA public key. |
| 68 | |
| 69 | =item B<-sign> |
| 70 | |
| 71 | Sign the input data and output the signed result. This requires |
| 72 | an RSA private key. |
| 73 | |
| 74 | =item B<-verify> |
| 75 | |
| 76 | Verify the input data and output the recovered data. |
| 77 | |
| 78 | =item B<-encrypt> |
| 79 | |
| 80 | Encrypt the input data using an RSA public key. |
| 81 | |
| 82 | =item B<-decrypt> |
| 83 | |
| 84 | Decrypt the input data using an RSA private key. |
| 85 | |
| 86 | =item B<-rand file...> |
| 87 | |
| 88 | A file or files containing random data used to seed the random number |
| 89 | generator. |
| 90 | Multiple files can be specified separated by an OS-dependent character. |
| 91 | The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for |
| 92 | all others. |
| 93 | |
| 94 | =item [B<-writerand file>] |
| 95 | |
| 96 | Writes random data to the specified I<file> upon exit. |
| 97 | This can be used with a subsequent B<-rand> flag. |
| 98 | |
| 99 | =item B<-pkcs, -oaep, -ssl, -raw> |
| 100 | |
| 101 | The padding to use: PKCS#1 v1.5 (the default), PKCS#1 OAEP, |
| 102 | special padding used in SSL v2 backwards compatible handshakes, |
| 103 | or no padding, respectively. |
| 104 | For signatures, only B<-pkcs> and B<-raw> can be used. |
| 105 | |
| 106 | =item B<-hexdump> |
| 107 | |
| 108 | Hex dump the output data. |
| 109 | |
| 110 | =item B<-asn1parse> |
| 111 | |
| 112 | Parse the ASN.1 output data, this is useful when combined with the |
| 113 | B<-verify> option. |
| 114 | |
| 115 | =back |
| 116 | |
| 117 | =head1 NOTES |
| 118 | |
| 119 | B<rsautl> because it uses the RSA algorithm directly can only be |
| 120 | used to sign or verify small pieces of data. |
| 121 | |
| 122 | =head1 EXAMPLES |
| 123 | |
| 124 | Sign some data using a private key: |
| 125 | |
| 126 | openssl rsautl -sign -in file -inkey key.pem -out sig |
| 127 | |
| 128 | Recover the signed data |
| 129 | |
| 130 | openssl rsautl -verify -in sig -inkey key.pem |
| 131 | |
| 132 | Examine the raw signed data: |
| 133 | |
| 134 | openssl rsautl -verify -in sig -inkey key.pem -raw -hexdump |
| 135 | |
| 136 | 0000 - 00 01 ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................ |
| 137 | 0010 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................ |
| 138 | 0020 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................ |
| 139 | 0030 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................ |
| 140 | 0040 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................ |
| 141 | 0050 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................ |
| 142 | 0060 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................ |
| 143 | 0070 - ff ff ff ff 00 68 65 6c-6c 6f 20 77 6f 72 6c 64 .....hello world |
| 144 | |
| 145 | The PKCS#1 block formatting is evident from this. If this was done using |
| 146 | encrypt and decrypt the block would have been of type 2 (the second byte) |
| 147 | and random padding data visible instead of the 0xff bytes. |
| 148 | |
| 149 | It is possible to analyse the signature of certificates using this |
| 150 | utility in conjunction with B<asn1parse>. Consider the self signed |
| 151 | example in certs/pca-cert.pem . Running B<asn1parse> as follows yields: |
| 152 | |
| 153 | openssl asn1parse -in pca-cert.pem |
| 154 | |
| 155 | 0:d=0 hl=4 l= 742 cons: SEQUENCE |
| 156 | 4:d=1 hl=4 l= 591 cons: SEQUENCE |
| 157 | 8:d=2 hl=2 l= 3 cons: cont [ 0 ] |
| 158 | 10:d=3 hl=2 l= 1 prim: INTEGER :02 |
| 159 | 13:d=2 hl=2 l= 1 prim: INTEGER :00 |
| 160 | 16:d=2 hl=2 l= 13 cons: SEQUENCE |
| 161 | 18:d=3 hl=2 l= 9 prim: OBJECT :md5WithRSAEncryption |
| 162 | 29:d=3 hl=2 l= 0 prim: NULL |
| 163 | 31:d=2 hl=2 l= 92 cons: SEQUENCE |
| 164 | 33:d=3 hl=2 l= 11 cons: SET |
| 165 | 35:d=4 hl=2 l= 9 cons: SEQUENCE |
| 166 | 37:d=5 hl=2 l= 3 prim: OBJECT :countryName |
| 167 | 42:d=5 hl=2 l= 2 prim: PRINTABLESTRING :AU |
| 168 | .... |
| 169 | 599:d=1 hl=2 l= 13 cons: SEQUENCE |
| 170 | 601:d=2 hl=2 l= 9 prim: OBJECT :md5WithRSAEncryption |
| 171 | 612:d=2 hl=2 l= 0 prim: NULL |
| 172 | 614:d=1 hl=3 l= 129 prim: BIT STRING |
| 173 | |
| 174 | |
| 175 | The final BIT STRING contains the actual signature. It can be extracted with: |
| 176 | |
| 177 | openssl asn1parse -in pca-cert.pem -out sig -noout -strparse 614 |
| 178 | |
| 179 | The certificate public key can be extracted with: |
| 180 | |
| 181 | openssl x509 -in test/testx509.pem -pubkey -noout >pubkey.pem |
| 182 | |
| 183 | The signature can be analysed with: |
| 184 | |
| 185 | openssl rsautl -in sig -verify -asn1parse -inkey pubkey.pem -pubin |
| 186 | |
| 187 | 0:d=0 hl=2 l= 32 cons: SEQUENCE |
| 188 | 2:d=1 hl=2 l= 12 cons: SEQUENCE |
| 189 | 4:d=2 hl=2 l= 8 prim: OBJECT :md5 |
| 190 | 14:d=2 hl=2 l= 0 prim: NULL |
| 191 | 16:d=1 hl=2 l= 16 prim: OCTET STRING |
| 192 | 0000 - f3 46 9e aa 1a 4a 73 c9-37 ea 93 00 48 25 08 b5 .F...Js.7...H%.. |
| 193 | |
| 194 | This is the parsed version of an ASN1 DigestInfo structure. It can be seen that |
| 195 | the digest used was md5. The actual part of the certificate that was signed can |
| 196 | be extracted with: |
| 197 | |
| 198 | openssl asn1parse -in pca-cert.pem -out tbs -noout -strparse 4 |
| 199 | |
| 200 | and its digest computed with: |
| 201 | |
| 202 | openssl md5 -c tbs |
| 203 | MD5(tbs)= f3:46:9e:aa:1a:4a:73:c9:37:ea:93:00:48:25:08:b5 |
| 204 | |
| 205 | which it can be seen agrees with the recovered value above. |
| 206 | |
| 207 | =head1 SEE ALSO |
| 208 | |
| 209 | L<dgst(1)>, L<rsa(1)>, L<genrsa(1)> |
| 210 | |
| 211 | =head1 COPYRIGHT |
| 212 | |
| 213 | Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved. |
| 214 | |
| 215 | Licensed under the OpenSSL license (the "License"). You may not use |
| 216 | this file except in compliance with the License. You can obtain a copy |
| 217 | in the file LICENSE in the source distribution or at |
| 218 | L<https://www.openssl.org/source/license.html>. |
| 219 | |
| 220 | =cut |