1 =pod 2 {- OpenSSL::safe::output_do_not_edit_headers(); -} 3 4 =head1 NAME 5 6 openssl-rsautl - RSA command 7 8 =head1 SYNOPSIS 9 10 B<openssl> B<rsautl> 11 [B<-help>] 12 [B<-in> I<file>] 13 [B<-passin> I<arg>] 14 [B<-rev>] 15 [B<-out> I<file>] 16 [B<-inkey> I<filename>|I<uri>] 17 [B<-keyform> B<DER>|B<PEM>|B<P12>|B<ENGINE>] 18 [B<-pubin>] 19 [B<-certin>] 20 [B<-sign>] 21 [B<-verify>] 22 [B<-encrypt>] 23 [B<-decrypt>] 24 [B<-pkcs>] 25 [B<-x931>] 26 [B<-oaep>] 27 [B<-raw>] 28 [B<-hexdump>] 29 [B<-asn1parse>] 30 {- $OpenSSL::safe::opt_engine_synopsis -}{- $OpenSSL::safe::opt_r_synopsis -} 31 {- $OpenSSL::safe::opt_provider_synopsis -} 32 33 =head1 DESCRIPTION 34 35 This command has been deprecated. 36 The L<openssl-pkeyutl(1)> command should be used instead. 37 38 This command can be used to sign, verify, encrypt and decrypt 39 data using the RSA algorithm. 40 41 =head1 OPTIONS 42 43 =over 4 44 45 =item B<-help> 46 47 Print out a usage message. 48 49 =item B<-in> I<filename> 50 51 This specifies the input filename to read data from or standard input 52 if this option is not specified. 53 54 =item B<-passin> I<arg> 55 56 The passphrase used in the output file. 57 See see L<openssl-passphrase-options(1)>. 58 59 =item B<-rev> 60 61 Reverse the order of the input. 62 63 =item B<-out> I<filename> 64 65 Specifies the output filename to write to or standard output by 66 default. 67 68 =item B<-inkey> I<filename>|I<uri> 69 70 The input key, by default it should be an RSA private key. 71 72 =item B<-keyform> B<DER>|B<PEM>|B<P12>|B<ENGINE> 73 74 The key format; unspecified by default. 75 See L<openssl-format-options(1)> for details. 76 77 =item B<-pubin> 78 79 The input file is an RSA public key. 80 81 =item B<-certin> 82 83 The input is a certificate containing an RSA public key. 84 85 =item B<-sign> 86 87 Sign the input data and output the signed result. This requires 88 an RSA private key. 89 90 =item B<-verify> 91 92 Verify the input data and output the recovered data. 93 94 =item B<-encrypt> 95 96 Encrypt the input data using an RSA public key. 97 98 =item B<-decrypt> 99 100 Decrypt the input data using an RSA private key. 101 102 =item B<-pkcs>, B<-oaep>, B<-x931>, B<-raw> 103 104 The padding to use: PKCS#1 v1.5 (the default), PKCS#1 OAEP, 105 ANSI X9.31, or no padding, respectively. 106 For signatures, only B<-pkcs> and B<-raw> can be used. 107 108 =item B<-hexdump> 109 110 Hex dump the output data. 111 112 =item B<-asn1parse> 113 114 Parse the ASN.1 output data, this is useful when combined with the 115 B<-verify> option. 116 117 {- $OpenSSL::safe::opt_engine_item -} 118 119 {- $OpenSSL::safe::opt_r_item -} 120 121 {- $OpenSSL::safe::opt_provider_item -} 122 123 =back 124 125 =head1 NOTES 126 127 Since this command uses the RSA algorithm directly, it can only be 128 used to sign or verify small pieces of data. 129 130 =head1 EXAMPLES 131 132 Examples equivalent to these can be found in the documentation for the 133 non-deprecated L<openssl-pkeyutl(1)> command. 134 135 Sign some data using a private key: 136 137 openssl rsautl -sign -in file -inkey key.pem -out sig 138 139 Recover the signed data 140 141 openssl rsautl -verify -in sig -inkey key.pem 142 143 Examine the raw signed data: 144 145 openssl rsautl -verify -in sig -inkey key.pem -raw -hexdump 146 147 0000 - 00 01 ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................ 148 0010 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................ 149 0020 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................ 150 0030 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................ 151 0040 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................ 152 0050 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................ 153 0060 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................ 154 0070 - ff ff ff ff 00 68 65 6c-6c 6f 20 77 6f 72 6c 64 .....hello world 155 156 The PKCS#1 block formatting is evident from this. If this was done using 157 encrypt and decrypt the block would have been of type 2 (the second byte) 158 and random padding data visible instead of the 0xff bytes. 159 160 It is possible to analyse the signature of certificates using this 161 command in conjunction with L<openssl-asn1parse(1)>. Consider the self signed 162 example in F<certs/pca-cert.pem>. Running L<openssl-asn1parse(1)> as follows 163 yields: 164 165 openssl asn1parse -in pca-cert.pem 166 167 0:d=0 hl=4 l= 742 cons: SEQUENCE 168 4:d=1 hl=4 l= 591 cons: SEQUENCE 169 8:d=2 hl=2 l= 3 cons: cont [ 0 ] 170 10:d=3 hl=2 l= 1 prim: INTEGER :02 171 13:d=2 hl=2 l= 1 prim: INTEGER :00 172 16:d=2 hl=2 l= 13 cons: SEQUENCE 173 18:d=3 hl=2 l= 9 prim: OBJECT :md5WithRSAEncryption 174 29:d=3 hl=2 l= 0 prim: NULL 175 31:d=2 hl=2 l= 92 cons: SEQUENCE 176 33:d=3 hl=2 l= 11 cons: SET 177 35:d=4 hl=2 l= 9 cons: SEQUENCE 178 37:d=5 hl=2 l= 3 prim: OBJECT :countryName 179 42:d=5 hl=2 l= 2 prim: PRINTABLESTRING :AU 180 .... 181 599:d=1 hl=2 l= 13 cons: SEQUENCE 182 601:d=2 hl=2 l= 9 prim: OBJECT :md5WithRSAEncryption 183 612:d=2 hl=2 l= 0 prim: NULL 184 614:d=1 hl=3 l= 129 prim: BIT STRING 185 186 187 The final BIT STRING contains the actual signature. It can be extracted with: 188 189 openssl asn1parse -in pca-cert.pem -out sig -noout -strparse 614 190 191 The certificate public key can be extracted with: 192 193 openssl x509 -in test/testx509.pem -pubkey -noout >pubkey.pem 194 195 The signature can be analysed with: 196 197 openssl rsautl -in sig -verify -asn1parse -inkey pubkey.pem -pubin 198 199 0:d=0 hl=2 l= 32 cons: SEQUENCE 200 2:d=1 hl=2 l= 12 cons: SEQUENCE 201 4:d=2 hl=2 l= 8 prim: OBJECT :md5 202 14:d=2 hl=2 l= 0 prim: NULL 203 16:d=1 hl=2 l= 16 prim: OCTET STRING 204 0000 - f3 46 9e aa 1a 4a 73 c9-37 ea 93 00 48 25 08 b5 .F...Js.7...H%.. 205 206 This is the parsed version of an ASN1 DigestInfo structure. It can be seen that 207 the digest used was md5. The actual part of the certificate that was signed can 208 be extracted with: 209 210 openssl asn1parse -in pca-cert.pem -out tbs -noout -strparse 4 211 212 and its digest computed with: 213 214 openssl md5 -c tbs 215 MD5(tbs)= f3:46:9e:aa:1a:4a:73:c9:37:ea:93:00:48:25:08:b5 216 217 which it can be seen agrees with the recovered value above. 218 219 =head1 SEE ALSO 220 221 L<openssl(1)>, 222 L<openssl-pkeyutl(1)>, 223 L<openssl-dgst(1)>, 224 L<openssl-rsa(1)>, 225 L<openssl-genrsa(1)> 226 227 =head1 HISTORY 228 229 This command was deprecated in OpenSSL 3.0. 230 231 The B<-engine> option was deprecated in OpenSSL 3.0. 232 233 =head1 COPYRIGHT 234 235 Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved. 236 237 Licensed under the Apache License 2.0 (the "License"). You may not use 238 this file except in compliance with the License. You can obtain a copy 239 in the file LICENSE in the source distribution or at 240 L<https://www.openssl.org/source/license.html>. 241 242 =cut 243
Indexes created Thu Apr 30 00:23:01 UTC 2026