version 1.64, 2016/08/28 19:34:15 |
version 1.65, 2016/08/30 07:53:59 |
|
|
options in the configuration file. |
options in the configuration file. |
Any additional fields will be treated as though they were a |
Any additional fields will be treated as though they were a |
.Cm DirectoryString . |
.Cm DirectoryString . |
.Pp |
|
The following messages are frequently asked about: |
|
.Bd -unfilled -offset indent |
|
Using configuration from /some/path/openssl.cnf |
|
Unable to load config info |
|
\&... |
|
unable to find 'distinguished_name' in config |
|
problems making Certificate Request |
|
.Ed |
|
.Pp |
|
In this case it can't find the configuration file! |
|
.Pp |
|
Another puzzling message is: |
|
.Bd -unfilled -offset indent |
|
Attributes: |
|
a0:00 |
|
.Ed |
|
.Pp |
|
This is displayed when no attributes are present and the request includes |
|
the correct empty SET OF structure |
|
(the DER encoding of which is 0xa0 0x00). |
|
If the message is instead: |
|
.Pp |
|
.D1 Attributes: |
|
.Pp |
|
then the SET OF is missing and the encoding is technically invalid |
|
(but it is tolerated). |
|
See the description |
|
.Fl asn1-kludge |
|
for more information. |
|
.Sh RSA |
.Sh RSA |
.nr nS 1 |
.nr nS 1 |
.Nm "openssl rsa" |
.Nm "openssl rsa" |
|
|
.It Fl text |
.It Fl text |
Print the public/private key components in plain text. |
Print the public/private key components in plain text. |
.El |
.El |
.\" |
|
.\" RSAUTL |
|
.\" |
|
.Sh RSAUTL |
.Sh RSAUTL |
.nr nS 1 |
.nr nS 1 |
.Nm "openssl rsautl" |
.Nm "openssl rsautl" |
.Bk -words |
|
.Op Fl asn1parse |
.Op Fl asn1parse |
.Op Fl certin |
.Op Fl certin |
.Op Fl decrypt |
.Op Fl decrypt |
|
|
.Op Fl hexdump |
.Op Fl hexdump |
.Op Fl in Ar file |
.Op Fl in Ar file |
.Op Fl inkey Ar file |
.Op Fl inkey Ar file |
.Op Fl keyform Ar DER | PEM |
.Op Fl keyform Cm der | pem |
.Op Fl oaep | pkcs | raw | ssl |
.Op Fl oaep | pkcs | raw | ssl |
.Op Fl out Ar file |
.Op Fl out Ar file |
.Op Fl pubin |
.Op Fl pubin |
.Op Fl sign |
.Op Fl sign |
.Op Fl verify |
.Op Fl verify |
.Ek |
|
.nr nS 0 |
.nr nS 0 |
.Pp |
.Pp |
The |
The |
|
|
.It Fl hexdump |
.It Fl hexdump |
Hex dump the output data. |
Hex dump the output data. |
.It Fl in Ar file |
.It Fl in Ar file |
This specifies the input |
The input to read from, |
.Ar file |
or standard input if not specified. |
to read data from, or standard input |
|
if this option is not specified. |
|
.It Fl inkey Ar file |
.It Fl inkey Ar file |
The input key file, by default it should be an RSA private key. |
The input key file; by default an RSA private key. |
.It Fl keyform Ar DER | PEM |
.It Fl keyform Cm der | pem |
Private ket format. |
The private ket format. |
Default is |
The default is |
.Ar PEM . |
.Cm pem . |
.It Fl oaep | pkcs | raw | ssl |
.It Fl oaep | pkcs | raw | ssl |
The padding to use: |
The padding to use: |
PKCS#1 OAEP, PKCS#1 v1.5 |
PKCS#1 OAEP, PKCS#1 v1.5 (the default), or no padding, respectively. |
.Pq the default , |
|
or no padding, respectively. |
|
For signatures, only |
For signatures, only |
.Fl pkcs |
.Fl pkcs |
and |
and |
.Fl raw |
.Fl raw |
can be used. |
can be used. |
.It Fl out Ar file |
.It Fl out Ar file |
Specifies the output |
The output file to write to, |
.Ar file |
or standard output if not specified. |
to write to, or standard output by |
|
default. |
|
.It Fl pubin |
.It Fl pubin |
The input file is an RSA public key. |
The input file is an RSA public key. |
.It Fl sign |
.It Fl sign |
|
|
.It Fl verify |
.It Fl verify |
Verify the input data and output the recovered data. |
Verify the input data and output the recovered data. |
.El |
.El |
.Sh RSAUTL NOTES |
|
.Nm rsautl , |
|
because it uses the RSA algorithm directly, can only be |
|
used to sign or verify small pieces of data. |
|
.Sh RSAUTL EXAMPLES |
|
Sign some data using a private key: |
|
.Pp |
|
.Dl "$ openssl rsautl -sign -in file -inkey key.pem -out sig" |
|
.Pp |
|
Recover the signed data: |
|
.Pp |
|
.Dl $ openssl rsautl -verify -in sig -inkey key.pem |
|
.Pp |
|
Examine the raw signed data: |
|
.Pp |
|
.Li "\ \&$ openssl rsautl -verify -in file -inkey key.pem -raw -hexdump" |
|
.Bd -unfilled |
|
\& 0000 - 00 01 ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................ |
|
\& 0010 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................ |
|
\& 0020 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................ |
|
\& 0030 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................ |
|
\& 0040 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................ |
|
\& 0050 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................ |
|
\& 0060 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................ |
|
\& 0070 - ff ff ff ff 00 68 65 6c-6c 6f 20 77 6f 72 6c 64 .....hello world |
|
.Ed |
|
.Pp |
|
The PKCS#1 block formatting is evident from this. |
|
If this was done using encrypt and decrypt, the block would have been of type 2 |
|
.Pq the second byte |
|
and random padding data visible instead of the 0xff bytes. |
|
.Pp |
|
It is possible to analyse the signature of certificates using this |
|
utility in conjunction with |
|
.Nm asn1parse . |
|
Consider the self-signed example in |
|
.Pa certs/pca-cert.pem : |
|
running |
|
.Nm asn1parse |
|
as follows yields: |
|
.Pp |
|
.Li "\ \&$ openssl asn1parse -in pca-cert.pem" |
|
.Bd -unfilled |
|
\& 0:d=0 hl=4 l= 742 cons: SEQUENCE |
|
\& 4:d=1 hl=4 l= 591 cons: SEQUENCE |
|
\& 8:d=2 hl=2 l= 3 cons: cont [ 0 ] |
|
\& 10:d=3 hl=2 l= 1 prim: INTEGER :02 |
|
\& 13:d=2 hl=2 l= 1 prim: INTEGER :00 |
|
\& 16:d=2 hl=2 l= 13 cons: SEQUENCE |
|
\& 18:d=3 hl=2 l= 9 prim: OBJECT :md5WithRSAEncryption |
|
\& 29:d=3 hl=2 l= 0 prim: NULL |
|
\& 31:d=2 hl=2 l= 92 cons: SEQUENCE |
|
\& 33:d=3 hl=2 l= 11 cons: SET |
|
\& 35:d=4 hl=2 l= 9 cons: SEQUENCE |
|
\& 37:d=5 hl=2 l= 3 prim: OBJECT :countryName |
|
\& 42:d=5 hl=2 l= 2 prim: PRINTABLESTRING :AU |
|
\& .... |
|
\& 599:d=1 hl=2 l= 13 cons: SEQUENCE |
|
\& 601:d=2 hl=2 l= 9 prim: OBJECT :md5WithRSAEncryption |
|
\& 612:d=2 hl=2 l= 0 prim: NULL |
|
\& 614:d=1 hl=3 l= 129 prim: BIT STRING |
|
.Ed |
|
.Pp |
|
The final BIT STRING contains the actual signature. |
|
It can be extracted with: |
|
.Pp |
|
.Dl "$ openssl asn1parse -in pca-cert.pem -out sig -noout -strparse 614" |
|
.Pp |
|
The certificate public key can be extracted with: |
|
.Pp |
|
.Dl $ openssl x509 -in test/testx509.pem -pubkey -noout \*(Gtpubkey.pem |
|
.Pp |
|
The signature can be analysed with: |
|
.Pp |
|
.Li "\ \&$ openssl rsautl -in sig -verify -asn1parse -inkey pubkey.pem -pubin" |
|
.Bd -unfilled |
|
\& 0:d=0 hl=2 l= 32 cons: SEQUENCE |
|
\& 2:d=1 hl=2 l= 12 cons: SEQUENCE |
|
\& 4:d=2 hl=2 l= 8 prim: OBJECT :md5 |
|
\& 14:d=2 hl=2 l= 0 prim: NULL |
|
\& 16:d=1 hl=2 l= 16 prim: OCTET STRING |
|
\& 0000 - f3 46 9e aa 1a 4a 73 c9-37 ea 93 00 48 25 08 b5 .F...Js.7...H%.. |
|
.Ed |
|
.Pp |
|
This is the parsed version of an ASN1 |
|
.Em DigestInfo |
|
structure. |
|
It can be seen that the digest used was MD5. |
|
The actual part of the certificate that was signed can be extracted with: |
|
.Pp |
|
.Dl "$ openssl asn1parse -in pca-cert.pem -out tbs -noout -strparse 4" |
|
.Pp |
|
and its digest computed with: |
|
.Pp |
|
.Dl $ openssl md5 -c tbs |
|
.D1 MD5(tbs)= f3:46:9e:aa:1a:4a:73:c9:37:ea:93:00:48:25:08:b5 |
|
.Pp |
|
which it can be seen agrees with the recovered value above. |
|
.\" |
.\" |
.\" S_CLIENT |
.\" S_CLIENT |
.\" |
.\" |