rsautl Command in Linux
rsautl is a Linux command line tool within the OpenSSL toolkit that helps you perform RSA (Rivest-Shamir-Adleman) operations directly on data. This command can be used to sign, verify, encrypt, and decrypt data using RSA keys1. It's particularly useful for handling small pieces of data that need to be securely processed.
Here is a comprehensive guide to the options available with the rsautl command −
Syntax of rsautl Command
The rsautl command in OpenSSL follows a specific syntax that allows users to perform various operations on data using RSA keys −
openssl rsautl [options]
Where options Various flags and parameters that specify the operation to be performed on the data.
rsautl Command Options
Here are the options that can be used with the rsautl command in OpenSSL −
| Option | Description |
|---|---|
| -help | Display a summary of command options and usage. |
| -in filename | Specify the input file to read data from or standard input if this option is not specified |
| -out filename | Specify the output file to write to or standard output by default |
| -inkey file | Specify the input key file, which should be an RSA private key by default |
| -pubin | Indicate that the input file is an RSA public key |
| -certin | Indicate that the input is a certificate containing an RSA public key |
| -sign | Sign the input data and output the signed result. This requires an RSA private key |
| -verify | Verify the input data and output the recovered data. |
| -encrypt | Encrypt the input data using an RSA public key. |
| -decrypt | Decrypt the input data using an RSA private key. |
| -pkcs | Use PKCS#1 v1.5 padding (the default). |
| -oaep | Use PKCS#1 OAEP padding. |
| -ssl | Use special padding used in SSL v2 backwards compatible handshakes |
| -raw | Use no padding. |
| -hexdump | Output the data as a hex dump. |
| -asn1parse | Parse the output data in ASN.1 format. |
Examples of rsautl Command in Linux
Here are some practical examples demonstrating the effective use of the rsautl command −
- Signing Data Using a Private Key
- Verifying a Signature
- Encrypting Data Using a Public Key
- Decrypting Data Using a Private Key
Signing Data Using a Private Key
To sign some data using a private key, you can use the following command −
openssl rsautl -sign -in file -inkey key.pem -out sig
This command reads the data from the file, signs it using the private key in key.pem, and writes the signature to sig.
Note: The command rsautl is deprecated in version 3.0, you can use pkeyutl instead of this command.
Verifying a Signature
In case you want to verify a signature, simply use the following command −
openssl rsautl -verify -in sig -inkey key.pem
This command reads the signature from sig and verifies it using the private key in key.pem.
Encrypting Data Using a Public Key
To encrypt data using a public key, use this command −
openssl rsautl -verify -in file -sigfile sig -inkey public.pem -pubin
This command reads the data from the file, encrypts it using the public key in public_key.pem, and writes the encrypted data to enc.
Decrypting Data Using a Private Key
For decrypting data using a private key, use the following command −
openssl rsautl -decrypt -in enc -inkey private_key.pem -out dec
This command reads the encrypted data from enc, decrypts it using the private key in private_key.pem, and writes the decrypted data to dec.
Conclusion
The rsautl command in OpenSSL is a powerful tool for performing RSA operations directly on data. By understanding and utilizing its various options, you can effectively sign, verify, encrypt, and decrypt data using RSA keys1.
Whether you need to handle small pieces of data securely or perform cryptographic operations, the rsautl command provides the necessary functionality. With this tutorial, you should now be well-equipped to use the rsautl command effectively in your Linux environment