(8) OpenSSL Rsautl (signature/Verify signature/decryption file) and OpenSSL Pkeyutl (asymmetric encryption of files)

Source: Internet
Author: User
Tags openssl rsa asymmetric encryption



Rsautl is a tool for RSA, a subset of the features of RSA and dgst that can be used to generate digital signatures, verify digital signatures, encrypt and decrypt files .



Pkeyutl is a generic tool for asymmetric encryption, which is roughly the same as rsautl, so it only explains Rsautl here.


openssl rsautl  [-in file] [-out file] [-inkey file] [-pubin] [-certin] [-passin arg] [-sign] [-verify] [-encrypt] [-decrypt] [-hexdump]
openssl pkeyutl [-in file] [-out file] [-sigfile file] [-inkey file] [-passin arg] [-pubin] [-certin] [-sign] [-verify] [-encrypt] [-decrypt] [-hexdump]
Common options Description:
-In file: Specifies the input file
-Out file: specify the output file
-Inkey file: Specifies the key input file. The default is the private key file. If "- pubin" is specified, it means the public key file. If "- certin" is used, it means the certificate file containing the public key
-Pubin: Specifies that the file of "- inkey file" is a public key file
-Certin: when this option is used, the file representing "- inkey file" is a certificate file containing public key
-Passin Arg: pass the decryption password. If the public key or private key file used for signature verification is encrypted, the password needs to be passed for decryption
[function options:]
-Sign: sign with the private key, and output the signing result. Note that this option needs to provide the RSA private key file
-Verify: use public key to verify signature file
-Encrypt: encrypt files with public key
-Decrypt: decrypt file with private key
[output format options:]
-Hexdump: output in hex mode
OpenSSL pkeyutl option Description:
Sigfile file: signature file to be verified


The use of the RSAUTL command is not the same as RSA and DGST:



first, it assumes that there is an asymmetric key, and that all command operations are handled using a public or private key;



Furthermore, the command uses the-in option to specify the input file, rather than dgst the input file to the end of the command;



Finally, the key file, signature file, and certificate file used by the command are specified by the-inkey option , and are then matched with the options of each function to achieve the corresponding function.



Note that the rsautl and pkeyutl defects are that only short files can be manipulated by default, otherwise an error message similar to the following will be reported.


140341340976968:error:0406c06e:rsa routines:rsa_padding_add_pkcs1_type_1:data too large for key size: Rsa_ pk1.c:73:

 


Because the functions of signing and verifying signatures of these two tools are similar to the OpenSSL dgst commands, and they are defective, they are not illustrated. Only asymmetric encryption and decryption examples for short files are given here.



(1). Use the public key to encrypt the B.txt file, note that the file to be encrypted b.txt must be a short file, and the-hexdump output is not recommended, or the length of the file may be exceeded when decrypting.



[email protected] ssl]# OpenSSL genrsa-out PRIVATE.PEM 512
Generating RSA private key, modulus bit long
.....++++++++++++
................++++++++++++
E is 65537 (0x10001)
[email protected] ssl]# OpenSSL rsa-in private.pem-pubout-out Public.pem
Writing RSA Key
[Email protected] ssl]# echo "123456" >> b.txt
[email protected] ssl]# OpenSSL rsautl-encrypt-pubin-inkey public.pem-in b.txt-out b_crypt.txt
[email protected] ssl]# LL
Total 16
-rw-r--r--1 root root 00:31 Oct 4 b_crypt.txt
-rw-r--r--1 root root 7 Oct 4 00:29 b.txt
-rw-r--r--1 root root 493 Oct 4 00:29 Private.pem
-rw-r--r--1 root root 182 Oct 4 00:29 Public.pem

[email protected] ssl]# cat B_crypt.txt



5.x\o0n; ([email protected] ssl]#



(2). Use the private key to decrypt the B_crypt.txt file.



[email protected] ssl]# OpenSSL rsautl -decrypt-inkey private.pem -in b_crypt.txt-out b_decrypt.txt
[email protected] ssl]# cat B_decrypt.txt
123456



(8) OpenSSL Rsautl (signature/Verify signature/decryption file) and OpenSSL Pkeyutl (asymmetric encryption of files)


Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.