OpenSSL "rsautl -pkcs" - PKCS#1 v1.5 Padding Option

Q

How to use RSA PKCS#1 v1.5 padding with OpenSSL "rsautl" command? I was told to encrypt a password using an RSA public key with PKCS#1 padding.

✍: FYIcenter.com

A

OpenSSL "rsautl" uses PKCS#1 v1.5 padding as the default padding schema. But you can explicitly specify PKCS#1 v1.5 padding by using the "-pkcs" option as shown below:

C:\Users\fyicenter>type test.txt
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ

C:\Users\fyicenter>\local\openssl\openssl.exe

OpenSSL> rsautl -encrypt -pubin -inkey my_rsa_pub.key -in test.txt 
   -out cipher.txt -pkcs

OpenSSL> rsautl -decrypt -inkey my_rsa.key -in cipher.txt 
   -out decipher.txt -pkcs

OpenSSL> exit

C:\Users\fyicenter>type decipher.txt
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ

Note that the "-pkcs" padding option is used in the "rsautl -decrypt" command to perform the padding removal step after the decription process to restore the original clear text.

If you want to see the PKCS#1 padding string, you can use the "rsautl -decrypt -raw -hexdump" command to keep the padding string and dump it in hex digits:

C:\Users\fyicenter>\local\openssl\openssl.exe
   
OpenSSL> rsautl -decrypt -inkey my_rsa.key -in cipher.txt -raw -hexdump
0000 - 00 02 85 0c bb b2 df 18-6b 97 6d 67 f3 77 6f 67   ........k.mg.wog
0010 - 82 8e 85 3c cc 8d a6 2e-94 81 e4 38 3a ca 1a 99   ...<.......8:...
0020 - 77 36 aa c8 6c 23 d2 7b-64 2f fa 05 07 0b c3 09   w6..l#.{d/......
0030 - b9 59 82 64 30 a2 9b 86-59 6c 8c 3e 60 a1 5b 61   .Y.d0...Yl.>`.[a
0040 - 15 46 cd 0a af 68 3b 29-69 12 d4 00 61 62 63 64   .F...h;)i...abcd
0050 - 65 66 67 68 69 6a 6b 6c-6d 6e 6f 70 71 72 73 74   efghijklmnopqrst
0060 - 75 76 77 78 79 7a 41 42-43 44 45 46 47 48 49 4a   uvwxyzABCDEFGHIJ
0070 - 4b 4c 4d 4e 4f 50 51 52-53 54 55 56 57 58 59 5a   KLMNOPQRSTUVWXYZ

Options used in this "rsautl" command are:

  • "-decrypt" - Decrypt the cipher text with RSA key.
  • "-inkey my_rsa.key" - Read the RSA private key from the given file.
  • "-in cipher.txt" - Read the cipher text from the given file.
  • "-raw" - Do RSA decryption only with no padding removal in the output.
  • "-hexdump" - Dump decryption output in hex digits.

The byte string from the first 0x00 byte to the second 0x00 byte in the output represents the entire PKCS#1 padding:

00 02 85 0c bb b2 df 18 6b 97 6d 67 f3 77 6f 67
82 8e 85 3c cc 8d a6 2e 94 81 e4 38 3a ca 1a 99
77 36 aa c8 6c 23 d2 7b 64 2f fa 05 07 0b c3 09
b9 59 82 64 30 a2 9b 86 59 6c 8c 3e 60 a1 5b 61
15 46 cd 0a af 68 3b 29 69 12 d4 00

The randomly generated non-0x00 padding string is located between the first 2 bytes, 0x00 0x02, and next 0x00 byte:

      85 0c bb b2 df 18 6b 97 6d 67 f3 77 6f 67
82 8e 85 3c cc 8d a6 2e 94 81 e4 38 3a ca 1a 99
77 36 aa c8 6c 23 d2 7b 64 2f fa 05 07 0b c3 09
b9 59 82 64 30 a2 9b 86 59 6c 8c 3e 60 a1 5b 61
15 46 cd 0a af 68 3b 29 69 12 d4

The second byte 0x02 is the BT (Block Type) value. 0x02 indicates an RSA public key encryption block.

 

OpenSSL "rsautl" - PKCS#1 v1.5 Padding Size

OpenSSL "rsautl" Using PKCS#1 v1.5 Padding

OpenSSL "rsautl" Command for RSA Keys

⇑⇑ OpenSSL Tutorials

2017-05-12, 12111🔥, 0💬