OpenSSL "rsautl -encrypt" vs. "rsautl -sign"

Q

What is the difference between "rsautl -encrypt" and "rsautl -sign" commands?

✍: FYIcenter.com

A

There are 2 differences between "rsautl -encrypt" and "rsautl -sign" commands:

1. "rsautl -encrypt" and "rsautl -sign" commands take different RSA keys:

  • "rsautl -encrypt" only accepts an RSA public key and performs RSA encryption using the given key.
  • "rsautl -sign" only accepts an RSA public key and performs RSA encryption using the given key.

2. "rsautl -encrypt" and "rsautl -sign" commands use different flavors of PKCS#1 v1.5 padding:

  • "rsautl -encrypt" uses 0x02 as the BT (Block Type) and random bytes as padding string.
  • "rsautl -sign" uses 0x01 as the BT (Block Type) and 0xff bytes as padding string.

So if we are using no padding, the only difference between "rsautl -encrypt" and "rsautl -sign" commands is what type of RSA keys they taking. In other words, "rsautl -encrypt -raw" and "rsautl -sign -raw" are identical commands except that the first takes RSA public keys and the second takes RSA private keys.

 

OpenSSL "rsautl" Command for RSA Keys

⇒⇒OpenSSL Tutorials

2017-03-25, 1121👍, 0💬

Firefox General Google Chrome IE (Internet Explorer) Intermediate CA Java VM JDK Keytool Microsoft CertUtil Mozilla CertUtil OpenSSL Other Portecle Public Private Key Publishers Revoked Certificates Root CA Tools Tutorial What Is Windows