OpenSSL "rsautl -encrypt" vs. "rsautl -sign"

Q

What is the difference between "rsautl -encrypt" and "rsautl -sign" commands?

✍: FYIcenter.com

A

There are 2 differences between "rsautl -encrypt" and "rsautl -sign" commands:

1. "rsautl -encrypt" and "rsautl -sign" commands take different RSA keys:

  • "rsautl -encrypt" only accepts an RSA public key and performs RSA encryption using the given key.
  • "rsautl -sign" only accepts an RSA public key and performs RSA encryption using the given key.

2. "rsautl -encrypt" and "rsautl -sign" commands use different flavors of PKCS#1 v1.5 padding:

  • "rsautl -encrypt" uses 0x02 as the BT (Block Type) and random bytes as padding string.
  • "rsautl -sign" uses 0x01 as the BT (Block Type) and 0xff bytes as padding string.

So if we are using no padding, the only difference between "rsautl -encrypt" and "rsautl -sign" commands is what type of RSA keys they taking. In other words, "rsautl -encrypt -raw" and "rsautl -sign -raw" are identical commands except that the first takes RSA public keys and the second takes RSA private keys.

 

OpenSSL "rsautl" Command for RSA Keys

⇒⇒OpenSSL Tutorials

2017-03-25, 595👍, 0💬