pkeyutl.1s

openssl pkeyutl
[-in file] [-out file] [-inkey file] [-pubin] [-certin] [-encrypt] [-decrypt] [-sign] [-verify] [-verifyrecover] [-hexdump] [-asn1parse] [-pkeyopt opt:value] [-passin arg] [-engine id]

-in file
    Specifies the input file for data to be processed. If not specified, standard input is used.

-out file
    Specifies the output file for the result of the operation. If not specified, standard output is used.

-inkey file
    Specifies the input key file. This can be a private key or a public key, depending on the operation.

-pubin
    Indicates that the input key specified by -inkey is a public key.

-certin
    Indicates that the input key specified by -inkey is an X.509 certificate containing the public key.

-encrypt
    Performs public key encryption using the provided key.

-decrypt
    Performs public key decryption using the provided key.

-sign
    Computes a digital signature of the input data using the private key.

-verify
    Verifies a digital signature. Requires the original data (or its hash) and the signature file via -sigfile.

-verifyrecover
    Verifies the signature and attempts to recover the signed data (primarily for RSA). Note: This is an unusual operation for modern crypto.

-hexdump
    Dumps the output data in hexadecimal format to standard output.

-asn1parse
    Attempts to ASN.1 parse the output data. Useful for debugging structured outputs.

-pkeyopt opt:value
    Sets public key algorithm-specific options, such as padding mode (e.g., rsa_padding_mode:oaep, rsa_padding_mode:pss) or digest algorithm (e.g., digest:sha256).

-passin arg
    Specifies the source of the private key password. Can be 'pass:password', 'env:varname', 'file:path', 'fd:num', or 'stdin'.

-engine id
    Specifies an OpenSSL engine to use for cryptographic operations, offloading them to hardware or specific libraries.

pkeyutl is a versatile OpenSSL command-line utility designed for performing generic public key cryptographic operations. It supports a wide range of algorithms, including RSA, DSA, and EC (Elliptic Curve), allowing users to encrypt, decrypt, sign, and verify data. Unlike higher-level OpenSSL commands that might wrap these operations with X.509 certificates or specific file formats, pkeyutl works directly with raw public or private keys and data. It's commonly used for low-level cryptographic tasks, such as generating signatures, verifying them, performing raw RSA encryption/decryption (often used for data exchange or key encapsulation), and testing cryptographic primitives. The command takes input data, a private or public key, and performs the specified operation, outputting the result. While the prompt references 'pkeyutl.1s', this utility is widely available as part of the OpenSSL suite, typically documented as 'pkeyutl(1SSL)'.

pkeyutl works with raw data. For RSA encryption/decryption, it performs 'raw' RSA operations. Without proper padding schemes (like PKCS#1 v1.5 or OAEP) explicitly specified via -pkeyopt, RSA is insecure for direct data encryption. When using 'sign' or 'verify', the input data is typically the *hash* of the actual message, not the message itself. The hash algorithm used and padding options are critical for security and interoperability. It's a low-level utility; misuse can lead to cryptographic vulnerabilities, requiring a good understanding of the underlying algorithms and padding schemes.

To encrypt data using RSA with OAEP padding (recommended for encryption):
openssl pkeyutl -encrypt -in plaintext.bin -out ciphertext.bin -pubin -inkey public.pem -pkeyopt rsa_padding_mode:oaep

To decrypt data using RSA with OAEP padding:
openssl pkeyutl -decrypt -in ciphertext.bin -out recovered_plaintext.bin -inkey private.pem -pkeyopt rsa_padding_mode:oaep

To sign a SHA256 hash of a file using an RSA private key with PSS padding:
openssl dgst -sha256 -binary file.txt > file.hash
openssl pkeyutl -sign -in file.hash -out signature.bin -inkey private.pem -pkeyopt rsa_padding_mode:pss -pkeyopt digest:sha256

To verify the signature using the public key:
openssl dgst -sha256 -binary file.txt > file.hash
openssl pkeyutl -verify -in file.hash -sigfile signature.bin -pubin -inkey public.pem -pkeyopt rsa_padding_mode:pss -pkeyopt digest:sha256
Note: For signing/verifying, 'rsa_padding_mode:pss' is often preferred for RSA. The 'digest' option tells pkeyutl which digest algorithm was used to produce the input, allowing it to correctly apply padding.

The pkeyutl command was introduced in OpenSSL to provide a generic, algorithm-independent interface for various public key operations. Prior to its introduction or widespread use, specific utilities like 'rsa', 'dsa', 'ec' were often used for operations tied to their respective algorithms. pkeyutl simplifies scripting and allows for more flexible handling of different key types without needing to invoke distinct commands. Its development reflects OpenSSL's move towards a more unified and extensible cryptographic architecture, making it a powerful tool for advanced cryptographic tasks.

openssl(1SSL), rsa(1SSL), genrsa(1SSL), dgst(1SSL), x509(1SSL), pkcs8(1SSL)