diff options
| -rw-r--r-- | apps/rsautl.c | 7 | ||||
| -rw-r--r-- | doc/apps/rsautl.pod | 10 |
2 files changed, 12 insertions, 5 deletions
diff --git a/apps/rsautl.c b/apps/rsautl.c index f8f68d9422..fb059de287 100644 --- a/apps/rsautl.c +++ b/apps/rsautl.c @@ -121,6 +121,7 @@ int MAIN(int argc, char **argv) else if(!strcmp(*argv, "-asn1parse")) asn1parse = 1; else if(!strcmp(*argv, "-hexdump")) hexdump = 1; else if(!strcmp(*argv, "-raw")) pad = RSA_NO_PADDING; + else if(!strcmp(*argv, "-oaep")) pad = RSA_PKCS1_OAEP_PADDING; else if(!strcmp(*argv, "-ssl")) pad = RSA_SSLV23_PADDING; else if(!strcmp(*argv, "-pkcs")) pad = RSA_PKCS1_PADDING; else if(!strcmp(*argv, "-sign")) { @@ -146,6 +147,9 @@ int MAIN(int argc, char **argv) goto end; } +/* FIXME: seed PRNG only if needed */ + app_RAND_load_file(NULL, bio_err, 0); + switch(key_type) { case KEY_PRIVKEY: pkey = load_key(bio_err, keyfile, keyform, NULL); @@ -266,7 +270,8 @@ static void usage() BIO_printf(bio_err, "-certin input is a certificate carrying an RSA public key\n"); BIO_printf(bio_err, "-ssl use SSL v2 padding\n"); BIO_printf(bio_err, "-raw use no padding\n"); - BIO_printf(bio_err, "-pkcs use PKCS#1 padding (default)\n"); + BIO_printf(bio_err, "-pkcs use PKCS#1 v.15 padding (default)\n"); + BIO_printf(bio_err, "-oaep use PKCS#1 OAEP\n"); BIO_printf(bio_err, "-sign sign with private key\n"); BIO_printf(bio_err, "-verify verify with public key\n"); BIO_printf(bio_err, "-encrypt encrypt with public key\n"); diff --git a/doc/apps/rsautl.pod b/doc/apps/rsautl.pod index 6a2466a386..7a334bc8d6 100644 --- a/doc/apps/rsautl.pod +++ b/doc/apps/rsautl.pod @@ -70,10 +70,12 @@ encrypt the input data using an RSA public key. decrypt the input data using an RSA private key. -=item B<-pkcs, -ssl, -raw> +=item B<-pkcs, -oaep, -ssl, -raw> -the padding to use, PKCS#1 v1.5 (the default) SSL v2 or no padding -respectively. +the padding to use: PKCS#1 v1.5 (the default), PKCS#1 OAEP, +special padding used in SSL v2 backwards compatible handshakes, +or no padding, respectively. +For signatures, only B<-pkcs> and B<-raw> can be used. =item B<-hexdump> @@ -93,7 +95,7 @@ used to sign or verify small pieces of data. =head1 EXAMPLES -Sign the some data using a private key: +Sign some data using a private key: openssl rsautl -sign -in file -inkey key.pem -out sig |