2018-11-20 08:45:44 +08:00
|
|
|
=pod
|
2020-02-27 05:45:31 +08:00
|
|
|
{- OpenSSL::safe::output_do_not_edit_headers(); -}
|
2018-11-20 08:45:44 +08:00
|
|
|
|
|
|
|
=head1 NAME
|
|
|
|
|
2019-08-22 07:04:41 +08:00
|
|
|
openssl-mac - perform Message Authentication Code operations
|
2018-11-20 08:45:44 +08:00
|
|
|
|
|
|
|
=head1 SYNOPSIS
|
|
|
|
|
|
|
|
B<openssl mac>
|
|
|
|
[B<-help>]
|
|
|
|
[B<-macopt>]
|
2019-09-26 03:20:11 +08:00
|
|
|
[B<-in> I<filename>]
|
|
|
|
[B<-out> I<filename>]
|
2018-11-20 08:45:44 +08:00
|
|
|
[B<-binary>]
|
2020-02-25 12:29:30 +08:00
|
|
|
{- $OpenSSL::safe::opt_provider_synopsis -}
|
2019-10-02 00:16:29 +08:00
|
|
|
I<mac_name>
|
2018-11-20 08:45:44 +08:00
|
|
|
|
|
|
|
=head1 DESCRIPTION
|
|
|
|
|
|
|
|
The message authentication code functions output the MAC of a supplied input
|
|
|
|
file.
|
|
|
|
|
|
|
|
=head1 OPTIONS
|
|
|
|
|
|
|
|
=over 4
|
|
|
|
|
|
|
|
=item B<-help>
|
|
|
|
|
|
|
|
Print a usage message.
|
|
|
|
|
2019-09-26 03:20:11 +08:00
|
|
|
=item B<-in> I<filename>
|
2018-11-20 08:45:44 +08:00
|
|
|
|
|
|
|
Input filename to calculate a MAC for, or standard input by default.
|
|
|
|
Standard input is used if the filename is '-'.
|
|
|
|
Files are expected to be in binary format, standard input uses hexadecimal text
|
|
|
|
format.
|
|
|
|
|
2019-09-26 03:20:11 +08:00
|
|
|
=item B<-out> I<filename>
|
2018-11-20 08:45:44 +08:00
|
|
|
|
|
|
|
Filename to output to, or standard output by default.
|
|
|
|
|
|
|
|
=item B<-binary>
|
|
|
|
|
|
|
|
Output the MAC in binary form. Uses hexadecimal text format if not specified.
|
|
|
|
|
2019-09-26 03:20:11 +08:00
|
|
|
=item B<-macopt> I<nm>:I<v>
|
2018-11-20 08:45:44 +08:00
|
|
|
|
|
|
|
Passes options to the MAC algorithm.
|
|
|
|
A comprehensive list of controls can be found in the EVP_MAC implementation
|
|
|
|
documentation.
|
2020-06-18 16:26:22 +08:00
|
|
|
Common parameter names used by EVP_MAC_CTX_get_params() are:
|
2018-11-20 08:45:44 +08:00
|
|
|
|
|
|
|
=over 4
|
|
|
|
|
2019-10-02 00:16:29 +08:00
|
|
|
=item B<key:>I<string>
|
2018-11-20 08:45:44 +08:00
|
|
|
|
|
|
|
Specifies the MAC key as an alphanumeric string (use if the key contains
|
|
|
|
printable characters only).
|
|
|
|
The string length must conform to any restrictions of the MAC algorithm.
|
|
|
|
A key must be specified for every MAC algorithm.
|
|
|
|
|
2019-10-02 00:16:29 +08:00
|
|
|
=item B<hexkey:>I<string>
|
2018-11-20 08:45:44 +08:00
|
|
|
|
|
|
|
Specifies the MAC key in hexadecimal form (two hex digits per byte).
|
|
|
|
The key length must conform to any restrictions of the MAC algorithm.
|
|
|
|
A key must be specified for every MAC algorithm.
|
|
|
|
|
2019-10-02 00:16:29 +08:00
|
|
|
=item B<digest:>I<string>
|
2018-11-20 08:45:44 +08:00
|
|
|
|
|
|
|
Used by HMAC as an alphanumeric string (use if the key contains printable
|
|
|
|
characters only).
|
|
|
|
The string length must conform to any restrictions of the MAC algorithm.
|
Command docs: fix up command references
Almost all OpenSSL commands are in reality 'openssl cmd', so make sure
they are refered to like that and not just as the sub-command.
Self-references are avoided as much as is possible, and replaced with
"this command". In some cases, we even avoid that with a slight
rewrite of the sentence or paragrah they were in. However, in the few
cases where a self-reference is still admissible, they are done in
bold, i.e. openssl-speed.pod references itself like this:
B<openssl speed>
References to other commands are done as manual links, i.e. CA.pl.pod
references 'openssl req' like this: L<openssl-req(1)>
Some commands are examples rather than references; we enclose those in
C<>.
While we are it, we abolish "utility", replacing it with "command", or
remove it entirely in some cases.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10065)
2019-10-02 01:43:36 +08:00
|
|
|
To see the list of supported digests, use C<openssl list -digest-commands>.
|
2018-11-20 08:45:44 +08:00
|
|
|
|
2019-10-02 00:16:29 +08:00
|
|
|
=item B<cipher:>I<string>
|
2018-11-20 08:45:44 +08:00
|
|
|
|
2019-07-02 16:04:04 +08:00
|
|
|
Used by CMAC and GMAC to specify the cipher algorithm.
|
2018-11-20 08:45:44 +08:00
|
|
|
For CMAC it must be one of AES-128-CBC, AES-192-CBC, AES-256-CBC or
|
|
|
|
DES-EDE3-CBC.
|
|
|
|
For GMAC it should be a GCM mode cipher e.g. AES-128-GCM.
|
|
|
|
|
2019-10-02 00:16:29 +08:00
|
|
|
=item B<iv:>I<string>
|
2018-11-20 08:45:44 +08:00
|
|
|
|
|
|
|
Used by GMAC to specify an IV as an alphanumeric string (use if the IV contains
|
|
|
|
printable characters only).
|
|
|
|
|
2019-10-02 00:16:29 +08:00
|
|
|
=item B<hexiv:>I<string>
|
2018-11-20 08:45:44 +08:00
|
|
|
|
|
|
|
Used by GMAC to specify an IV in hexadecimal form (two hex digits per byte).
|
|
|
|
|
2019-09-22 07:19:05 +08:00
|
|
|
=item B<size:>I<int>
|
2018-11-20 08:45:44 +08:00
|
|
|
|
|
|
|
Used by KMAC128 or KMAC256 to specify an output length.
|
|
|
|
The default sizes are 32 or 64 bytes respectively.
|
|
|
|
|
2019-10-02 00:16:29 +08:00
|
|
|
=item B<custom:>I<string>
|
2018-11-20 08:45:44 +08:00
|
|
|
|
|
|
|
Used by KMAC128 or KMAC256 to specify a customization string.
|
|
|
|
The default is the empty string "".
|
|
|
|
|
|
|
|
=back
|
|
|
|
|
2020-02-25 12:29:30 +08:00
|
|
|
{- $OpenSSL::safe::opt_provider_item -}
|
|
|
|
|
2019-10-02 00:16:29 +08:00
|
|
|
=item I<mac_name>
|
2018-11-20 08:45:44 +08:00
|
|
|
|
|
|
|
Specifies the name of a supported MAC algorithm which will be used.
|
Command docs: fix up command references
Almost all OpenSSL commands are in reality 'openssl cmd', so make sure
they are refered to like that and not just as the sub-command.
Self-references are avoided as much as is possible, and replaced with
"this command". In some cases, we even avoid that with a slight
rewrite of the sentence or paragrah they were in. However, in the few
cases where a self-reference is still admissible, they are done in
bold, i.e. openssl-speed.pod references itself like this:
B<openssl speed>
References to other commands are done as manual links, i.e. CA.pl.pod
references 'openssl req' like this: L<openssl-req(1)>
Some commands are examples rather than references; we enclose those in
C<>.
While we are it, we abolish "utility", replacing it with "command", or
remove it entirely in some cases.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10065)
2019-10-02 01:43:36 +08:00
|
|
|
To see the list of supported MAC's use the command C<opensssl list
|
|
|
|
-mac-algorithms>.
|
2018-11-20 08:45:44 +08:00
|
|
|
|
|
|
|
=back
|
|
|
|
|
|
|
|
|
|
|
|
=head1 EXAMPLES
|
|
|
|
|
|
|
|
To create a hex-encoded HMAC-SHA1 MAC of a file and write to stdout: \
|
|
|
|
openssl mac -macopt digest:SHA1 \
|
|
|
|
-macopt hexkey:000102030405060708090A0B0C0D0E0F10111213 \
|
|
|
|
-in msg.bin HMAC
|
|
|
|
|
|
|
|
To create a SipHash MAC from a file with a binary file output: \
|
|
|
|
openssl mac -macopt hexkey:000102030405060708090A0B0C0D0E0F \
|
|
|
|
-in msg.bin -out out.bin -binary SipHash
|
|
|
|
|
|
|
|
To create a hex-encoded CMAC-AES-128-CBC MAC from a file:\
|
|
|
|
openssl mac -macopt cipher:AES-128-CBC \
|
|
|
|
-macopt hexkey:77A77FAF290C1FA30C683DF16BA7A77B \
|
|
|
|
-in msg.bin CMAC
|
|
|
|
|
|
|
|
To create a hex-encoded KMAC128 MAC from a file with a Customisation String
|
|
|
|
'Tag' and output length of 16: \
|
|
|
|
openssl mac -macopt custom:Tag -macopt hexkey:40414243444546 \
|
2019-09-22 07:19:05 +08:00
|
|
|
-macopt size:16 -in msg.bin KMAC128
|
2018-11-20 08:45:44 +08:00
|
|
|
|
|
|
|
To create a hex-encoded GMAC-AES-128-GCM with a IV from a file: \
|
|
|
|
openssl mac -macopt cipher:AES-128-GCM -macopt hexiv:E0E00F19FED7BA0136A797F3 \
|
|
|
|
-macopt hexkey:77A77FAF290C1FA30C683DF16BA7A77B -in msg.bin GMAC
|
|
|
|
|
|
|
|
=head1 NOTES
|
|
|
|
|
|
|
|
The MAC mechanisms that are available will depend on the options
|
|
|
|
used when building OpenSSL.
|
Command docs: fix up command references
Almost all OpenSSL commands are in reality 'openssl cmd', so make sure
they are refered to like that and not just as the sub-command.
Self-references are avoided as much as is possible, and replaced with
"this command". In some cases, we even avoid that with a slight
rewrite of the sentence or paragrah they were in. However, in the few
cases where a self-reference is still admissible, they are done in
bold, i.e. openssl-speed.pod references itself like this:
B<openssl speed>
References to other commands are done as manual links, i.e. CA.pl.pod
references 'openssl req' like this: L<openssl-req(1)>
Some commands are examples rather than references; we enclose those in
C<>.
While we are it, we abolish "utility", replacing it with "command", or
remove it entirely in some cases.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10065)
2019-10-02 01:43:36 +08:00
|
|
|
Use C<openssl list -mac-algorithms> to list them.
|
2018-11-20 08:45:44 +08:00
|
|
|
|
|
|
|
=head1 SEE ALSO
|
|
|
|
|
2019-08-22 07:04:41 +08:00
|
|
|
L<openssl(1)>,
|
2018-11-20 08:45:44 +08:00
|
|
|
L<EVP_MAC(3)>,
|
2019-09-16 11:22:56 +08:00
|
|
|
L<EVP_MAC-CMAC(7)>,
|
|
|
|
L<EVP_MAC-GMAC(7)>,
|
|
|
|
L<EVP_MAC-HMAC(7)>,
|
|
|
|
L<EVP_MAC-KMAC(7)>,
|
2019-08-22 13:21:25 +08:00
|
|
|
L<EVP_MAC-Siphash(7)>,
|
|
|
|
L<EVP_MAC-Poly1305(7)>
|
2018-11-20 08:45:44 +08:00
|
|
|
|
|
|
|
=head1 COPYRIGHT
|
|
|
|
|
2020-04-23 20:55:52 +08:00
|
|
|
Copyright 2018-2020 The OpenSSL Project Authors. All Rights Reserved.
|
2018-11-20 08:45:44 +08:00
|
|
|
|
2020-04-27 12:59:50 +08:00
|
|
|
Licensed under the Apache License 2.0 (the "License"). You may not use
|
2018-11-20 08:45:44 +08:00
|
|
|
this file except in compliance with the License. You can obtain a copy
|
|
|
|
in the file LICENSE in the source distribution or at
|
|
|
|
L<https://www.openssl.org/source/license.html>.
|
|
|
|
|
|
|
|
=cut
|