Lines Matching +full:mac +full:- +full:only
2 {- OpenSSL::safe::output_do_not_edit_headers(); -}
6 openssl-dgst - perform digest operations
11 [B<-I<digest>>]
12 [B<-list>]
13 [B<-help>]
14 [B<-c>]
15 [B<-d>]
16 [B<-debug>]
17 [B<-hex>]
18 [B<-binary>]
19 [B<-xoflen> I<length>]
20 [B<-r>]
21 [B<-out> I<filename>]
22 [B<-sign> I<filename>|I<uri>]
23 [B<-keyform> B<DER>|B<PEM>|B<P12>|B<ENGINE>]
24 [B<-passin> I<arg>]
25 [B<-verify> I<filename>]
26 [B<-prverify> I<filename>]
27 [B<-signature> I<filename>]
28 [B<-sigopt> I<nm>:I<v>]
29 [B<-hmac> I<key>]
30 [B<-mac> I<alg>]
31 [B<-macopt> I<nm>:I<v>]
32 [B<-fips-fingerprint>]
33 {- $OpenSSL::safe::opt_engine_synopsis -}{- output_off() if $disabled{"deprecated-3.0"}; ""
34 -}[B<-engine_impl> I<id>]{-
35 output_on() if $disabled{"deprecated-3.0"}; "" -}
36 {- $OpenSSL::safe::opt_r_synopsis -}
37 {- $OpenSSL::safe::opt_provider_synopsis -}
49 A supported I<digest> name may also be used as the sub-command name.
50 To see the list of supported algorithms, use C<openssl list -digest-algorithms>
56 =item B<-help>
60 =item B<-I<digest>>
62 Specifies name of a supported digest to be used. See option B<-list> below :
64 =item B<-list>
68 =item B<-c>
70 Print out the digest in two digit groups separated by colons, only relevant if
71 the B<-hex> option is given as well.
73 =item B<-d>, B<-debug>
77 =item B<-hex>
81 signatures using B<-hex>.
83 =item B<-binary>
87 =item B<-xoflen> I<length>
93 since the default values are set to only supply half of the maximum security
97 16 (bytes) which results in a security strength of only 64 bits. To ensure the
101 32 (bytes) which results in a security strength of only 128 bits. To ensure the
104 =item B<-r>
111 =item B<-out> I<filename>
115 =item B<-sign> I<filename>|I<uri>
118 does not support Ed25519 or Ed448 private keys. Use the L<openssl-pkeyutl(1)>
121 =item B<-keyform> B<DER>|B<PEM>|B<P12>|B<ENGINE>
124 See L<openssl-format-options(1)> for details.
126 =item B<-sigopt> I<nm>:I<v>
129 Names and values of these options are algorithm-specific.
131 =item B<-passin> I<arg>
134 see L<openssl-passphrase-options(1)>.
136 =item B<-verify> I<filename>
141 =item B<-prverify> I<filename>
145 =item B<-signature> I<filename>
149 =item B<-hmac> I<key>
151 Create a hashed MAC using "key".
153 The L<openssl-mac(1)> command should be preferred to using this command line
156 =item B<-mac> I<alg>
158 Create MAC (keyed Message Authentication Code). The most popular MAC
159 algorithm is HMAC (hash-based MAC), but there are other MAC algorithms
160 which are not based on hash, for instance B<gost-mac> algorithm,
161 supported by the B<gost> engine. MAC keys and other options should be set
162 via B<-macopt> parameter.
164 The L<openssl-mac(1)> command should be preferred to using this command line
167 =item B<-macopt> I<nm>:I<v>
169 Passes options to MAC algorithm, specified by B<-mac> key.
170 Following options are supported by both by B<HMAC> and B<gost-mac>:
176 Specifies MAC key as alphanumeric string (use if key contain printable
177 characters only). String length must conform to any restrictions of
178 the MAC algorithm for example exactly 32 chars for gost-mac.
182 Specifies MAC key in hexadecimal form (two hex digits per byte).
183 Key length must conform to any restrictions of the MAC algorithm
184 for example exactly 32 chars for gost-mac.
188 The L<openssl-mac(1)> command should be preferred to using this command line
191 =item B<-fips-fingerprint>
193 Compute HMAC using a specific key for certain OpenSSL-FIPS operations.
195 {- $OpenSSL::safe::opt_r_item -}
197 {- $OpenSSL::safe::opt_engine_item -}
198 {- output_off() if $disabled{"deprecated-3.0"}; "" -}
199 The engine is not used for digests unless the B<-engine_impl> option is
202 =item B<-engine_impl> I<id>
204 When used with the B<-engine> option, it specifies to also use
207 {- output_on() if $disabled{"deprecated-3.0"}; "" -}
208 {- $OpenSSL::safe::opt_provider_item -}
220 To create a hex-encoded message digest of a file:
222 openssl dgst -md5 -hex file.txt
226 To sign a file using SHA-256 with binary file output:
228 openssl dgst -sha256 -sign privatekey.pem -out signature.sign file.txt
230 openssl sha256 -sign privatekey.pem -out signature.sign file.txt
234 openssl dgst -sha256 -verify publickey.pem \
235 -signature signature.sign \
243 The C<openssl list -digest-algorithms> command can be used to list them.
245 New or agile applications should use probably use SHA-256. Other digests,
246 particularly SHA-1 and MD5, are still widely used for interoperating
251 When verifying signatures, it only handles the RSA, DSA, or ECDSA signature
258 The signing and verify options should only be used if a single file is
261 Hex signatures cannot be verified using B<openssl>. Instead, use "xxd -r"
265 The L<openssl-mac(1)> command is preferred over the B<-hmac>, B<-mac> and
266 B<-macopt> command line options.
270 L<openssl-mac(1)>
275 The FIPS-related options were removed in OpenSSL 1.1.0.
277 The B<-engine> and B<-engine_impl> options were deprecated in OpenSSL 3.0.
281 Copyright 2000-2022 The OpenSSL Project Authors. All Rights Reserved.