xref: /freebsd/crypto/openssl/doc/man1/openssl-mac.pod.in (revision 44096ebd22ddd0081a357011714eff8963614b65) 
1b077aed3SPierre Pronchery=pod
2b077aed3SPierre Pronchery{- OpenSSL::safe::output_do_not_edit_headers(); -}
3b077aed3SPierre Pronchery
4b077aed3SPierre Pronchery=head1 NAME
5b077aed3SPierre Pronchery
6b077aed3SPierre Proncheryopenssl-mac - perform Message Authentication Code operations
7b077aed3SPierre Pronchery
8b077aed3SPierre Pronchery=head1 SYNOPSIS
9b077aed3SPierre Pronchery
10b077aed3SPierre ProncheryB<openssl mac>
11b077aed3SPierre Pronchery[B<-help>]
12b077aed3SPierre Pronchery[B<-cipher>]
13b077aed3SPierre Pronchery[B<-digest>]
14b077aed3SPierre Pronchery[B<-macopt>]
15b077aed3SPierre Pronchery[B<-in> I<filename>]
16b077aed3SPierre Pronchery[B<-out> I<filename>]
17b077aed3SPierre Pronchery[B<-binary>]
18b077aed3SPierre Pronchery{- $OpenSSL::safe::opt_provider_synopsis -}
19b077aed3SPierre ProncheryI<mac_name>
20b077aed3SPierre Pronchery
21b077aed3SPierre Pronchery=head1 DESCRIPTION
22b077aed3SPierre Pronchery
23b077aed3SPierre ProncheryThe message authentication code functions output the MAC of a supplied input
24b077aed3SPierre Proncheryfile.
25b077aed3SPierre Pronchery
26b077aed3SPierre Pronchery=head1 OPTIONS
27b077aed3SPierre Pronchery
28b077aed3SPierre Pronchery=over 4
29b077aed3SPierre Pronchery
30b077aed3SPierre Pronchery=item B<-help>
31b077aed3SPierre Pronchery
32b077aed3SPierre ProncheryPrint a usage message.
33b077aed3SPierre Pronchery
34b077aed3SPierre Pronchery=item B<-in> I<filename>
35b077aed3SPierre Pronchery
36b077aed3SPierre ProncheryInput filename to calculate a MAC for, or standard input by default.
37b077aed3SPierre ProncheryStandard input is used if the filename is '-'.
38b077aed3SPierre ProncheryFiles and standard input are expected to be in binary format.
39b077aed3SPierre Pronchery
40b077aed3SPierre Pronchery=item B<-out> I<filename>
41b077aed3SPierre Pronchery
42b077aed3SPierre ProncheryFilename to output to, or standard output by default.
43b077aed3SPierre Pronchery
44b077aed3SPierre Pronchery=item B<-binary>
45b077aed3SPierre Pronchery
46b077aed3SPierre ProncheryOutput the MAC in binary form. Uses hexadecimal text format if not specified.
47b077aed3SPierre Pronchery
48b077aed3SPierre Pronchery=item B<-cipher> I<name>
49b077aed3SPierre Pronchery
50b077aed3SPierre ProncheryUsed by CMAC and GMAC to specify the cipher algorithm.
51b077aed3SPierre ProncheryFor CMAC it must be one of AES-128-CBC, AES-192-CBC, AES-256-CBC or
52b077aed3SPierre ProncheryDES-EDE3-CBC.
53b077aed3SPierre ProncheryFor GMAC it should be a GCM mode cipher e.g. AES-128-GCM.
54b077aed3SPierre Pronchery
55b077aed3SPierre Pronchery=item B<-digest> I<name>
56b077aed3SPierre Pronchery
57b077aed3SPierre ProncheryUsed by HMAC as an alphanumeric string (use if the key contains printable
58b077aed3SPierre Proncherycharacters only).
59b077aed3SPierre ProncheryThe string length must conform to any restrictions of the MAC algorithm.
60b077aed3SPierre ProncheryTo see the list of supported digests, use C<openssl list -digest-commands>.
61b077aed3SPierre Pronchery
62b077aed3SPierre Pronchery=item B<-macopt> I<nm>:I<v>
63b077aed3SPierre Pronchery
64b077aed3SPierre ProncheryPasses options to the MAC algorithm.
65b077aed3SPierre ProncheryA comprehensive list of controls can be found in the EVP_MAC implementation
66b077aed3SPierre Proncherydocumentation.
67b077aed3SPierre ProncheryCommon parameter names used by EVP_MAC_CTX_get_params() are:
68b077aed3SPierre Pronchery
69b077aed3SPierre Pronchery=over 4
70b077aed3SPierre Pronchery
71b077aed3SPierre Pronchery=item B<key:>I<string>
72b077aed3SPierre Pronchery
73b077aed3SPierre ProncherySpecifies the MAC key as an alphanumeric string (use if the key contains
74b077aed3SPierre Proncheryprintable characters only).
75b077aed3SPierre ProncheryThe string length must conform to any restrictions of the MAC algorithm.
76b077aed3SPierre ProncheryA key must be specified for every MAC algorithm.
77b077aed3SPierre Pronchery
78b077aed3SPierre Pronchery=item B<hexkey:>I<string>
79b077aed3SPierre Pronchery
80b077aed3SPierre ProncherySpecifies the MAC key in hexadecimal form (two hex digits per byte).
81b077aed3SPierre ProncheryThe key length must conform to any restrictions of the MAC algorithm.
82b077aed3SPierre ProncheryA key must be specified for every MAC algorithm.
83b077aed3SPierre Pronchery
84b077aed3SPierre Pronchery=item B<iv:>I<string>
85b077aed3SPierre Pronchery
86b077aed3SPierre ProncheryUsed by GMAC to specify an IV as an alphanumeric string (use if the IV contains
87b077aed3SPierre Proncheryprintable characters only).
88b077aed3SPierre Pronchery
89b077aed3SPierre Pronchery=item B<hexiv:>I<string>
90b077aed3SPierre Pronchery
91b077aed3SPierre ProncheryUsed by GMAC to specify an IV in hexadecimal form (two hex digits per byte).
92b077aed3SPierre Pronchery
93b077aed3SPierre Pronchery=item B<size:>I<int>
94b077aed3SPierre Pronchery
95b077aed3SPierre ProncheryUsed by KMAC128 or KMAC256 to specify an output length.
96b077aed3SPierre ProncheryThe default sizes are 32 or 64 bytes respectively.
97b077aed3SPierre Pronchery
98b077aed3SPierre Pronchery=item B<custom:>I<string>
99b077aed3SPierre Pronchery
100b077aed3SPierre ProncheryUsed by KMAC128 or KMAC256 to specify a customization string.
101b077aed3SPierre ProncheryThe default is the empty string "".
102b077aed3SPierre Pronchery
103b077aed3SPierre Pronchery=item B<digest:>I<string>
104b077aed3SPierre Pronchery
105b077aed3SPierre ProncheryThis option is identical to the B<-digest> option.
106b077aed3SPierre Pronchery
107b077aed3SPierre Pronchery=item B<cipher:>I<string>
108b077aed3SPierre Pronchery
109b077aed3SPierre ProncheryThis option is identical to the B<-cipher> option.
110b077aed3SPierre Pronchery
111b077aed3SPierre Pronchery=back
112b077aed3SPierre Pronchery
113b077aed3SPierre Pronchery{- $OpenSSL::safe::opt_provider_item -}
114b077aed3SPierre Pronchery
115b077aed3SPierre Pronchery=item I<mac_name>
116b077aed3SPierre Pronchery
117b077aed3SPierre ProncherySpecifies the name of a supported MAC algorithm which will be used.
118b077aed3SPierre ProncheryTo see the list of supported MAC's use the command C<openssl list
119b077aed3SPierre Pronchery-mac-algorithms>.
120b077aed3SPierre Pronchery
121b077aed3SPierre Pronchery=back
122b077aed3SPierre Pronchery
123b077aed3SPierre Pronchery
124b077aed3SPierre Pronchery=head1 EXAMPLES
125b077aed3SPierre Pronchery
126*44096ebdSEnji CooperTo create a hex-encoded HMAC-SHA1 MAC of a file and write to stdout:
127*44096ebdSEnji Cooper
128b077aed3SPierre Pronchery openssl mac -digest SHA1 \
129b077aed3SPierre Pronchery         -macopt hexkey:000102030405060708090A0B0C0D0E0F10111213 \
130b077aed3SPierre Pronchery         -in msg.bin HMAC
131b077aed3SPierre Pronchery
132*44096ebdSEnji CooperTo create a SipHash MAC from a file with a binary file output:
133*44096ebdSEnji Cooper
134b077aed3SPierre Pronchery openssl mac -macopt hexkey:000102030405060708090A0B0C0D0E0F \
135b077aed3SPierre Pronchery         -in msg.bin -out out.bin -binary SipHash
136b077aed3SPierre Pronchery
137*44096ebdSEnji CooperTo create a hex-encoded CMAC-AES-128-CBC MAC from a file:
138*44096ebdSEnji Cooper
139b077aed3SPierre Pronchery openssl mac -cipher AES-128-CBC \
140b077aed3SPierre Pronchery         -macopt hexkey:77A77FAF290C1FA30C683DF16BA7A77B \
141b077aed3SPierre Pronchery         -in msg.bin CMAC
142b077aed3SPierre Pronchery
143b077aed3SPierre ProncheryTo create a hex-encoded KMAC128 MAC from a file with a Customisation String
144*44096ebdSEnji Cooper'Tag' and output length of 16:
145*44096ebdSEnji Cooper
146b077aed3SPierre Pronchery openssl mac -macopt custom:Tag -macopt hexkey:40414243444546 \
147b077aed3SPierre Pronchery         -macopt size:16 -in msg.bin KMAC128
148b077aed3SPierre Pronchery
149*44096ebdSEnji CooperTo create a hex-encoded GMAC-AES-128-GCM with a IV from a file:
150*44096ebdSEnji Cooper
151b077aed3SPierre Pronchery openssl mac -cipher AES-128-GCM -macopt hexiv:E0E00F19FED7BA0136A797F3 \
152b077aed3SPierre Pronchery         -macopt hexkey:77A77FAF290C1FA30C683DF16BA7A77B -in msg.bin GMAC
153b077aed3SPierre Pronchery
154b077aed3SPierre Pronchery=head1 NOTES
155b077aed3SPierre Pronchery
156b077aed3SPierre ProncheryThe MAC mechanisms that are available will depend on the options
157b077aed3SPierre Proncheryused when building OpenSSL.
158b077aed3SPierre ProncheryUse C<openssl list -mac-algorithms> to list them.
159b077aed3SPierre Pronchery
160b077aed3SPierre Pronchery=head1 SEE ALSO
161b077aed3SPierre Pronchery
162b077aed3SPierre ProncheryL<openssl(1)>,
163b077aed3SPierre ProncheryL<EVP_MAC(3)>,
164b077aed3SPierre ProncheryL<EVP_MAC-CMAC(7)>,
165b077aed3SPierre ProncheryL<EVP_MAC-GMAC(7)>,
166b077aed3SPierre ProncheryL<EVP_MAC-HMAC(7)>,
167b077aed3SPierre ProncheryL<EVP_MAC-KMAC(7)>,
168b077aed3SPierre ProncheryL<EVP_MAC-Siphash(7)>,
169b077aed3SPierre ProncheryL<EVP_MAC-Poly1305(7)>
170b077aed3SPierre Pronchery
171b077aed3SPierre Pronchery=head1 COPYRIGHT
172b077aed3SPierre Pronchery
173*44096ebdSEnji CooperCopyright 2018-2024 The OpenSSL Project Authors. All Rights Reserved.
174b077aed3SPierre Pronchery
175b077aed3SPierre ProncheryLicensed under the Apache License 2.0 (the "License").  You may not use
176b077aed3SPierre Proncherythis file except in compliance with the License.  You can obtain a copy
177b077aed3SPierre Proncheryin the file LICENSE in the source distribution or at
178b077aed3SPierre ProncheryL<https://www.openssl.org/source/license.html>.
179b077aed3SPierre Pronchery
180b077aed3SPierre Pronchery=cut
181