1=pod 2{- OpenSSL::safe::output_do_not_edit_headers(); -} 3 4=head1 NAME 5 6openssl-mac - perform Message Authentication Code operations 7 8=head1 SYNOPSIS 9 10B<openssl mac> 11[B<-help>] 12[B<-cipher>] 13[B<-digest>] 14[B<-macopt>] 15[B<-in> I<filename>] 16[B<-out> I<filename>] 17[B<-binary>] 18{- $OpenSSL::safe::opt_provider_synopsis -} 19I<mac_name> 20 21=head1 DESCRIPTION 22 23The message authentication code functions output the MAC of a supplied input 24file. 25 26=head1 OPTIONS 27 28=over 4 29 30=item B<-help> 31 32Print a usage message. 33 34=item B<-in> I<filename> 35 36Input filename to calculate a MAC for, or standard input by default. 37Standard input is used if the filename is '-'. 38Files and standard input are expected to be in binary format. 39 40=item B<-out> I<filename> 41 42Filename to output to, or standard output by default. 43 44=item B<-binary> 45 46Output the MAC in binary form. Uses hexadecimal text format if not specified. 47 48=item B<-cipher> I<name> 49 50Used by CMAC and GMAC to specify the cipher algorithm. 51For CMAC it must be one of AES-128-CBC, AES-192-CBC, AES-256-CBC or 52DES-EDE3-CBC. 53For GMAC it should be a GCM mode cipher e.g. AES-128-GCM. 54 55=item B<-digest> I<name> 56 57Used by HMAC as an alphanumeric string (use if the key contains printable 58characters only). 59The string length must conform to any restrictions of the MAC algorithm. 60To see the list of supported digests, use C<openssl list -digest-commands>. 61 62=item B<-macopt> I<nm>:I<v> 63 64Passes options to the MAC algorithm. 65A comprehensive list of controls can be found in the EVP_MAC implementation 66documentation. 67Common parameter names used by EVP_MAC_CTX_get_params() are: 68 69=over 4 70 71=item B<key:>I<string> 72 73Specifies the MAC key as an alphanumeric string (use if the key contains 74printable characters only). 75The string length must conform to any restrictions of the MAC algorithm. 76A key must be specified for every MAC algorithm. 77 78=item B<hexkey:>I<string> 79 80Specifies the MAC key in hexadecimal form (two hex digits per byte). 81The key length must conform to any restrictions of the MAC algorithm. 82A key must be specified for every MAC algorithm. 83 84=item B<iv:>I<string> 85 86Used by GMAC to specify an IV as an alphanumeric string (use if the IV contains 87printable characters only). 88 89=item B<hexiv:>I<string> 90 91Used by GMAC to specify an IV in hexadecimal form (two hex digits per byte). 92 93=item B<size:>I<int> 94 95Used by KMAC128 or KMAC256 to specify an output length. 96The default sizes are 32 or 64 bytes respectively. 97 98=item B<custom:>I<string> 99 100Used by KMAC128 or KMAC256 to specify a customization string. 101The default is the empty string "". 102 103=item B<digest:>I<string> 104 105This option is identical to the B<-digest> option. 106 107=item B<cipher:>I<string> 108 109This option is identical to the B<-cipher> option. 110 111=back 112 113{- $OpenSSL::safe::opt_provider_item -} 114 115=item I<mac_name> 116 117Specifies the name of a supported MAC algorithm which will be used. 118To see the list of supported MAC's use the command C<openssl list 119-mac-algorithms>. 120 121=back 122 123 124=head1 EXAMPLES 125 126To create a hex-encoded HMAC-SHA1 MAC of a file and write to stdout: \ 127 openssl mac -digest SHA1 \ 128 -macopt hexkey:000102030405060708090A0B0C0D0E0F10111213 \ 129 -in msg.bin HMAC 130 131To create a SipHash MAC from a file with a binary file output: \ 132 openssl mac -macopt hexkey:000102030405060708090A0B0C0D0E0F \ 133 -in msg.bin -out out.bin -binary SipHash 134 135To create a hex-encoded CMAC-AES-128-CBC MAC from a file:\ 136 openssl mac -cipher AES-128-CBC \ 137 -macopt hexkey:77A77FAF290C1FA30C683DF16BA7A77B \ 138 -in msg.bin CMAC 139 140To create a hex-encoded KMAC128 MAC from a file with a Customisation String 141'Tag' and output length of 16: \ 142 openssl mac -macopt custom:Tag -macopt hexkey:40414243444546 \ 143 -macopt size:16 -in msg.bin KMAC128 144 145To create a hex-encoded GMAC-AES-128-GCM with a IV from a file: \ 146 openssl mac -cipher AES-128-GCM -macopt hexiv:E0E00F19FED7BA0136A797F3 \ 147 -macopt hexkey:77A77FAF290C1FA30C683DF16BA7A77B -in msg.bin GMAC 148 149=head1 NOTES 150 151The MAC mechanisms that are available will depend on the options 152used when building OpenSSL. 153Use C<openssl list -mac-algorithms> to list them. 154 155=head1 SEE ALSO 156 157L<openssl(1)>, 158L<EVP_MAC(3)>, 159L<EVP_MAC-CMAC(7)>, 160L<EVP_MAC-GMAC(7)>, 161L<EVP_MAC-HMAC(7)>, 162L<EVP_MAC-KMAC(7)>, 163L<EVP_MAC-Siphash(7)>, 164L<EVP_MAC-Poly1305(7)> 165 166=head1 COPYRIGHT 167 168Copyright 2018-2022 The OpenSSL Project Authors. All Rights Reserved. 169 170Licensed under the Apache License 2.0 (the "License"). You may not use 171this file except in compliance with the License. You can obtain a copy 172in the file LICENSE in the source distribution or at 173L<https://www.openssl.org/source/license.html>. 174 175=cut 176