1=pod 2{- OpenSSL::safe::output_do_not_edit_headers(); -} 3 4=head1 NAME 5 6openssl-mac - perform Message Authentication Code operations 7 8=head1 SYNOPSIS 9 10B<openssl mac> 11[B<-help>] 12[B<-cipher>] 13[B<-digest>] 14[B<-macopt>] 15[B<-in> I<filename>] 16[B<-out> I<filename>] 17[B<-binary>] 18{- $OpenSSL::safe::opt_provider_synopsis -} 19I<mac_name> 20 21=head1 DESCRIPTION 22 23The message authentication code functions output the MAC of a supplied input 24file. 25 26=head1 OPTIONS 27 28=over 4 29 30=item B<-help> 31 32Print a usage message. 33 34=item B<-in> I<filename> 35 36Input filename to calculate a MAC for, or standard input by default. 37Standard input is used if the filename is '-'. 38Files and standard input are expected to be in binary format. 39 40=item B<-out> I<filename> 41 42Filename to output to, or standard output by default. 43 44=item B<-binary> 45 46Output the MAC in binary form. Uses hexadecimal text format if not specified. 47 48=item B<-cipher> I<name> 49 50Used by CMAC and GMAC to specify the cipher algorithm. 51For CMAC it must be one of AES-128-CBC, AES-192-CBC, AES-256-CBC or 52DES-EDE3-CBC. 53For GMAC it should be a GCM mode cipher e.g. AES-128-GCM. 54 55=item B<-digest> I<name> 56 57Used by HMAC as an alphanumeric string (use if the key contains printable 58characters only). 59The string length must conform to any restrictions of the MAC algorithm. 60To see the list of supported digests, use C<openssl list -digest-commands>. 61 62=item B<-macopt> I<nm>:I<v> 63 64Passes options to the MAC algorithm. 65A comprehensive list of controls can be found in the EVP_MAC implementation 66documentation. 67Common parameter names used by EVP_MAC_CTX_get_params() are: 68 69=over 4 70 71=item B<key:>I<string> 72 73Specifies the MAC key as an alphanumeric string (use if the key contains 74printable characters only). 75The string length must conform to any restrictions of the MAC algorithm. 76A key must be specified for every MAC algorithm. 77 78=item B<hexkey:>I<string> 79 80Specifies the MAC key in hexadecimal form (two hex digits per byte). 81The key length must conform to any restrictions of the MAC algorithm. 82A key must be specified for every MAC algorithm. 83 84=item B<iv:>I<string> 85 86Used by GMAC to specify an IV as an alphanumeric string (use if the IV contains 87printable characters only). 88 89=item B<hexiv:>I<string> 90 91Used by GMAC to specify an IV in hexadecimal form (two hex digits per byte). 92 93=item B<size:>I<int> 94 95Used by KMAC128 or KMAC256 to specify an output length. 96The default sizes are 32 or 64 bytes respectively. 97 98=item B<custom:>I<string> 99 100Used by KMAC128 or KMAC256 to specify a customization string. 101The default is the empty string "". 102 103=item B<digest:>I<string> 104 105This option is identical to the B<-digest> option. 106 107=item B<cipher:>I<string> 108 109This option is identical to the B<-cipher> option. 110 111=back 112 113{- $OpenSSL::safe::opt_provider_item -} 114 115=item I<mac_name> 116 117Specifies the name of a supported MAC algorithm which will be used. 118To see the list of supported MAC's use the command C<openssl list 119-mac-algorithms>. 120 121=back 122 123 124=head1 EXAMPLES 125 126To create a hex-encoded HMAC-SHA1 MAC of a file and write to stdout: 127 128 openssl mac -digest SHA1 \ 129 -macopt hexkey:000102030405060708090A0B0C0D0E0F10111213 \ 130 -in msg.bin HMAC 131 132To create a SipHash MAC from a file with a binary file output: 133 134 openssl mac -macopt hexkey:000102030405060708090A0B0C0D0E0F \ 135 -in msg.bin -out out.bin -binary SipHash 136 137To create a hex-encoded CMAC-AES-128-CBC MAC from a file: 138 139 openssl mac -cipher AES-128-CBC \ 140 -macopt hexkey:77A77FAF290C1FA30C683DF16BA7A77B \ 141 -in msg.bin CMAC 142 143To create a hex-encoded KMAC128 MAC from a file with a Customisation String 144'Tag' and output length of 16: 145 146 openssl mac -macopt custom:Tag -macopt hexkey:40414243444546 \ 147 -macopt size:16 -in msg.bin KMAC128 148 149To create a hex-encoded GMAC-AES-128-GCM with a IV from a file: 150 151 openssl mac -cipher AES-128-GCM -macopt hexiv:E0E00F19FED7BA0136A797F3 \ 152 -macopt hexkey:77A77FAF290C1FA30C683DF16BA7A77B -in msg.bin GMAC 153 154=head1 NOTES 155 156The MAC mechanisms that are available will depend on the options 157used when building OpenSSL. 158Use C<openssl list -mac-algorithms> to list them. 159 160=head1 SEE ALSO 161 162L<openssl(1)>, 163L<EVP_MAC(3)>, 164L<EVP_MAC-CMAC(7)>, 165L<EVP_MAC-GMAC(7)>, 166L<EVP_MAC-HMAC(7)>, 167L<EVP_MAC-KMAC(7)>, 168L<EVP_MAC-Siphash(7)>, 169L<EVP_MAC-Poly1305(7)> 170 171=head1 COPYRIGHT 172 173Copyright 2018-2024 The OpenSSL Project Authors. All Rights Reserved. 174 175Licensed under the Apache License 2.0 (the "License"). You may not use 176this file except in compliance with the License. You can obtain a copy 177in the file LICENSE in the source distribution or at 178L<https://www.openssl.org/source/license.html>. 179 180=cut 181