首頁 探索 說明
登入
OWEALs
/
openssl
镜像来自 git://git.openssl.org/openssl.git
2
0
複刻 0
檔案 問題管理 1 Wiki
目錄樹: 74613e8c97
分支列表 標籤列表
openssl
/
doc
/
man1
/
openssl-mac.pod.in

openssl-mac.pod.in 4.5 KB
文件歷史 原始文件

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176 
  1. =pod
    2. 

  2. {- OpenSSL::safe::output_do_not_edit_headers(); -}
    3. 

  3. 

  4. =head1 NAME
    5. 

  5. 

  6. openssl-mac - perform Message Authentication Code operations
    7. 

  7. 

  8. =head1 SYNOPSIS
    9. 

  9. 

  10. B<openssl mac>
    11. 

  11. [B<-help>]
    12. 

  12. [B<-cipher>]
    13. 

  13. [B<-digest>]
    14. 

  14. [B<-macopt>]
    15. 

  15. [B<-in> I<filename>]
    16. 

  16. [B<-out> I<filename>]
    17. 

  17. [B<-binary>]
    18. 

  18. {- $OpenSSL::safe::opt_provider_synopsis -}
    19. 

  19. I<mac_name>
    20. 

  20. 

  21. =head1 DESCRIPTION
    22. 

  22. 

  23. The message authentication code functions output the MAC of a supplied input
    24. 

  24. file.
    25. 

  25. 

  26. =head1 OPTIONS
    27. 

  27. 

  28. =over 4
    29. 

  29. 

  30. =item B<-help>
    31. 

  31. 

  32. Print a usage message.
    33. 

  33. 

  34. =item B<-in> I<filename>
    35. 

  35. 

  36. Input filename to calculate a MAC for, or standard input by default.
    37. 

  37. Standard input is used if the filename is '-'.
    38. 

  38. Files are expected to be in binary format, standard input uses hexadecimal text
    39. 

  39. format.
    40. 

  40. 

  41. =item B<-out> I<filename>
    42. 

  42. 

  43. Filename to output to, or standard output by default.
    44. 

  44. 

  45. =item B<-binary>
    46. 

  46. 

  47. Output the MAC in binary form. Uses hexadecimal text format if not specified.
    48. 

  48. 

  49. =item B<-cipher> I<name>
    50. 

  50. 

  51. Used by CMAC and GMAC to specify the cipher algorithm.
    52. 

  52. For CMAC it must be one of AES-128-CBC, AES-192-CBC, AES-256-CBC or
    53. 

  53. DES-EDE3-CBC.
    54. 

  54. For GMAC it should be a GCM mode cipher e.g. AES-128-GCM.
    55. 

  55. 

  56. =item B<-digest> I<name>
    57. 

  57. 

  58. Used by HMAC as an alphanumeric string (use if the key contains printable
    59. 

  59. characters only).
    60. 

  60. The string length must conform to any restrictions of the MAC algorithm.
    61. 

  61. To see the list of supported digests, use C<openssl list -digest-commands>.
    62. 

  62. 

  63. =item B<-macopt> I<nm>:I<v>
    64. 

  64. 

  65. Passes options to the MAC algorithm.
    66. 

  66. A comprehensive list of controls can be found in the EVP_MAC implementation
    67. 

  67. documentation.
    68. 

  68. Common parameter names used by EVP_MAC_CTX_get_params() are:
    69. 

  69. 

  70. =over 4
    71. 

  71. 

  72. =item B<key:>I<string>
    73. 

  73. 

  74. Specifies the MAC key as an alphanumeric string (use if the key contains
    75. 

  75. printable characters only).
    76. 

  76. The string length must conform to any restrictions of the MAC algorithm.
    77. 

  77. A key must be specified for every MAC algorithm.
    78. 

  78. 

  79. =item B<hexkey:>I<string>
    80. 

  80. 

  81. Specifies the MAC key in hexadecimal form (two hex digits per byte).
    82. 

  82. The key length must conform to any restrictions of the MAC algorithm.
    83. 

  83. A key must be specified for every MAC algorithm.
    84. 

  84. 

  85. =item B<iv:>I<string>
    86. 

  86. 

  87. Used by GMAC to specify an IV as an alphanumeric string (use if the IV contains
    88. 

  88. printable characters only).
    89. 

  89. 

  90. =item B<hexiv:>I<string>
    91. 

  91. 

  92. Used by GMAC to specify an IV in hexadecimal form (two hex digits per byte).
    93. 

  93. 

  94. =item B<size:>I<int>
    95. 

  95. 

  96. Used by KMAC128 or KMAC256 to specify an output length.
    97. 

  97. The default sizes are 32 or 64 bytes respectively.
    98. 

  98. 

  99. =item B<custom:>I<string>
    100. 

  100. 

  101. Used by KMAC128 or KMAC256 to specify a customization string.
    102. 

  102. The default is the empty string "".
    103. 

  103. 

  104. =item B<digest:>I<string>
    105. 

  105. 

  106. This option is identical to the B<-digest> option.
    107. 

  107. 

  108. =item B<cipher:>I<string>
    109. 

  109. 

  110. This option is identical to the B<-cipher> option.
    111. 

  111. 

  112. =back
    113. 

  113. 

  114. {- $OpenSSL::safe::opt_provider_item -}
    115. 

  115. 

  116. =item I<mac_name>
    117. 

  117. 

  118. Specifies the name of a supported MAC algorithm which will be used.
    119. 

  119. To see the list of supported MAC's use the command C<opensssl list
    120. 

  120. -mac-algorithms>.
    121. 

  121. 

  122. =back
    123. 

  123. 

  124. 

  125. =head1 EXAMPLES
    126. 

  126. 

  127. To create a hex-encoded HMAC-SHA1 MAC of a file and write to stdout: \
    128. 

  128.  openssl mac -digest SHA1 \
    129. 

  129.          -macopt hexkey:000102030405060708090A0B0C0D0E0F10111213 \
    130. 

  130.          -in msg.bin HMAC
    131. 

  131. 

  132. To create a SipHash MAC from a file with a binary file output: \
    133. 

  133.  openssl mac -macopt hexkey:000102030405060708090A0B0C0D0E0F \
    134. 

  134.          -in msg.bin -out out.bin -binary SipHash
    135. 

  135. 

  136. To create a hex-encoded CMAC-AES-128-CBC MAC from a file:\
    137. 

  137.  openssl mac -cipher AES-128-CBC \
    138. 

  138.          -macopt hexkey:77A77FAF290C1FA30C683DF16BA7A77B \
    139. 

  139.          -in msg.bin CMAC
    140. 

  140. 

  141. To create a hex-encoded KMAC128 MAC from a file with a Customisation String
    142. 

  142. 'Tag' and output length of 16: \
    143. 

  143.  openssl mac -macopt custom:Tag -macopt hexkey:40414243444546 \
    144. 

  144.          -macopt size:16 -in msg.bin KMAC128
    145. 

  145. 

  146. To create a hex-encoded GMAC-AES-128-GCM with a IV from a file: \
    147. 

  147.  openssl mac -cipher AES-128-GCM -macopt hexiv:E0E00F19FED7BA0136A797F3 \
    148. 

  148.          -macopt hexkey:77A77FAF290C1FA30C683DF16BA7A77B -in msg.bin GMAC
    149. 

  149. 

  150. =head1 NOTES
    151. 

  151. 

  152. The MAC mechanisms that are available will depend on the options
    153. 

  153. used when building OpenSSL.
    154. 

  154. Use C<openssl list -mac-algorithms> to list them.
    155. 

  155. 

  156. =head1 SEE ALSO
    157. 

  157. 

  158. L<openssl(1)>,
    159. 

  159. L<EVP_MAC(3)>,
    160. 

  160. L<EVP_MAC-CMAC(7)>,
    161. 

  161. L<EVP_MAC-GMAC(7)>,
    162. 

  162. L<EVP_MAC-HMAC(7)>,
    163. 

  163. L<EVP_MAC-KMAC(7)>,
    164. 

  164. L<EVP_MAC-Siphash(7)>,
    165. 

  165. L<EVP_MAC-Poly1305(7)>
    166. 

  166. 

  167. =head1 COPYRIGHT
    168. 

  168. 

  169. Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved.
    170. 

  170. 

  171. Licensed under the Apache License 2.0 (the "License").  You may not use
    172. 

  172. this file except in compliance with the License.  You can obtain a copy
    173. 

  173. in the file LICENSE in the source distribution or at
    174. 

  174. L<https://www.openssl.org/source/license.html>.
    175. 

  175. 

  176. =cut
    177.