1=pod 2{- OpenSSL::safe::output_do_not_edit_headers(); -} 3 4=head1 NAME 5 6openssl-mac - perform Message Authentication Code operations 7 8=head1 SYNOPSIS 9 10B<openssl mac> 11[B<-help>] 12[B<-cipher>] 13[B<-digest>] 14[B<-macopt>] 15[B<-in> I<filename>] 16[B<-out> I<filename>] 17[B<-binary>] 18{- $OpenSSL::safe::opt_provider_synopsis -} 19I<mac_name> 20 21=head1 DESCRIPTION 22 23The message authentication code functions output the MAC of a supplied input 24file. 25 26=head1 OPTIONS 27 28=over 4 29 30=item B<-help> 31 32Print a usage message. 33 34=item B<-in> I<filename> 35 36Input filename to calculate a MAC for, or standard input by default. 37Standard input is used if the filename is '-'. 38Files and standard input are expected to be in binary format. 39 40=item B<-out> I<filename> 41 42Filename to output to, or standard output by default. 43 44=item B<-binary> 45 46Output the MAC in binary form. Uses hexadecimal text format if not specified. 47 48=item B<-cipher> I<name> 49 50Used by CMAC and GMAC to specify the cipher algorithm. 51For CMAC it should be a CBC mode cipher e.g. AES-128-CBC. 52For GMAC it should be a GCM mode cipher e.g. AES-128-GCM. 53 54=item B<-digest> I<name> 55 56Used by HMAC as an alphanumeric string (use if the key contains printable 57characters only). 58The string length must conform to any restrictions of the MAC algorithm. 59To see the list of supported digests, use C<openssl list -digest-commands>. 60 61=item B<-macopt> I<nm>:I<v> 62 63Passes options to the MAC algorithm. 64A comprehensive list of controls can be found in the EVP_MAC implementation 65documentation. 66Common parameter names used by EVP_MAC_CTX_get_params() are: 67 68=over 4 69 70=item B<key:>I<string> 71 72Specifies the MAC key as an alphanumeric string (use if the key contains 73printable characters only). 74The string length must conform to any restrictions of the MAC algorithm. 75A key must be specified for every MAC algorithm. 76 77=item B<hexkey:>I<string> 78 79Specifies the MAC key in hexadecimal form (two hex digits per byte). 80The key length must conform to any restrictions of the MAC algorithm. 81A key must be specified for every MAC algorithm. 82 83=item B<iv:>I<string> 84 85Used by GMAC to specify an IV as an alphanumeric string (use if the IV contains 86printable characters only). 87 88=item B<hexiv:>I<string> 89 90Used by GMAC to specify an IV in hexadecimal form (two hex digits per byte). 91 92=item B<size:>I<int> 93 94Used by KMAC128 or KMAC256 to specify an output length. 95The default sizes are 32 or 64 bytes respectively. 96 97=item B<custom:>I<string> 98 99Used by KMAC128 or KMAC256 to specify a customization string. 100The default is the empty string "". 101 102=item B<digest:>I<string> 103 104This option is identical to the B<-digest> option. 105 106=item B<cipher:>I<string> 107 108This option is identical to the B<-cipher> option. 109 110=back 111 112{- $OpenSSL::safe::opt_provider_item -} 113 114=item I<mac_name> 115 116Specifies the name of a supported MAC algorithm which will be used. 117To see the list of supported MAC's use the command C<openssl list 118-mac-algorithms>. 119 120=back 121 122 123=head1 EXAMPLES 124 125To create a hex-encoded HMAC-SHA1 MAC of a file and write to stdout: 126 127 openssl mac -digest SHA1 \ 128 -macopt hexkey:000102030405060708090A0B0C0D0E0F10111213 \ 129 -in msg.bin HMAC 130 131To create a SipHash MAC from a file with a binary file output: 132 133 openssl mac -macopt hexkey:000102030405060708090A0B0C0D0E0F \ 134 -in msg.bin -out out.bin -binary SipHash 135 136To create a hex-encoded CMAC-AES-128-CBC MAC from a file: 137 138 openssl mac -cipher AES-128-CBC \ 139 -macopt hexkey:77A77FAF290C1FA30C683DF16BA7A77B \ 140 -in msg.bin CMAC 141 142To create a hex-encoded KMAC128 MAC from a file with a Customisation String 143'Tag' and output length of 16: 144 145 openssl mac -macopt custom:Tag -macopt hexkey:40414243444546 \ 146 -macopt size:16 -in msg.bin KMAC128 147 148To create a hex-encoded GMAC-AES-128-GCM with a IV from a file: 149 150 openssl mac -cipher AES-128-GCM -macopt hexiv:E0E00F19FED7BA0136A797F3 \ 151 -macopt hexkey:77A77FAF290C1FA30C683DF16BA7A77B -in msg.bin GMAC 152 153=head1 NOTES 154 155The MAC mechanisms that are available will depend on the options 156used when building OpenSSL. 157Use C<openssl list -mac-algorithms> to list them. 158 159=head1 SEE ALSO 160 161L<openssl(1)>, 162L<EVP_MAC(3)>, 163L<EVP_MAC-CMAC(7)>, 164L<EVP_MAC-GMAC(7)>, 165L<EVP_MAC-HMAC(7)>, 166L<EVP_MAC-KMAC(7)>, 167L<EVP_MAC-Siphash(7)>, 168L<EVP_MAC-Poly1305(7)> 169 170=head1 COPYRIGHT 171 172Copyright 2018-2024 The OpenSSL Project Authors. All Rights Reserved. 173 174Licensed under the Apache License 2.0 (the "License"). You may not use 175this file except in compliance with the License. You can obtain a copy 176in the file LICENSE in the source distribution or at 177L<https://www.openssl.org/source/license.html>. 178 179=cut 180