1=pod 2{- OpenSSL::safe::output_do_not_edit_headers(); -} 3 4=head1 NAME 5 6openssl-mac - perform Message Authentication Code operations 7 8=head1 SYNOPSIS 9 10B<openssl mac> 11[B<-help>] 12[B<-cipher>] 13[B<-digest>] 14[B<-macopt>] 15[B<-in> I<filename>] 16[B<-out> I<filename>] 17[B<-binary>] 18{- $OpenSSL::safe::opt_provider_synopsis -} 19I<mac_name> 20 21=head1 DESCRIPTION 22 23The message authentication code functions output the MAC of a supplied input 24file. 25 26=head1 OPTIONS 27 28=over 4 29 30=item B<-help> 31 32Print a usage message. 33 34=item B<-in> I<filename> 35 36Input filename to calculate a MAC for, or standard input by default. 37Standard input is used if the filename is '-'. 38Files are expected to be in binary format, standard input uses hexadecimal text 39format. 40 41=item B<-out> I<filename> 42 43Filename to output to, or standard output by default. 44 45=item B<-binary> 46 47Output the MAC in binary form. Uses hexadecimal text format if not specified. 48 49=item B<-cipher> I<name> 50 51Used by CMAC and GMAC to specify the cipher algorithm. 52For CMAC it must be one of AES-128-CBC, AES-192-CBC, AES-256-CBC or 53DES-EDE3-CBC. 54For GMAC it should be a GCM mode cipher e.g. AES-128-GCM. 55 56=item B<-digest> I<name> 57 58Used by HMAC as an alphanumeric string (use if the key contains printable 59characters only). 60The string length must conform to any restrictions of the MAC algorithm. 61To see the list of supported digests, use C<openssl list -digest-commands>. 62 63=item B<-macopt> I<nm>:I<v> 64 65Passes options to the MAC algorithm. 66A comprehensive list of controls can be found in the EVP_MAC implementation 67documentation. 68Common parameter names used by EVP_MAC_CTX_get_params() are: 69 70=over 4 71 72=item B<key:>I<string> 73 74Specifies the MAC key as an alphanumeric string (use if the key contains 75printable characters only). 76The string length must conform to any restrictions of the MAC algorithm. 77A key must be specified for every MAC algorithm. 78 79=item B<hexkey:>I<string> 80 81Specifies the MAC key in hexadecimal form (two hex digits per byte). 82The key length must conform to any restrictions of the MAC algorithm. 83A key must be specified for every MAC algorithm. 84 85=item B<iv:>I<string> 86 87Used by GMAC to specify an IV as an alphanumeric string (use if the IV contains 88printable characters only). 89 90=item B<hexiv:>I<string> 91 92Used by GMAC to specify an IV in hexadecimal form (two hex digits per byte). 93 94=item B<size:>I<int> 95 96Used by KMAC128 or KMAC256 to specify an output length. 97The default sizes are 32 or 64 bytes respectively. 98 99=item B<custom:>I<string> 100 101Used by KMAC128 or KMAC256 to specify a customization string. 102The default is the empty string "". 103 104=item B<digest:>I<string> 105 106This option is identical to the B<-digest> option. 107 108=item B<cipher:>I<string> 109 110This option is identical to the B<-cipher> option. 111 112=back 113 114{- $OpenSSL::safe::opt_provider_item -} 115 116=item I<mac_name> 117 118Specifies the name of a supported MAC algorithm which will be used. 119To see the list of supported MAC's use the command C<opensssl list 120-mac-algorithms>. 121 122=back 123 124 125=head1 EXAMPLES 126 127To create a hex-encoded HMAC-SHA1 MAC of a file and write to stdout: \ 128 openssl mac -digest SHA1 \ 129 -macopt hexkey:000102030405060708090A0B0C0D0E0F10111213 \ 130 -in msg.bin HMAC 131 132To create a SipHash MAC from a file with a binary file output: \ 133 openssl mac -macopt hexkey:000102030405060708090A0B0C0D0E0F \ 134 -in msg.bin -out out.bin -binary SipHash 135 136To create a hex-encoded CMAC-AES-128-CBC MAC from a file:\ 137 openssl mac -cipher AES-128-CBC \ 138 -macopt hexkey:77A77FAF290C1FA30C683DF16BA7A77B \ 139 -in msg.bin CMAC 140 141To create a hex-encoded KMAC128 MAC from a file with a Customisation String 142'Tag' and output length of 16: \ 143 openssl mac -macopt custom:Tag -macopt hexkey:40414243444546 \ 144 -macopt size:16 -in msg.bin KMAC128 145 146To create a hex-encoded GMAC-AES-128-GCM with a IV from a file: \ 147 openssl mac -cipher AES-128-GCM -macopt hexiv:E0E00F19FED7BA0136A797F3 \ 148 -macopt hexkey:77A77FAF290C1FA30C683DF16BA7A77B -in msg.bin GMAC 149 150=head1 NOTES 151 152The MAC mechanisms that are available will depend on the options 153used when building OpenSSL. 154Use C<openssl list -mac-algorithms> to list them. 155 156=head1 SEE ALSO 157 158L<openssl(1)>, 159L<EVP_MAC(3)>, 160L<EVP_MAC-CMAC(7)>, 161L<EVP_MAC-GMAC(7)>, 162L<EVP_MAC-HMAC(7)>, 163L<EVP_MAC-KMAC(7)>, 164L<EVP_MAC-Siphash(7)>, 165L<EVP_MAC-Poly1305(7)> 166 167=head1 COPYRIGHT 168 169Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved. 170 171Licensed under the Apache License 2.0 (the "License"). You may not use 172this file except in compliance with the License. You can obtain a copy 173in the file LICENSE in the source distribution or at 174L<https://www.openssl.org/source/license.html>. 175 176=cut 177