openssl-mac - perform Message Authentication Code operations
openssl mac [-help] [-cipher]
[-digest] [-macopt] [-in filename] [-out
filename] [-binary] [-provider name]
[-provider-path path] [-propquery propq]
mac_name
The message authentication code functions output the MAC of a
supplied input file.
- -help
- Print a usage message.
- -in
filename
- Input filename to calculate a MAC for, or standard input by default.
Standard input is used if the filename is '-'. Files and standard input
are expected to be in binary format.
- -out
filename
- Filename to output to, or standard output by default.
- -binary
- Output the MAC in binary form. Uses hexadecimal text format if not
specified.
- -cipher
name
- Used by CMAC and GMAC to specify the cipher algorithm. For CMAC it must be
one of AES-128-CBC, AES-192-CBC, AES-256-CBC or DES-EDE3-CBC. For GMAC it
should be a GCM mode cipher e.g. AES-128-GCM.
- -digest
name
- Used by HMAC as an alphanumeric string (use if the key contains printable
characters only). The string length must conform to any restrictions of
the MAC algorithm. To see the list of supported digests, use
"openssl list -digest-commands".
- -macopt
nm:v
- Passes options to the MAC algorithm. A comprehensive list of controls can
be found in the EVP_MAC implementation documentation. Common parameter
names used by EVP_MAC_CTX_get_params() are:
- key:string
- Specifies the MAC key as an alphanumeric string (use if the key contains
printable characters only). The string length must conform to any
restrictions of the MAC algorithm. A key must be specified for every MAC
algorithm.
- hexkey:string
- Specifies the MAC key in hexadecimal form (two hex digits per byte). The
key length must conform to any restrictions of the MAC algorithm. A key
must be specified for every MAC algorithm.
- iv:string
- Used by GMAC to specify an IV as an alphanumeric string (use if the IV
contains printable characters only).
- hexiv:string
- Used by GMAC to specify an IV in hexadecimal form (two hex digits per
byte).
- size:int
- Used by KMAC128 or KMAC256 to specify an output length. The default sizes
are 32 or 64 bytes respectively.
- custom:string
- Used by KMAC128 or KMAC256 to specify a customization string. The default
is the empty string "".
- digest:string
- This option is identical to the -digest option.
- cipher:string
- This option is identical to the -cipher option.
- -provider
name
- -provider-path
path
- -propquery
propq
- See "Provider Options" in openssl(1), provider(7),
and property(7).
- mac_name
- Specifies the name of a supported MAC algorithm which will be used. To see
the list of supported MAC's use the command "openssl
list -mac-algorithms".
To create a hex-encoded HMAC-SHA1 MAC of a file and write to
stdout: \
openssl mac -digest SHA1 \
-macopt hexkey:000102030405060708090A0B0C0D0E0F10111213 \
-in msg.bin HMAC
To create a SipHash MAC from a file with a binary file output: \
openssl mac -macopt hexkey:000102030405060708090A0B0C0D0E0F \
-in msg.bin -out out.bin -binary SipHash
To create a hex-encoded CMAC-AES-128-CBC MAC from a file:\
openssl mac -cipher AES-128-CBC \
-macopt hexkey:77A77FAF290C1FA30C683DF16BA7A77B \
-in msg.bin CMAC
To create a hex-encoded KMAC128 MAC from a file with a
Customisation String 'Tag' and output length of 16: \
openssl mac -macopt custom:Tag -macopt hexkey:40414243444546 \
-macopt size:16 -in msg.bin KMAC128
To create a hex-encoded GMAC-AES-128-GCM with a IV from a file: \
openssl mac -cipher AES-128-GCM -macopt hexiv:E0E00F19FED7BA0136A797F3 \
-macopt hexkey:77A77FAF290C1FA30C683DF16BA7A77B -in msg.bin GMAC
The MAC mechanisms that are available will depend on the options
used when building OpenSSL. Use "openssl list
-mac-algorithms" to list them.
Copyright 2018-2022 The OpenSSL Project Authors. All Rights
Reserved.
Licensed under the Apache License 2.0 (the "License").
You may not use this file except in compliance with the License. You can
obtain a copy in the file LICENSE in the source distribution or at
<https://www.openssl.org/source/license.html>.