1OPENSSL-MAC(1ossl)                  OpenSSL                 OPENSSL-MAC(1ossl)
2
3
4

NAME

6       openssl-mac - perform Message Authentication Code operations
7

SYNOPSIS

9       openssl mac [-help] [-cipher] [-digest] [-macopt] [-in filename] [-out
10       filename] [-binary] [-provider name] [-provider-path path] [-propquery
11       propq] mac_name
12

DESCRIPTION

14       The message authentication code functions output the MAC of a supplied
15       input file.
16

OPTIONS

18       -help
19           Print a usage message.
20
21       -in filename
22           Input filename to calculate a MAC for, or standard input by
23           default.  Standard input is used if the filename is '-'.  Files are
24           expected to be in binary format, standard input uses hexadecimal
25           text format.
26
27       -out filename
28           Filename to output to, or standard output by default.
29
30       -binary
31           Output the MAC in binary form. Uses hexadecimal text format if not
32           specified.
33
34       -cipher name
35           Used by CMAC and GMAC to specify the cipher algorithm.  For CMAC it
36           must be one of AES-128-CBC, AES-192-CBC, AES-256-CBC or
37           DES-EDE3-CBC.  For GMAC it should be a GCM mode cipher e.g.
38           AES-128-GCM.
39
40       -digest name
41           Used by HMAC as an alphanumeric string (use if the key contains
42           printable characters only).  The string length must conform to any
43           restrictions of the MAC algorithm.  To see the list of supported
44           digests, use "openssl list -digest-commands".
45
46       -macopt nm:v
47           Passes options to the MAC algorithm.  A comprehensive list of
48           controls can be found in the EVP_MAC implementation documentation.
49           Common parameter names used by EVP_MAC_CTX_get_params() are:
50
51           key:string
52               Specifies the MAC key as an alphanumeric string (use if the key
53               contains printable characters only).  The string length must
54               conform to any restrictions of the MAC algorithm.  A key must
55               be specified for every MAC algorithm.
56
57           hexkey:string
58               Specifies the MAC key in hexadecimal form (two hex digits per
59               byte).  The key length must conform to any restrictions of the
60               MAC algorithm.  A key must be specified for every MAC
61               algorithm.
62
63           iv:string
64               Used by GMAC to specify an IV as an alphanumeric string (use if
65               the IV contains printable characters only).
66
67           hexiv:string
68               Used by GMAC to specify an IV in hexadecimal form (two hex
69               digits per byte).
70
71           size:int
72               Used by KMAC128 or KMAC256 to specify an output length.  The
73               default sizes are 32 or 64 bytes respectively.
74
75           custom:string
76               Used by KMAC128 or KMAC256 to specify a customization string.
77               The default is the empty string "".
78
79           digest:string
80               This option is identical to the -digest option.
81
82           cipher:string
83               This option is identical to the -cipher option.
84
85       -provider name
86       -provider-path path
87       -propquery propq
88           See "Provider Options" in openssl(1), provider(7), and property(7).
89
90       mac_name
91           Specifies the name of a supported MAC algorithm which will be used.
92           To see the list of supported MAC's use the command "openssl list
93           -mac-algorithms".
94

EXAMPLES

96       To create a hex-encoded HMAC-SHA1 MAC of a file and write to stdout: \
97        openssl mac -digest SHA1 \
98                -macopt hexkey:000102030405060708090A0B0C0D0E0F10111213 \
99                -in msg.bin HMAC
100
101       To create a SipHash MAC from a file with a binary file output: \
102        openssl mac -macopt hexkey:000102030405060708090A0B0C0D0E0F \
103                -in msg.bin -out out.bin -binary SipHash
104
105       To create a hex-encoded CMAC-AES-128-CBC MAC from a file:\
106        openssl mac -cipher AES-128-CBC \
107                -macopt hexkey:77A77FAF290C1FA30C683DF16BA7A77B \
108                -in msg.bin CMAC
109
110       To create a hex-encoded KMAC128 MAC from a file with a Customisation
111       String 'Tag' and output length of 16: \
112        openssl mac -macopt custom:Tag -macopt hexkey:40414243444546 \
113                -macopt size:16 -in msg.bin KMAC128
114
115       To create a hex-encoded GMAC-AES-128-GCM with a IV from a file: \
116        openssl mac -cipher AES-128-GCM -macopt hexiv:E0E00F19FED7BA0136A797F3
117       \
118                -macopt hexkey:77A77FAF290C1FA30C683DF16BA7A77B -in msg.bin
119       GMAC
120

NOTES

122       The MAC mechanisms that are available will depend on the options used
123       when building OpenSSL.  Use "openssl list -mac-algorithms" to list
124       them.
125

SEE ALSO

127       openssl(1), EVP_MAC(3), EVP_MAC-CMAC(7), EVP_MAC-GMAC(7),
128       EVP_MAC-HMAC(7), EVP_MAC-KMAC(7), EVP_MAC-Siphash(7),
129       EVP_MAC-Poly1305(7)
130
132       Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved.
133
134       Licensed under the Apache License 2.0 (the "License").  You may not use
135       this file except in compliance with the License.  You can obtain a copy
136       in the file LICENSE in the source distribution or at
137       <https://www.openssl.org/source/license.html>.
138
139
140
1413.0.5                             2022-11-01                OPENSSL-MAC(1ossl)
Impressum