| =pod |
| |
| =head1 NAME |
| |
| dgst, md5, md4, md2, sha1, sha, mdc2, ripemd160 - message digests |
| |
| =head1 SYNOPSIS |
| |
| B<openssl> B<dgst> |
| [B<-md5|-md4|-md2|-sha1|-sha|-mdc2|-ripemd160|-dss1>] |
| [B<-c>] |
| [B<-d>] |
| [B<-hex>] |
| [B<-binary>] |
| [B<-out filename>] |
| [B<-sign filename>] |
| [B<-keyform arg>] |
| [B<-passin arg>] |
| [B<-verify filename>] |
| [B<-prverify filename>] |
| [B<-signature filename>] |
| [B<-hmac key>] |
| [B<file...>] |
| |
| [B<md5|md4|md2|sha1|sha|mdc2|ripemd160>] |
| [B<-c>] |
| [B<-d>] |
| [B<file...>] |
| |
| =head1 DESCRIPTION |
| |
| The digest functions output the message digest of a supplied file or files |
| in hexadecimal form. They can also be used for digital signing and verification. |
| |
| =head1 OPTIONS |
| |
| =over 4 |
| |
| =item B<-c> |
| |
| print out the digest in two digit groups separated by colons, only relevant if |
| B<hex> format output is used. |
| |
| =item B<-d> |
| |
| print out BIO debugging information. |
| |
| =item B<-hex> |
| |
| digest is to be output as a hex dump. This is the default case for a "normal" |
| digest as opposed to a digital signature. |
| |
| =item B<-binary> |
| |
| output the digest or signature in binary form. |
| |
| =item B<-out filename> |
| |
| filename to output to, or standard output by default. |
| |
| =item B<-sign filename> |
| |
| digitally sign the digest using the private key in "filename". |
| |
| =item B<-keyform arg> |
| |
| Specifies the key format to sign digest with. Only PEM and ENGINE |
| formats are supported by the B<dgst> command. |
| |
| =item B<-engine id> |
| |
| Use engine B<id> for operations (including private key storage). |
| This engine is not used as source for digest algorithms, unless it is |
| also specified in the configuration file. |
| |
| =item B<-sigopt nm:v> |
| |
| Pass options to the signature algorithm during sign or verify operations. |
| Names and values of these options are algorithm-specific. |
| |
| |
| =item B<-passin arg> |
| |
| the private key password source. For more information about the format of B<arg> |
| see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>. |
| |
| =item B<-verify filename> |
| |
| verify the signature using the the public key in "filename". |
| The output is either "Verification OK" or "Verification Failure". |
| |
| =item B<-prverify filename> |
| |
| verify the signature using the the private key in "filename". |
| |
| =item B<-signature filename> |
| |
| the actual signature to verify. |
| |
| =item B<-hmac key> |
| |
| create a hashed MAC using "key". |
| |
| =item B<-mac alg> |
| |
| create MAC (keyed Message Authentication Code). The most popular MAC |
| algorithm is HMAC (hash-based MAC), but there are other MAC algorithms |
| which are not based on hash, for instance B<gost-mac> algorithm, |
| supported by B<ccgost> engine. MAC keys and other options should be set |
| via B<-macopt> parameter. |
| |
| =item B<-macopt nm:v> |
| |
| Passes options to MAC algorithm, specified by B<-mac> key. |
| Following options are supported by both by B<HMAC> and B<gost-mac>: |
| |
| =over 8 |
| |
| =item B<key:string> |
| |
| Specifies MAC key as alphnumeric string (use if key contain printable |
| characters only). String length must conform to any restrictions of |
| the MAC algorithm for example exactly 32 chars for gost-mac. |
| |
| =item B<hexkey:string> |
| |
| Specifies MAC key in hexadecimal form (two hex digits per byte). |
| Key length must conform to any restrictions of the MAC algorithm |
| for example exactly 32 chars for gost-mac. |
| |
| =back |
| |
| =item B<-rand file(s)> |
| |
| a file or files containing random data used to seed the random number |
| generator, or an EGD socket (see L<RAND_egd(3)|RAND_egd(3)>). |
| Multiple files can be specified separated by a OS-dependent character. |
| The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for |
| all others. |
| |
| =item B<file...> |
| |
| file or files to digest. If no files are specified then standard input is |
| used. |
| |
| =back |
| |
| =head1 NOTES |
| |
| The digest of choice for all new applications is SHA1. Other digests are |
| however still widely used. |
| |
| If you wish to sign or verify data using the DSA algorithm then the dss1 |
| digest must be used. |
| |
| A source of random numbers is required for certain signing algorithms, in |
| particular DSA. |
| |
| The signing and verify options should only be used if a single file is |
| being signed or verified. |
| |
| =cut |