dgst.pod revision 238405
159191Skris=pod 259191Skris 359191Skris=head1 NAME 459191Skris 568651Skrisdgst, md5, md4, md2, sha1, sha, mdc2, ripemd160 - message digests 659191Skris 759191Skris=head1 SYNOPSIS 859191Skris 959191SkrisB<openssl> B<dgst> 1068651Skris[B<-md5|-md4|-md2|-sha1|-sha|-mdc2|-ripemd160|-dss1>] 1159191Skris[B<-c>] 1259191Skris[B<-d>] 1368651Skris[B<-hex>] 1468651Skris[B<-binary>] 1568651Skris[B<-out filename>] 1668651Skris[B<-sign filename>] 17238405Sjkim[B<-keyform arg>] 18160814Ssimon[B<-passin arg>] 1968651Skris[B<-verify filename>] 2068651Skris[B<-prverify filename>] 2168651Skris[B<-signature filename>] 22194206Ssimon[B<-hmac key>] 2359191Skris[B<file...>] 2459191Skris 2568651Skris[B<md5|md4|md2|sha1|sha|mdc2|ripemd160>] 2659191Skris[B<-c>] 2759191Skris[B<-d>] 2859191Skris[B<file...>] 2959191Skris 3059191Skris=head1 DESCRIPTION 3159191Skris 3268651SkrisThe digest functions output the message digest of a supplied file or files 3368651Skrisin hexadecimal form. They can also be used for digital signing and verification. 3459191Skris 3559191Skris=head1 OPTIONS 3659191Skris 3759191Skris=over 4 3859191Skris 3959191Skris=item B<-c> 4059191Skris 4168651Skrisprint out the digest in two digit groups separated by colons, only relevant if 4268651SkrisB<hex> format output is used. 4359191Skris 4459191Skris=item B<-d> 4559191Skris 4659191Skrisprint out BIO debugging information. 4759191Skris 4868651Skris=item B<-hex> 4968651Skris 5068651Skrisdigest is to be output as a hex dump. This is the default case for a "normal" 5168651Skrisdigest as opposed to a digital signature. 5268651Skris 5368651Skris=item B<-binary> 5468651Skris 5568651Skrisoutput the digest or signature in binary form. 5668651Skris 5768651Skris=item B<-out filename> 5868651Skris 5968651Skrisfilename to output to, or standard output by default. 6068651Skris 6168651Skris=item B<-sign filename> 6268651Skris 6368651Skrisdigitally sign the digest using the private key in "filename". 6468651Skris 65238405Sjkim=item B<-keyform arg> 66238405Sjkim 67238405SjkimSpecifies the key format to sign digest with. Only PEM and ENGINE 68238405Sjkimformats are supported by the B<dgst> command. 69238405Sjkim 70238405Sjkim=item B<-engine id> 71238405Sjkim 72238405SjkimUse engine B<id> for operations (including private key storage). 73238405SjkimThis engine is not used as source for digest algorithms, unless it is 74238405Sjkimalso specified in the configuration file. 75238405Sjkim 76238405Sjkim=item B<-sigopt nm:v> 77238405Sjkim 78238405SjkimPass options to the signature algorithm during sign or verify operations. 79238405SjkimNames and values of these options are algorithm-specific. 80238405Sjkim 81238405Sjkim 82160814Ssimon=item B<-passin arg> 83160814Ssimon 84160814Ssimonthe private key password source. For more information about the format of B<arg> 85160814Ssimonsee the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>. 86160814Ssimon 8768651Skris=item B<-verify filename> 8868651Skris 89237658Sjkimverify the signature using the public key in "filename". 9068651SkrisThe output is either "Verification OK" or "Verification Failure". 9168651Skris 9268651Skris=item B<-prverify filename> 9368651Skris 9468651Skrisverify the signature using the the private key in "filename". 9568651Skris 9668651Skris=item B<-signature filename> 9768651Skris 9868651Skristhe actual signature to verify. 9968651Skris 100194206Ssimon=item B<-hmac key> 101194206Ssimon 102194206Ssimoncreate a hashed MAC using "key". 103194206Ssimon 104238405Sjkim=item B<-mac alg> 105238405Sjkim 106238405Sjkimcreate MAC (keyed Message Authentication Code). The most popular MAC 107238405Sjkimalgorithm is HMAC (hash-based MAC), but there are other MAC algorithms 108238405Sjkimwhich are not based on hash, for instance B<gost-mac> algorithm, 109238405Sjkimsupported by B<ccgost> engine. MAC keys and other options should be set 110238405Sjkimvia B<-macopt> parameter. 111238405Sjkim 112238405Sjkim=item B<-macopt nm:v> 113238405Sjkim 114238405SjkimPasses options to MAC algorithm, specified by B<-mac> key. 115238405SjkimFollowing options are supported by both by B<HMAC> and B<gost-mac>: 116238405Sjkim 117238405Sjkim=over 8 118238405Sjkim 119238405Sjkim=item B<key:string> 120238405Sjkim 121238405SjkimSpecifies MAC key as alphnumeric string (use if key contain printable 122238405Sjkimcharacters only). String length must conform to any restrictions of 123238405Sjkimthe MAC algorithm for example exactly 32 chars for gost-mac. 124238405Sjkim 125238405Sjkim=item B<hexkey:string> 126238405Sjkim 127238405SjkimSpecifies MAC key in hexadecimal form (two hex digits per byte). 128238405SjkimKey length must conform to any restrictions of the MAC algorithm 129238405Sjkimfor example exactly 32 chars for gost-mac. 130238405Sjkim 131238405Sjkim=back 132238405Sjkim 13368651Skris=item B<-rand file(s)> 13468651Skris 13568651Skrisa file or files containing random data used to seed the random number 13668651Skrisgenerator, or an EGD socket (see L<RAND_egd(3)|RAND_egd(3)>). 13768651SkrisMultiple files can be specified separated by a OS-dependent character. 13868651SkrisThe separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for 13968651Skrisall others. 14068651Skris 14159191Skris=item B<file...> 14259191Skris 14359191Skrisfile or files to digest. If no files are specified then standard input is 14459191Skrisused. 14559191Skris 14659191Skris=back 14759191Skris 14859191Skris=head1 NOTES 14959191Skris 15059191SkrisThe digest of choice for all new applications is SHA1. Other digests are 15159191Skrishowever still widely used. 15259191Skris 15368651SkrisIf you wish to sign or verify data using the DSA algorithm then the dss1 15468651Skrisdigest must be used. 15568651Skris 15668651SkrisA source of random numbers is required for certain signing algorithms, in 15768651Skrisparticular DSA. 15868651Skris 15968651SkrisThe signing and verify options should only be used if a single file is 16068651Skrisbeing signed or verified. 16168651Skris 16259191Skris=cut 163