dgst.pod revision 246771
1226031Sstas=pod 2 3=head1 NAME 4 5dgst, md5, md4, md2, sha1, sha, mdc2, ripemd160 - message digests 6 7=head1 SYNOPSIS 8 9B<openssl> B<dgst> 10[B<-md5|-md4|-md2|-sha1|-sha|-mdc2|-ripemd160|-dss1>] 11[B<-c>] 12[B<-d>] 13[B<-hex>] 14[B<-binary>] 15[B<-out filename>] 16[B<-sign filename>] 17[B<-keyform arg>] 18[B<-passin arg>] 19[B<-verify filename>] 20[B<-prverify filename>] 21[B<-signature filename>] 22[B<-hmac key>] 23[B<file...>] 24 25[B<md5|md4|md2|sha1|sha|mdc2|ripemd160>] 26[B<-c>] 27[B<-d>] 28[B<file...>] 29 30=head1 DESCRIPTION 31 32The digest functions output the message digest of a supplied file or files 33in hexadecimal form. They can also be used for digital signing and verification. 34 35=head1 OPTIONS 36 37=over 4 38 39=item B<-c> 40 41print out the digest in two digit groups separated by colons, only relevant if 42B<hex> format output is used. 43 44=item B<-d> 45 46print out BIO debugging information. 47 48=item B<-hex> 49 50digest is to be output as a hex dump. This is the default case for a "normal" 51digest as opposed to a digital signature. 52 53=item B<-binary> 54 55output the digest or signature in binary form. 56 57=item B<-out filename> 58 59filename to output to, or standard output by default. 60 61=item B<-sign filename> 62 63digitally sign the digest using the private key in "filename". 64 65=item B<-keyform arg> 66 67Specifies the key format to sign digest with. Only PEM and ENGINE 68formats are supported by the B<dgst> command. 69 70=item B<-engine id> 71 72Use engine B<id> for operations (including private key storage). 73This engine is not used as source for digest algorithms, unless it is 74also specified in the configuration file. 75 76=item B<-sigopt nm:v> 77 78Pass options to the signature algorithm during sign or verify operations. 79Names and values of these options are algorithm-specific. 80 81 82=item B<-passin arg> 83 84the private key password source. For more information about the format of B<arg> 85see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>. 86 87=item B<-verify filename> 88 89verify the signature using the public key in "filename". 90The output is either "Verification OK" or "Verification Failure". 91 92=item B<-prverify filename> 93 94verify the signature using the private key in "filename". 95 96=item B<-signature filename> 97 98the actual signature to verify. 99 100=item B<-hmac key> 101 102create a hashed MAC using "key". 103 104=item B<-mac alg> 105 106create MAC (keyed Message Authentication Code). The most popular MAC 107algorithm is HMAC (hash-based MAC), but there are other MAC algorithms 108which are not based on hash, for instance B<gost-mac> algorithm, 109supported by B<ccgost> engine. MAC keys and other options should be set 110via B<-macopt> parameter. 111 112=item B<-macopt nm:v> 113 114Passes options to MAC algorithm, specified by B<-mac> key. 115Following options are supported by both by B<HMAC> and B<gost-mac>: 116 117=over 8 118 119=item B<key:string> 120 121Specifies MAC key as alphnumeric string (use if key contain printable 122characters only). String length must conform to any restrictions of 123the MAC algorithm for example exactly 32 chars for gost-mac. 124 125=item B<hexkey:string> 126 127Specifies MAC key in hexadecimal form (two hex digits per byte). 128Key length must conform to any restrictions of the MAC algorithm 129for example exactly 32 chars for gost-mac. 130 131=back 132 133=item B<-rand file(s)> 134 135a file or files containing random data used to seed the random number 136generator, or an EGD socket (see L<RAND_egd(3)|RAND_egd(3)>). 137Multiple files can be specified separated by a OS-dependent character. 138The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for 139all others. 140 141=item B<file...> 142 143file or files to digest. If no files are specified then standard input is 144used. 145 146=back 147 148=head1 NOTES 149 150The digest of choice for all new applications is SHA1. Other digests are 151however still widely used. 152 153If you wish to sign or verify data using the DSA algorithm then the dss1 154digest must be used. 155 156A source of random numbers is required for certain signing algorithms, in 157particular DSA. 158 159The signing and verify options should only be used if a single file is 160being signed or verified. 161 162=cut 163