Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) Standard preamble: ========================================================================..
..
..
Set up some character translations and predefined strings. \*(-- will give an unbreakable dash, \*(PI will give pi, \*(L" will give a left double quote, and \*(R" will give a right double quote. \*(C+ will give a nicer C++. Capital omega is used to do unbreakable dashes and therefore won't be available. \*(C` and \*(C' expand to `' in nroff, nothing in troff, for use with C<>..tr \(*W-
. ds -- \(*W-
. ds PI pi
. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
. ds L" ""
. ds R" ""
. ds C` ""
. ds C' ""
'br\}
. ds -- \|\(em\|
. ds PI \(*p
. ds L" ``
. ds R" ''
. ds C`
. ds C'
'br\}
Escape single quotes in literal strings from groff's Unicode transform. If the F register is turned on, we'll generate index entries on stderr for titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index entries marked with X<> in POD. Of course, you'll have to process the output yourself in some meaningful fashion. Avoid warning from groff about undefined register 'F'...
.nr rF 0
. if \nF \{
. de IX
. tm Index:\\$1\t\\n%\t"\\$2"
..
. if !\nF==2 \{
. nr % 0
. nr F 2
. \}
. \}
.\}
.rr rF
Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). Fear. Run. Save yourself. No user-serviceable parts.. \" fudge factors for nroff and troff
. ds #H 0
. ds #V .8m
. ds #F .3m
. ds #[ \f1
. ds #]
.\}
. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
. ds #V .6m
. ds #F 0
. ds #[ \&
. ds #] \&
.\}
. \" simple accents for nroff and troff
. ds ' \&
. ds ` \&
. ds ^ \&
. ds , \&
. ds ~ ~
. ds /
.\}
. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
.\}
. \" troff and (daisy-wheel) nroff accents
. \" corrections for vroff
. \" for low resolution devices (crt and lpr)
\{\
. ds : e
. ds 8 ss
. ds o a
. ds d- d\h'-1'\(ga
. ds D- D\h'-1'\(hy
. ds th \o'bp'
. ds Th \o'LP'
. ds ae ae
. ds Ae AE
.\}
======================================================================== Title "DGST 1" DGST 1 "2015-07-09" "1.0.1p" "OpenSSL"
For nroff, turn off justification. Always turn off hyphenation; it makes way too many mistakes in technical documents. "NAME"
dgst, sha, sha1, mdc2, ripemd160, sha224, sha256, sha384, sha512, md2, md4, md5, dss1 - message digests
"SYNOPSIS"
Header "SYNOPSIS" \fBopenssl
dgst
[
-sha|-sha1|-mdc2|-ripemd160|-sha224|-sha256|-sha384|-sha512|-md2|-md4|-md5|-dss1]
[
-c]
[
-d]
[
-hex]
[
-binary]
[
-r]
[
-hmac arg]
[
-non-fips-allow]
[
-out filename]
[
-sign filename]
[
-keyform arg]
[
-passin arg]
[
-verify filename]
[
-prverify filename]
[
-signature filename]
[
-hmac key]
[
-non-fips-allow]
[
-fips-fingerprint]
[
file...]
\fBopenssl
[digest]
[...]
"DESCRIPTION"
Header "DESCRIPTION" The digest functions output the message digest of a supplied file or files
in hexadecimal. The digest functions also generate and verify digital
signatures using message digests.
"OPTIONS"
Header "OPTIONS" "-c" 4
Item "-c" print out the digest in two digit groups separated by colons, only relevant if
\fBhex format output is used.
"-d" 4
Item "-d" print out \s-1BIO\s0 debugging information.
"-hex" 4
Item "-hex" digest is to be output as a hex dump. This is the default case for a \*(L"normal\*(R"
digest as opposed to a digital signature. See \s-1NOTES\s0 below for digital
signatures using
-hex.
"-binary" 4
Item "-binary" output the digest or signature in binary form.
"-r" 4
Item "-r" output the digest in the \*(L"coreutils\*(R" format used by programs like
sha1sum.
"-hmac arg" 4
Item "-hmac arg" set the \s-1HMAC\s0 key to \*(L"arg\*(R".
"-non-fips-allow" 4
Item "-non-fips-allow" Allow use of non \s-1FIPS\s0 digest when in \s-1FIPS\s0 mode. This has no effect when not in
\s-1FIPS\s0 mode.
"-out filename" 4
Item "-out filename" filename to output to, or standard output by default.
"-sign filename" 4
Item "-sign filename" digitally sign the digest using the private key in \*(L"filename\*(R".
"-keyform arg" 4
Item "-keyform arg" Specifies the key format to sign digest with. The \s-1DER, PEM, P12,\s0
and \s-1ENGINE\s0 formats are supported.
"-engine id" 4
Item "-engine id" Use engine
id for operations (including private key storage).
This engine is not used as source for digest algorithms, unless it is
also specified in the configuration file.
"-sigopt nm:v" 4
Item "-sigopt nm:v" Pass options to the signature algorithm during sign or verify operations.
Names and values of these options are algorithm-specific.
"-passin arg" 4
Item "-passin arg" the private key password source. For more information about the format of
arg
see the
\s-1PASS PHRASE ARGUMENTS\s0 section in
openssl\|(1).
"-verify filename" 4
Item "-verify filename" verify the signature using the public key in \*(L"filename\*(R".
The output is either \*(L"Verification \s-1OK\*(R"\s0 or \*(L"Verification Failure\*(R".
"-prverify filename" 4
Item "-prverify filename" verify the signature using the private key in \*(L"filename\*(R".
"-signature filename" 4
Item "-signature filename" the actual signature to verify.
"-hmac key" 4
Item "-hmac key" create a hashed \s-1MAC\s0 using \*(L"key\*(R".
"-mac alg" 4
Item "-mac alg" create \s-1MAC \s0(keyed Message Authentication Code). The most popular \s-1MAC\s0
algorithm is \s-1HMAC \s0(hash-based \s-1MAC\s0), but there are other \s-1MAC\s0 algorithms
which are not based on hash, for instance
gost-mac algorithm,
supported by
ccgost engine. \s-1MAC\s0 keys and other options should be set
via
-macopt parameter.
"-macopt nm:v" 4
Item "-macopt nm:v" Passes options to \s-1MAC\s0 algorithm, specified by
-mac key.
Following options are supported by both by
\s-1HMAC\s0 and
gost-mac:
"key:string" 8
Item "key:string" Specifies \s-1MAC\s0 key as alphnumeric string (use if key contain printable
characters only). String length must conform to any restrictions of
the \s-1MAC\s0 algorithm for example exactly 32 chars for gost-mac.
"hexkey:string" 8
Item "hexkey:string" Specifies \s-1MAC\s0 key in hexadecimal form (two hex digits per byte).
Key length must conform to any restrictions of the \s-1MAC\s0 algorithm
for example exactly 32 chars for gost-mac.
"-rand file(s)" 4
Item "-rand file(s)" a file or files containing random data used to seed the random number
generator, or an \s-1EGD\s0 socket (see
RAND_egd\|(3)).
Multiple files can be specified separated by a OS-dependent character.
The separator is
; for MS-Windows,
, for OpenVMS, and
: for
all others.
"-non-fips-allow" 4
Item "-non-fips-allow" enable use of non-FIPS algorithms such as \s-1MD5\s0 even in \s-1FIPS\s0 mode.
"-fips-fingerprint" 4
Item "-fips-fingerprint" compute \s-1HMAC\s0 using a specific key
for certain OpenSSL-FIPS operations.
"file..." 4
Item "file..." file or files to digest. If no files are specified then standard input is
used.
"EXAMPLES"
Header "EXAMPLES" To create a hex-encoded message digest of a file:
openssl dgst -md5 -hex
file.txt
To sign a file using \s-1SHA-256\s0 with binary file output:
openssl dgst -sha256 -sign privatekey.pem -out signature.sign file.txt
To verify a signature:
openssl dgst -sha256 -verify publickey.pem \e
-signature signature.sign \e
file.txt
"NOTES"
Header "NOTES" The digest of choice for all new applications is \s-1SHA1.\s0 Other digests are
however still widely used.
When signing a file, dgst will automatically determine the algorithm
(\s-1RSA, ECC,\s0 etc) to use for signing based on the private key's \s-1ASN.1\s0 info.
When verifying signatures, it only handles the \s-1RSA, DSA,\s0 or \s-1ECDSA\s0 signature
itself, not the related data to identify the signer and algorithm used in
formats such as x.509, \s-1CMS,\s0 and S/MIME.
A source of random numbers is required for certain signing algorithms, in
particular \s-1ECDSA\s0 and \s-1DSA.\s0
The signing and verify options should only be used if a single file is
being signed or verified.
Hex signatures cannot be verified using openssl. Instead, use \*(L"xxd -r\*(R"
or similar program to transform the hex signature into a binary signature
prior to verification.