B<openssl mac>
[B<-help>]
+[B<-cipher>]
+[B<-digest>]
[B<-macopt>]
[B<-in> I<filename>]
[B<-out> I<filename>]
Input filename to calculate a MAC for, or standard input by default.
Standard input is used if the filename is '-'.
-Files are expected to be in binary format, standard input uses hexadecimal text
-format.
+Files and standard input are expected to be in binary format.
=item B<-out> I<filename>
Output the MAC in binary form. Uses hexadecimal text format if not specified.
+=item B<-cipher> I<name>
+
+Used by CMAC and GMAC to specify the cipher algorithm.
+For CMAC it should be a CBC mode cipher e.g. AES-128-CBC.
+For GMAC it should be a GCM mode cipher e.g. AES-128-GCM.
+
+=item B<-digest> I<name>
+
+Used by HMAC as an alphanumeric string (use if the key contains printable
+characters only).
+The string length must conform to any restrictions of the MAC algorithm.
+To see the list of supported digests, use C<openssl list -digest-commands>.
+
=item B<-macopt> I<nm>:I<v>
Passes options to the MAC algorithm.
The key length must conform to any restrictions of the MAC algorithm.
A key must be specified for every MAC algorithm.
-=item B<digest:>I<string>
-
-Used by HMAC as an alphanumeric string (use if the key contains printable
-characters only).
-The string length must conform to any restrictions of the MAC algorithm.
-To see the list of supported digests, use C<openssl list -digest-commands>.
-
-=item B<cipher:>I<string>
-
-Used by CMAC and GMAC to specify the cipher algorithm.
-For CMAC it must be one of AES-128-CBC, AES-192-CBC, AES-256-CBC or
-DES-EDE3-CBC.
-For GMAC it should be a GCM mode cipher e.g. AES-128-GCM.
-
=item B<iv:>I<string>
Used by GMAC to specify an IV as an alphanumeric string (use if the IV contains
Used by KMAC128 or KMAC256 to specify a customization string.
The default is the empty string "".
+=item B<digest:>I<string>
+
+This option is identical to the B<-digest> option.
+
+=item B<cipher:>I<string>
+
+This option is identical to the B<-cipher> option.
+
=back
{- $OpenSSL::safe::opt_provider_item -}
=item I<mac_name>
Specifies the name of a supported MAC algorithm which will be used.
-To see the list of supported MAC's use the command C<opensssl list
+To see the list of supported MAC's use the command C<openssl list
-mac-algorithms>.
=back
=head1 EXAMPLES
-To create a hex-encoded HMAC-SHA1 MAC of a file and write to stdout: \
- openssl mac -macopt digest:SHA1 \
+To create a hex-encoded HMAC-SHA1 MAC of a file and write to stdout:
+
+ openssl mac -digest SHA1 \
-macopt hexkey:000102030405060708090A0B0C0D0E0F10111213 \
-in msg.bin HMAC
-To create a SipHash MAC from a file with a binary file output: \
+To create a SipHash MAC from a file with a binary file output:
+
openssl mac -macopt hexkey:000102030405060708090A0B0C0D0E0F \
-in msg.bin -out out.bin -binary SipHash
-To create a hex-encoded CMAC-AES-128-CBC MAC from a file:\
- openssl mac -macopt cipher:AES-128-CBC \
+To create a hex-encoded CMAC-AES-128-CBC MAC from a file:
+
+ openssl mac -cipher AES-128-CBC \
-macopt hexkey:77A77FAF290C1FA30C683DF16BA7A77B \
-in msg.bin CMAC
To create a hex-encoded KMAC128 MAC from a file with a Customisation String
-'Tag' and output length of 16: \
+'Tag' and output length of 16:
+
openssl mac -macopt custom:Tag -macopt hexkey:40414243444546 \
-macopt size:16 -in msg.bin KMAC128
-To create a hex-encoded GMAC-AES-128-GCM with a IV from a file: \
- openssl mac -macopt cipher:AES-128-GCM -macopt hexiv:E0E00F19FED7BA0136A797F3 \
+To create a hex-encoded GMAC-AES-128-GCM with a IV from a file:
+
+ openssl mac -cipher AES-128-GCM -macopt hexiv:E0E00F19FED7BA0136A797F3 \
-macopt hexkey:77A77FAF290C1FA30C683DF16BA7A77B -in msg.bin GMAC
=head1 NOTES
=head1 COPYRIGHT
-Copyright 2018-2020 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2018-2024 The OpenSSL Project Authors. All Rights Reserved.
-Licensed under the OpenSSL license (the "License"). You may not use
+Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.