suzanne.soy/man-pages
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
gh-pages
man-pages/man1/dgst.1ssl.html
Suzanne Soy 4c89183f2b Added man pages from my system
2021-03-31 01:06:50 +01:00

308 lines
9.3 KiB
HTML
Raw Permalink Blame History

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML><HEAD><TITLE>Man page of DGST</TITLE>
</HEAD><BODY>
<H1>DGST</H1>
Section: OpenSSL (1SSL)<BR>Updated: 2021-03-22<BR><A HREF="#index">Index</A>
<A HREF="/cgi-bin/man/man2html">Return to Main Contents</A><HR>
<A NAME="lbAB">&nbsp;</A>
<H2>NAME</H2>
openssl-dgst, dgst - perform digest operations
<A NAME="lbAC">&nbsp;</A>
<H2>SYNOPSIS</H2>
<B>openssl dgst</B>
[<B>-</B>digest<B></B>]
[<B>-help</B>]
[<B>-c</B>]
[<B>-d</B>]
[<B>-list</B>]
[<B>-hex</B>]
[<B>-binary</B>]
[<B>-r</B>]
[<B>-out filename</B>]
[<B>-sign filename</B>]
[<B>-keyform arg</B>]
[<B>-passin arg</B>]
[<B>-verify filename</B>]
[<B>-prverify filename</B>]
[<B>-signature filename</B>]
[<B>-sigopt nm:v</B>]
[<B>-hmac key</B>]
[<B>-fips-fingerprint</B>]
[<B>-rand file...</B>]
[<B>-engine id</B>]
[<B>-engine_impl</B>]
[<B>file...</B>]
<P>
<B>openssl</B> <I>digest</I> [<B>...</B>]
<A NAME="lbAD">&nbsp;</A>
<H2>DESCRIPTION</H2>
The digest functions output the message digest of a supplied file or files
in hexadecimal. The digest functions also generate and verify digital
signatures using message digests.
<P>
The generic name, <B>dgst</B>, may be used with an option specifying the
algorithm to be used.
The default digest is <I>sha256</I>.
A supported <I>digest</I> name may also be used as the command name.
To see the list of supported algorithms, use the <I>list --digest-commands</I>
command.
<A NAME="lbAE">&nbsp;</A>
<H2>OPTIONS</H2>
<DL COMPACT>
<DT id="1"><B>-help</B><DD>
Print out a usage message.
<DT id="2"><B>-</B>digest<B></B><DD>
Specifies name of a supported digest to be used. To see the list of
supported digests, use the command <I>list --digest-commands</I>.
<DT id="3"><B>-c</B><DD>
Print out the digest in two digit groups separated by colons, only relevant if
<B>hex</B> format output is used.
<DT id="4"><B>-d</B><DD>
Print out <FONT SIZE="-1">BIO</FONT> debugging information.
<DT id="5"><B>-list</B><DD>
Prints out a list of supported message digests.
<DT id="6"><B>-hex</B><DD>
Digest is to be output as a hex dump. This is the default case for a ``normal''
digest as opposed to a digital signature. See <FONT SIZE="-1">NOTES</FONT> below for digital
signatures using <B>-hex</B>.
<DT id="7"><B>-binary</B><DD>
Output the digest or signature in binary form.
<DT id="8"><B>-r</B><DD>
Output the digest in the ``coreutils'' format, including newlines.
Used by programs like <B>sha1sum</B>.
<DT id="9"><B>-out filename</B><DD>
Filename to output to, or standard output by default.
<DT id="10"><B>-sign filename</B><DD>
Digitally sign the digest using the private key in ``filename''. Note this option
does not support Ed25519 or Ed448 private keys. Use the <B>pkeyutl</B> command
instead for this.
<DT id="11"><B>-keyform arg</B><DD>
Specifies the key format to sign digest with. The <FONT SIZE="-1">DER, PEM, P12,</FONT>
and <FONT SIZE="-1">ENGINE</FONT> formats are supported.
<DT id="12"><B>-sigopt nm:v</B><DD>
Pass options to the signature algorithm during sign or verify operations.
Names and values of these options are algorithm-specific.
<DT id="13"><B>-passin arg</B><DD>
The private key password source. For more information about the format of <B>arg</B>
see the <B></B><FONT SIZE="-1"><B>PASS PHRASE ARGUMENTS</B></FONT><B></B> section in <B><A HREF="/cgi-bin/man/man2html?1+openssl">openssl</A></B>(1).
<DT id="14"><B>-verify filename</B><DD>
Verify the signature using the public key in ``filename''.
The output is either ``Verification <FONT SIZE="-1">OK''</FONT> or ``Verification Failure''.
<DT id="15"><B>-prverify filename</B><DD>
Verify the signature using the private key in ``filename''.
<DT id="16"><B>-signature filename</B><DD>
The actual signature to verify.
<DT id="17"><B>-hmac key</B><DD>
Create a hashed <FONT SIZE="-1">MAC</FONT> using ``key''.
<DT id="18"><B>-mac alg</B><DD>
Create <FONT SIZE="-1">MAC</FONT> (keyed Message Authentication Code). The most popular <FONT SIZE="-1">MAC</FONT>
algorithm is <FONT SIZE="-1">HMAC</FONT> (hash-based <FONT SIZE="-1">MAC</FONT>), but there are other <FONT SIZE="-1">MAC</FONT> algorithms
which are not based on hash, for instance <B>gost-mac</B> algorithm,
supported by <B>ccgost</B> engine. <FONT SIZE="-1">MAC</FONT> keys and other options should be set
via <B>-macopt</B> parameter.
<DT id="19"><B>-macopt nm:v</B><DD>
Passes options to <FONT SIZE="-1">MAC</FONT> algorithm, specified by <B>-mac</B> key.
Following options are supported by both by <B></B><FONT SIZE="-1"><B>HMAC</B></FONT><B></B> and <B>gost-mac</B>:
<DL COMPACT><DT id="20"><DD>
<DL COMPACT>
<DT id="21"><B>key:string</B><DD>
Specifies <FONT SIZE="-1">MAC</FONT> key as alphanumeric string (use if key contain printable
characters only). String length must conform to any restrictions of
the <FONT SIZE="-1">MAC</FONT> algorithm for example exactly 32 chars for gost-mac.
<DT id="22"><B>hexkey:string</B><DD>
Specifies <FONT SIZE="-1">MAC</FONT> key in hexadecimal form (two hex digits per byte).
Key length must conform to any restrictions of the <FONT SIZE="-1">MAC</FONT> algorithm
for example exactly 32 chars for gost-mac.
</DL>
</DL>
<DL COMPACT><DT id="23"><DD>
</DL>
<DT id="24"><B>-rand file...</B><DD>
A file or files containing random data used to seed the random number
generator.
Multiple files can be specified separated by an OS-dependent character.
The separator is <B>;</B> for MS-Windows, <B>,</B> for OpenVMS, and <B>:</B> for
all others.
<DT id="25">[<B>-writerand file</B>]<DD>
Writes random data to the specified <I>file</I> upon exit.
This can be used with a subsequent <B>-rand</B> flag.
<DT id="26"><B>-fips-fingerprint</B><DD>
Compute <FONT SIZE="-1">HMAC</FONT> using a specific key for certain OpenSSL-FIPS operations.
<DT id="27"><B>-engine id</B><DD>
Use engine <B>id</B> for operations (including private key storage).
This engine is not used as source for digest algorithms, unless it is
also specified in the configuration file or <B>-engine_impl</B> is also
specified.
<DT id="28"><B>-engine_impl</B><DD>
When used with the <B>-engine</B> option, it specifies to also use
engine <B>id</B> for digest operations.
<DT id="29"><B>file...</B><DD>
File or files to digest. If no files are specified then standard input is
used.
</DL>
<A NAME="lbAF">&nbsp;</A>
<H2>EXAMPLES</H2>
To create a hex-encoded message digest of a file:
<BR>&nbsp;openssl&nbsp;dgst&nbsp;-md5&nbsp;-hex&nbsp;file.txt
<P>
To sign a file using <FONT SIZE="-1">SHA-256</FONT> with binary file output:
<BR>&nbsp;openssl&nbsp;dgst&nbsp;-sha256&nbsp;-sign&nbsp;privatekey.pem&nbsp;-out&nbsp;signature.sign&nbsp;file.txt
<P>
To verify a signature:
<BR>&nbsp;openssl&nbsp;dgst&nbsp;-sha256&nbsp;-verify&nbsp;publickey.pem&nbsp;\
<BR>&nbsp;-signature&nbsp;signature.sign&nbsp;\
<BR>&nbsp;file.txt
<A NAME="lbAG">&nbsp;</A>
<H2>NOTES</H2>
The digest mechanisms that are available will depend on the options
used when building OpenSSL.
The <B>list digest-commands</B> command can be used to list them.
<P>
New or agile applications should use probably use <FONT SIZE="-1">SHA-256.</FONT> Other digests,
particularly <FONT SIZE="-1">SHA-1</FONT> and <FONT SIZE="-1">MD5,</FONT> are still widely used for interoperating
with existing formats and protocols.
<P>
When signing a file, <B>dgst</B> will automatically determine the algorithm
(<FONT SIZE="-1">RSA, ECC,</FONT> etc) to use for signing based on the private key's <FONT SIZE="-1">ASN.1</FONT> info.
When verifying signatures, it only handles the <FONT SIZE="-1">RSA, DSA,</FONT> or <FONT SIZE="-1">ECDSA</FONT> signature
itself, not the related data to identify the signer and algorithm used in
formats such as x.509, <FONT SIZE="-1">CMS,</FONT> and S/MIME.
<P>
A source of random numbers is required for certain signing algorithms, in
particular <FONT SIZE="-1">ECDSA</FONT> and <FONT SIZE="-1">DSA.</FONT>
<P>
The signing and verify options should only be used if a single file is
being signed or verified.
<P>
Hex signatures cannot be verified using <B>openssl</B>. Instead, use ``xxd -r''
or similar program to transform the hex signature into a binary signature
prior to verification.
<A NAME="lbAH">&nbsp;</A>
<H2>HISTORY</H2>
The default digest was changed from <FONT SIZE="-1">MD5</FONT> to <FONT SIZE="-1">SHA256</FONT> in OpenSSL 1.1.0.
The FIPS-related options were removed in OpenSSL 1.1.0.
<A NAME="lbAI">&nbsp;</A>
<H2>COPYRIGHT</H2>
Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
<P>
Licensed under the OpenSSL license (the ``License''). You may not use
this file except in compliance with the License. You can obtain a copy
in the file <FONT SIZE="-1">LICENSE</FONT> in the source distribution or at
&lt;<A HREF="https://www.openssl.org/source/license.html">https://www.openssl.org/source/license.html</A>&gt;.
<P>
<HR>
<A NAME="index">&nbsp;</A><H2>Index</H2>
<DL>
<DT id="30"><A HREF="#lbAB">NAME</A><DD>
<DT id="31"><A HREF="#lbAC">SYNOPSIS</A><DD>
<DT id="32"><A HREF="#lbAD">DESCRIPTION</A><DD>
<DT id="33"><A HREF="#lbAE">OPTIONS</A><DD>
<DT id="34"><A HREF="#lbAF">EXAMPLES</A><DD>
<DT id="35"><A HREF="#lbAG">NOTES</A><DD>
<DT id="36"><A HREF="#lbAH">HISTORY</A><DD>
<DT id="37"><A HREF="#lbAI">COPYRIGHT</A><DD>
</DL>
<HR>
This document was created by
<A HREF="/cgi-bin/man/man2html">man2html</A>,
using the manual pages.<BR>
Time: 00:05:10 GMT, March 31, 2021
</BODY>
</HTML>
Reference in New Issue View Git Blame Copy Permalink