summaryrefslogtreecommitdiffstats
path: root/secure/usr.bin/openssl/man/dgst.1
diff options
context:
space:
mode:
Diffstat (limited to 'secure/usr.bin/openssl/man/dgst.1')
-rw-r--r--secure/usr.bin/openssl/man/dgst.161
1 files changed, 47 insertions, 14 deletions
diff --git a/secure/usr.bin/openssl/man/dgst.1 b/secure/usr.bin/openssl/man/dgst.1
index 6f6068b..42e5acc 100644
--- a/secure/usr.bin/openssl/man/dgst.1
+++ b/secure/usr.bin/openssl/man/dgst.1
@@ -124,21 +124,22 @@
.\" ========================================================================
.\"
.IX Title "DGST 1"
-.TH DGST 1 "2014-08-06" "1.0.1i" "OpenSSL"
+.TH DGST 1 "2014-10-15" "1.0.1j" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
-dgst, md5, md4, md2, sha1, sha, mdc2, ripemd160 \- message digests
+dgst, sha, sha1, mdc2, ripemd160, sha224, sha256, sha384, sha512, md2, md4, md5, dss1 \- message digests
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
\&\fBopenssl\fR \fBdgst\fR
-[\fB\-md5|\-md4|\-md2|\-sha1|\-sha|\-mdc2|\-ripemd160|\-dss1\fR]
+[\fB\-sha|\-sha1|\-mdc2|\-ripemd160|\-sha224|\-sha256|\-sha384|\-sha512|\-md2|\-md4|\-md5|\-dss1\fR]
[\fB\-c\fR]
[\fB\-d\fR]
[\fB\-hex\fR]
[\fB\-binary\fR]
+[\fB\-r\fR]
[\fB\-out filename\fR]
[\fB\-sign filename\fR]
[\fB\-keyform arg\fR]
@@ -147,16 +148,18 @@ dgst, md5, md4, md2, sha1, sha, mdc2, ripemd160 \- message digests
[\fB\-prverify filename\fR]
[\fB\-signature filename\fR]
[\fB\-hmac key\fR]
+[\fB\-non\-fips\-allow\fR]
+[\fB\-fips\-fingerprint\fR]
[\fBfile...\fR]
.PP
-[\fBmd5|md4|md2|sha1|sha|mdc2|ripemd160\fR]
-[\fB\-c\fR]
-[\fB\-d\fR]
-[\fBfile...\fR]
+\&\fBopenssl\fR
+[\fIdigest\fR]
+[\fB...\fR]
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
The digest functions output the message digest of a supplied file or files
-in hexadecimal form. They can also be used for digital signing and verification.
+in hexadecimal. The digest functions also generate and verify digital
+signatures using message digests.
.SH "OPTIONS"
.IX Header "OPTIONS"
.IP "\fB\-c\fR" 4
@@ -169,10 +172,14 @@ print out \s-1BIO\s0 debugging information.
.IP "\fB\-hex\fR" 4
.IX Item "-hex"
digest is to be output as a hex dump. This is the default case for a \*(L"normal\*(R"
-digest as opposed to a digital signature.
+digest as opposed to a digital signature. See \s-1NOTES\s0 below for digital
+signatures using \fB\-hex\fR.
.IP "\fB\-binary\fR" 4
.IX Item "-binary"
output the digest or signature in binary form.
+.IP "\fB\-r\fR" 4
+.IX Item "-r"
+output the digest in the \*(L"coreutils\*(R" format used by programs like \fBsha1sum\fR.
.IP "\fB\-out filename\fR" 4
.IX Item "-out filename"
filename to output to, or standard output by default.
@@ -181,8 +188,8 @@ filename to output to, or standard output by default.
digitally sign the digest using the private key in \*(L"filename\*(R".
.IP "\fB\-keyform arg\fR" 4
.IX Item "-keyform arg"
-Specifies the key format to sign digest with. Only \s-1PEM\s0 and \s-1ENGINE\s0
-formats are supported by the \fBdgst\fR command.
+Specifies the key format to sign digest with. The \s-1DER\s0, \s-1PEM\s0, P12,
+and \s-1ENGINE\s0 formats are supported.
.IP "\fB\-engine id\fR" 4
.IX Item "-engine id"
Use engine \fBid\fR for operations (including private key storage).
@@ -241,20 +248,46 @@ generator, or an \s-1EGD\s0 socket (see \fIRAND_egd\fR\|(3)).
Multiple files can be specified separated by a OS-dependent character.
The separator is \fB;\fR for MS-Windows, \fB,\fR for OpenVMS, and \fB:\fR for
all others.
+.IP "\fB\-non\-fips\-allow\fR" 4
+.IX Item "-non-fips-allow"
+enable use of non-FIPS algorithms such as \s-1MD5\s0 even in \s-1FIPS\s0 mode.
+.IP "\fB\-fips\-fingerprint\fR" 4
+.IX Item "-fips-fingerprint"
+compute \s-1HMAC\s0 using a specific key
+for certain OpenSSL-FIPS operations.
.IP "\fBfile...\fR" 4
.IX Item "file..."
file or files to digest. If no files are specified then standard input is
used.
+.SH "EXAMPLES"
+.IX Header "EXAMPLES"
+To create a hex-encoded message digest of a file:
+ openssl dgst \-md5 \-hex file.txt
+.PP
+To sign a file using \s-1SHA\-256\s0 with binary file output:
+ openssl dgst \-sha256 \-sign privatekey.pem \-out signature.sign file.txt
+.PP
+To verify a signature:
+ openssl dgst \-sha256 \-verify publickey.pem \e
+ \-signature signature.sign \e
+ file.txt
.SH "NOTES"
.IX Header "NOTES"
The digest of choice for all new applications is \s-1SHA1\s0. Other digests are
however still widely used.
.PP
-If you wish to sign or verify data using the \s-1DSA\s0 algorithm then the dss1
-digest must be used.
+When signing a file, \fBdgst\fR will automatically determine the algorithm
+(\s-1RSA\s0, \s-1ECC\s0, etc) to use for signing based on the private key's \s-1ASN\s0.1 info.
+When verifying signatures, it only handles the \s-1RSA\s0, \s-1DSA\s0, or \s-1ECDSA\s0 signature
+itself, not the related data to identify the signer and algorithm used in
+formats such as x.509, \s-1CMS\s0, and S/MIME.
.PP
A source of random numbers is required for certain signing algorithms, in
-particular \s-1DSA\s0.
+particular \s-1ECDSA\s0 and \s-1DSA\s0.
.PP
The signing and verify options should only be used if a single file is
being signed or verified.
+.PP
+Hex signatures cannot be verified using \fBopenssl\fR. Instead, use \*(L"xxd \-r\*(R"
+or similar program to transform the hex signature into a binary signature
+prior to verification.
OpenPOWER on IntegriCloud