diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2009-04-15 15:27:03 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2009-04-15 15:27:03 +0000 |
commit | e5fa864f62c096536d700d977a5eb924ad293304 (patch) | |
tree | f97991450654a74c8f8ace4ea11e88a1c055818f /doc/apps/dgst.pod | |
parent | 22c98d4aad76f39ab19e5b63e1448c7d28ca7617 (diff) | |
download | openssl-e5fa864f62c096536d700d977a5eb924ad293304.zip openssl-e5fa864f62c096536d700d977a5eb924ad293304.tar.gz openssl-e5fa864f62c096536d700d977a5eb924ad293304.tar.bz2 |
Updates from 1.0.0-stable.
Diffstat (limited to 'doc/apps/dgst.pod')
-rw-r--r-- | doc/apps/dgst.pod | 47 |
1 files changed, 47 insertions, 0 deletions
diff --git a/doc/apps/dgst.pod b/doc/apps/dgst.pod index 908cd2a..b035edf 100644 --- a/doc/apps/dgst.pod +++ b/doc/apps/dgst.pod @@ -14,6 +14,7 @@ B<openssl> B<dgst> [B<-binary>] [B<-out filename>] [B<-sign filename>] +[B<-keyform arg>] [B<-passin arg>] [B<-verify filename>] [B<-prverify filename>] @@ -61,6 +62,23 @@ filename to output to, or standard output by default. digitally sign the digest using the private key in "filename". +=item B<-keyform arg> + +Specifies the key format to sign digest with. Only PEM and ENGINE +formats are supported by the B<dgst> command. + +=item B<-engine id> + +Use engine B<id> for operations (including private key storage). +This engine is not used as source for digest algorithms, unless it is +also specified in the configuration file. + +=item B<-sigopt nm:v> + +Pass options to the signature algorithm during sign or verify operations. +Names and values of these options are algorithm-specific. + + =item B<-passin arg> the private key password source. For more information about the format of B<arg> @@ -83,6 +101,35 @@ the actual signature to verify. create a hashed MAC using "key". +=item B<-mac alg> + +create MAC (keyed Message Authentication Code). The most popular MAC +algorithm is HMAC (hash-based MAC), but there are other MAC algorithms +which are not based on hash, for instance B<gost-mac> algorithm, +supported by B<ccgost> engine. MAC keys and other options should be set +via B<-macopt> parameter. + +=item B<-macopt nm:v> + +Passes options to MAC algorithm, specified by B<-mac> key. +Following options are supported by both by B<HMAC> and B<gost-mac>: + +=over 8 + +=item B<key:string> + +Specifies MAC key as alphnumeric string (use if key contain printable +characters only). String length must conform to any restrictions of +the MAC algorithm for example exactly 32 chars for gost-mac. + +=item B<hexkey:string> + +Specifies MAC key in hexadecimal form (two hex digits per byte). +Key length must conform to any restrictions of the MAC algorithm +for example exactly 32 chars for gost-mac. + +=back + =item B<-rand file(s)> a file or files containing random data used to seed the random number |