svcadm(1M)을 검색하려면 섹션에서 1M 을 선택하고, 맨 페이지 이름에 svcadm을 입력하고 검색을 누른다.
mac(1)
mac(1) User Commands mac(1)
NAME
mac - calculate message authentication codes of the input
SYNOPSIS
/usr/bin/mac -l
/usr/bin/mac [-v] -a algorithm [-t truncation]
[-k keyfile | -K key_label [-T token_spec]] [file]...
DESCRIPTION
The mac utility calculates the message authentication code (MAC) of the
given file or files using the algorithm specified.
If no input file is specified, input is read from standard input. If
more than one file is given, each line of output is the MAC of a single
file.
OPTIONS
The following options are supported:
-a algorithm Specifies the name of the algorithm to use during the
encryption or decryption process. See USAGE, Algo‐
rithms for details. Note: Algorithms for producing
general length MACs are not supported.
-k keyfile Specifies the file containing the key value for the
encryption algorithm. Each algorithm has specific key
material requirements, as stated in the PKCS#11 speci‐
fication. If -k is not specified, mac prompts for key
material using getpassphrase(3C).
For information on generating a key file, see the
pktool(1) and dd(8) man pages.
-K key_label Specify the label of a symmetric token key in a
PKCS#11 token.
-l Displays the list of algorithms available on the sys‐
tem. This list can change depending on the configura‐
tion of the cryptographic framework. The keysizes are
displayed in bits.
-T token_spec Specify a PKCS#11 token other than the default soft
token object store when the -K is specified.
token_spec has the format of:
token_name [:manuf_id [:serial_no]]
When a token label contains trailing spaces, this
option does not require them to be typed as a conve‐
nience to the user.
Colon separates token identification string. If any of
the parts have a literal colon (:) character, it must
be escaped by a backslash (\). If a colon (:) is not
found, the entire string (up to 32 characters) is
taken as the token label. If only one colon (:) is
found, the string is the token label and the manufac‐
turer.
-t truncation Specifies the digest truncation length, where t is any
positive number less than 512. Valid only for algo‐
rithm sha512_t_hmac.
-v Provides verbose information.
USAGE
Algorithms
The supported algorithms are displayed with the -l option. These algo‐
rithms are provided by the cryptographic framework. Each supported
algorithm is an alias to the most commonly used and least restricted
version of a particular algorithm type. For example, md5_hmac is an
alias to CKM_MD5_HMAC.
These aliases are used with the -a option and are case-sensitive.
Passphrase
When the -k option is not used during encryption and decryption tasks,
the user is prompted for a passphrase. The passphrase is manipulated
into a more secure key using the PBKDF2 algorithm specified in PKCS #5.
EXAMPLES
Example 1 Listing Available Algorithms
The following example lists available algorithms:
example$ mac -l
Algorithm Keysize: Min Max (bits)
-----------------------------------
sha1_hmac 8 512
md5_hmac 8 512
sha224_hmac 8 512
sha256_hmac 8 512
sha384_hmac 8 1024
sha512_hmac 8 1024
sha512_t_hmac 8 1024
Example 2 Getting the Message Authentication Code
The following example gets the message authentication code for a file:
example$ mac -v -k mykey -a sha1_hmac /export/foo
sha1_hmac (/export/foo) = 913ced311df10f1708d9848641ca8992f4718057
Example 3 Getting the Message Authentication Code with a Token Key
The following example gets the message authentication code with a
generic token key in the soft token keystore. The generic token key can
be generated with pktool(1):
example$ mac -v -a sha1_hmac -K my_generic_key \
-T "Sun Software PKCS#11 softtoken" /export/foo
Enter pin for Sun Software PKCS#11 softtoken:
sha1_hmac (/etc/foo) = c2ba5c38458c092a68940081240d22b670182968
EXIT STATUS
The following exit values are returned:
0 Successful completion.
> 0 An error occurred.
ATTRIBUTES
See attributes(7) for descriptions of the following attributes:
tab() box; cw(2.75i) |cw(2.75i) lw(2.75i) |lw(2.75i) ATTRIBUTE TYPEAT‐
TRIBUTE VALUE _ Availabilitysystem/core-os _ Interface StabilityCommit‐
ted
SEE ALSO
digest(1), pktool(1), getpassphrase(3C), libpkcs11(3LIB),
attributes(7), pkcs11_softtoken(7), dd(8)
Kaliski, B., RFC 2898, PKCS #5: Password-Based Cryptography Specifica‐
tion, Version 2.0, September 2000. https://tools.ietf.org/html/rfc2898
https://www.oasis-open.org/committees/pkcs11/
HISTORY
Support for the des_mac algorithm was removed in Oracle Solaris 11.4.0.
The -t option and sha512_t_hmac algorithm were added in Solaris 11.4.0.
The sha224_hmac algorithm was added in Solaris 11.1.0.
The -K and -T options were added in Solaris 11.0.0.
The SHA-2 algorithms sha256_hmac, sha384_hmac, and sha512_hmac were
added in Solaris 10 6/06 (Update 2).
The mac command, and all other other algorithms & options, were added
in Solaris 10 3/05.
Oracle Solaris 11.4 21 Jun 2021 mac(1)