mac(1) 맨 페이지 - 윈디하나의 솔라나라

개요

섹션
맨 페이지 이름
검색(S)

mac(1)

mac(1)                           User Commands                          mac(1)



NAME
       mac - calculate message authentication codes of the input

SYNOPSIS
       /usr/bin/mac -l


       /usr/bin/mac [-v] -a algorithm [-t truncation]
          [-k keyfile | -K key_label [-T token_spec]] [file]...

DESCRIPTION
       The mac utility calculates the message authentication code (MAC) of the
       given file or files using the algorithm specified.


       If no input file is specified, input is read from  standard  input.  If
       more than one file is given, each line of output is the MAC of a single
       file.

OPTIONS
       The following options are supported:

       -a algorithm     Specifies the name of the algorithm to use during  the
                        encryption  or  decryption  process.  See USAGE, Algo‐
                        rithms for details.  Note:  Algorithms  for  producing
                        general length MACs are not supported.


       -k keyfile       Specifies  the  file  containing the key value for the
                        encryption algorithm. Each algorithm has specific  key
                        material requirements, as stated in the PKCS#11 speci‐
                        fication. If -k is not specified, mac prompts for  key
                        material using getpassphrase(3C).

                        For  information  on  generating  a  key file, see the
                        pktool(1) and dd(8) man pages.


       -K key_label     Specify the label  of  a  symmetric  token  key  in  a
                        PKCS#11 token.


       -l               Displays  the list of algorithms available on the sys‐
                        tem. This list can change depending on the  configura‐
                        tion  of the cryptographic framework. The keysizes are
                        displayed in bits.


       -T token_spec    Specify a PKCS#11 token other than  the  default  soft
                        token object store when the -K is specified.

                        token_spec has the format of:


                          token_name [:manuf_id [:serial_no]]

                        When  a  token  label  contains  trailing spaces, this
                        option does not require them to be typed as  a  conve‐
                        nience to the user.

                        Colon separates token identification string. If any of
                        the parts have a literal colon (:) character, it  must
                        be  escaped  by a backslash (\). If a colon (:) is not
                        found, the entire string  (up  to  32  characters)  is
                        taken  as  the  token  label. If only one colon (:) is
                        found, the string is the token label and the  manufac‐
                        turer.


       -t truncation    Specifies the digest truncation length, where t is any
                        positive number less than 512. Valid  only  for  algo‐
                        rithm sha512_t_hmac.


       -v               Provides verbose information.


USAGE
   Algorithms
       The  supported algorithms are displayed with the -l option. These algo‐
       rithms are provided by  the  cryptographic  framework.  Each  supported
       algorithm  is  an  alias to the most commonly used and least restricted
       version of a particular algorithm type. For  example,  md5_hmac  is  an
       alias to CKM_MD5_HMAC.


       These aliases are used with the -a option and are case-sensitive.

   Passphrase
       When  the -k option is not used during encryption and decryption tasks,
       the user is prompted for a passphrase. The  passphrase  is  manipulated
       into a more secure key using the PBKDF2 algorithm specified in PKCS #5.

EXAMPLES
       Example 1 Listing Available Algorithms



       The following example lists available algorithms:


         example$ mac -l
         Algorithm       Keysize:  Min   Max (bits)
         -----------------------------------
         sha1_hmac                   8   512
         md5_hmac                    8   512
         sha224_hmac                 8   512
         sha256_hmac                 8   512
         sha384_hmac                 8  1024
         sha512_hmac                 8  1024
         sha512_t_hmac               8  1024


       Example 2 Getting the Message Authentication Code



       The following example gets the message authentication code for a file:


         example$ mac -v -k mykey -a sha1_hmac /export/foo
         sha1_hmac (/export/foo) = 913ced311df10f1708d9848641ca8992f4718057


       Example 3 Getting the Message Authentication Code with a Token Key



       The  following  example  gets  the  message  authentication code with a
       generic token key in the soft token keystore. The generic token key can
       be generated with pktool(1):


         example$ mac -v -a sha1_hmac -K my_generic_key \
              -T "Sun Software PKCS#11 softtoken" /export/foo
         Enter pin for Sun Software PKCS#11 softtoken:
              sha1_hmac (/etc/foo) = c2ba5c38458c092a68940081240d22b670182968


EXIT STATUS
       The following exit values are returned:

       0      Successful completion.


       > 0    An error occurred.


ATTRIBUTES
       See attributes(7) for descriptions of the following attributes:


       tab()  box; cw(2.75i) |cw(2.75i) lw(2.75i) |lw(2.75i) ATTRIBUTE TYPEAT‐
       TRIBUTE VALUE _ Availabilitysystem/core-os _ Interface StabilityCommit‐
       ted


SEE ALSO
       digest(1),      pktool(1),      getpassphrase(3C),     libpkcs11(3LIB),
       attributes(7), pkcs11_softtoken(7), dd(8)


       Kaliski, B., RFC 2898, PKCS #5: Password-Based Cryptography  Specifica‐
       tion, Version 2.0, September 2000. https://tools.ietf.org/html/rfc2898


       https://www.oasis-open.org/committees/pkcs11/

HISTORY
       Support for the des_mac algorithm was removed in Oracle Solaris 11.4.0.


       The -t option and sha512_t_hmac algorithm were added in Solaris 11.4.0.


       The sha224_hmac algorithm was added in Solaris 11.1.0.


       The -K and -T options were added in Solaris 11.0.0.


       The  SHA-2  algorithms  sha256_hmac,  sha384_hmac, and sha512_hmac were
       added in Solaris 10 6/06 (Update 2).


       The mac command, and all other other algorithms & options,  were  added
       in Solaris 10 3/05.



Oracle Solaris 11.4               21 Jun 2021                           mac(1)
맨 페이지 내용의 저작권은 맨 페이지 작성자에게 있습니다.
RSS ATOM XHTML 5 CSS3