2 .\" Copyright 2007, Sun Microsystems, Inc. All Rights Reserved
3 .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License.
4 .\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License.
5 .\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
6 .TH MAC 1 "Mar 21, 2007"
8 mac \- calculate message authentication codes of the input
12 \fB/usr/bin/mac\fR \fB-l\fR
17 \fB/usr/bin/mac\fR [\fB-v\fR] \fB-a\fR \fIalgorithm\fR
18 [\fB-k\fR \fIkeyfile\fR | \fB-K\fR \fIkey_label\fR [\fB-T\fR \fItoken_spec\fR]] [\fIfile\fR]...
24 The \fBmac\fR utility calculates the message authentication code (\fBMAC\fR) of
25 the given file or files or \fBstdin\fR using the algorithm specified.
28 If more than one file is given, each line of output is the \fBMAC\fR of a
33 The following options are supported:
37 \fB\fB-a\fR \fIalgorithm\fR\fR
40 Specifies the name of the algorithm to use during the encryption or decryption
41 process. See USAGE, \fBAlgorithms\fR for details. \fBNote:\fR Algorithms for
42 producing general length \fBMAC\fRs are not supported.
48 \fB\fB-k\fR \fIkeyfile\fR\fR
51 Specifies the file containing the key value for the encryption algorithm. Each
52 algorithm has specific key material requirements, as stated in the PKCS#11
53 specification. If \fB-k\fR is not specified, \fBmac\fR prompts for key
54 material using \fBgetpassphrase\fR(3C).
56 For information on generating a key file, see \fBpktool\fR(1), \fBdd\fR(8) or
57 the \fISystem Administration Guide: Security Services\fR.
63 \fB\fB-K\fR \fIkey_label\fR\fR
66 Specify the label of a symmetric token key in a PKCS#11 token.
75 Displays the list of algorithms available on the system. This list can change
76 depending on the configuration of the cryptographic framework. The keysizes are
83 \fB\fB-T\fR \fItoken_spec\fR\fR
86 Specify a PKCS#11 token other than the default soft token object store when the
87 \fB-K\fR is specified.
89 \fItoken_spec\fR has the format of:
93 \fItoken_name\fR \fB[:\fR\fImanuf_id\fR \fB[:\fR\fIserial_no\fR\fB]]\fR
98 When a token label contains trailing spaces, this option does not require them
99 to be typed as a convenience to the user.
101 Colon separates token identification string. If any of the parts have a literal
102 colon (\fB:\fR) character, it must be escaped by a backslash (\fB\e\fR). If a
103 colon (\fB:\fR) is not found, the entire string (up to 32 characters) is taken
104 as the token label. If only one colon (\fB:\fR) is found, the string is the
105 token label and the manufacturer.
114 Provides verbose information.
121 The supported algorithms are displayed with the \fB-l\fR option. These
122 algorithms are provided by the cryptographic framework. Each supported
123 algorithm is an alias to the most commonly used and least restricted version of
124 a particular algorithm type. For example, \fBmd5_hmac\fR is an alias to
128 These aliases are used with the \fB-a\fR option and are case-sensitive.
132 When the \fB-k\fR option is not used during encryption and decryption tasks,
133 the user is prompted for a passphrase. The passphrase is manipulated into a
134 more secure key using the \fBPBKDF2\fR algorithm specified in PKCS #5.
137 \fBExample 1 \fRListing Available Algorithms
140 The following example lists available algorithms:
146 Algorithm Keysize: Min Max
147 -----------------------------------
159 \fBExample 2 \fRGetting the Message Authentication Code
162 The following example gets the message authentication code for a file:
167 example$ mac -v -k mykey -a sha1_hmac /export/foo
168 sha1_hmac (/export/foo) = 913ced311df10f1708d9848641ca8992f4718057
174 \fBExample 3 \fRGetting the Message Authentication Code with a Token Key
177 The following example gets the message authentication code with a generic token
178 key in the soft token keystore. The generic token key can be generated with
184 encrypt -v -a sha1_hmac -K my_generic_key \e
185 -T "Sun Software PKCS#11 softtoken" /export/foo
186 Enter pin for Sun Software PKCS#11 softtoken:
187 sha1_hmac (/etc/foo) = c2ba5c38458c092a68940081240d22b670182968
195 The following exit values are returned:
202 Successful completion.
217 See \fBattributes\fR(5) for descriptions of the following attributes:
225 ATTRIBUTE TYPE ATTRIBUTE VALUE
227 Interface Stability Evolving
233 \fBdigest\fR(1), \fBpktool\fR(1), \fBdd\fR(8), \fBgetpassphrase\fR(3C),
234 \fBlibpkcs11\fR(3LIB), \fBattributes\fR(5), \fBpkcs11_softtoken\fR(5)
237 \fISystem Administration Guide: Security Services\fR
240 RSA PKCS#11 v2.20 and RSA PKCS#5 v2.0, http://www.rsasecurity.com