8815 mega_sas: variable set but not used

[unleashed.git] / usr / src / man / man1 / mac.1

'\" te
.\" Copyright 2007, Sun Microsystems, Inc.  All Rights Reserved
.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License").  You may not use this file except in compliance with the License.
.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.  See the License for the specific language governing permissions and limitations under the License.
.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE.  If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
.TH MAC 1 "Mar 21, 2007"
.SH NAME
mac \- calculate message authentication codes of the input
.SH SYNOPSIS
.LP
.nf
\fB/usr/bin/mac\fR \fB-l\fR
.fi

.LP
.nf
\fB/usr/bin/mac\fR [\fB-v\fR] \fB-a\fR \fIalgorithm\fR
   [\fB-k\fR \fIkeyfile\fR | \fB-K\fR \fIkey_label\fR [\fB-T\fR \fItoken_spec\fR]] [\fIfile\fR]...
.fi

.SH DESCRIPTION
.sp
.LP
The \fBmac\fR utility calculates the message authentication code (\fBMAC\fR) of
the given file or files or \fBstdin\fR using the algorithm specified.
.sp
.LP
If more than one file is given, each line of output is the \fBMAC\fR of a
single file.
.SH OPTIONS
.sp
.LP
The following options are supported:
.sp
.ne 2
.na
\fB\fB-a\fR \fIalgorithm\fR\fR
.ad
.RS 17n
Specifies the name of the algorithm to use during the encryption or decryption
process. See USAGE, \fBAlgorithms\fR for details. \fBNote:\fR Algorithms for
producing general length \fBMAC\fRs are not supported.
.RE

.sp
.ne 2
.na
\fB\fB-k\fR \fIkeyfile\fR\fR
.ad
.RS 17n
Specifies the file containing the key value for the encryption algorithm. Each
algorithm has specific key material requirements, as stated in the PKCS#11
specification. If \fB-k\fR is not specified, \fBmac\fR prompts for  key
material using \fBgetpassphrase\fR(3C).
.sp
For information on generating a key file, see \fBpktool\fR(1), \fBdd\fR(1M) or
the \fISystem Administration Guide: Security Services\fR.
.RE

.sp
.ne 2
.na
\fB\fB-K\fR \fIkey_label\fR\fR
.ad
.RS 17n
Specify the label of a symmetric token key in a PKCS#11 token.
.RE

.sp
.ne 2
.na
\fB\fB-l\fR\fR
.ad
.RS 17n
Displays the list of algorithms available on the system. This list can change
depending on the configuration of the cryptographic framework. The keysizes are
displayed in bits.
.RE

.sp
.ne 2
.na
\fB\fB-T\fR \fItoken_spec\fR\fR
.ad
.RS 17n
Specify a PKCS#11 token other than the default soft token object store when the
\fB-K\fR is specified.
.sp
\fItoken_spec\fR has the format of:
.sp
.in +2
.nf
\fItoken_name\fR \fB[:\fR\fImanuf_id\fR \fB[:\fR\fIserial_no\fR\fB]]\fR
.fi
.in -2
.sp

When a token label contains trailing spaces, this option does not require them
to be typed as a convenience to the user.
.sp
Colon separates token identification string. If any of the parts have a literal
colon (\fB:\fR) character, it must be escaped by a backslash (\fB\e\fR). If a
colon (\fB:\fR) is not found, the entire string (up to 32 characters) is taken
as the token label. If only one colon (\fB:\fR) is found, the string is the
token label and the manufacturer.
.RE

.sp
.ne 2
.na
\fB\fB-v\fR\fR
.ad
.RS 17n
Provides verbose information.
.RE

.SH USAGE
.SS "Algorithms"
.sp
.LP
The supported algorithms are displayed with the \fB-l\fR option. These
algorithms are provided by the cryptographic framework. Each supported
algorithm is an alias to the most commonly used and least restricted version of
a particular algorithm type. For example, \fBmd5_hmac\fR is an alias to
\fBCKM_MD5_HMAC\fR.
.sp
.LP
These aliases are used with the \fB-a\fR option and are case-sensitive.
.SS "Passphrase"
.sp
.LP
When the \fB-k\fR option is not used during encryption and decryption tasks,
the user is prompted for a passphrase. The passphrase is manipulated into a
more secure key using the \fBPBKDF2\fR algorithm specified in PKCS #5.
.SH EXAMPLES
.LP
\fBExample 1 \fRListing Available Algorithms
.sp
.LP
The following example lists available algorithms:

.sp
.in +2
.nf
example$ mac -l
Algorithm       Keysize:  Min   Max
-----------------------------------
des_mac                    64    64
sha1_hmac                   8   512
md5_hmac                    8   512
sha256_hmac                 8   512
sha384_hmac                 8  1024
sha512_hmac                 8  1024
.fi
.in -2
.sp

.LP
\fBExample 2 \fRGetting the Message Authentication Code
.sp
.LP
The following example gets the message authentication code for a file:

.sp
.in +2
.nf
example$ mac -v -k mykey -a sha1_hmac /export/foo
sha1_hmac (/export/foo) = 913ced311df10f1708d9848641ca8992f4718057
.fi
.in -2
.sp

.LP
\fBExample 3 \fRGetting the Message Authentication Code with a Token Key
.sp
.LP
The following example gets the message authentication code with a generic token
key in the soft token keystore.  The generic token  key can be generated with
\fBpktool\fR(1):

.sp
.in +2
.nf
encrypt -v -a sha1_hmac -K my_generic_key \e
     -T "Sun Software PKCS#11 softtoken" /export/foo
Enter pin for Sun Software PKCS#11 softtoken:
     sha1_hmac (/etc/foo) = c2ba5c38458c092a68940081240d22b670182968
.fi
.in -2
.sp

.SH EXIT STATUS
.sp
.LP
The following exit values are returned:
.sp
.ne 2
.na
\fB\fB0\fR\fR
.ad
.RS 6n
Successful completion.
.RE

.sp
.ne 2
.na
\fB\fB>0\fR\fR
.ad
.RS 6n
An error occurred.
.RE

.SH ATTRIBUTES
.sp
.LP
See \fBattributes\fR(5) for descriptions of the following attributes:
.sp

.sp
.TS
box;
c | c
l | l .
ATTRIBUTE TYPE  ATTRIBUTE VALUE
_
Interface Stability     Evolving
.TE

.SH SEE ALSO
.sp
.LP
\fBdigest\fR(1), \fBpktool\fR(1), \fBdd\fR(1M), \fBgetpassphrase\fR(3C),
\fBlibpkcs11\fR(3LIB), \fBattributes\fR(5), \fBpkcs11_softtoken\fR(5)
.sp
.LP
\fISystem Administration Guide: Security Services\fR
.sp
.LP
RSA PKCS#11 v2.20 and RSA PKCS#5 v2.0, http://www.rsasecurity.com