Switch to SpeakEasy.net DSL

The Modular Manual Browser

Home Page
Manual: (SunOS-5.10)
Apropos / Subsearch:
optional field

mac(1)                           User Commands                          mac(1)

       mac - calculate message authentication codes of the input

       /usr/bin/mac -l | [-v] -a algorithm [-k keyfile] [file...]

       The mac utility calculates the message authentication code (MAC) of the
       given file or files or stdin using the algorithm specified.

       If more than one file is given, each line of output is  the  MAC  of  a
       single file.

       The following options are supported:

       -a algorithm    Specifies  the  name of the algorithm to use during the
                       encryption or decryption process. See USAGE, Algorithms
                       for  details.  Note:  Algorithms  for producing general
                       length MACs are not supported.

       -k keyfile      Specifies the file containing the  key  value  for  the
                       encryption  algorithm.  Each algorithm has specific key
                       material requirements, as stated in the PKCS#11  speci-
                       fication.  If -k is not specified, mac prompts for  key
                       material using getpassphrase(3C).

                       For information on generating a key file, see dd(1M) or
                       System Administration Guide: Security Services.

       -l              Displays  the  list of algorithms available on the sys-
                       tem. This list can change depending on  the  configura-
                       tion  of  the cryptographic framework. The keysizes are
                       displayed in bits.

       -v              Provides verbose information.

       The supported algorithms are displayed with the -l option. These  algo-
       rithms  are  provided  by  the  cryptographic framework. Each supported
       algorithm is an alias to the most commonly used  and  least  restricted
       version  of  a  particular  algorithm type. For example, md5_hmac is an
       alias to CKM_MD5_HMAC.

       These aliases are used with the -a option and are case-sensitive.

       When the -k option is not used during encryption and decryption  tasks,
       the  user  is  prompted for a passphrase. The passphrase is manipulated
       into a more secure key using the PBKDF2 algorithm specified in PKCS #5.

       Example 1: Listing available algorithms

       example$ mac -l
       Algorithm       Keysize:  Min   Max
       des_mac                    64    64
       sha1_hmac                   8   512
       md5_hmac                    8   512

       Example 2: Getting the message authentication code for a file

       example$ mac -v -k mykey -a sha1_hmac /export/foo
       sha1_hmac (/export/foo) = 913ced311df10f1708d9848641ca8992f4718057

       The following exit values are returned:

       0        Successful completion.

       >>0       An error occurred.

       See attributes(5) for descriptions of the following attributes:

       tab()    allbox;    cw(2.750000i)|     cw(2.750000i)     lw(2.750000i)|
       lw(2.750000i).    ATTRIBUTE   TYPEATTRIBUTE  VALUE  AvailabilitySUNWcsu
       Interface StabilityEvolving

       digest(1), dd(1M), getpassphrase(3C),  libpkcs11(3LIB),  attributes(5),

       System Administration Guide: Security Services

       RSA PKCS#11 v2.11 http://www.rsasecurity.com/rsalabs/pkcs/pkcs-11

       RSA PKCS#5 v2.0 http://www.rsasecurity.com/rsalabs/pkcs/pkcs-5

SunOS 5.10                        23 Apr 2004                           mac(1)