X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=doc%2Fapps%2Fdgst.pod;h=1c595dcf749df4bb31f6b804131a7f4e92e3d540;hp=96d3cc0f75cac3ecb0b8be7e51fafbcdee31c6c3;hb=5596bda4fc372ca9528895e39db35425f9e28e83;hpb=fe50cd7ad4051086d98e792c35810074f449182e diff --git a/doc/apps/dgst.pod b/doc/apps/dgst.pod index 96d3cc0f75..1c595dcf74 100644 --- a/doc/apps/dgst.pod +++ b/doc/apps/dgst.pod @@ -2,18 +2,18 @@ =head1 NAME -dgst, sha, sha1, mdc2, ripemd160, sha224, sha256, sha384, sha512, md2, md4, md5, dss1 - message digests +dgst, sha, sha1, mdc2, ripemd160, sha224, sha256, sha384, sha512, md4, md5 - message digests =head1 SYNOPSIS -B B -[B<-sha|-sha1|-mdc2|-ripemd160|-sha224|-sha256|-sha384|-sha512|-md2|-md4|-md5|-dss1>] +B B +[B<-help>] +[B<-I>] [B<-c>] [B<-d>] [B<-hex>] [B<-binary>] [B<-r>] -[B<-non-fips-allow>] [B<-out filename>] [B<-sign filename>] [B<-keyform arg>] @@ -22,8 +22,9 @@ B B [B<-prverify filename>] [B<-signature filename>] [B<-hmac key>] -[B<-non-fips-allow>] [B<-fips-fingerprint>] +[B<-engine id>] +[B<-engine_impl>] [B] B @@ -36,10 +37,26 @@ The digest functions output the message digest of a supplied file or files in hexadecimal. The digest functions also generate and verify digital signatures using message digests. +The generic name, B, may be used with an option specifying the +algorithm to be used. +The default digest is I. +A supported I name may also be used as the command name. +To see the list of supported algorithms, use the I +command. + =head1 OPTIONS =over 4 +=item B<-help> + +Print out a usage message. + +=item B<-I> + +Specifies name of a supported digest to be used. To see the list of +supported digests, use the command I. + =item B<-c> print out the digest in two digit groups separated by colons, only relevant if @@ -63,11 +80,6 @@ output the digest or signature in binary form. output the digest in the "coreutils" format used by programs like B. -=item B<-non-fips-allow> - -Allow use of non FIPS digest when in FIPS mode. This has no effect when not in -FIPS mode. - =item B<-out filename> filename to output to, or standard output by default. @@ -81,12 +93,6 @@ digitally sign the digest using the private key in "filename". Specifies the key format to sign digest with. The DER, PEM, P12, and ENGINE formats are supported. -=item B<-engine id> - -Use engine B for operations (including private key storage). -This engine is not used as source for digest algorithms, unless it is -also specified in the configuration file. - =item B<-sigopt nm:v> Pass options to the signature algorithm during sign or verify operations. @@ -152,15 +158,23 @@ Multiple files can be specified separated by a OS-dependent character. The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for all others. -=item B<-non-fips-allow> - -enable use of non-FIPS algorithms such as MD5 even in FIPS mode. - =item B<-fips-fingerprint> compute HMAC using a specific key for certain OpenSSL-FIPS operations. +=item B<-engine id> + +Use engine B for operations (including private key storage). +This engine is not used as source for digest algorithms, unless it is +also specified in the configuration file or B<-engine_impl> is also +specified. + +=item B<-engine_impl> + +When used with the B<-engine> option, it specifies to also use +engine B for digest operations. + =item B file or files to digest. If no files are specified then standard input is @@ -185,6 +199,10 @@ To verify a signature: =head1 NOTES +The digest mechanisms that are available will depend on the options +used when building OpenSSL. +The B command can be used to list them. + New or agile applications should use probably use SHA-256. Other digests, particularly SHA-1 and MD5, are still widely used for interoperating with existing formats and protocols. @@ -205,5 +223,9 @@ Hex signatures cannot be verified using B. Instead, use "xxd -r" or similar program to transform the hex signature into a binary signature prior to verification. +=head1 HISTORY + +The default digest was changed from MD5 to SHA256 in Openssl 1.1. +The FIPS-related options were removed in OpenSSL 1.1 =cut