From a941054ad7f5af9445896a37754ae451fad7ed98 Mon Sep 17 00:00:00 2001 From: Pauli Date: Sat, 21 Sep 2019 10:29:17 +1000 Subject: [PATCH] Note that the mac command is preferrable to the MAC command line options. The dgst command allows MACs to be calculated, the mac command is the more recent interface for doing the same and provides better access to a wider range of MACs. Reviewed-by: Richard Levitte Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/9962) --- doc/man1/openssl-dgst.pod | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/doc/man1/openssl-dgst.pod b/doc/man1/openssl-dgst.pod index ed1a088e6e..5fb5128a02 100644 --- a/doc/man1/openssl-dgst.pod +++ b/doc/man1/openssl-dgst.pod @@ -123,6 +123,9 @@ The actual signature to verify. Create a hashed MAC using "key". +The L command should be preferred to using this command line +option. + =item B<-mac alg> Create MAC (keyed Message Authentication Code). The most popular MAC @@ -131,6 +134,9 @@ which are not based on hash, for instance B algorithm, supported by B engine. MAC keys and other options should be set via B<-macopt> parameter. +The L command should be preferred to using this command line +option. + =item B<-macopt nm:v> Passes options to MAC algorithm, specified by B<-mac> key. @@ -152,6 +158,9 @@ for example exactly 32 chars for gost-mac. =back +The L command should be preferred to using this command line +option. + =item B<-rand file...> A file or files containing random data used to seed the random number @@ -229,6 +238,13 @@ Hex signatures cannot be verified using B. Instead, use "xxd -r" or similar program to transform the hex signature into a binary signature prior to verification. +The L command is preferred over the B<-hmac>, B<-mac> and +B<-macopt> command line options. + +=head1 SEE ALSO + +L + =head1 HISTORY The default digest was changed from MD5 to SHA256 in OpenSSL 1.1.0. -- 2.34.1