Unix‎ > ‎Solaris‎ > ‎Solaris man pages‎ > ‎1‎ > ‎


     mac - calculate message authentication codes of the input

     /usr/bin/mac -l | [-v] -a algorithm [-k keyfile] [file...]

     The mac utility calculates the message  authentication  code
     (MAC)  of  the  given file or files or stdin using the algo-
     rithm specified.

     If more than one file is given, each line of output  is  the
     MAC of a single file.

     The following options are supported:

     -a algorithm    Specifies the name of the algorithm  to  use
                     during the encryption or decryption process.
                     See USAGE,  Algorithms  for  details.  Note:
                     Algorithms for producing general length MACs
                     are not supported.

     -k keyfile      Specifies the file containing the key  value
                     for the encryption algorithm. Each algorithm
                     has specific key material  requirements,  as
                     stated  in  the PKCS#11 specification. If -k
                     is  not  specified,  mac  prompts  for   key
                     material using getpassphrase(3C).

                     For information on generating  a  key  file,
                     see  dd(1M)  or System Administration Guide:
                     Security Services.

     -l              Displays the list of algorithms available on
                     the  system.  This list can change depending
                     on the configuration  of  the  cryptographic
                     framework.  The  keysizes  are  displayed in

     -v              Provides verbose information.


     The supported algorithms are displayed with the  -l  option.
     These  algorithms  are  provided by the cryptographic frame-
     work. Each supported algorithm is an alias to the most  com-
     monly  used  and  least  restricted  version of a particular
     algorithm  type.  For  example,  md5_hmac  is  an  alias  to

     These aliases are used with the  -a  option  and  are  case-

     When the -k option is not used during encryption and decryp-
     tion  tasks,  the  user  is  prompted  for a passphrase. The
     passphrase is manipulated into a more secure key  using  the
     PBKDF2 algorithm specified in PKCS #5.

     Example 1: Listing Available Algorithms

     The following example lists available algorithms:

     example$ mac -l
     Algorithm       Keysize:  Min   Max
     des_mac                    64    64
     sha1_hmac                   8   512
     md5_hmac                    8   512
     sha256_hmac                 8   512
     sha384_hmac                 8  1024
     sha512_hmac                 8  1024

     Example 2: Getting the Message Authentication Code

     The following example gets the message  authentication  code
     for a file:

     example$ mac -v -k mykey -a sha1_hmac /export/foo
     sha1_hmac (/export/foo) = 913ced311df10f1708d9848641ca8992f4718057

     The following exit values are returned:

     0        Successful completion.

     >0       An error occurred.

     See attributes(5) for descriptions of the  following  attri-

    |       ATTRIBUTE TYPE        |       ATTRIBUTE VALUE       |
    | Availability                | SUNWcsu                     |
    | Interface Stability         | Evolving                    |

     digest(1),   dd(1M),   getpassphrase(3C),   libpkcs11(3LIB),
     attributes(5), pkcs11_softtoken(5)

     System Administration Guide: Security Services

     RSA    PKCS#11    v2.20     and     RSA     PKCS#5     v2.0,

Man pages from Solaris 10 Update 8. See docs.sun.com and www.oracle.com for further documentation and Solaris information.