DragonFly On-Line Manual Pages

Search: Section:  


MD5(1)		       DragonFly General Commands Manual		MD5(1)

NAME

md5, sha1, sha256, sha512, rmd160 -- calculate a message-digest finger- print (checksum) for a file

SYNOPSIS

md5 [-pqrtx] [-b offset] [-e offset] [-s string] [file ...] sha1 [-pqrtx] [-b offset] [-e offset] [-s string] [file ...] sha256 [-pqrtx] [-b offset] [-e offset] [-s string] [file ...] rmd160 [-pqrtx] [-b offset] [-e offset] [-s string] [file ...]

DESCRIPTION

The md5, sha1, sha256, sha512 and rmd160 utilities take as input a mes- sage of arbitrary length and produce as output a ``fingerprint'' or ``message digest'' of the input. It is conjectured that it is computa- tionally infeasible to produce two messages having the same message digest, or to produce any message having a given prespecified target mes- sage digest. The MD5, SHA-1, SHA-256, SHA-512 and RIPEMD-160 algorithms are intended for digital signature applications, where a large file must be ``compressed'' in a secure manner before being encrypted with a pri- vate (secret) key under a public-key cryptosystem such as RSA. The MD5 and SHA-1 algorithms are vulnerable to practical collision attacks. The following options may be used in any combination and must precede any files named on the command line. The hexadecimal checksum of each file listed on the command line is printed after the options are processed. -b offset When processing file(s), use the specified begin and/or end (below) instead of processing each file in its entirety. Either option can be omitted. Both begin- and end-offsets can be speci- fied as just a number (of bytes) or be followed by K, M, or G to mean that the number is to be multiplied by 1024 once, twice, or thrice respectively. For example, to start at 512, you can use -b 512 or -b 0.5K. The use of offsets is implemented using mmap() and will only work on regular files and mmap-able devices. If the beginning offset is negative, its absolute value is sub- tracted from the file's size. Zero thus means the very beginning of each file, which is also the default if the option is omitted entirely. -e offset If the end-offset is not positive, its absolute value is sub- tracted from the file's size. Zero thus means the very end of each file, which is also the default if the option is omitted entirely. -s string Print a checksum of the given string. -p Echo stdin to stdout and append the checksum to stdout. -q Quiet mode -- only the checksum is printed out. Overrides the -r option. -r Reverses the format of the output. This helps with visual diffs. Does nothing when combined with the -ptx options. -t Run a built-in time trial. -x Run a built-in test script.

EXIT STATUS

The md5, sha1, sha256, sha512 and rmd160 utilities exit 0 on success, and EX_NOINPUT (66) if at least one of the input files could not be read or invalid offsets were specified. A mistake with command line arguments results in EX_USAGE (64).

SEE ALSO

cksum(1), mmap(2), md5(3), ripemd(3), sha(3), sha256(3), sha512(3) R. Rivest, The MD5 Message-Digest Algorithm, RFC 1321. J. Burrows, The Secure Hash Standard, FIPS PUB 180-1. D. Eastlake and P. Jones, US Secure Hash Algorithm 1, RFC 3174. RIPEMD-160 is part of the ISO draft standard "ISO/IEC DIS 10118-3" on dedicated hash functions. Secure Hash Standard (SHS): http://csrc.nist.gov/publications/fips/fips180-2/fips180-2withchangenotice.pdf. The RIPEMD-160 page: http://www.esat.kuleuven.ac.be/~bosselae/ripemd160.html.

ACKNOWLEDGMENTS

This program is placed in the public domain for free general use by RSA Data Security. Support for SHA-1 and RIPEMD-160 has been added by Oliver Eikemeier <eik@FreeBSD.org>. DragonFly 5.3 December 17, 2017 DragonFly 5.3 DGST(1) OpenSSL DGST(1)

NAME

dgst, sha, sha1, mdc2, ripemd160, sha224, sha256, sha384, sha512, md2, md4, md5, dss1 - message digests

SYNOPSIS

openssl dgst [-sha|-sha1|-mdc2|-ripemd160|-sha224|-sha256|-sha384|-sha512|-md2|-md4|-md5|-dss1] [-c] [-d] [-hex] [-binary] [-r] [-non-fips-allow] [-out filename] [-sign filename] [-keyform arg] [-passin arg] [-verify filename] [-prverify filename] [-signature filename] [-hmac key] [-non-fips-allow] [-fips-fingerprint] [file...] openssl [digest] [...]

DESCRIPTION

The digest functions output the message digest of a supplied file or files in hexadecimal. The digest functions also generate and verify digital signatures using message digests.

OPTIONS

-c print out the digest in two digit groups separated by colons, only relevant if hex format output is used. -d print out BIO debugging information. -hex digest is to be output as a hex dump. This is the default case for a "normal" digest as opposed to a digital signature. See NOTES below for digital signatures using -hex. -binary output the digest or signature in binary form. -r output the digest in the "coreutils" format used by programs like sha1sum. -non-fips-allow Allow use of non FIPS digest when in FIPS mode. This has no effect when not in FIPS mode. -out filename filename to output to, or standard output by default. -sign filename digitally sign the digest using the private key in "filename". -keyform arg Specifies the key format to sign digest with. The DER, PEM, P12, and ENGINE formats are supported. -engine id Use engine id for operations (including private key storage). This engine is not used as source for digest algorithms, unless it is also specified in the configuration file. -sigopt nm:v Pass options to the signature algorithm during sign or verify operations. Names and values of these options are algorithm- specific. -passin arg the private key password source. For more information about the format of arg see the PASS PHRASE ARGUMENTS section in openssl(1). -verify filename verify the signature using the the public key in "filename". The output is either "Verification OK" or "Verification Failure". -prverify filename verify the signature using the the private key in "filename". -signature filename the actual signature to verify. -hmac key create a hashed MAC using "key". -mac alg create MAC (keyed Message Authentication Code). The most popular MAC algorithm is HMAC (hash-based MAC), but there are other MAC algorithms which are not based on hash, for instance gost-mac algorithm, supported by ccgost engine. MAC keys and other options should be set via -macopt parameter. -macopt nm:v Passes options to MAC algorithm, specified by -mac key. Following options are supported by both by HMAC and gost-mac: key:string Specifies MAC key as alphnumeric string (use if key contain printable characters only). String length must conform to any restrictions of the MAC algorithm for example exactly 32 chars for gost-mac. hexkey:string Specifies MAC key in hexadecimal form (two hex digits per byte). Key length must conform to any restrictions of the MAC algorithm for example exactly 32 chars for gost-mac. -rand file(s) a file or files containing random data used to seed the random number generator, or an EGD socket (see RAND_egd(3)). Multiple files can be specified separated by a OS-dependent character. The separator is ; for MS-Windows, , for OpenVMS, and : for all others. -non-fips-allow enable use of non-FIPS algorithms such as MD5 even in FIPS mode. -fips-fingerprint compute HMAC using a specific key for certain OpenSSL-FIPS operations. file... file or files to digest. If no files are specified then standard input is used.

EXAMPLES

To create a hex-encoded message digest of a file: openssl dgst -md5 -hex file.txt To sign a file using SHA-256 with binary file output: openssl dgst -sha256 -sign privatekey.pem -out signature.sign file.txt To verify a signature: openssl dgst -sha256 -verify publickey.pem \ -signature signature.sign \ file.txt

NOTES

The digest of choice for all new applications is SHA1. Other digests are however still widely used. When signing a file, dgst will automatically determine the algorithm (RSA, ECC, etc) to use for signing based on the private key's ASN.1 info. When verifying signatures, it only handles the RSA, DSA, or ECDSA signature itself, not the related data to identify the signer and algorithm used in formats such as x.509, CMS, and S/MIME. A source of random numbers is required for certain signing algorithms, in particular ECDSA and DSA. The signing and verify options should only be used if a single file is being signed or verified. Hex signatures cannot be verified using openssl. Instead, use "xxd -r" or similar program to transform the hex signature into a binary signature prior to verification. 1.0.2h 2016-05-03 DGST(1) MD5(3) DragonFly Library Functions Manual MD5(3)

NAME

MD5Init, MD5Update, MD5Pad, MD5Final, MD5End, MD5File, MD5FileChunk, MD5Data -- calculate the RSA Data Security, Inc., ``MD5'' message digest

LIBRARY

Message Digest (MD4, MD5, etc.) Support Library (libmd, -lmd)

SYNOPSIS

#include <sys/types.h> #include <md5.h> void MD5Init(MD5_CTX *context); void MD5Update(MD5_CTX *context, const void *data, unsigned int len); void MD5Pad(MD5_CTX *context); void MD5Final(unsigned char digest[16], MD5_CTX *context); char * MD5End(MD5_CTX *context, char *buf); char * MD5File(const char *filename, char *buf); char * MD5FileChunk(const char *filename, char *buf, off_t offset, off_t length); char * MD5Data(const void *data, unsigned int len, char *buf);

DESCRIPTION

The MD5 functions calculate a 128-bit cryptographic checksum (digest) for any number of input bytes. A cryptographic checksum is a one-way hash- function, that is, you cannot find (except by exhaustive search) the input corresponding to a particular output. This net result is a ``fingerprint'' of the input-data, which does not disclose the actual input. MD2 is the slowest, MD4 is the fastest and MD5 is somewhere in the mid- dle. MD2 can only be used for Privacy-Enhanced Mail. MD4 has now been broken; it should only be used where necessary for backward compatibil- ity. MD5 has not yet (1999-02-11) been broken, but sufficient attacks have been made that its security is in some doubt. The attacks on both MD4 and MD5 are both in the nature of finding ``collisions'' - that is, multiple inputs which hash to the same value; it is still unlikely for an attacker to be able to determine the exact original input given a hash value. The MD5Init(), MD5Update(), and MD5Final() functions are the core func- tions. Allocate an MD5_CTX, initialize it with MD5Init(), run over the data with MD5Update(), and finally extract the result using MD5Final(). The MD5Pad() function can be used to pad message data in same way as done by MD5Final() without terminating calculation. The MD5End() function is a wrapper for MD5Final() which converts the return value to a 33-character (including the terminating '\0') ASCII string which represents the 128 bits in hexadecimal. The MD5File() function calculates the digest of a file, and uses MD5End() to return the result. If the file cannot be opened, a null pointer is returned. The MD5FileChunk() function is similar to MD5File(), but it only calculates the digest over a byte-range of the file specified, starting at offset and spanning length bytes. If the length parameter is specified as 0, or more than the length of the remaining part of the file, MD5FileChunk() calculates the digest from offset to the end of file. The MD5Data() function calculates the digest of a chunk of data in memory, and uses MD5End() to return the result. When using MD5End(), MD5File(), or MD5Data(), the buf argument can be a null pointer, in which case the returned string is allocated with malloc(3) and subsequently must be explicitly deallocated using free(3) after use. If the buf argument is non-null it must point to at least 33 characters of buffer space.

SEE ALSO

md2(3), md4(3), md5(3), sha(3) B. Kaliski, The MD2 Message-Digest Algorithm, RFC 1319. R. Rivest, The MD4 Message-Digest Algorithm, RFC 1186. R. Rivest, The MD5 Message-Digest Algorithm, RFC 1321. RSA Laboratories, Frequently Asked Questions About today's Cryptography, <http://www.rsa.com/rsalabs/faq/>. H. Dobbertin, "Alf Swindles Ann", CryptoBytes, 1(3):5, 1995. MJ. B. Robshaw, "On Recent Results for MD2, MD4 and MD5", RSA Laboratories Bulletin, 4, November 12, 1996.

HISTORY

These functions appeared in FreeBSD 2.0.

AUTHORS

The original MD5 routines were developed by RSA Data Security, Inc., and published in the above references. This code is derived directly from these implementations by Poul-Henning Kamp <phk@FreeBSD.org> Phk ristede runen.

BUGS

No method is known to exist which finds two files having the same hash value, nor to find a file with a specific hash value. There is on the other hand no guarantee that such a method does not exist. MD2 has only been licensed for use in Privacy Enhanced Mail. Use MD4 or MD5 if that is not what you are doing. Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All rights reserved. License to copy and use this software is granted provided that it is identified as the "RSA Data Security, Inc. MD5 Message-Digest Algorithm" in all material mentioning or referencing this software or this function. License is also granted to make and use derivative works provided that such works are identified as "derived from the RSA Data Security, Inc. MD5 Message-Digest Algorithm" in all material mentioning or referencing the derived work. RSA Data Security, Inc. makes no representations concerning either the merchantability of this software or the suitability of this software for any particular purpose. It is provided "as is" without express or implied warranty of any kind. These notices must be retained in any copies of any part of this documen- tation and/or software. DragonFly 5.3 February 11, 1999 DragonFly 5.3 md5(3) OpenSSL md5(3)

NAME

MD2, MD4, MD5, MD2_Init, MD2_Update, MD2_Final, MD4_Init, MD4_Update, MD4_Final, MD5_Init, MD5_Update, MD5_Final - MD2, MD4, and MD5 hash functions

SYNOPSIS

#include <openssl/md2.h> unsigned char *MD2(const unsigned char *d, unsigned long n, unsigned char *md); int MD2_Init(MD2_CTX *c); int MD2_Update(MD2_CTX *c, const unsigned char *data, unsigned long len); int MD2_Final(unsigned char *md, MD2_CTX *c); #include <openssl/md4.h> unsigned char *MD4(const unsigned char *d, unsigned long n, unsigned char *md); int MD4_Init(MD4_CTX *c); int MD4_Update(MD4_CTX *c, const void *data, unsigned long len); int MD4_Final(unsigned char *md, MD4_CTX *c); #include <openssl/md5.h> unsigned char *MD5(const unsigned char *d, unsigned long n, unsigned char *md); int MD5_Init(MD5_CTX *c); int MD5_Update(MD5_CTX *c, const void *data, unsigned long len); int MD5_Final(unsigned char *md, MD5_CTX *c);

DESCRIPTION

MD2, MD4, and MD5 are cryptographic hash functions with a 128 bit output. MD2(), MD4(), and MD5() compute the MD2, MD4, and MD5 message digest of the n bytes at d and place it in md (which must have space for MD2_DIGEST_LENGTH == MD4_DIGEST_LENGTH == MD5_DIGEST_LENGTH == 16 bytes of output). If md is NULL, the digest is placed in a static array. The following functions may be used if the message is not completely stored in memory: MD2_Init() initializes a MD2_CTX structure. MD2_Update() can be called repeatedly with chunks of the message to be hashed (len bytes at data). MD2_Final() places the message digest in md, which must have space for MD2_DIGEST_LENGTH == 16 bytes of output, and erases the MD2_CTX. MD4_Init(), MD4_Update(), MD4_Final(), MD5_Init(), MD5_Update(), and MD5_Final() are analogous using an MD4_CTX and MD5_CTX structure. Applications should use the higher level functions EVP_DigestInit(3) etc. instead of calling the hash functions directly.

NOTE

MD2, MD4, and MD5 are recommended only for compatibility with existing applications. In new applications, SHA-1 or RIPEMD-160 should be preferred.

RETURN VALUES

MD2(), MD4(), and MD5() return pointers to the hash value. MD2_Init(), MD2_Update(), MD2_Final(), MD4_Init(), MD4_Update(), MD4_Final(), MD5_Init(), MD5_Update(), and MD5_Final() return 1 for success, 0 otherwise.

CONFORMING TO

RFC 1319, RFC 1320, RFC 1321

SEE ALSO

sha(3), ripemd(3), EVP_DigestInit(3)

HISTORY

MD2(), MD2_Init(), MD2_Update() MD2_Final(), MD5(), MD5_Init(), MD5_Update() and MD5_Final() are available in all versions of SSLeay and OpenSSL. MD4(), MD4_Init(), and MD4_Update() are available in OpenSSL 0.9.6 and above. 1.0.2h 2016-05-03 md5(3) md5(3) OpenSSL md5(3)

NAME

MD2, MD4, MD5, MD2_Init, MD2_Update, MD2_Final, MD4_Init, MD4_Update, MD4_Final, MD5_Init, MD5_Update, MD5_Final - MD2, MD4, and MD5 hash functions

SYNOPSIS

#include <openssl/md2.h> unsigned char *MD2(const unsigned char *d, unsigned long n, unsigned char *md); int MD2_Init(MD2_CTX *c); int MD2_Update(MD2_CTX *c, const unsigned char *data, unsigned long len); int MD2_Final(unsigned char *md, MD2_CTX *c); #include <openssl/md4.h> unsigned char *MD4(const unsigned char *d, unsigned long n, unsigned char *md); int MD4_Init(MD4_CTX *c); int MD4_Update(MD4_CTX *c, const void *data, unsigned long len); int MD4_Final(unsigned char *md, MD4_CTX *c); #include <openssl/md5.h> unsigned char *MD5(const unsigned char *d, unsigned long n, unsigned char *md); int MD5_Init(MD5_CTX *c); int MD5_Update(MD5_CTX *c, const void *data, unsigned long len); int MD5_Final(unsigned char *md, MD5_CTX *c);

DESCRIPTION

MD2, MD4, and MD5 are cryptographic hash functions with a 128 bit output. MD2(), MD4(), and MD5() compute the MD2, MD4, and MD5 message digest of the n bytes at d and place it in md (which must have space for MD2_DIGEST_LENGTH == MD4_DIGEST_LENGTH == MD5_DIGEST_LENGTH == 16 bytes of output). If md is NULL, the digest is placed in a static array. The following functions may be used if the message is not completely stored in memory: MD2_Init() initializes a MD2_CTX structure. MD2_Update() can be called repeatedly with chunks of the message to be hashed (len bytes at data). MD2_Final() places the message digest in md, which must have space for MD2_DIGEST_LENGTH == 16 bytes of output, and erases the MD2_CTX. MD4_Init(), MD4_Update(), MD4_Final(), MD5_Init(), MD5_Update(), and MD5_Final() are analogous using an MD4_CTX and MD5_CTX structure. Applications should use the higher level functions EVP_DigestInit(3) etc. instead of calling the hash functions directly.

NOTE

MD2, MD4, and MD5 are recommended only for compatibility with existing applications. In new applications, SHA-1 or RIPEMD-160 should be preferred.

RETURN VALUES

MD2(), MD4(), and MD5() return pointers to the hash value. MD2_Init(), MD2_Update(), MD2_Final(), MD4_Init(), MD4_Update(), MD4_Final(), MD5_Init(), MD5_Update(), and MD5_Final() return 1 for success, 0 otherwise.

CONFORMING TO

RFC 1319, RFC 1320, RFC 1321

SEE ALSO

sha(3), ripemd(3), EVP_DigestInit(3)

HISTORY

MD2(), MD2_Init(), MD2_Update() MD2_Final(), MD5(), MD5_Init(), MD5_Update() and MD5_Final() are available in all versions of SSLeay and OpenSSL. MD4(), MD4_Init(), and MD4_Update() are available in OpenSSL 0.9.6 and above. 1.0.2f 2016-01-28 md5(3) md5(n) md5(n)

NAME

md5 - Message digest "md5"

SYNOPSIS

package require Tcl ?8.2? package require Trf ?2.1.3? md5 ?options...? ?data?

DESCRIPTION

The command md5 is one of several message digests provided by the pack- age trf. See trf-intro for an overview of the whole package. md5 ?options...? ?data? The options listed below are understood by the digest if and only if the digest is attached to a channel. See section IMME- DIATE versus ATTACHED for an explanation of the term attached. -mode absorb|write|transparent This option has to be present. The specified argument determines the behaviour of the digest in attached mode. Beyond the argument values listed above all unique abbre- viations are recognized too. Their meaning is explained below: absorb All data written to the channel is used to calcu- late the value of the message digest and then passed unchanged to the next level in the stack of transformations for the channel the digest is attached to. When the channel is closed the com- pleted digest is written out too, essentially attaching the vlaue of the diggest after the information actually written to the channel. When reading from the channel a value for the digest is computed too, and after closing of the channel compared to the digest which was attached, i.e. came behind the actual data. The option -matchflag has to be specified so that the digest knows where to store the result of said compari- son. This result is a string and either "ok", or "failed". write All data read from or written to the channel the digest is attached to is ignored and thrown away. Only a value for the digest of the data is com- puted. When the channel is closed the computed values are stored as ordered through the options -write-destination, -write-type, -read-destina- tion, and -read-type. transparent This mode is a mixture of both absorb and write modes. As for absorb all data, read or written, passes through the digest unchanged. The generated values for the digest however are handled in the same way as for write. -matchflag varname This option can be used if and only if the option "-mode absorb" is present. In that situation the argument is the name of a global or namespaced variable. The digest will write the result of comparing two digest values into this variable. The option will be ignored if the channel is write-only, because in that case there will be no compar- ison of digest values. -write-type variable|channel This option can be used for digests in mode write or transparent. Beyond the values listed above all their unique abbreviations are also allowed as argument values. The option determines the type of the argument to option -write-destination. It defaults to variable. -read-type variable|channel Like option -write-type, but for option -read-destina- tion. -write-destination data This option can be used for digests in mode write or transparent. The value data is either the name of a global (or namespaced) variable or the handle of a writable channel, dependent on the value of option -write-type. The message digest computed for data written to the attached channel is written into it after the attached channel was closed. The option is ignored if the channel is read-only. Note that using a variable may yield incorrect results under tcl 7.6, due to embedded \0's. -read-destination data This option can be used for digests in mode write or transparent. The value data is either the name of a global (or namespaced) variable or the handle of a writable channel, dependent on the value of option -read- type. The message digest computed for data read from the attached channel is written into it after the attached channel was closed. The option is ignored if the channel is write-only. Note that using a variable may yield incorrect results under tcl 7.6, due to embedded \0's. The options listed below are always understood by the digest, attached versus immediate does not matter. See section IMMEDIATE versus ATTACHED for explanations of these two terms. -attach channel The presence/absence of this option determines the main operation mode of the transformation. If present the transformation will be stacked onto the channel whose handle was given to the option and run in attached mode. More about this in section IMMEDIATE ver- sus ATTACHED. If the option is absent the transformation is used in immediate mode and the options listed below are recog- nized. More about this in section IMMEDIATE versus ATTACHED. -in channel This options is legal if and only if the transformation is used in immediate mode. It provides the handle of the channel the data to transform has to be read from. If the transformation is in immediate mode and this option is absent the data to transform is expected as the last argument to the transformation. -out channel This options is legal if and only if the transformation is used in immediate mode. It provides the handle of the channel the generated transformation result is written to. If the transformation is in immediate mode and this option is absent the generated data is returned as the result of the command itself.

IMMEDIATE VERSUS ATTACHED

The transformation distinguishes between two main ways of using it. These are the immediate and attached operation modes. For the attached mode the option -attach is used to associate the transformation with an existing channel. During the execution of the command no transformation is performed, instead the channel is changed in such a way, that from then on all data written to or read from it passes through the transformation and is modified by it according to the definition above. This attachment can be revoked by executing the command unstack for the chosen channel. This is the only way to do this at the Tcl level. In the second mode, which can be detected by the absence of option -attach, the transformation immediately takes data from either its com- mandline or a channel, transforms it, and returns the result either as result of the command, or writes it into a channel. The mode is named after the immediate nature of its execution. Where the data is taken from, and delivered to, is governed by the presence and absence of the options -in and -out. It should be noted that this ability to immediately read from and/or write to a channel is an historic artifact which was introduced at the beginning of Trf's life when Tcl version 7.6 was current as this and earlier versions have trouble to deal with \0 characters embedded into either input or out- put.

SEE ALSO

adler, crc, crc-zlib, haval, md2, md5, md5_otp, ripemd-128, ripemd-160, sha, sha1, sha1_otp, trf-intro

KEYWORDS

authentication, hash, hashing, mac, md5, message digest

COPYRIGHT

Copyright (c) 1996-2003, Andreas Kupries <andreas_kupries@users.sourceforge.net> Trf transformer commands 2.1.3 md5(n)

Search: Section: