/usr/bin/mac [-v] -a algorithm [-k keyfile | -K key_label [-T token_spec]] [file]...
The mac utility calculates the message authentication code (MAC) of the given file or files or stdin using the algorithm specified.
The following options are supported:
token_spec has the format of:
token_name [:manuf_id [:serial_no]]
When a token label contains trailing spaces, this option does not require them to be typed as a convenience to the user.
Colon separates token identification string. If any of the parts have a literal colon (:) character, it must be escaped by a backslash (\). If a colon (:) is not found, the entire string (up to 32 characters) is taken as the token label. If only one colon (:) is found, the string is the token label and the manufacturer.
The supported algorithms are displayed with the -l option. These algorithms are provided by the cryptographic framework. Each supported algorithm is an alias to the most commonly used and least restricted version of a particular algorithm type. For example, md5_hmac is an alias to CKM_MD5_HMAC.
When the -k option is not used during encryption and decryption tasks, the user is prompted for a passphrase. The passphrase is manipulated into a more secure key using the PBKDF2 algorithm specified in PKCS #5.
Example 1 Listing Available Algorithms
The following example lists available algorithms:
example$ mac -l Algorithm Keysize: Min Max ----------------------------------- des_mac 64 64 sha1_hmac 8 512 md5_hmac 8 512 sha256_hmac 8 512 sha384_hmac 8 1024 sha512_hmac 8 1024
Example 2 Getting the Message Authentication Code
The following example gets the message authentication code for a file:
example$ mac -v -k mykey -a sha1_hmac /export/foo sha1_hmac (/export/foo) = 913ced311df10f1708d9848641ca8992f4718057
Example 3 Getting the Message Authentication Code with a Token Key
The following example gets the message authentication code with a generic token key in the soft token keystore. The generic token key can be generated with pktool(1):
encrypt -v -a sha1_hmac -K my_generic_key \ -T "Sun Software PKCS#11 softtoken" /export/foo Enter pin for Sun Software PKCS#11 softtoken: sha1_hmac (/etc/foo) = c2ba5c38458c092a68940081240d22b670182968
The following exit values are returned:
See attributes(5) for descriptions of the following attributes:
System Administration Guide: Security Services
RSA PKCS#11 v2.20 and RSA PKCS#5 v2.0, http://www.rsasecurity.com