LinuxCommandLibrary

dgst.1s

Compute message digests (hashes) of files

SYNOPSIS

openssl dgst [-md5|-sha1|-sha256|-sha512|-ripemd160|-] [-c] [-d] [-hex] [-binary] [-out filename] [-sign filename] [-verify filename] [-prverify filename] [-signature filename] [-keyform arg] [-passin arg] [-engine id] [file...]

PARAMETERS

-md5
    Use the MD5 message digest algorithm.

-sha1
    Use the SHA-1 message digest algorithm.

-sha256
    Use the SHA-256 message digest algorithm.

-sha512
    Use the SHA-512 message digest algorithm.

-ripemd160
    Use the RIPEMD160 message digest algorithm.

-
    Use the specified message digest algorithm (e.g., -sha3-256).

-c
    Print out the digest in two column form.

-d
    Print out BIO debugging information.

-hex
    Output the digest in hexadecimal format.

-binary
    Output the digest in binary format.

-out filename
    Write the output to the specified file.

-sign filename
    Digitally sign the message using the specified private key file.

-verify filename
    Verify the signature using the specified certificate file.

-prverify filename
    Verify the signature using the specified private key file.

-signature filename
    The actual signature to verify.

-keyform arg
    The key format: DER, PEM, P12, ENGINE.

-passin arg
    The key password source.

-engine id
    Specifies the engine to use (hardware acceleration).

file...
    One or more input files. If no files are specified, input is read from standard input.

DESCRIPTION

The dgst command is a versatile tool for calculating message digests (cryptographic hashes) of files or data streams. It supports various hashing algorithms, including MD5, SHA-1, SHA-256, SHA-512 and many more.
The primary purpose of dgst is to generate a fixed-size representation (the digest) of an input, which can be used to verify data integrity. Any change to the input will result in a different digest.
This command is widely used for verifying file downloads, ensuring data integrity during transmission or storage, and creating digital signatures. It's a crucial component in many security-related workflows.

EXIT CODES

dgst returns 0 on success, 1 if the command line could not be parsed, 2 if the input file could not be read, or 3 if the signature verification failed. Other errors may produce different exit codes depending on the specific error condition.

SECURITY CONSIDERATIONS

It's crucial to use strong and up-to-date hashing algorithms like SHA-256 or SHA-512, as older algorithms like MD5 and SHA-1 are considered cryptographically broken and should be avoided in new applications. When verifying signatures, always ensure that the certificate used for verification is trusted and valid.

HISTORY

The dgst command is part of the OpenSSL project, which has a long history of providing cryptographic tools and libraries. It has been a core component of OpenSSL since its inception. The command's functionality has evolved alongside the development of new cryptographic algorithms and security standards.

SEE ALSO

Copied to clipboard