dgst.1s
Compute message digests (hashes) of files
SYNOPSIS
openssl dgst [-md5|-sha1|-sha256|-sha512|-ripemd160|-
PARAMETERS
-md5
Use the MD5 message digest algorithm.
-sha1
Use the SHA-1 message digest algorithm.
-sha256
Use the SHA-256 message digest algorithm.
-sha512
Use the SHA-512 message digest algorithm.
-ripemd160
Use the RIPEMD160 message digest algorithm.
-
Use the specified message digest algorithm (e.g., -sha3-256).
-c
Print out the digest in two column form.
-d
Print out BIO debugging information.
-hex
Output the digest in hexadecimal format.
-binary
Output the digest in binary format.
-out filename
Write the output to the specified file.
-sign filename
Digitally sign the message using the specified private key file.
-verify filename
Verify the signature using the specified certificate file.
-prverify filename
Verify the signature using the specified private key file.
-signature filename
The actual signature to verify.
-keyform arg
The key format: DER, PEM, P12, ENGINE.
-passin arg
The key password source.
-engine id
Specifies the engine to use (hardware acceleration).
file...
One or more input files. If no files are specified, input is read from standard input.
DESCRIPTION
The dgst command is a versatile tool for calculating message digests (cryptographic hashes) of files or data streams. It supports various hashing algorithms, including MD5, SHA-1, SHA-256, SHA-512 and many more.
The primary purpose of dgst is to generate a fixed-size representation (the digest) of an input, which can be used to verify data integrity. Any change to the input will result in a different digest.
This command is widely used for verifying file downloads, ensuring data integrity during transmission or storage, and creating digital signatures. It's a crucial component in many security-related workflows.
EXIT CODES
dgst returns 0 on success, 1 if the command line could not be parsed, 2 if the input file could not be read, or 3 if the signature verification failed. Other errors may produce different exit codes depending on the specific error condition.
SECURITY CONSIDERATIONS
It's crucial to use strong and up-to-date hashing algorithms like SHA-256 or SHA-512, as older algorithms like MD5 and SHA-1 are considered cryptographically broken and should be avoided in new applications. When verifying signatures, always ensure that the certificate used for verification is trusted and valid.
HISTORY
The dgst command is part of the OpenSSL project, which has a long history of providing cryptographic tools and libraries. It has been a core component of OpenSSL since its inception. The command's functionality has evolved alongside the development of new cryptographic algorithms and security standards.