Use SHA256 not MD5 as default digest.
(Documentation update was in the MR but not the commit. Oops.) Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
This commit is contained in:
Rich Salz
parent
40abdf8e39
commit
9e8b6f0427
4
CHANGES
4
CHANGES
@ -210,6 +210,10 @@
|
||||
*) Added HTTP GET support to the ocsp command.
|
||||
[Rich Salz]
|
||||
|
||||
*) Changed default digest for the dgst and enc commands from MD5 to
|
||||
sha256
|
||||
[Rich Salz]
|
||||
|
||||
*) RAND_pseudo_bytes has been deprecated. Users should use RAND_bytes instead.
|
||||
[Matt Caswell]
|
||||
|
||||
|
||||
@ -2,12 +2,12 @@
|
||||
|
||||
=head1 NAME
|
||||
|
||||
dgst, sha, sha1, mdc2, ripemd160, sha224, sha256, sha384, sha512, md2, md4, md5, dss1 - message digests
|
||||
dgst, sha, sha1, mdc2, ripemd160, sha224, sha256, sha384, sha512, md4, md5 - message digests
|
||||
|
||||
=head1 SYNOPSIS
|
||||
|
||||
B<openssl> B<dgst>
|
||||
[B<-sha|-sha1|-mdc2|-ripemd160|-sha224|-sha256|-sha384|-sha512|-md2|-md4|-md5|-dss1>]
|
||||
[B<-sha|-sha1|-mdc2|-ripemd160|-sha224|-sha256|-sha384|-sha512|-md4|-md5>]
|
||||
[B<-c>]
|
||||
[B<-d>]
|
||||
[B<-hex>]
|
||||
@ -36,6 +36,13 @@ The digest functions output the message digest of a supplied file or files
|
||||
in hexadecimal. The digest functions also generate and verify digital
|
||||
signatures using message digests.
|
||||
|
||||
The generic name, B<dgst>, may be used with an option specifying the
|
||||
algorithm to be used.
|
||||
The default digest is I<sha256>.
|
||||
The digest name may also be used as the command name.
|
||||
To see the list of supported algorithms, use the <Ilist --digest-commands>
|
||||
command.
|
||||
|
||||
=head1 OPTIONS
|
||||
|
||||
=over 4
|
||||
@ -209,5 +216,8 @@ Hex signatures cannot be verified using B<openssl>. Instead, use "xxd -r"
|
||||
or similar program to transform the hex signature into a binary signature
|
||||
prior to verification.
|
||||
|
||||
=head1 HISTORY
|
||||
|
||||
The default digest was chaned from MD5 to SHA256 in Openssl 1.1.
|
||||
|
||||
=cut
|
||||
|
||||
@ -22,7 +22,7 @@ B<openssl enc -ciphername>
|
||||
[B<-salt>]
|
||||
[B<-nosalt>]
|
||||
[B<-z>]
|
||||
[B<-md>]
|
||||
[B<-md digest>]
|
||||
[B<-p>]
|
||||
[B<-P>]
|
||||
[B<-bufsize number>]
|
||||
@ -97,6 +97,11 @@ read the password to derive the key from the first line of B<filename>.
|
||||
This is for compatibility with previous versions of OpenSSL. Superseded by
|
||||
the B<-pass> argument.
|
||||
|
||||
=item B<-md digest>
|
||||
|
||||
Use the specified digest to create the key from the passphrase.
|
||||
The default algorithm is sha-256.
|
||||
|
||||
=item B<-nosalt>
|
||||
|
||||
do not use a salt
|
||||
@ -329,4 +334,8 @@ The B<enc> program only supports a fixed number of algorithms with
|
||||
certain parameters. So if, for example, you want to use RC2 with a
|
||||
76 bit key or RC4 with an 84 bit key you can't use this program.
|
||||
|
||||
=head1 HISTORY
|
||||
|
||||
The default digest was chaned from MD5 to SHA256 in Openssl 1.1.
|
||||
|
||||
=cut
|
||||
|
||||
Loading…
Reference in New Issue
Block a user