[openssl-users] "openssl dgst" computes wrong HMAC?

Johannes Bauer dfnsonfsduifb at gmx.de
Tue Feb 3 11:11:15 UTC 2015

On 03.02.2015 11:16, Billy Brumley wrote:
>> $ echo -n foobar | openssl dgst -sha256 -hex -hmac aabbcc
>> (stdin)= 6e74cdc3b72b8b66535b914357c7d656a22acbb1700b4e6de688fd5c091d305c
> This gets posted every once in a while -- google around. Something
> about the hmac switch not doing what you think it's doing.
> $ echo -n foobar | openssl dgst -sha256 -mac HMAC -macopt hexkey:aabbcc
> (stdin)= 985343745ee86b452c7c0b327171829c77e1a022f423d95156b52fa22083db8e

Ah, interesting. I did google the issue, but only found post of people
who didn't realize that echo without "-n" appends a newline.

If this topic really comes up every now and then, I'd still suggest
updating the help page to clarify while remaining identical behavior.
Currently it reads "-hmac arg    set the HMAC key to arg". I would
suggest "-hmac str    set the HMAC key to the string str".


More information about the openssl-users mailing list