1、下载GmSSL# wget https://github.com/guanzhi/GmSSL/archive/master.zip
# unzip master.zip
2、编译安装GmSSL
# ./config
# make
# make install
# ln -s /usr/local/lib64/libssl.so.1.1 /usr/lib64/libssl.so.1.1
# ln -s /usr/local/lib64/libcrypto.so.1.1 /usr/lib64/libcrypto.so.1.1
3、检查GmSSL版本
# gmssl version -a
4、测试GmSSL加密
SM3 digest generation(哈希算法,类似MD5)
# echo -n "abc" | gmssl sm3
(stdin)= 66c7f0f462eeedd9d1f2d46bdc10e4e24167c4875cf2f7a2297da02b8f4ba8e0
SM4 encryptiona and decryption(对称算法,类似AES、3DES)
# gmssl sms4 -in README.md -out README.sms4
# gmssl sms4 -d -in README.sms4
SM2 private key generation(非对称算法,类似RSA)
# gmssl genpkey -algorithm EC -pkeyopt ec_paramgen_curve:sm2p256v1 -pkeyopt ec_param_enc:named_curve -out skey.pem
Derive the public key from the generated SM2 private key:
# gmssl pkey -pubout -in skey.pem -out vkey.pem
SM2 signature generation and verification:
# gmssl sm3 -binary README.md | gmssl pkeyutl -sign -pkeyopt ec_scheme:sm2 -inkey skey.pem -out README.md.sig
# gmssl sm3 -binary README.md | gmssl pkeyutl -verify -pkeyopt ec_scheme:sm2 -pubin -inkey vkey.pem -sigfile README.md.sig
# gmssl genpkey -algorithm EC -pkeyopt ec_paramgen_curve:sm2p256v1 -pkeyopt ec_param_enc:named_curve -out dkey.pem
# gmssl pkey -pubout -in dkey.pem -out ekey.pem
# echo "Top Secret" | gmssl pkeyutl -encrypt -pkeyopt ec_scheme:sm2 -pubin -inkey ekey.pem -out ciphertext.sm2
# gmssl pkeyutl -decrypt -pkeyopt ec_scheme:sm2 -inkey dkey.pem -in ciphertext.sm2
Self-signed SM2 certificate generation:
# gmssl req -new -x509 -key skey.pem -out cert.pem
