CENTOS6环境用GmSSL制作SM2国密证书,以期代替用RSA算法制作的SSL证书

2023年 7月 11日 38.4k 0

1、下载GmSSL# wget https://github.com/guanzhi/GmSSL/archive/master.zip

# unzip master.zip

 

2、编译安装GmSSL

# ./config

# make

# make install

# ln -s /usr/local/lib64/libssl.so.1.1 /usr/lib64/libssl.so.1.1

# ln -s /usr/local/lib64/libcrypto.so.1.1 /usr/lib64/libcrypto.so.1.1

 

3、检查GmSSL版本

# gmssl version -a

 

4、测试GmSSL加密

SM3 digest generation(哈希算法,类似MD5)

# echo -n "abc" | gmssl sm3

(stdin)= 66c7f0f462eeedd9d1f2d46bdc10e4e24167c4875cf2f7a2297da02b8f4ba8e0

 

SM4 encryptiona and decryption(对称算法,类似AES、3DES)

# gmssl sms4 -in README.md -out README.sms4

# gmssl sms4 -d -in README.sms4

 

SM2 private key generation(非对称算法,类似RSA)

# gmssl genpkey -algorithm EC -pkeyopt ec_paramgen_curve:sm2p256v1 -pkeyopt ec_param_enc:named_curve -out skey.pem

 

Derive the public key from the generated SM2 private key:

# gmssl pkey -pubout -in skey.pem -out vkey.pem

 

SM2 signature generation and verification:

# gmssl sm3 -binary README.md | gmssl pkeyutl -sign -pkeyopt ec_scheme:sm2 -inkey skey.pem -out README.md.sig

 

# gmssl sm3 -binary README.md | gmssl pkeyutl -verify -pkeyopt ec_scheme:sm2 -pubin -inkey vkey.pem -sigfile README.md.sig

 

# gmssl genpkey -algorithm EC -pkeyopt ec_paramgen_curve:sm2p256v1 -pkeyopt ec_param_enc:named_curve -out dkey.pem

 

# gmssl pkey -pubout -in dkey.pem -out ekey.pem

 

# echo "Top Secret" | gmssl pkeyutl -encrypt -pkeyopt ec_scheme:sm2 -pubin -inkey ekey.pem -out ciphertext.sm2

 

# gmssl pkeyutl -decrypt -pkeyopt ec_scheme:sm2 -inkey dkey.pem -in ciphertext.sm2

 

Self-signed SM2 certificate generation:

 

# gmssl req -new -x509 -key skey.pem -out cert.pem

相关文章

服务器端口转发,带你了解服务器端口转发
服务器开放端口,服务器开放端口的步骤
产品推荐:7月受欢迎AI容器镜像来了,有Qwen系列大模型镜像
如何使用 WinGet 下载 Microsoft Store 应用
百度搜索:蓝易云 – 熟悉ubuntu apt-get命令详解
百度搜索:蓝易云 – 域名解析成功但ping不通解决方案

发布评论