CENTOS6环境用GmSSL制作SM2国密证书，以期代替用RSA算法制作的SSL证书

系统运维 2023-07-11 Escape 手机阅读

1、下载GmSSL# wget https://github.com/guanzhi/GmSSL/archive/master.zip

# unzip master.zip

2、编译安装GmSSL

# ./config

# make

# make install

# ln -s /usr/local/lib64/libssl.so.1.1 /usr/lib64/libssl.so.1.1

# ln -s /usr/local/lib64/libcrypto.so.1.1 /usr/lib64/libcrypto.so.1.1

3、检查GmSSL版本

# gmssl version -a

4、测试GmSSL加密

SM3 digest generation（哈希算法，类似MD5）

# echo -n "abc" | gmssl sm3

(stdin)= 66c7f0f462eeedd9d1f2d46bdc10e4e24167c4875cf2f7a2297da02b8f4ba8e0

SM4 encryptiona and decryption（对称算法，类似AES、3DES）

# gmssl sms4 -in README.md -out README.sms4

# gmssl sms4 -d -in README.sms4

SM2 private key generation（非对称算法，类似RSA）

# gmssl genpkey -algorithm EC -pkeyopt ec_paramgen_curve:sm2p256v1 -pkeyopt ec_param_enc:named_curve -out skey.pem

Derive the public key from the generated SM2 private key:

# gmssl pkey -pubout -in skey.pem -out vkey.pem

SM2 signature generation and verification:

# gmssl sm3 -binary README.md | gmssl pkeyutl -sign -pkeyopt ec_scheme:sm2 -inkey skey.pem -out README.md.sig

# gmssl sm3 -binary README.md | gmssl pkeyutl -verify -pkeyopt ec_scheme:sm2 -pubin -inkey vkey.pem -sigfile README.md.sig

# gmssl genpkey -algorithm EC -pkeyopt ec_paramgen_curve:sm2p256v1 -pkeyopt ec_param_enc:named_curve -out dkey.pem

# gmssl pkey -pubout -in dkey.pem -out ekey.pem

# echo "Top Secret" | gmssl pkeyutl -encrypt -pkeyopt ec_scheme:sm2 -pubin -inkey ekey.pem -out ciphertext.sm2

# gmssl pkeyutl -decrypt -pkeyopt ec_scheme:sm2 -inkey dkey.pem -in ciphertext.sm2

Self-signed SM2 certificate generation:

# gmssl req -new -x509 -key skey.pem -out cert.pem

Win11 Dev渠道怎么换到Beta渠道？

win10玩红警2总是闪退解决办法

关闭windows开机动画方法