For the relevant knowledge of the national secret algorithm, please see: Cryptography Series-National secret algorithm
Expand the national secret method on Fabric
One is to expand the national secret package based on Fabric itself
This kind of modification does not require any changes to the Golang standard library, all modifications are made on the source code of the Fabric project
- First, transplant and encapsulate the national secret library
gm-crypto; - Second, extend Fabric's existing
bccspmodules; - Third, modify
x509证书relevant places.- Fabric-CA is mainly to realize the identity control of members joining the alliance chain and data generation and storage. In Fabric-CA:
Lib, Mainly the realization of the interface, mainly in the analysis of the request for certificate application and the process of issuing the certificate to be replaced with the national secret algorithm;Util, The package of data tools mainly expands the national secret algorithm in the operation of certificate encoding and decoding;VendorIn, replace the reference to the Fabric package and provide support for the national secret algorithm
- Fabric-CA is mainly to realize the identity control of members joining the alliance chain and data generation and storage. In Fabric-CA:
There are probably the following aspects to expand the national secret algorithm in Fabric:
- First, the Fabric framework expands to support the national secret algorithm;
- Second, Fabric-CA expands to support the national secret algorithm;
- Third, Fabric-SDK expands to support the national secret algorithm;
- Fourth, the fabric-baseimage and fabric-baseos image extensions support the national secret algorithm;
- Fifth, Fabirc framework extension supports loading .so library.
Another method is to extend the national secret based on the Golang standard library
This solution is to directly expand the Golang standard library, and the reform is more clear.
National secret algorithm based on Go language:
Tongji Research Institute National Secret Algorithm
SM2: National secret elliptic curve algorithm library
- Support Generate Key, Sign, Verify basic operations
- Support encrypted and unencrypted pem file format (see RFC5958 for encryption method, specific implementation of participation code)
- Support certificate generation, certificate reading and writing (interface compatible with rsa and ecdsa certificates)
- Support operation of certificate chain (interface compatible with rsa and ecdsa)
- Support crypto.Signer interface
SM3: National secret Hash algorithm library (digest algorithm)
- Support basic sm3Sum operations
- Support hash.Hash interface
SM4: National secret block cipher algorithm library
- Support Generate Key, Encrypt, Decrypt basic operations
- Provide Cipher.Block interface
- Support encrypted and unencrypted pem file format (encryption method is pem block encryption, the specific function is x509.EncryptPEMBlock)