Preface
GmSSL is a tool library for the national secret algorithm (mainly including functions such as SM2, SM3, SM4 and national secret SSL certificate generation). The project itself is a branch of OpenSSL. However, as of the publication of this article, the national secret algorithm of the main branch of OpenSSL is not perfect. Currently, signing and unsigning are not supported, so the GmSSL tool library is still required for the national encryption algorithm.
There are currently no command line articles available on the Internet for the v2 version of GmSSL. This chapter is used to record these commands.
This article is originally from the csdn blog. If you see this article on other websites, it will be pirated, copied, and crawled. insect. The website supports originality and stays away from piracy.
GmSSL-v2 compilation and installation
GmSSL-v2 is written in c/c++, and compilation is troublesome. Compiling using visual studio requires a perl environment. You can compile it step by step according to the error prompts.
National secret algorithm command line
gmssl -help
Help instructions can be viewed through the GmSSL v2 command line .
The following are four commonly used command lines for the national secret sm2 private key, public key, signature and verification signature.
Private key generation
Generate private key using elliptic curve algorithm
Generate private key to file using elliptic curve
gmssl ecparam -genkey -name sm2p256v1 -text -out eguidPrikey.pem
Generate private key to command line console
gmssl ecparam -genkey -name sm2p256v1 -text
-----BEGIN EC PRIVATE KEY-----
Private key content
-----END EC PRIVATE KEY-----
Public key generation
Generate public key to console
gmssl pkey -in sm2.pem -pubout -text_pub
-----BEGIN PUBLIC KEY-----
公钥内容
-----END PUBLIC KEY-----
Public-Key: (256 bit)
pub:
04:dc:24:ec:0e:a2:a5:6a:51:0f:ec:f9:c4:af:a6:
96:3d:7b:b5:a3:b8:e8:00:8f:19:6e:89:20:31:e5:
51:99:28:a4:7f:94:fe:d9:f3:bf:c6:71:9e:09:8a:
82:24:d9:aa:0e:2b:78:c0:3d:37:1f:fb:43:f4:e0:
8a:10:eb:44:8d
ASN1 OID: sm2p256v1
NIST CURVE: SM2
Generate public key to file
gmssl pkey -in sm2.pem -out pub.pem -pubout -text_pub
Private key generates signature
If the id is empty, fill in 1234567812345678 by default. The id is generally determined by yourself
gmssl sm2utl -sign -in test.txt -inkey sm2.pem -out out.txt -id 1
Public key verification signature
If the id is empty, fill in 1234567812345678 by default. The verification id should be consistent with the signature id
gmssl sm2utl -verify -in test.txt -sigfile out -pubin -inkey pub.pem -id 1