Description ekey country's basic encryption algorithm used

Others 2019-06-02 22:46:53 views: null

Outline

Experimental study on the need for this is to use the country's secret algorithm ekey. For one or more applications, each application may comprise one or more containers (Container), each container can be stored in two pairs for encryption and signing key pair, and the two respective certificate or a certificate chain. Each container is only one type of ECC or RSA, ECC can not be mixed in a container and key RSA key. The personal understanding, is the role of ekey generating chamber, or the need to encrypt the message file using the encryption algorithm corresponding to the encryption, to generate a certificate, the certificate into ekey container. When used in this way to the file on another terminal, using EKEY, corresponding container may certificate authentication, to ensure safety.

lab environment

  • Windows 7
  • Debian Linux Kali
  • The GmSSL Project
    here using SM2 algorithm to encrypt documents

experiment procedure

Experimental divided into the following process:

  • SM2 generate a key pair
  • SM2 generate self-signed certificate as a root CA
  • SM2 generate a key pair
  • Generating a certificate request CSR
  • Signed with CA
  • Check test
  • Generates PKCS12 format certificate file
  • Verification certificate in the win environment

Specific process is as follows:
generating a key pair SM2 cakeyGM.pem:

generating a self-signed certificate SM2, enter details relating to a root CA, generating cacertGM.crt:

generating a key pair SM2 testUserGM.key:

after the certificate request generating the CSR:
gmssl req -new -key testUserGM.com.key -out testUserGM.com.csr
and then later, with CA initially generated sign:
gmssl ca -in testUserGM.com.csr -out testUserGM.com.crt -cert demoCA/cacertGM.crt -keyfile demoCA/private/cakeyGM.pem
inspection sign:
gmssl verify -verbose -x509_strict -CAfile demoCA/cacertGM.crt testUserGM.crt
generating PKCS12 format certificate file:

the above-mentioned operation has generated a PKCS12 format, and has been imported into the ekey, after opening the win7 system, configured ekey management tools, We found ContainerGuo container has been generated, which exhibits a certificate generated above, as shown below:

Details Touch certificate, certificate details see who, consistent with the above configuration of the input information, as shown below:

So far, ekey has been stored in a certificate generation, and consistent with the configuration information, authentication is successful.

Above, namely ekey describes the basic use.
References: https://blog.csdn.net/weixin_42037232/article/details/88537092

Guess you like

Origin www.cnblogs.com/intoxication/p/10963932.html
Recommended
Ranking
#2019110700005
What materials and procedures are required for patent transfer
What is the blockchain Ethereum triplet state root transaction root receipt root
Front-end study notes 04 --- About the insertion of html pictures and videos
Documents required for the filing of WeChat Mini Programs in special industries, the filing process of WeChat Mini Programs in special industries, how to file WeChat Mini Programs in special industries
2017 Qingdao-site tournament I The Squared Mosquito Coil
[BZOJ3165][HEOI2013]Segment (line segment tree without marking)
Kettle series: KettleEasyExpand, an open source Kettle universal plugin by Ma Jinju
The latest tutorial on making framework for iOS
DAX Section 6: Statistical Functions
Daily
More
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)

Code World

© 2018 codetd.com