gmssl工具箱的安装在另一篇博文里写过,这里不赘述啦~
gmssl工具安装使用及问题解决
[root@centos7-1 test-gmssl]# touch sm4test //创建一个测试文件
[root@centos7-1 test-gmssl]# vim sm4test
this is a sm4 test
~
~
~
~
[root@centos7-1 test-gmssl]# gmssl sms4 -e -in sm4test -out sm4test.sms4 //sm4test为输入文件名,sm4test.sms4为输出文件名
enter sms4-cbc encryption password:
Verifying - enter sms4-cbc encryption password:
[root@centos7-1 test-gmssl]# ls
sm4test sm4test.sms4 //现在已经生成了加密后的文件
[root@centos7-1 test-gmssl]# vim sm4test.sms4 //加密后的文件
Salted__ëÇ<91>ùiìØ\^Ti|<93>akÓn»^X^Bd½Á<9c>^Mo^W<84>^_ð<8a>^RÇÌ<96><8e>*}ÃTZ
~
~
[root@centos7-1 test-gmssl]# gmssl sms4 -d -in sm4test.sms4
enter sms4-cbc decryption password:
this is a sm4 test //输入密码后可以看到已经解密还原出来原来的内容
[root@centos7-1 test-gmssl]# touch sm3test
[root@centos7-1 test-gmssl]# vim sm3test
This is a sm3 test, the output will show the digest of the file.
~
~
~
[root@centos7-1 test-gmssl]# gmssl sm3 sm3test
SM3(sm3test)= b57e6b6f56f7e079e50d5f69a9eff92c67e8f1e49a64c148d6adb14c67ae35ce
[root@centos7-1 test-gmssl]# gmssl genpkey -algorithm EC -pkeyopt ec_paramgen_curve:sm2p256v1 \
> -out signkey.pem
[root@centos7-1 test-gmssl]# ls
signkey.pem //已经生成了密钥
[root@centos7-1 test-gmssl]# vim signkey.pem //查看密钥
-----BEGIN PRIVATE KEY-----
MIGHAgEAMBMGByqGSM49AgEGCCqBHM9VAYItBG0wawIBAQQgK2m9aIxuGHBBXQVE
2GwVUwnxskptoMNwJH1LHlr2wXqhRANCAATreqslHmR631HGqj0OXs+ZFJhgqKLx
pKgFCgYld7Tzqsf1rGysXcKwIxfJYANxUdMm6QLFFhT7oExpE1Rzf9nv
-----END PRIVATE KEY-----
~
[root@centos7-1 test-gmssl]# touch sm2test
[root@centos7-1 test-gmssl]# vim sm2test
hello
~
~
~
[root@centos7-1 test-gmssl]# gmssl pkeyutl -sign -pkeyopt ec_scheme:sm2 -inkey signkey.pem \
> -in sm2test -out sm2test.sig //生成签名文件
[root@centos7-1 test-gmssl]# ls
signkey.pem sm2test sm2test.sig
可以将公钥从signkey.pem中导出并发发布给验证签名的一方
[root@centos7-1 test-gmssl]# gmssl pkeyutl -verify -pkeyopt ec_scheme:sm2 -pubin -inkey vrfykey.pem -in sm2test -sigfile sm2test.sig
Signature Verified Successfully //使用公钥验签
[root@centos7-1 test-gmssl]# gmssl ecparam -genkey -name sm2p256v1 -text -out user.key //生成私钥
[root@centos7-1 test-gmssl]# gmssl req -new -key user.key -out user.req
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [CN]:
State or Province Name (full name) [Some-State]:Beijing
Locality Name (eg, city) []:Beijing
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:
Email Address []:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:123456
An optional company name []:
[root@centos7-1 test-gmssl]# ls
user.key user.req //已经生成私钥和请求
查看证书内容
[root@centos7-1 test-gmssl]# gmssl req -in user.req -noout -text -subject
Certificate Request:
Data:
Version: 1 (0x0)
Subject: C = CN, ST = Beijing, L = Beijing, O = Internet Widgits Pty Ltd
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
04:97:ea:5c:d3:9d:0c:7e:d9:61:f8:3a:f5:9b:53:
f1:32:0f:8f:f3:0a:be:83:8f:a0:ef:6c:0d:c4:27:
03:35:3d:f0:11:fd:a2:89:16:28:0e:22:2e:67:24:
ee:47:55:08:10:85:dc:80:dc:24:ff:cf:48:b4:44:
ef:49:d2:ba:1d
ASN1 OID: sm2p256v1
NIST CURVE: SM2
Attributes:
challengePassword :123456
Signature Algorithm: ecdsa-with-SHA256
30:44:02:20:6d:a9:a8:45:b3:e1:c8:3f:fc:93:c6:9d:26:ee:
d2:6c:cf:bd:53:74:30:c9:39:38:de:bf:40:8e:90:19:90:dc:
02:20:50:ae:b8:76:01:b6:df:af:68:df:5f:ba:d1:ac:0b:6a:
55:fa:56:be:d6:0b:f1:b9:72:c8:59:5f:a2:db:79:4a
subject=C = CN, ST = Beijing, L = Beijing, O = Internet Widgits Pty Ltd
1. 调用加密算法时libssl.so.1.1问题
问题描述:
gmssl: error while loading shared libraries: libssl.so.1.1: cannot open shared object file: No such file or directory
问题解决:
[root@centos7-1 test-gmssl]# ln -s /usr/local/lib64/libssl.so.1.1 /usr/lib64/libssl.so.1.1
[root@centos7-1 test-gmssl]# ln -s /usr/local/lib64/libcrypto.so.1.1 /usr/lib64/libcrypto.so.1.1
参考 openssl: error while loading shared libraries: libssl.so.1.1
暂时没碰到其他问题,如果有新问题会持续更新。