SM2加解密的实现

GmSSL是国密实验室提供的国密加解密组件，依赖于openssl1.1.1版本；centos7系统默认安装的openssl是1.0.2，因此需要安装openssl-1.1.1

安装

#!/bin/bash
basepath=$(cd `dirname $0`; pwd)

echo "安装openssl-1.1.1"
cd ${basepath}
tar -zxvf ${basepath}/openssl-1.1.1p.tar.gz
cd ${basepath}/openssl-1.1.1p
./config
make
make install
echo "/usr/local/lib64/" >> /etc/ld.so.conf
ldconfig
mv /usr/bin/openssl /usr/bin/openssl.old
ln -sv /usr/local/bin/openssl /usr/bin/openssl

echo "安装GmSSL"
cd ${basepath}
unzip ${basepath}/GmSSL-master.zip
cd ${basepath}/GmSSL-master
./config
make
make install

echo "export LD_LIBRARY_PATH=/usr/local/lib:\$LD_LIBRARY_PATH" >> /etc/profile

生成秘钥

openssl ecparam -genkey -name SM2 -out priv.key

生成公钥

openssl ec -in priv.key -pubout -out pub.key

加密

gmssl sm2utl -encrypt -in msg.txt -pubin -inkey pub.key -out enced.der

解密

gmssl sm2utl -decrypt -in enced.der -inkey priv.key