# 实验一 嵌入式开发基础
OpenSSL
参考云班课相关教学视频,在Ubuntu或openEuler中(推荐openEuler)中实践课程思维导图中OpenSSL相关内容,使用Markdown记录详细记录实践过程,每完成一项gitcommit一次。(5分)
openssl version
openssl cmd
root@20221416:/home/xzl/20221416/work# openssl version
OpenSSL 3.0.13 30 Jan 2024 (Library: OpenSSL 3.0.13 30 Jan 2024)
openssl list -help
root@20221416:/home/xzl/20221416/work# openssl -help
help:
Standard commands
asn1parse ca ciphers cmp
cms crl crl2pkcs7 dgst
dhparam dsa dsaparam ec
ecparam enc engine errstr
fipsinstall gendsa genpkey genrsa
help info kdf list
mac nseq ocsp passwd
pkcs12 pkcs7 pkcs8 pkey
pkeyparam pkeyutl prime rand
rehash req rsa rsautl
s_client s_server s_time sess_id
smime speed spkac srp
storeutl ts verify version
x509
Message Digest commands (see the `dgst' command for more details)
blake2b512 blake2s256 md4 md5
rmd160 sha1 sha224 sha256
sha3-224 sha3-256 sha3-384 sha3-512
sha384 sha512 sha512-224 sha512-256
shake128 shake256 sm3
Cipher commands (see the `enc' command for more details)
aes-128-cbc aes-128-ecb aes-192-cbc aes-192-ecb
aes-256-cbc aes-256-ecb aria-128-cbc aria-128-cfb
aria-128-cfb1 aria-128-cfb8 aria-128-ctr aria-128-ecb
aria-128-ofb aria-192-cbc aria-192-cfb aria-192-cfb1
aria-192-cfb8 aria-192-ctr aria-192-ecb aria-192-ofb
aria-256-cbc aria-256-cfb aria-256-cfb1 aria-256-cfb8
aria-256-ctr aria-256-ecb aria-256-ofb base64
bf bf-cbc bf-cfb bf-ecb
bf-ofb camellia-128-cbc camellia-128-ecb camellia-192-cbc
camellia-192-ecb camellia-256-cbc camellia-256-ecb cast
cast-cbc cast5-cbc cast5-cfb cast5-ecb
cast5-ofb des des-cbc des-cfb
des-ecb des-ede des-ede-cbc des-ede-cfb
des-ede-ofb des-ede3 des-ede3-cbc des-ede3-cfb
des-ede3-ofb des-ofb des3 desx
rc2 rc2-40-cbc rc2-64-cbc rc2-cbc
rc2-cfb rc2-ecb rc2-ofb rc4
rc4-40 seed seed-cbc seed-cfb
seed-ecb seed-ofb sm4-cbc sm4-cfb
sm4-ctr sm4-ecb sm4-ofb
root@20221416:/home/xzl/20221416/work# openssl list -help
Usage: list [options]
General options:
-help Display this summary
Output options:
-1 List in one column
-verbose Verbose listing
-select val Select a single algorithm
-commands List of standard commands
-standard-commands List of standard commands
-digest-commands List of message digest commands (deprecated)
-digest-algorithms List of message digest algorithms
-kdf-algorithms List of key derivation and pseudo random function algorithms
-random-instances List the primary, public and private random number generator details
-random-generators List of random number generators
-mac-algorithms List of message authentication code algorithms
-cipher-commands List of cipher commands (deprecated)
-cipher-algorithms List of symmetric cipher algorithms
-encoders List of encoding methods
-decoders List of decoding methods
-key-managers List of key managers
-key-exchange-algorithms List of key exchange algorithms
-kem-algorithms List of key encapsulation mechanism algorithms
-signature-algorithms List of signature algorithms
-asymcipher-algorithms List of asymmetric cipher algorithms
-public-key-algorithms List of public key algorithms
-public-key-methods List of public key methods
-store-loaders List of store loaders
-providers List of provider information
-engines List of loaded engines
-disabled List of disabled features
-options val List options for specified command
-objects List built in objects (OID<->name mappings)
Provider options:
-provider-path val Provider load path (must be before 'provider' argument if required)
-provider val Provider to load (can be specified multiple times)
-propquery val Property query used when fetching algorithms
数据输入输出
root@20221416:/home/xzl/20221416/work# echo 123 | openssl sm3
SM3(stdin)= e95001aed4b6f7de59169913997dace404f05091ed49c37133a9950a69405a9c
root@20221416:/home/xzl/20221416/work# echo "123" | openssl sm3
SM3(stdin)= e95001aed4b6f7de59169913997dace404f05091ed49c37133a9950a69405a9c
二进制 -file 通用选项
root@20221416:/home/xzl/20221416/work# echo "obase=16;123" | bc
7B
root@20221416:/home/xzl/20221416/work# echo -n -e "\x7B" > 123.bin
root@20221416:/home/xzl/20221416/work# od -tx1 123.bin
0000000 7b
0000001
root@20221416:/home/xzl/20221416/work# openssl sm3 -file 123.bin
SM3(123.bin)= 2ed59fea0dbe4e4f02de67ee657eb6be8e22a7db425103402d8a36d7b6f6d344
root@20221416:/home/xzl/20221416/work# echo -ne "\x7B" | openssl sm3
SM3(stdin)= 2ed59fea0dbe4e4f02de67ee657eb6be8e22a7db425103402d8a36d7b6f6d344
prime
root@20221416:/home/xzl/20221416/work# openssl prime -help
Usage: prime [options] [number...]
General options:
-help Display this summary
-bits +int Size of number in bits
-checks +int Number of checks
Output options:
-hex Hex output
-generate Generate a prime
-safe When used with -generate, generate a safe prime
Provider options:
-provider-path val Provider load path (must be before 'provider' argument if required)
-provider val Provider to load (can be specified multiple times)
-propquery val Property query used when fetching algorithms
Parameters:
number Number(s) to check for primality if not generating
素性检查
root@20221416:/home/xzl/20221416/work# openssl prime 3
3 (3) is prime
root@20221416:/home/xzl/20221416/work# openssl prime 33
21 (33) is not prime
root@20221416:/home/xzl/20221416/work# openssl prime -checks 10 33
21 (33) is not prime
root@20221416:/home/xzl/20221416/work# openssl prime -hex 4F
4F (4F) is prime
素数生成
root@20221416:/home/xzl/20221416/work# openssl prime -generate -bits 10
919
root@20221416:/home/xzl/20221416/work# openssl prime 907
38B (907) is prime
root@20221416:/home/xzl/20221416/work# openssl prime -generate -bits 10
877
root@20221416:/home/xzl/20221416/work# openssl prime 929
3A1 (929) is prime
root@20221416:/home/xzl/20221416/work# openssl prime -generate -bits 10 -hex
0329
root@20221416:/home/xzl/20221416/work# openssl prime -hex 038B
38B (038B) is prime
rand
root@20221416:/home/xzl/20221416/work# openssl rand -help
Usage: rand [options] num
General options:
-help Display this summary
-engine val Use engine, possibly a hardware device
Output options:
-out outfile Output file
-base64 Base64 encode output
-hex Hex encode output
Random state options:
-rand val Load the given file(s) into the random number generator
-writerand outfile Write random data to the specified file
Provider options:
-provider-path val Provider load path (must be before 'provider' argument if required)
-provider val Provider to load (can be specified multiple times)
-propquery val Property query used when fetching algorithms
Parameters:
num Number of bytes to generate
随机数产生
root@20221416:/home/xzl/20221416/work# openssl rand 10
ks�m�͘i
�����A��etroot@20221416:/home/xzl/20221416/work# openssl rand 10 | od -tx1
0000000 fd 72 f9 94 5f 73 79 33 d5 d5
0000012
root@20221416:/home/xzl/20221416/work# openssl rand 10 | xxd -p
d59346328b601ce49ffe
root@20221416:/home/xzl/20221416/work# openssl rand -hex 10
5ffcf739171807b1740f
root@20221416:/home/xzl/20221416/work# openssl rand -base64 10
5n/05A4ZihGBhw==
随机数文件
root@20221416:/home/xzl/20221416/work# openssl rand -out r1.bin 10
root@20221416:/home/xzl/20221416/work# od -tx1 r1.bin
0000000 f9 e5 80 af 32 7a 18 ea 3c f2
0000012
root@20221416:/home/xzl/20221416/work# openssl rand 10 > r2.bin
root@20221416:/home/xzl/20221416/work# cat r2.bin | xxd -p
a2f2ff10409b934d37dc
base64
root@20221416:/home/xzl/20221416/work# openssl base64 -help
Usage: base64 [options]
General options:
-help Display this summary
-list List ciphers
-ciphers Alias for -list
-e Encrypt
-d Decrypt
-p Print the iv/key
-P Print the iv/key and exit
-engine val Use engine, possibly a hardware device
Input options:
-in infile Input file
-k val Passphrase
-kfile infile Read passphrase from file
Output options:
-out outfile Output file
-pass val Passphrase source
-v Verbose output
-a Base64 encode/decode, depending on encryption flag
-base64 Same as option -a
-A Used with -[base64|a] to specify base64 buffer as a single line
Encryption options:
-nopad Disable standard block padding
-salt Use salt in the KDF (default)
-nosalt Do not use salt in the KDF
-debug Print debug info
-bufsize val Buffer size
-K val Raw key, in hex
-S val Salt, in hex
-iv val IV in hex
-md val Use specified digest to create a key from the passphrase
-iter +int Specify the iteration count and force the use of PBKDF2
Default: 10000
-pbkdf2 Use password-based key derivation function 2 (PBKDF2)
Use -iter to change the iteration count from 10000
-none Don't encrypt
-* Any supported cipher
Random state options:
-rand val Load the given file(s) into the random number generator
-writerand outfile Write random data to the specified file
Provider options:
-provider-path val Provider load path (must be before 'provider' argument if required)
-provider val Provider to load (can be specified multiple times)
-propquery val Property query used when fetching algorithms
编码解码
root@20221416:/home/xzl/20221416/work# echo xzl | openssl base64
eHpsCg==
root@20221416:/home/xzl/20221416/work# echo xzl | openssl base64 -e
eHpsCg==
root@20221416:/home/xzl/20221416/work# echo eHpsCg== | openssl base64 -d
xzl
root@20221416:/home/xzl/20221416/work# echo -ne "\x11\x22\x33" | openssl base64
ESIz
root@20221416:/home/xzl/20221416/work# echo ESIz | openssl base64 -d | xxd -p
112233
root@20221416:/home/xzl/20221416/work# echo -ne "\x11\x22\x33\x44" | openssl base64
ESIzRA==
root@20221416:/home/xzl/20221416/work# echo ESIzRA== | openssl base64 -d | xxd -p
11223344
文件编码解码
root@20221416:/home/xzl/20221416/work# echo xzl > xzl.txt
root@20221416:/home/xzl/20221416/work# openssl base64 -in xzl.txt -out xzl.b64
root@20221416:/home/xzl/20221416/work# cat xzl.b64
eHpsCg==
root@20221416:/home/xzl/20221416/work# openssl base64 -d -in xzl.b64 -out xzl2.txt
root@20221416:/home/xzl/20221416/work# diff xzl.txt xzl2.txt
root@20221416:/home/xzl/20221416/work# cat xzl2.txt
xzl
asn1parse
root@20221416:/home/xzl/20221416/work# openssl asn1parse -help
Usage: asn1parse [options]
General options:
-help Display this summary
-oid infile file of extra oid definitions
I/O options:
-inform PEM|DER input format - one of DER PEM
-in infile input file
-out outfile output file (output format is always DER)
-noout do not produce any output
-offset +int offset into file
-length +int length of section in file
-strparse +int offset; a series of these can be used to 'dig'
-genstr val string to generate ASN1 structure from
into multiple ASN1 blob wrappings
-genconf val file to generate ASN1 structure from
-strictpem do not attempt base64 decode outside PEM markers
-item val item to parse and print
(-inform will be ignored)
Formatting options:
-i indents the output
-dump unknown data in hex form
-dlimit +int dump the first arg bytes of unknown data in hex form
密码工程中的格式
root@20221416:/home/xzl/20221416/work# echo -ne "\x03\x02\x04\x90" > bitstring.der
root@20221416:/home/xzl/20221416/work# openssl asn1parse -inform der -i -in bitstring.der
0:d=0 hl=2 l= 2 prim: BIT STRING
root@20221416:/home/xzl/20221416/work# openssl base64 -in bitstring.der -out bitstring.pem
root@20221416:/home/xzl/20221416/work# ls bitstring.pem
bitstring.pem
root@20221416:/home/xzl/20221416/work# openssl asn1parse -inform PEM -in bitstring.pem
0:d=0 hl=2 l= 2 prim: BIT STRING
Hash和HMAC
root@20221416:/home/xzl/20221416/work# openssl dgst -help
Usage: dgst [options] [file...]
General options:
-help Display this summary
-list List digests
-engine val Use engine e, possibly a hardware device
-engine_impl Also use engine given by -engine for digest operations
-passin val Input file pass phrase source
Output options:
-c Print the digest with separating colons
-r Print the digest in coreutils format
-out outfile Output to filename rather than stdout
-keyform format Key file format (ENGINE, other values ignored)
-hex Print as hex dump
-binary Print in binary form
-xoflen +int Output length for XOF algorithms. To obtain the maximum security strength set this to 32 (or greater) for SHAKE128, and 64 (or greater) for SHAKE256
-d Print debug info
-debug Print debug info
Signing options:
-sign val Sign digest using private key
-verify val Verify a signature using public key
-prverify val Verify a signature using private key
-sigopt val Signature parameter in n:v form
-signature infile File with signature to verify
-hmac val Create hashed MAC with key
-mac val Create MAC (not necessarily HMAC)
-macopt val MAC algorithm parameters in n:v form or key
-* Any supported digest
-fips-fingerprint Compute HMAC with the key used in OpenSSL-FIPS fingerprint
Random state options:
-rand val Load the given file(s) into the random number generator
-writerand outfile Write random data to the specified file
Provider options:
-provider-path val Provider load path (must be before 'provider' argument if required)
-provider val Provider to load (can be specified multiple times)
-propquery val Property query used when fetching algorithms
Parameters:
file Files to digest (optional; default is stdin)
sm3
root@20221416:/home/xzl/20221416/work# echo xzl | openssl dgst -sm3
SM3(stdin)= 715c2e0b8b3008e3caa70da6daf02a470b4026ff84dccd5723086fd85b34328c
root@20221416:/home/xzl/20221416/work# echo xzl | openssl sm3
SM3(stdin)= 715c2e0b8b3008e3caa70da6daf02a470b4026ff84dccd5723086fd85b34328c
root@20221416:/home/xzl/20221416/work# echo xzl | openssl sm3 -hex
SM3(stdin)= 715c2e0b8b3008e3caa70da6daf02a470b4026ff84dccd5723086fd85b34328c
root@20221416:/home/xzl/20221416/work# echo xzl | openssl sm3 -binary
q\.
���*Gʧ
root@20221416:/home/xzl/20221416/work# echo xzl | openssl sm3 -binary | xxd -p
715c2e0b8b3008e3caa70da6daf02a470b4026ff84dccd5723086fd85b34
328c
文件
root@20221416:/home/xzl/20221416/work# cat xzl.txt
xzl
root@20221416:/home/xzl/20221416/work# openssl sm3 xzl.txt
SM3(xzl.txt)= 715c2e0b8b3008e3caa70da6daf02a470b4026ff84dccd5723086fd85b34328c
root@20221416:/home/xzl/20221416/work# echo xzl | openssl sm3
SM3(stdin)= 715c2e0b8b3008e3caa70da6daf02a470b4026ff84dccd5723086fd85b34328c
对称算法
root@20221416:/home/xzl/20221416/work# openssl enc -help
Usage: enc [options]
General options:
-help Display this summary
-list List ciphers
-ciphers Alias for -list
-e Encrypt
-d Decrypt
-p Print the iv/key
-P Print the iv/key and exit
-engine val Use engine, possibly a hardware device
Input options:
-in infile Input file
-k val Passphrase
-kfile infile Read passphrase from file
Output options:
-out outfile Output file
-pass val Passphrase source
-v Verbose output
-a Base64 encode/decode, depending on encryption flag
-base64 Same as option -a
-A Used with -[base64|a] to specify base64 buffer as a single line
Encryption options:
-nopad Disable standard block padding
-salt Use salt in the KDF (default)
-nosalt Do not use salt in the KDF
-debug Print debug info
-bufsize val Buffer size
-K val Raw key, in hex
-S val Salt, in hex
-iv val IV in hex
-md val Use specified digest to create a key from the passphrase
-iter +int Specify the iteration count and force the use of PBKDF2
Default: 10000
-pbkdf2 Use password-based key derivation function 2 (PBKDF2)
Use -iter to change the iteration count from 10000
-none Don't encrypt
-* Any supported cipher
Random state options:
-rand val Load the given file(s) into the random number generator
-writerand outfile Write random data to the specified file
Provider options:
-provider-path val Provider load path (must be before 'provider' argument if required)
-provider val Provider to load (can be specified multiple times)
-propquery val Property query used when fetching algorithms
加密解密
root@20221416:/home/xzl/20221416/work# openssl sm4-cbc -K "2851fa25211a48023794ae9515909603" -iv "da80e405a4998c351b0717093cbe86ab" -in xzl.txt -out xzl.enc
root@20221416:/home/xzl/20221416/work# openssl sm4-cbc -d -K "2851fa25211a48023794ae9515909603" -iv "da80e405a4998c351b0717093cbe86ab" -in xzl.enc -out xzl3.txt
root@20221416:/home/xzl/20221416/work# diff xzl.txt xzl3.txt
root@20221416:/home/xzl/20221416/work# ls
非对称算法
root@20221416:/home/xzl/20221416/work# openssl genpkey -algorithm RSA -out private_key.pem
.....+.....+............+....+...+..+...+.+.....+....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.............+.....+....+..+....+.....................+...+..+.........+.............+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.....+.+............+..+......+.........+.+...+.........+..+..........+......+.....+..........+.........+......+...+.....+.......+............+.................+......+....+.....+......+.......+...........+.+........+.............+..+.+..+.......+..+.+.....+.............+............+...+......+...........+..........+............+.....+.+.................+...+.......+..+...+...............+...+................+...+......+..+...+....+.....+...+....+...+...+........+......+...+..........+...+.........+.....+....+...........+...+.......+.....+...+...+...+.+.........+..+....+...............+.....+...+...............+..........+...+........+....+...+.................+...+.......+........+...+....+...+........+......+.+...+.....+......+.........+......+.................................+.+..+...+.......+..+..........+..+................+.....+...+......+.+.......................+............+.......+..+..........+........+.+.....+......+...............+....+.........+..+...+.......+...+...+............+....................+.+..+....+...+...+...+......+.....+....+...............+.....+......+.+.........+....................+...+.......+........+...+............+......+.+.....+.+..+.+.....+......+.........+.+...+.....+......+.......+...+...........+.+..............+....+............+........+.+......+........+.+.........+..+.......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
..+.......+..+....+..+...+............+.......+.....+......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*...+......+.........+...+....+...+..+.+........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.+...+...+....+.....+..........+...+........+......+.+.........+.....+....+.........+...........+.+......+..+.+.....+.+........+.+..+....+...+...+.....+.........+....+..+...+......+......+....+........+..........+........+...+....+..+.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
root@20221416:/home/xzl/20221416/work# openssl asn1parse -inform PEM -in private_key.pem
0:d=0 hl=4 l=1213 cons: SEQUENCE
4:d=1 hl=2 l= 1 prim: INTEGER :00
7:d=1 hl=2 l= 13 cons: SEQUENCE
9:d=2 hl=2 l= 9 prim: OBJECT :rsaEncryption
20:d=2 hl=2 l= 0 prim: NULL
22:d=1 hl=4 l=1191 prim: OCTET STRING [HEX DUMP]:308204A30201000282010100CF482BF2ACC5EA715DF9B61FBE3FC39E235271B97B960085770B4E3E33138F735C708426F529673AF83A263D765B5A4667B17F82C9F249407729E89ABBB2A24E075BB956C76570807E8B28E06ABA1EBBDCEBE57E1370E9E6CE2BA652AE491520972CA540FCBCE7DC251C04F0A05D34F3CBAACA3C98C285D122F7D6CAF89E1268876AE305BE11677AD4BB8679B8C3FAA45EEFA3B689939832A9F9962C0100698A7017D3476E20173060FE4E4EBDEC55C109F429B6CAC603A9C41CE2A763B9A6349F9A20AD8480CDBA98B79487B0A34072CBEA1EC2A4955CC1E928C45B92EAF256137C5CB51684F3C2F0E8015DF59E00A9A9152FAC654BB1A1E8065B0152EFC0A302030100010282010015435C8AC231729EC5854A55A59BA9E7F7774B70E65E1958979677CF7148363A1F1C9B0484B806131507F608990869A6CE42A0321CF58C911F32E9330797C806D96CB882FA8FB6838A8CF643AB29C38C56EF20A01718C94DB80EDF3AC7B9248084317C14420E3E24A5993862820E285298026C48DCB770FDBBFE10DBCA6180C166997E4A59DB54250250C0FD684507487D9A3E2E3BA233F638900CD3FA1BE6E64A25BD2771EC08A7F6727A7060F8A7A8E76463AE035FCFD951ECC1ED76803C1C47B0526A088DE053092B78974BCBCA0FD650E962C104C757A1FB9A2BD232A3DC9482B57E9638D7A5FF6288BFA4E7801188B98B12C2DDC17651197EA16314B3B102818100F546368B41D1875470CAF1265B063B42FEDE08B3D920B75A1F56BF7BD5BD003B25F41814038AADF6BE2E5595D6B27776F205285D93A915FC1651F2FFED96670334263D991899110C1E0EC7655468EBF68A819B1BAF1A6D9FD1EB81925655CFF84063AE2CAF73B6E63DF5D994D7A28CFD2FA81A1B4ADD00DE36D0FB84F90255F302818100D858A4B0DB586E25A63D0260D7B955B0DD12E6F0FA108901A5A7D806B81272932039DB41AAF1D1E46ACCD739716383FEBED95101EC4CE7F2E71AF3D59F5D127B2E2F8CCDDFEAB97ADB4F7865DA83A34AB1995E5749C7A9A11C4D1D708E230F378C14968B5BB271CDFAEA13D9C89C0BA57D024AE296B261FD10004827707926910281800A8719FE3E33FD280DB358487A2DB94B75DF17E68852542C651DF7181CA3812808C802649186595336F48C2DE34A43C07240F06B9BD3ED22A5DE9C9C89992410CA233E0F9D33ACBCA569A2FB61752373B09C41891DA9F7BC9D690B65B998F35547863FCAA139494776AF5FC878BCFC6A3DAA6C7C71692D095CB6F9A4CA7F642B02818062C1B40BF7549A931D1B64668892D586F2A39A400E265624265643CA6D641E6102A8E669477B3370AD3FEC4F106F78E5648116F565C4856CE009F19C662EBA2CF89C440E0654C36E4D862D537137FDE62EC3EFC8B0A92FC9977DAC1EA1036802D732DEB5A69A0251206491C32C4BEF150FC7681F9EE2B6D029E9B70629D563C102818100CFB03076A7F756097405A801483D133A661C9BBC1BDDC1C07B45EB4F2F405D77D3027B82FA07E69B2D04E31BA005DDE5AD27777DE22F3946519CFA1A642B6B56169BC91CCDBB298435A14F6F67F212F1BE6F8A5484D92D6EE900205A58AA5BEB2E111B7F05F3DD0E973250F982F9DD899249A293E5B158E7E8C57CFCEB3FBEF9
root@20221416:/home/xzl/20221416/work# openssl genpkey -help
Usage: genpkey [options]
General options:
-help Display this summary
-engine val Use engine, possibly a hardware device
-paramfile infile Parameters file
-algorithm val The public key algorithm
-quiet Do not output status while generating keys
-pkeyopt val Set the public key algorithm option as opt:value
-config infile Load a configuration file (this may load modules)
Output options:
-out outfile Output file
-outform PEM|DER output format (DER or PEM)
-pass val Output file pass phrase source
-genparam Generate parameters, not key
-text Print the in text
-* Cipher to use to encrypt the key
Provider options:
-provider-path val Provider load path (must be before 'provider' argument if required)
-provider val Provider to load (can be specified multiple times)
-propquery val Property query used when fetching algorithms
Order of options may be important! See the documentation.
提取公钥
root@20221416:/home/xzl/20221416/work# openssl rsa -pubout -in private_key.pem -out public_key.pem
writing RSA key
root@20221416:/home/xzl/20221416/work# cat public_key.pem
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz0gr8qzF6nFd+bYfvj/D
niNScbl7lgCFdwtOPjMTj3NccIQm9SlnOvg6Jj12W1pGZ7F/gsnySUB3Keiau7Ki
TgdbuVbHZXCAfoso4Gq6Hrvc6+V+E3Dp5s4rplKuSRUglyylQPy859wlHATwoF00
88uqyjyYwoXRIvfWyvieEmiHauMFvhFnetS7hnm4w/qkXu+jtomTmDKp+ZYsAQBp
inAX00duIBcwYP5OTr3sVcEJ9Cm2ysYDqcQc4qdjuaY0n5ogrYSAzbqYt5SHsKNA
csvqHsKklVzB6SjEW5Lq8lYTfFy1FoTzwvDoAV31ngCpqRUvrGVLsaHoBlsBUu/A
owIDAQAB
-----END PUBLIC KEY-----
root@20221416:/home/xzl/20221416/work# openssl asn1parse -inform PEM -in public_key.pem
0:d=0 hl=4 l= 290 cons: SEQUENCE
4:d=1 hl=2 l= 13 cons: SEQUENCE
6:d=2 hl=2 l= 9 prim: OBJECT :rsaEncryption
17:d=2 hl=2 l= 0 prim: NULL
19:d=1 hl=4 l= 271 prim: BIT STRING
加密解密
root@20221416:/home/xzl/20221416/work# openssl pkeyutl -help
Usage: pkeyutl [options]
General options:
-help Display this summary
-engine val Use engine, possibly a hardware device
-engine_impl Also use engine given by -engine for crypto operations
-sign Sign input data with private key
-verify Verify with public key
-encrypt Encrypt input data with public key
-decrypt Decrypt input data with private key
-derive Derive shared secret
-config infile Load a configuration file (this may load modules)
Input options:
-in infile Input file - default stdin
-rawin Indicate the input data is in raw form
-pubin Input is a public key
-inkey val Input private key file
-passin val Input file pass phrase source
-peerkey val Peer key file used in key derivation
-peerform PEM|DER|ENGINE Peer key format (DER/PEM/P12/ENGINE)
-certin Input is a cert with a public key
-rev Reverse the order of the input buffer
-sigfile infile Signature file (verify operation only)
-keyform PEM|DER|ENGINE Private key format (ENGINE, other values ignored)
Output options:
-out outfile Output file - default stdout
-asn1parse asn1parse the output data
-hexdump Hex dump output
-verifyrecover Verify with public key, recover original data
Signing/Derivation options:
-digest val Specify the digest algorithm when signing the raw input data
-pkeyopt val Public key options as opt:value
-pkeyopt_passin val Public key option that is read as a passphrase argument opt:passphrase
-kdf val Use KDF algorithm
-kdflen +int KDF algorithm output length
Random state options:
-rand val Load the given file(s) into the random number generator
-writerand outfile Write random data to the specified file
Provider options:
-provider-path val Provider load path (must be before 'provider' argument if required)
-provider val Provider to load (can be specified multiple times)
-propquery val Property query used when fetching algorithms
root@20221416:/home/xzl/20221416/work# openssl pkeyutl -encrypt -inkey public_key.pem -pubin -in xzl.txt -out xzlrsaenc.bin
root@20221416:/home/xzl/20221416/work# openssl pkeyutl -decrypt -inkey private_key.pem -in xzlrsaenc.bin -out xzlrsadec.txt
root@20221416:/home/xzl/20221416/work# ls
123.bin name.der r2.bin sm2.pem xzl2.txt xzlrsadec.txt
20221416.der private_key.pem score.der sm2pub.pem xzl3.txt xzlrsaenc.bin
bitstring.der public_key.pem SM2 sm2.sig xzl.b64 xzl.txt
bitstring.pem r1.bin sm2.der stuid.der xzl.enc
签名验签
root@20221416:/home/xzl/20221416/work# openssl dgst -sha256 -sign private_key.pem -out xzl.sig xzl.txt
root@20221416:/home/xzl/20221416/work# openssl dgst -sha256 -verify public_key.pem -signature xzl.sig xzl.txt
Verified OK
root@20221416:/home/xzl/20221416/work# openssl pkeyutl -sign -inkey private_key.pem -in xzl.txt -out xzlrsa.sig
root@20221416:/home/xzl/20221416/work# openssl pkeyutl -verify -in xzl.txt -sigfile xzlrsa.sig -inkey private_key.pem
Signature Verified Successfully
其他签名
DSA (Digital Signature Algorithm)
root@20221416:/home/xzl/20221416/work# openssl dsaparam -genkey -out private_dsa.pem 2048
root@20221416:/home/xzl/20221416/work# openssl dsa -pubout -in private_dsa.pem -out public_dsa.pem
read DSA key
writing DSA key
root@20221416:/home/xzl/20221416/work# openssl dgst -sha256 -sign private_dsa.pem -out xzldsasign.dss xzl.txt
root@20221416:/home/xzl/20221416/work# openssl dgst -sha256 -verify public_dsa.pem -signature xzldsasign.dss xzl.txt
Verified OK
ECDSA (Elliptic Curve Digital Signature Algorithm)
root@20221416:/home/xzl/20221416/work# openssl ecparam -genkey -name secp256r1 -out private_ecdsa.pem
using curve name prime256v1 instead of secp256r1
root@20221416:/home/xzl/20221416/work# openssl ec -pubout -in private_ecdsa.pem -out public_ecdsa.pem
read EC key
writing EC key
root@20221416:/home/xzl/20221416/work# openssl dgst -sha256 -sign private_ecdsa.pem -out xzlecdsasign.ecdsa xzl.txt
root@20221416:/home/xzl/20221416/work# openssl dgst -sha256 -verify public_ecdsa.pem -signature xzlecdsasign.ecdsa xzl.txt
Verified OK
EdDSA (Edwards-curve Digital Signature Algorithm)
root@20221416:/home/xzl/20221416/work# openssl genpkey -algorithm ed25519 -out private_eddsa.pem
root@20221416:/home/xzl/20221416/work# openssl pkey -pubout -in private_eddsa.pem -out public_eddsa.pem
root@20221416:/home/xzl/20221416/work# openssl pkeyutl -sign -inkey private_eddsa.pem -out xzleddsasign.eddsa -rawin -in xzl.txt
root@20221416:/home/xzl/20221416/work# openssl pkeyutl -verify -pubin -inkey public_eddsa.pem -sigfile xzleddsasign.eddsa -rawin -in xzl.txt
Signature Verified Successfully
其他命令
root@20221416:/home/xzl/20221416/work# openssl list -commands
asn1parse ca ciphers cmp
cms crl crl2pkcs7 dgst
dhparam dsa dsaparam ec
ecparam enc engine errstr
fipsinstall gendsa genpkey genrsa
help info kdf list
mac nseq ocsp passwd
pkcs12 pkcs7 pkcs8 pkey
pkeyparam pkeyutl prime rand
rehash req rsa rsautl
s_client s_server s_time sess_id
smime speed spkac srp
storeutl ts verify version
x509
参考云班课相关教学视频,在 Ubuntu或openEuler中(推荐 openEuler)中实践课程课程思维导图中GmSSL相关内容,使用Markdown记录详细记录实践过程,每完成一项git commit 一次。(5‘)
gmssl
root@20221416:/home/xzl/20221416/work# gmssl version
GmSSL 3.1.2 Dev
root@20221416:/home/xzl/20221416/work# gmssl help
usage: gmssl command [options]
command -help
Commands:
help Print this help message
version Print version
rand Generate random bytes
sm2keygen Generate SM2 keypair
sm2sign Generate SM2 signature
sm2verify Verify SM2 signature
sm2encrypt Encrypt with SM2 public key
sm2decrypt Decrypt with SM2 private key
sm3 Generate SM3 hash
sm3hmac Generate SM3 HMAC tag
sm3_pbkdf2 Hash password into key using PBKDF2 algoritm
sm3xmss_keygen Generate SM3-XMSS keypair
sm4_ecb Encrypt or decrypt with SM4 ECB
sm4_cbc Encrypt or decrypt with SM4 CBC
sm4_ctr Encrypt or decrypt with SM4 CTR
sm4_cfb Encrypt or decrypt with SM4 CFB
sm4_ofb Encrypt or decrypt with SM4 OFB
sm4_ccm Encrypt or decrypt with SM4 CCM
sm4_gcm Encrypt or decrypt with SM4 GCM
sm4_xts Encrypt or decrypt with SM4 XTS
sm4_cbc_sm3_hmac Encrypt or decrypt with SM4 CBC with SM3-HMAC
sm4_ctr_sm3_hmac Encrypt or decrypt with SM4 CTR with SM3-HMAC
sm4_cbc_mac Generate SM4 CBC-MAC
ghash Generate GHASH
zuc Encrypt or decrypt with ZUC
sm9setup Generate SM9 master secret
sm9keygen Generate SM9 private key
sm9sign Generate SM9 signature
sm9verify Verify SM9 signature
sm9encrypt SM9 public key encryption
sm9decrypt SM9 decryption
reqgen Generate certificate signing request (CSR)
reqsign Generate certificate from CSR
reqparse Parse and print a CSR
crlget Download the CRL of given certificate
crlgen Sign a CRL with CA certificate and private key
crlverify Verify a CRL with issuer's certificate
crlparse Parse and print CRL
certgen Generate a self-signed certificate
certparse Parse and print certificates
certverify Verify certificate chain
certrevoke Revoke certificate and output RevokedCertificate record
cmsparse Parse CMS (cryptographic message syntax) file
cmsencrypt Generate CMS EnvelopedData
cmsdecrypt Decrypt CMS EnvelopedData
cmssign Generate CMS SignedData
cmsverify Verify CMS SignedData
sdfinfo Print SDF device info
sdfdigest Generate SM3 hash with SDF device
sdfexport Export SM2 signing public key from SDF device
sdfsign Generate SM2 signature with SDF internal private key
sdfencrypt SM2/SM4-CBC hybrid encryption with SDF device
sdfdecrypt SM2/SM4-CBC hybrid decryption with SDF device
sdftest Test vendor's SDF library and device
tlcp_client TLCP client
tlcp_server TLCP server
tls12_client TLS 1.2 client
tls12_server TLS 1.2 server
tls13_client TLS 1.3 client
tls13_server TLS 1.3 server
run `gmssl <command> -help` to print help of the given command
SM3
root@20221416:/home/xzl/20221416/work# gmssl sm3 -help
usage: sm3 [-hex|-bin] [-pubkey pem [-id str]] [-in file|-in_str str] [-out file]
Options
-hex Output hash value as hex string (by default)
-bin Output hash value as binary
-pubkey pem Signer's SM2 public key
When `-pubkey` is specified, hash with SM2 Z value
-id str SM2 Signer's ID string
-id_hex hex SM2 Signer's ID in hex format
`-id` and `-id_hex` should be used with `-pubkey`
`-id` and `-id_hex` should not be used together
If `-pubkey` is specified without `-id` or `id_hex`,
the default ID string '1234567812345678' is used
-in_str str To be hashed string
-in file | stdin To be hashed file path
`-in_str` and `-in` should not be used together
If neither `-in` nor `-in_str` specified, read from stdin
-out file | stdout Output file path. If not specified, output to stdout
Examples
gmssl sm3 -in_str abc
gmssl sm3 -in_str abc -bin
gmssl sm3 -in /path/to/file
gmssl sm3 -pubkey sm2pubkey.pem -id alice -in /path/to/file -bin
When reading from stdin, make sure the trailing newline character is removed
Linux/Mac:
echo -n abc | gmssl sm3
Windows:
C:\> echo |set/p="abc" | gmssl sm3
root@20221416:/home/xzl/20221416/work# echo -n "xzl" |gmssl sm3
b271805b6fad427f68af67d697396a123254c9d439f0ed3787a30b199b7b05f7
root@20221416:/home/xzl/20221416/work# echo -n "xzl" |gmssl sm3 -hex
b271805b6fad427f68af67d697396a123254c9d439f0ed3787a30b199b7b05f7
root@20221416:/home/xzl/20221416/work# echo -n "xzl" |gmssl sm3 -bin
�q�[o�Bh�g֗9j2T��9��7��
�{�root@20221416:/home/xzl/20221416/work# echo -n "cjs" | echo -n "xzl" | gmssl sm3 -bin | od -tx1
0000000 b2 71 80 5b 6f ad 42 7f 68 af 67 d6 97 39 6a 12
0000020 32 54 c9 d4 39 f0 ed 37 87 a3 0b 19 9b 7b 05 f7
0000040
sm3hmac
root@20221416:/home/xzl/20221416/work# gmssl sm3hmac -help
usage: sm3hmac -key hex [-in file | -in_str str] [-bin|-hex] [-out file]
Options
-key hex Hex string of the MAC key
-in_str str Input as text string
-in file | stdin Input file path
`-in_str` and `-in` should not be used together
If neither `-in` nor `-in_str` specified, read from stdin
-hex Output MAC-tag as hex string (by default)
-bin Output MAC-tag as binary
`-hex` and `-bin` should not be used together
-out file | stdout Output file path. If not specified, output to stdout
Examples
KEY_HEX=`gmssl rand -outlen 16 -hex`
gmssl sm3hmac -key $KEY_HEX -in_str abc
gmssl sm3hmac -key $KEY_HEX -in_str abc -bin
gmssl sm3hmac -key $KEY_HEX -in /path/to/file
When reading from stdin, make sure the trailing newline character is removed
Linux/Mac:
echo -n abc | gmssl sm3hmac -key $KEY_HEX
Windows:
C:\> echo |set/p="abc" | gmssl sm3hmac -key 11223344556677881122334455667788
root@20221416:/home/xzl/20221416/work# gmssl rand -hex -outlen 16
4E175D52FC472CB2F7A3FC15D64EB9FC
root@20221416:/home/xzl/20221416/work# echo -n "xzl" | gmssl sm3hmac -key 4E175D52FC472CB2F7A3FC15D64EB9FC
f2e0510741cc2c7e39e3d8609fbaaab76b4d7d00d41ef766acdd546a05091014
sm4
root@20221416:/home/xzl/20221416/work# gmssl sm4 -help
gmssl: illegal option 'sm4'
usage: gmssl command [options]
command -help
Commands:
help Print this help message
version Print version
rand Generate random bytes
sm2keygen Generate SM2 keypair
sm2sign Generate SM2 signature
sm2verify Verify SM2 signature
sm2encrypt Encrypt with SM2 public key
sm2decrypt Decrypt with SM2 private key
sm3 Generate SM3 hash
sm3hmac Generate SM3 HMAC tag
sm3_pbkdf2 Hash password into key using PBKDF2 algoritm
sm3xmss_keygen Generate SM3-XMSS keypair
sm4_ecb Encrypt or decrypt with SM4 ECB
sm4_cbc Encrypt or decrypt with SM4 CBC
sm4_ctr Encrypt or decrypt with SM4 CTR
sm4_cfb Encrypt or decrypt with SM4 CFB
sm4_ofb Encrypt or decrypt with SM4 OFB
sm4_ccm Encrypt or decrypt with SM4 CCM
sm4_gcm Encrypt or decrypt with SM4 GCM
sm4_xts Encrypt or decrypt with SM4 XTS
sm4_cbc_sm3_hmac Encrypt or decrypt with SM4 CBC with SM3-HMAC
sm4_ctr_sm3_hmac Encrypt or decrypt with SM4 CTR with SM3-HMAC
sm4_cbc_mac Generate SM4 CBC-MAC
ghash Generate GHASH
zuc Encrypt or decrypt with ZUC
sm9setup Generate SM9 master secret
sm9keygen Generate SM9 private key
sm9sign Generate SM9 signature
sm9verify Verify SM9 signature
sm9encrypt SM9 public key encryption
sm9decrypt SM9 decryption
reqgen Generate certificate signing request (CSR)
reqsign Generate certificate from CSR
reqparse Parse and print a CSR
crlget Download the CRL of given certificate
crlgen Sign a CRL with CA certificate and private key
crlverify Verify a CRL with issuer's certificate
crlparse Parse and print CRL
certgen Generate a self-signed certificate
certparse Parse and print certificates
certverify Verify certificate chain
certrevoke Revoke certificate and output RevokedCertificate record
cmsparse Parse CMS (cryptographic message syntax) file
cmsencrypt Generate CMS EnvelopedData
cmsdecrypt Decrypt CMS EnvelopedData
cmssign Generate CMS SignedData
cmsverify Verify CMS SignedData
sdfinfo Print SDF device info
sdfdigest Generate SM3 hash with SDF device
sdfexport Export SM2 signing public key from SDF device
sdfsign Generate SM2 signature with SDF internal private key
sdfencrypt SM2/SM4-CBC hybrid encryption with SDF device
sdfdecrypt SM2/SM4-CBC hybrid decryption with SDF device
sdftest Test vendor's SDF library and device
tlcp_client TLCP client
tlcp_server TLCP server
tls12_client TLS 1.2 client
tls12_server TLS 1.2 server
tls13_client TLS 1.3 client
tls13_server TLS 1.3 server
run `gmssl <command> -help` to print help of the given command
root@20221416:/home/xzl/20221416/work# gmssl rand -outlen 16 -out key.bin
root@20221416:/home/xzl/20221416/work# gmssl rand -outlen 16 -out iv.bin
root@20221416:/home/xzl/20221416/work# od -tx1 key.bin
0000000 79 ec 8f 48 50 2f 95 65 fb 58 16 14 0a d3 36 7a
0000020
root@20221416:/home/xzl/20221416/work# od -tx1 iv.bin
0000000 b4 6c 76 36 93 d3 8c 92 be f0 63 13 3c a0 47 4e
0000020
root@20221416:/home/xzl/20221416/work# echo -n "xzl" | gmssl sm4_cbc -encrypt -key $(xxd -p -c 32 key.bin) -iv $(xxd -p -c 32 iv.bin) -out xzlsm4.cbc
root@20221416:/home/xzl/20221416/work# echo -n "xzl" | gmssl sm4_cbc -encrypt -key $(xxd -p -c 32 key.bin) -iv $(xxd -p -c 32 iv.bin) -out xzlsm4.cbc
root@20221416:/home/xzl/20221416/work# gmssl sm4_cbc -decrypt -key $(xxd -p -c 32 key.bin) -iv $(xxd -p -c 32 iv.bin) -in xzlsm4.cbc
xzlroot@20221416:/home/xzl/20221416/work# KEY=$(xxd -p -c 32 key.bin)
root@20221416:/home/xzl/20221416/work# echo $KEY
79ec8f48502f9565fb5816140ad3367a
root@20221416:/home/xzl/20221416/work# IV=$(xxd -p -c 32 iv.bin)
root@20221416:/home/xzl/20221416/work# echo $IV
b46c763693d38c92bef063133ca0474e
root@20221416:/home/xzl/20221416/work# echo -n "xzl" | gmssl sm4_cbc -encrypt -key $KEY -iv $IV -out xzlsm4.cbc2
root@20221416:/home/xzl/20221416/work# gmssl sm4_cbc -decrypt -key $KEY -iv $IV -in xzlsm4.cbc2
root@20221416:/home/xzl/20221416/work# diff xzlsm4.cbc xzlsm4.cbc2
root@20221416:/home/xzl/20221416/work# gmssl sm4_cbc -encrypt -key $(xxd -p -c 32 key.bin) -iv $(xxd -p -c 32 iv.bin) -in xzl.txt -out xzlsm4.cbc3
root@20221416:/home/xzl/20221416/work# gmssl sm4_cbc -decrypt -key $(xxd -p -c 32 key.bin) -iv $(xxd -p -c 32 iv.bin) -in xzlsm4.cbc3
xzl
root@20221416:/home/xzl/20221416/work# diff xzlsm4.cbc xzlsm4.cbc3
二进制文件 xzlsm4.cbc 和 xzlsm4.cbc3 不同
sm2
root@20221416:/home/xzl/20221416/work# gmssl sm2keygen -pass 1416 -out sm2.pem -pubout sm2pub.pem
root@20221416:/home/xzl/20221416/work# cat sm2.pem
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIBBjBhBgkqhkiG9w0BBQ0wVDA0BgkqhkiG9w0BBQwwJwQQOXNk4K27OipF22qY
jWg9sAIDAQAAAgEQMAsGCSqBHM9VAYMRAjAcBggqgRzPVQFoAgQQdCorxFlikqQH
0FDSD0uawwSBoFA8kcLBe4klFT9iu3OL5QzHlRb/gGhz0S/jv3bxwHXpmt4Ag8Hw
QOCtZSG5Al1CE4pq239iZfQTbYQ1TPvgkCtAYqieffznhqtYXne+VtJVnM53qEIz
QrlrDGuuxfx8+QBdE0Z42Pm3r9Ha6bxuMLlqxk1emgpcpKPNHUwpvjJ/F5Ztsd4y
dn+1j/E2SC9tG5RxwN+GJ/67z+2s0X483r8=
-----END ENCRYPTED PRIVATE KEY-----
root@20221416:/home/xzl/20221416/work# cat sm2pub.pem
-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEvN2ZpglKkcZ7nUlAlti4cYeBZTtH
g/2QBald+Y264c5L24Ltn+3AyKXJobDNp2l2m6l3AbcsuVU5HZYFKQCKJQ==
-----END PUBLIC KEY-----
root@20221416:/home/xzl/20221416/work# echo xzl | gmssl sm2sign -key sm2.pem -pass 1416 -out sm2.sig
root@20221416:/home/xzl/20221416/work# echo xzl | gmssl sm2verify -pubkey sm2pub.pem -sig sm2.sig -id 1234567812345678
verify : success
root@20221416:/home/xzl/20221416/work# echo xzl | gmssl sm2encrypt -pubkey sm2pub.pem -out sm2.der
root@20221416:/home/xzl/20221416/work# od -tx1 sm2.der
0000000 30 6c 02 20 0c 0f b9 e6 d1 ef ad 64 8f 86 1a dc
0000020 c0 23 d4 b5 a0 e3 d5 32 0b ca 6d 73 44 be a5 57
0000040 82 6b ca a9 02 20 2c 3a b0 65 4d 7a 97 2a 26 85
0000060 f5 fb 55 9c 6d 91 9e e4 24 9f 3e 03 bd 6a 57 a7
0000100 c4 ba 12 44 fa ac 04 20 46 4a 7a 16 62 4b e0 91
0000120 a1 31 c6 d8 e3 45 a2 5a 3a d8 20 2b 92 4e f4 c8
0000140 94 66 ce 67 b5 37 64 d3 04 04 35 a4 4f a6
0000156
root@20221416:/home/xzl/20221416/work# gmssl sm2decrypt -key sm2.pem -pass 1416 -in sm2.der
xzl
两人一组,在 Ubuntu或openEuler中(推荐 openEuler)中使用OpenSSL命令实现带签名的数字信封协议。使用OpenSSL时Alice发送,Bob接收。Ailice,Bob在实验中要替换为自己的8位学号+姓名。 使用Markdown记录详细记录实践过程,每完成一项git commit 一次。(10分)
- Alice,Bob生成自己的公私钥匙对,记作:(PKa,SKa),(PKb,SKb),Alice,Bob分别拥有:(PKa,SKa,PKb),(PKb,SKb,PKa),实验中把公钥文件拷贝给对方
- Alice发给Bob的明文plain.txt,内容为自己的姓名学号
- Alice:sm4 key使用gmssl rand 产生,16字节,记作k
- Alice:Sm4Enc(k,P) = C
- Alice:Sm2Enc(PKb,k) = KC
- Alice:Sm2Sign(SKa,C)= S1
- Alice: 数字信封 C||KC||S1 发给Bob
- Bob:Sm2Very(PKa,S1)
- Bob:Sm2Dec(SKb,KC)= k
- Bob:Sm4Dec(k,C)= P
我是Alice
root@20221416:/home/xzl/20221416/work/#vim plain.txt
root@20221416:/home/xzl/20221416/work/#openssl rand -out k.bin 16
root@20221416:/home/xzl/20221416/work/#openssl sm4-cbc -kfile k.bin -iv "da80e405a4998c351b0717093cbe86ab" -in plain.txt -out 1416_c
root@20221416:/home/xzl/20221416/work/#openssl pkeyutl -encrypt -pubin -inkey 1415/openssl_1415_pub.pem -in k.bin -out kc.bin
root@20221416:/home/xzl/20221416/work/#openssl pkeyutl -sign -inkey sm2private_key.pem -in 1416_c -out 1416_c.sig
Bob-20221423的操作结果:
$ openssl pkeyutl -verify -inkey openssl_1416_pub.pem -pubin -in 1416_c -sigfile 1416_c.sig
Signature Verified Successfully
$ openssl pkeyutl -decrypt -inkey openssl_1415_pri.pem -in kc.bin -out k.bin
$ ls k.bin
k.bin
$ openssl sm4-cbc -d -kfile k.bin -iv "da80e405a4
998c351b0717093cbe86ab" -in 1416_c -out plain.txt
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
$ cat plain.txt
20221416xzl
4. 两人一组,在 Ubuntu或openEuler中(推荐 openEuler)中使用GmSSL命令实现带签名的数字信封协议。使用GmSSL,Bob发送,Alice接收。Ailice,Bob在实验中要替换为自己的8位学号+姓名。 使用Markdown记录详细记录实践过程,每完成一项git commit 一次。(10分)
接收得到Bob发送的数字信封如下:
root@20221416:/home/xzl/20221416/work/# ls
1415sm2.der 1415_c.sig xzlsm4.cbc xzlsm4.cbc3 gmssl_1415_pub.pem key.bin sm2.pem sm2.sig
1415_c.cbc3 xzl.sm3 xzlsm4.cbc2 xzl.txt iv.bin sm2.der sm2pub.pem
三个文件:1416sm2.der 1415_c.sig 1415_c.cbc3
Alic执行的命令:
root@20221416:/home/xzl/20221416/work/# gmssl sm2verify -pubkey gmssl_1415_pub.pem -sig 1415_c.sig -in 1415_c.cbc3
verify : success
root@20221416:/home/xzl/20221416/work/# gmssl sm2decrypt -key sm2.pem -pass 1416 -in 1416sm2.der -out gm_k.bin
root@20221416:/home/xzl/20221416/work/# gmssl sm4_cbc -decrypt -key $(xxd -p -c 32 gm_k.bin) -iv $(xxd -p -c 32 iv.bin) -in 1415_c.cbc3 -out
plain.txt
root@20221416:/home/xzl/20221416/work/# cat plain.txt
20221415cjx
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· 无需6万激活码!GitHub神秘组织3小时极速复刻Manus,手把手教你使用OpenManus搭建本
· Manus爆火,是硬核还是营销?
· 终于写完轮子一部分:tcp代理 了,记录一下
· 别再用vector<bool>了!Google高级工程师:这可能是STL最大的设计失误
· 单元测试从入门到精通