20221320冯泰瑞-实验一嵌入式开发基础-1-3学时实践过程记录

20221320冯泰瑞《密码系统设计》实验一过程

OpenSSL

openssl cmd

fengtairui@fengtairui-virtual-machine:~$ openssl version
OpenSSL 3.0.2 15 Mar 2022 (Library: OpenSSL 3.0.2 15 Mar 2022)

openssl list -help

fengtairui@fengtairui-virtual-machine:~$ openssl list -help
Usage: list [options]

General options:
 -help                     Display this summary

Output options:
 -1                        List in one column
 -verbose                  Verbose listing
 -select val               Select a single algorithm
 -commands                 List of standard commands
 -standard-commands        List of standard commands
 -digest-commands          List of message digest commands (deprecated)
 -digest-algorithms        List of message digest algorithms
 -kdf-algorithms           List of key derivation and pseudo random function algorithms
 -random-instances         List the primary, public and private random number generator details
 -random-generators        List of random number generators
 -mac-algorithms           List of message authentication code algorithms
 -cipher-commands          List of cipher commands (deprecated)
 -cipher-algorithms        List of cipher algorithms
 -encoders                 List of encoding methods
 -decoders                 List of decoding methods
 -key-managers             List of key managers
 -key-exchange-algorithms  List of key exchange algorithms
 -kem-algorithms           List of key encapsulation mechanism algorithms
 -signature-algorithms     List of signature algorithms
 -asymcipher-algorithms    List of asymmetric cipher algorithms
 -public-key-algorithms    List of public key algorithms
 -public-key-methods       List of public key methods
 -store-loaders            List of store loaders
 -providers                List of provider information
 -engines                  List of loaded engines
 -disabled                 List of disabled features
 -options val              List options for specified command
 -objects                  List built in objects (OID<->name mappings)

Provider options:
 -provider-path val        Provider load path (must be before 'provider' argument if required)
 -provider val             Provider to load (can be specified multiple times)
 -propquery val            Property query used when fetching algorithms

openssl help

fengtairui@fengtairui-virtual-machine:~$ openssl help
help:

Standard commands
asn1parse         ca                ciphers           cmp               
cms               crl               crl2pkcs7         dgst              
dhparam           dsa               dsaparam          ec                
ecparam           enc               engine            errstr            
fipsinstall       gendsa            genpkey           genrsa            
help              info              kdf               list              
mac               nseq              ocsp              passwd            
pkcs12            pkcs7             pkcs8             pkey              
pkeyparam         pkeyutl           prime             rand              
rehash            req               rsa               rsautl            
s_client          s_server          s_time            sess_id           
smime             speed             spkac             srp               
storeutl          ts                verify            version           
x509              

Message Digest commands (see the `dgst' command for more details)
blake2b512        blake2s256        md4               md5               
rmd160            sha1              sha224            sha256            
sha3-224          sha3-256          sha3-384          sha3-512          
sha384            sha512            sha512-224        sha512-256        
shake128          shake256          sm3               

Cipher commands (see the `enc' command for more details)
aes-128-cbc       aes-128-ecb       aes-192-cbc       aes-192-ecb       
aes-256-cbc       aes-256-ecb       aria-128-cbc      aria-128-cfb      
aria-128-cfb1     aria-128-cfb8     aria-128-ctr      aria-128-ecb      
aria-128-ofb      aria-192-cbc      aria-192-cfb      aria-192-cfb1     
aria-192-cfb8     aria-192-ctr      aria-192-ecb      aria-192-ofb      
aria-256-cbc      aria-256-cfb      aria-256-cfb1     aria-256-cfb8     
aria-256-ctr      aria-256-ecb      aria-256-ofb      base64            
bf                bf-cbc            bf-cfb            bf-ecb            
bf-ofb            camellia-128-cbc  camellia-128-ecb  camellia-192-cbc  
camellia-192-ecb  camellia-256-cbc  camellia-256-ecb  cast              
cast-cbc          cast5-cbc         cast5-cfb         cast5-ecb         
cast5-ofb         des               des-cbc           des-cfb           
des-ecb           des-ede           des-ede-cbc       des-ede-cfb       
des-ede-ofb       des-ede3          des-ede3-cbc      des-ede3-cfb      
des-ede3-ofb      des-ofb           des3              desx              
rc2               rc2-40-cbc        rc2-64-cbc        rc2-cbc           
rc2-cfb           rc2-ecb           rc2-ofb           rc4               
rc4-40            seed              seed-cbc          seed-cfb          
seed-ecb          seed-ofb          sm4-cbc           sm4-cfb           
sm4-ctr           sm4-ecb           sm4-ofb           

数据输入输出

文本

echo 123 | openssl sm3

fengtairui@fengtairui-virtual-machine:~$ echo 123 | openssl sm3
SM3(stdin)= e95001aed4b6f7de59169913997dace404f05091ed49c37133a9950a69405a9c

echo "123" | openssl sm3

fengtairui@fengtairui-virtual-machine:~$ echo "123" | openssl sm3
SM3(stdin)= e95001aed4b6f7de59169913997dace404f05091ed49c37133a9950a69405a9c

echo 123 | od -tx1 -tc

fengtairui@fengtairui-virtual-machine:~$ echo 123 | od -tx1 -tc
0000000  31  32  33  0a
          1   2   3  \n
0000004

echo -n 123 | od -tx1 -tc

fengtairui@fengtairui-virtual-machine:~$ echo -n 123 | od -tx1 -tc
0000000  31  32  33
          1   2   3
0000003

echo 123 | openssl sm3

fengtairui@fengtairui-virtual-machine:~$ echo 123 | openssl sm3
SM3(stdin)= e95001aed4b6f7de59169913997dace404f05091ed49c37133a9950a69405a9c

echo -n 123 | openssl sm3

fengtairui@fengtairui-virtual-machine:~$ echo -n 123 | openssl sm3
SM3(stdin)= 6e0f9e14344c5406a0cf5a3b4dfb665f87f4a771a31f7edbb5c72874a32b2957

echo 123 > 123.txt
openssl sm3 -file 123.txt

fengtairui@fengtairui-virtual-machine:~$ echo 123 > 123.txt
fengtairui@fengtairui-virtual-machine:~$ openssl sm3 -file 123.txt
SM3(123.txt)= e95001aed4b6f7de59169913997dace404f05091ed49c37133a9950a69405a9c

echo 123 | openssl sm3

fengtairui@fengtairui-virtual-machine:~$ echo 123 | openssl sm3
SM3(stdin)= e95001aed4b6f7de59169913997dace404f05091ed49c37133a9950a69405a9c

二进制(16进制)

echo "obase=16;123" | bc

fengtairui@fengtairui-virtual-machine:~$ echo "obase=16;123" | bc
7B

echo -n -e "\x7B" > 123.bin
od -tx1 123.bin

fengtairui@fengtairui-virtual-machine:~$ echo -n -e "\x7B" > 123.bin
fengtairui@fengtairui-virtual-machine:~$ od -tx1 123.bin
0000000 7b
0000001

openssl sm3 -file 123.bin

fengtairui@fengtairui-virtual-machine:~$ openssl sm3 -file 123.bin
SM3(123.bin)= 2ed59fea0dbe4e4f02de67ee657eb6be8e22a7db425103402d8a36d7b6f6d344

echo -ne "\x7B" | openssl sm3

fengtairui@fengtairui-virtual-machine:~$ echo -ne "\x7B" | openssl sm3
SM3(stdin)= 2ed59fea0dbe4e4f02de67ee657eb6be8e22a7db425103402d8a36d7b6f6d344

echo 1 > 1.txt <==> echo -e "\x31" > 1.txt

fengtairui@fengtairui-virtual-machine:~$ echo 1 > 1.txt
fengtairui@fengtairui-virtual-machine:~$ cat 1.txt
1
fengtairui@fengtairui-virtual-machine:~$ echo -e "\x31" > 1.txt
fengtairui@fengtairui-virtual-machine:~$ cat 1.txt
1

产生的文件提交至Git

fengtairui@fengtairui-virtual-machine:~$ git add 1.txt 123.bin 123.txt
fengtairui@fengtairui-virtual-machine:~$ git commit -m "Data input/output text Binary system"
[master e50df09] Data input/output text Binary system
 3 files changed, 3 insertions(+)
 create mode 100644 1.txt
 create mode 100644 123.bin
 create mode 100644 123.txt
fengtairui@fengtairui-virtual-machine:~$ git log
commit e50df09386b764388533dd1665b1b5cd053d0e2e (HEAD -> master)
Author: fengtairui <1978274655@qq.com>
Date:   Sun Oct 13 11:15:40 2024 +0800

    Data input/output text Binary system

commit af8a56a4c254dae1c44176dbd05e7f6a04ca16d0
Author: fengtairui <1978274655@qq.com>
Date:   Tue Oct 8 19:40:57 2024 +0800

    Initial commit with hello.c and compilation artifacts

常用命令

prime

help

openssl prime -help

fengtairui@fengtairui-virtual-machine:~$ openssl prime -help
Usage: prime [options] [number...]

General options:
 -help               Display this summary
 -bits +int          Size of number in bits
 -checks +int        Number of checks

Output options:
 -hex                Hex output
 -generate           Generate a prime
 -safe               When used with -generate, generate a safe prime

Provider options:
 -provider-path val  Provider load path (must be before 'provider' argument if required)
 -provider val       Provider to load (can be specified multiple times)
 -propquery val      Property query used when fetching algorithms

Parameters:
 number              Number(s) to check for primality if not generating
素数检查

openssl prime 3

fengtairui@fengtairui-virtual-machine:~$ openssl prime 3
3 (3) is prime

openssl prime 33

fengtairui@fengtairui-virtual-machine:~$ openssl prime 33
21 (33) is not prime

openssl prime -checks 10 33

fengtairui@fengtairui-virtual-machine:~$ openssl prime -checks 10 33
21 (33) is not prime

openssl prime -hex 4F

fengtairui@fengtairui-virtual-machine:~$ openssl prime -hex 4F
4F (4F) is prime
素数产生
fengtairui@fengtairui-virtual-machine:~$ openssl prime -generate -bits 10
1009
fengtairui@fengtairui-virtual-machine:~$ openssl prime 1009
3F1 (1009) is prime
fengtairui@fengtairui-virtual-machine:~$ openssl prime -generate -bits 10 -hex
0329
fengtairui@fengtairui-virtual-machine:~$ openssl prime -hex 0329
329 (0329) is prime

rand

help
fengtairui@fengtairui-virtual-machine:~$ openssl rand -help
Usage: rand [options] num

General options:
 -help               Display this summary
 -engine val         Use engine, possibly a hardware device

Output options:
 -out outfile        Output file
 -base64             Base64 encode output
 -hex                Hex encode output

Random state options:
 -rand val           Load the given file(s) into the random number generator
 -writerand outfile  Write random data to the specified file

Provider options:
 -provider-path val  Provider load path (must be before 'provider' argument if required)
 -provider val       Provider to load (can be specified multiple times)
 -propquery val      Property query used when fetching algorithms

Parameters:
 num                 Number of bytes to generate
随机数产生
fengtairui@fengtairui-virtual-machine:~$ openssl rand 10
��vް��'{�fengtairui@fengtairui-virtual-machine:~$ openssl rand 10 | od -tx1
0000000 d9 e6 68 6a 98 d3 db 73 76 fc
0000012
fengtairui@fengtairui-virtual-machine:~$ openssl rand 10 | xxd -p
72c5356b3b939984e324
fengtairui@fengtairui-virtual-machine:~$ openssl rand -hex 10
aaf647aedbf3769a429e
fengtairui@fengtairui-virtual-machine:~$ openssl rand -base64 10
jk1QjJMiUdQkiQ==
随机数文件
fengtairui@fengtairui-virtual-machine:~$ openssl rand -out r1.bin 10
fengtairui@fengtairui-virtual-machine:~$ od -tx1 r1.bin
0000000 ef 0d d3 ad 30 e0 a7 85 f5 d9
0000012
fengtairui@fengtairui-virtual-machine:~$ openssl rand 10 > r2.bin
fengtairui@fengtairui-virtual-machine:~$  cat r2.bin | xxd -p
05e0c139620f82a8af8b
产生的文件提交至Git
fengtairui@fengtairui-virtual-machine:~$ git add r2.bin r1.bin
fengtairui@fengtairui-virtual-machine:~$ git commit -m "Random number file"
[master 3a3ef29] Random number file
 2 files changed, 2 insertions(+)
 create mode 100644 r1.bin
 create mode 100644 r2.bin
fengtairui@fengtairui-virtual-machine:~$ git log
commit 3a3ef29a950073e111f7650c9666ce473d05203f (HEAD -> master)
Author: fengtairui <1978274655@qq.com>
Date:   Sun Oct 13 11:28:51 2024 +0800

    Random number file

base64

help
fengtairui@fengtairui-virtual-machine:~$ openssl base64 -help
Usage: base64 [options]

General options:
 -help               Display this summary
 -list               List ciphers
 -ciphers            Alias for -list
 -e                  Encrypt
 -d                  Decrypt
 -p                  Print the iv/key
 -P                  Print the iv/key and exit
 -engine val         Use engine, possibly a hardware device

Input options:
 -in infile          Input file
 -k val              Passphrase
 -kfile infile       Read passphrase from file

Output options:
 -out outfile        Output file
 -pass val           Passphrase source
 -v                  Verbose output
 -a                  Base64 encode/decode, depending on encryption flag
 -base64             Same as option -a
 -A                  Used with -[base64|a] to specify base64 buffer as a single line

Encryption options:
 -nopad              Disable standard block padding
 -salt               Use salt in the KDF (default)
 -nosalt             Do not use salt in the KDF
 -debug              Print debug info
 -bufsize val        Buffer size
 -K val              Raw key, in hex
 -S val              Salt, in hex
 -iv val             IV in hex
 -md val             Use specified digest to create a key from the passphrase
 -iter +int          Specify the iteration count and force use of PBKDF2
 -pbkdf2             Use password-based key derivation function 2
 -none               Don't encrypt
 -*                  Any supported cipher

Random state options:
 -rand val           Load the given file(s) into the random number generator
 -writerand outfile  Write random data to the specified file

Provider options:
 -provider-path val  Provider load path (must be before 'provider' argument if required)
 -provider val       Provider to load (can be specified multiple times)
 -propquery val      Property query used when fetching algorithms
编码解码
fengtairui@fengtairui-virtual-machine:~$ echo ftr | openssl base64
ZnRyCg==
fengtairui@fengtairui-virtual-machine:~$ echo ftr | openssl base64 -e
ZnRyCg==
fengtairui@fengtairui-virtual-machine:~$ echo ZnRyCg== | openssl base64 -d
ftr
fengtairui@fengtairui-virtual-machine:~$ echo -ne "\x11\x22\x33" | openssl base64
ESIz
fengtairui@fengtairui-virtual-machine:~$ echo ESIz | openssl base64 -d | xxd -p
112233
fengtairui@fengtairui-virtual-machine:~$ echo -ne "\x11\x22\x33\x44" | openssl base64
ESIzRA==
fengtairui@fengtairui-virtual-machine:~$ echo ESIzRA== | openssl base64 -d | xxd -p
11223344
文件编码解码
fengtairui@fengtairui-virtual-machine:~$ echo ftr > ftr.txt
fengtairui@fengtairui-virtual-machine:~$ openssl base64 -in ftr.txt -out ftr.b64
fengtairui@fengtairui-virtual-machine:~$ cat ftr.b64
ZnRyCg==
fengtairui@fengtairui-virtual-machine:~$ openssl base64 -d -in ftr.b64 -out ftr2.txt
fengtairui@fengtairui-virtual-machine:~$ diff ftr.txt ftr2.txt
fengtairui@fengtairui-virtual-machine:~$ cat ftr2.txt
ftr
产生的文件提交至Git
fengtairui@fengtairui-virtual-machine:~$ git add ftr.txt ftr.b64 ftr2.txt 
fengtairui@fengtairui-virtual-machine:~$ git commit -m "base64 File encoding and decoding"
[master 24ecc5e] base64 File encoding and decoding
 3 files changed, 3 insertions(+)
 create mode 100644 ftr.b64
 create mode 100644 ftr.txt
 create mode 100644 ftr2.txt
fengtairui@fengtairui-virtual-machine:~$ git log
commit 24ecc5eb202869bbf3cc34982b66eb245f84d18b (HEAD -> master)
Author: fengtairui <1978274655@qq.com>
Date:   Sun Oct 13 11:43:36 2024 +0800

    base64 File encoding and decoding

asn1parse

help
fengtairui@fengtairui-virtual-machine:~$ openssl asn1parse -help
Usage: asn1parse [options]

General options:
 -help            Display this summary
 -oid infile      file of extra oid definitions

I/O options:
 -inform PEM|DER  input format - one of DER PEM
 -in infile       input file
 -out outfile     output file (output format is always DER)
 -noout           do not produce any output
 -offset +int     offset into file
 -length +int     length of section in file
 -strparse +int   offset; a series of these can be used to 'dig'
 -genstr val      string to generate ASN1 structure from
                  into multiple ASN1 blob wrappings
 -genconf val     file to generate ASN1 structure from
 -strictpem       do not attempt base64 decode outside PEM markers
 -item val        item to parse and print
                  (-inform  will be ignored)

Formatting options:
 -i               indents the output
 -dump            unknown data in hex form
 -dlimit +int     dump the first arg bytes of unknown data in hex form
密码工程中的格式
fengtairui@fengtairui-virtual-machine:~$ echo -ne "\x03\x02\x04\x90" >bitstring.der
fengtairui@fengtairui-virtual-machine:~$ openssl asn1parse -inform der -i -in bitstring.der
    0:d=0  hl=2 l=   2 prim: BIT STRING        
fengtairui@fengtairui-virtual-machine:~$ openssl base64 -in bitstring.der -out bitstring.pem
fengtairui@fengtairui-virtual-machine:~$ ls bitstring.pem
bitstring.pem
fengtairui@fengtairui-virtual-machine:~$ openssl asn1parse -inform PEM -in bitstring.pem
    0:d=0  hl=2 l=   2 prim: BIT STRING        
产生的文件提交至Git
fengtairui@fengtairui-virtual-machine:~$ git add bitstring.der bitstring.pem
fengtairui@fengtairui-virtual-machine:~$ git commit -m "Format in cryptographic engineering"
[master c2cfd08] Format in cryptographic engineering
 2 files changed, 2 insertions(+)
 create mode 100644 bitstring.der
 create mode 100644 bitstring.pem
fengtairui@fengtairui-virtual-machine:~$ git log
commit c2cfd087d62198aa5435e9c0b35399bdb88307c1 (HEAD -> master)
Author: fengtairui <1978274655@qq.com>
Date:   Sun Oct 13 11:49:23 2024 +0800

    Format in cryptographic engineering

Hash与HMAC

help

fengtairui@fengtairui-virtual-machine:~$ openssl dgst -help
Usage: dgst [options] [file...]

General options:
 -help               Display this summary
 -list               List digests
 -engine val         Use engine e, possibly a hardware device
 -engine_impl        Also use engine given by -engine for digest operations
 -passin val         Input file pass phrase source

Output options:
 -c                  Print the digest with separating colons
 -r                  Print the digest in coreutils format
 -out outfile        Output to filename rather than stdout
 -keyform format     Key file format (ENGINE, other values ignored)
 -hex                Print as hex dump
 -binary             Print in binary form
 -xoflen +int        Output length for XOF algorithms
 -d                  Print debug info
 -debug              Print debug info

Signing options:
 -sign val           Sign digest using private key
 -verify val         Verify a signature using public key
 -prverify val       Verify a signature using private key
 -sigopt val         Signature parameter in n:v form
 -signature infile   File with signature to verify
 -hmac val           Create hashed MAC with key
 -mac val            Create MAC (not necessarily HMAC)
 -macopt val         MAC algorithm parameters in n:v form or key
 -*                  Any supported digest
 -fips-fingerprint   Compute HMAC with the key used in OpenSSL-FIPS fingerprint

Random state options:
 -rand val           Load the given file(s) into the random number generator
 -writerand outfile  Write random data to the specified file

Provider options:
 -provider-path val  Provider load path (must be before 'provider' argument if required)
 -provider val       Provider to load (can be specified multiple times)
 -propquery val      Property query used when fetching algorithms

Parameters:
 file                Files to digest (optional; default is stdin)

openssl dgst -list

fengtairui@fengtairui-virtual-machine:~$ openssl dgst -list
Supported digests:
-blake2b512                -blake2s256                -md4                      
-md5                       -md5-sha1                  -ripemd                   
-ripemd160                 -rmd160                    -sha1                     
-sha224                    -sha256                    -sha3-224                 
-sha3-256                  -sha3-384                  -sha3-512                 
-sha384                    -sha512                    -sha512-224               
-sha512-256                -shake128                  -shake256                 
-sm3                       -ssl3-md5                  -ssl3-sha1                
-whirlpool       

openssl dgst -sm3 <==> openssl -sm3

fengtairui@fengtairui-virtual-machine:~$ echo ftr | openssl dgst -sm3
SM3(stdin)= 83566dd4c36acb7e0aa656f6e873830f13eac245c998ae5610e6dfa69a752766
fengtairui@fengtairui-virtual-machine:~$ echo ftr | openssl sm3
SM3(stdin)= 83566dd4c36acb7e0aa656f6e873830f13eac245c998ae5610e6dfa69a752766
fengtairui@fengtairui-virtual-machine:~$ echo ftr | openssl sm3
SM3(stdin)= 83566dd4c36acb7e0aa656f6e873830f13eac245c998ae5610e6dfa69a752766
fengtairui@fengtairui-virtual-machine:~$ echo ftr | openssl sm3 -binary
�Vm��j�~
fengtairui@fengtairui-virtual-machine:~$ echo ftr | openssl sm3 -binary | xxd -p
83566dd4c36acb7e0aa656f6e873830f13eac245c998ae5610e6dfa69a75
2766

没有in参数,直接传文件

fengtairui@fengtairui-virtual-machine:~$ echo ftr > ftr.txt
fengtairui@fengtairui-virtual-machine:~$ openssl sm3 ftr.txt
SM3(ftr.txt)= 83566dd4c36acb7e0aa656f6e873830f13eac245c998ae5610e6dfa69a752766
fengtairui@fengtairui-virtual-machine:~$ echo ftr | openssl sm3
SM3(stdin)= 83566dd4c36acb7e0aa656f6e873830f13eac245c998ae5610e6dfa69a752766

对称算法enc

help

fengtairui@fengtairui-virtual-machine:~$  openssl enc -help
Usage: enc [options]

General options:
 -help               Display this summary
 -list               List ciphers
 -ciphers            Alias for -list
 -e                  Encrypt
 -d                  Decrypt
 -p                  Print the iv/key
 -P                  Print the iv/key and exit
 -engine val         Use engine, possibly a hardware device

Input options:
 -in infile          Input file
 -k val              Passphrase
 -kfile infile       Read passphrase from file

Output options:
 -out outfile        Output file
 -pass val           Passphrase source
 -v                  Verbose output
 -a                  Base64 encode/decode, depending on encryption flag
 -base64             Same as option -a
 -A                  Used with -[base64|a] to specify base64 buffer as a single line

Encryption options:
 -nopad              Disable standard block padding
 -salt               Use salt in the KDF (default)
 -nosalt             Do not use salt in the KDF
 -debug              Print debug info
 -bufsize val        Buffer size
 -K val              Raw key, in hex
 -S val              Salt, in hex
 -iv val             IV in hex
 -md val             Use specified digest to create a key from the passphrase
 -iter +int          Specify the iteration count and force use of PBKDF2
 -pbkdf2             Use password-based key derivation function 2
 -none               Don't encrypt
 -*                  Any supported cipher

Random state options:
 -rand val           Load the given file(s) into the random number generator
 -writerand outfile  Write random data to the specified file

Provider options:
 -provider-path val  Provider load path (must be before 'provider' argument if required)
 -provider val       Provider to load (can be specified multiple times)
 -propquery val      Property query used when fetching algorithms
fengtairui@fengtairui-virtual-machine:~$ openssl enc -list
Supported ciphers:
-aes-128-cbc               -aes-128-cfb               -aes-128-cfb1             
-aes-128-cfb8              -aes-128-ctr               -aes-128-ecb              
-aes-128-ofb               -aes-192-cbc               -aes-192-cfb              
-aes-192-cfb1              -aes-192-cfb8              -aes-192-ctr              
-aes-192-ecb               -aes-192-ofb               -aes-256-cbc              
-aes-256-cfb               -aes-256-cfb1              -aes-256-cfb8             
-aes-256-ctr               -aes-256-ecb               -aes-256-ofb              
-aes128                    -aes128-wrap               -aes192                   
-aes192-wrap               -aes256                    -aes256-wrap              
-aria-128-cbc              -aria-128-cfb              -aria-128-cfb1            
-aria-128-cfb8             -aria-128-ctr              -aria-128-ecb             
-aria-128-ofb              -aria-192-cbc              -aria-192-cfb             
-aria-192-cfb1             -aria-192-cfb8             -aria-192-ctr             
-aria-192-ecb              -aria-192-ofb              -aria-256-cbc             
-aria-256-cfb              -aria-256-cfb1             -aria-256-cfb8            
-aria-256-ctr              -aria-256-ecb              -aria-256-ofb             
-aria128                   -aria192                   -aria256                  
-bf                        -bf-cbc                    -bf-cfb                   
-bf-ecb                    -bf-ofb                    -blowfish                 
-camellia-128-cbc          -camellia-128-cfb          -camellia-128-cfb1        
-camellia-128-cfb8         -camellia-128-ctr          -camellia-128-ecb         
-camellia-128-ofb          -camellia-192-cbc          -camellia-192-cfb         
-camellia-192-cfb1         -camellia-192-cfb8         -camellia-192-ctr         
-camellia-192-ecb          -camellia-192-ofb          -camellia-256-cbc         
-camellia-256-cfb          -camellia-256-cfb1         -camellia-256-cfb8        
-camellia-256-ctr          -camellia-256-ecb          -camellia-256-ofb         
-camellia128               -camellia192               -camellia256              
-cast                      -cast-cbc                  -cast5-cbc                
-cast5-cfb                 -cast5-ecb                 -cast5-ofb                
-chacha20                  -des                       -des-cbc                  
-des-cfb                   -des-cfb1                  -des-cfb8                 
-des-ecb                   -des-ede                   -des-ede-cbc              
-des-ede-cfb               -des-ede-ecb               -des-ede-ofb              
-des-ede3                  -des-ede3-cbc              -des-ede3-cfb             
-des-ede3-cfb1             -des-ede3-cfb8             -des-ede3-ecb             
-des-ede3-ofb              -des-ofb                   -des3                     
-des3-wrap                 -desx                      -desx-cbc                 
-id-aes128-wrap            -id-aes128-wrap-pad        -id-aes192-wrap           
-id-aes192-wrap-pad        -id-aes256-wrap            -id-aes256-wrap-pad       
-id-smime-alg-CMS3DESwrap  -rc2                       -rc2-128                  
-rc2-40                    -rc2-40-cbc                -rc2-64                   
-rc2-64-cbc                -rc2-cbc                   -rc2-cfb                  
-rc2-ecb                   -rc2-ofb                   -rc4                      
-rc4-40                  -seed                      -seed-cbc                 
-seed-cfb                  -seed-ecb                  -seed-ofb                 
-sm4                       -sm4-cbc                   -sm4-cfb                  
-sm4-ctr                   -sm4-ecb                   -sm4-ofb                  

加密解密

fengtairui@fengtairui-virtual-machine:~$ openssl sm4-cbc -K "2851fa25211a48023794ae9515909603" -iv "da80e405a4998c351b0717093cbe86ab" -in ftr.txt -out ftr.enc
fengtairui@fengtairui-virtual-machine:~$ openssl sm4-cbc -d -K "2851fa25211a48023794ae9515909603" -iv "da80e405a4998c351b0717093cbe86ab" -in ftr.enc -out ftr2.txt
fengtairui@fengtairui-virtual-machine:~$ diff ftr.txt ftr2.txt
fengtairui@fengtairui-virtual-machine:~$ cat ftr2.txt
ftr

产生的文件提交至Git

fengtairui@fengtairui-virtual-machine:~$ git add ftr.txt ftr2.txt ftr.enc
fengtairui@fengtairui-virtual-machine:~$ git commit -m "enc Encryption and decryption"
[master 499d228] enc Encryption and decryption
 1 file changed, 1 insertion(+)
 create mode 100644 ftr.enc
fengtairui@fengtairui-virtual-machine:~$ git log
commit 499d2288429f94bded36ff64c03052bcd91f2c52 (HEAD -> master)
Author: fengtairui <1978274655@qq.com>
Date:   Sun Oct 13 12:15:22 2024 +0800

    enc Encryption and decryption

非对称算法

SM2

产生公私钥对
fengtairui@fengtairui-virtual-machine:~$ openssl ecparam -genkey -name SM2 -out sm2private_key.pem
fengtairui@fengtairui-virtual-machine:~$ cat sm2private_key.pem
-----BEGIN SM2 PARAMETERS-----
BggqgRzPVQGCLQ==
-----END SM2 PARAMETERS-----
-----BEGIN PRIVATE KEY-----
MIGIAgEAMBQGCCqBHM9VAYItBggqgRzPVQGCLQRtMGsCAQEEIHHkiBwdoIuMyHHl
uBSbVGRkrTSfJ02i7V97O7hcuXjyoUQDQgAEWqE+r3FE+URF6l0pFb83BlLiqAGr
naOb6RdcxRCTtonEOu3YnAiMWw4SSFDa/aDLTBvWge0mlZbMiXwqoX86Sw==
-----END PRIVATE KEY-----
fengtairui@fengtairui-virtual-machine:~$ openssl asn1parse -inform PEM -in sm2private_key.pem
    0:d=0  hl=2 l=   8 prim: OBJECT            :sm2
fengtairui@fengtairui-virtual-machine:~$ openssl base64 -d -in sm2private_key.pem -out sm2private_key.der
fengtairui@fengtairui-virtual-machine:~$ openssl asn1parse -inform DER -in sm2private_key.der
    0:d=0  hl=2 l=   8 prim: OBJECT            :sm2
fengtairui@fengtairui-virtual-machine:~$ od -tx1 sm2private_key.der
0000000 06 08 2a 81 1c cf 55 01 82 2d
0000012
fengtairui@fengtairui-virtual-machine:~$ openssl pkey -in sm2private_key.pem -text -noout
Private-Key: (256 bit)
priv:
    71:e4:88:1c:1d:a0:8b:8c:c8:71:e5:b8:14:9b:54:
    64:64:ad:34:9f:27:4d:a2:ed:5f:7b:3b:b8:5c:b9:
    78:f2
pub:
    04:5a:a1:3e:af:71:44:f9:44:45:ea:5d:29:15:bf:
    37:06:52:e2:a8:01:ab:9d:a3:9b:e9:17:5c:c5:10:
    93:b6:89:c4:3a:ed:d8:9c:08:8c:5b:0e:12:48:50:
    da:fd:a0:cb:4c:1b:d6:81:ed:26:95:96:cc:89:7c:
    2a:a1:7f:3a:4b
ASN1 OID: SM2

openssl ecparam -help

fengtairui@fengtairui-virtual-machine:~$ openssl ecparam -help
Usage: ecparam [options]

General options:
 -help               Display this summary
 -list_curves        Prints a list of all curve 'short names'
 -engine val         Use engine, possibly a hardware device
 -genkey             Generate ec key
 -in infile          Input file  - default stdin
 -inform PEM|DER     Input format - default PEM (DER or PEM)
 -out outfile        Output file - default stdout
 -outform PEM|DER    Output format - default PEM

Output options:
 -text               Print the ec parameters in text form
 -noout              Do not print the ec parameter
 -param_enc val      Specifies the way the ec parameters are encoded

Parameter options:
 -check              Validate the ec parameters
 -check_named        Check that named EC curve parameters have not been modified
 -no_seed            If 'explicit' parameters are chosen do not use the seed
 -name val           Use the ec parameters with specified 'short name'
 -conv_form val      Specifies the point conversion form 

Random state options:
 -rand val           Load the given file(s) into the random number generator
 -writerand outfile  Write random data to the specified file

Provider options:
 -provider-path val  Provider load path (must be before 'provider' argument if required)
 -provider val       Provider to load (can be specified multiple times)
 -propquery val      Property query used when fetching algorithms

openssl ecparam -list_curves

fengtairui@fengtairui-virtual-machine:~$ openssl ecparam -list_curves
  secp112r1 : SECG/WTLS curve over a 112 bit prime field
  secp112r2 : SECG curve over a 112 bit prime field
  secp128r1 : SECG curve over a 128 bit prime field
  secp128r2 : SECG curve over a 128 bit prime field
  secp160k1 : SECG curve over a 160 bit prime field
  secp160r1 : SECG curve over a 160 bit prime field
  secp160r2 : SECG/WTLS curve over a 160 bit prime field
  secp192k1 : SECG curve over a 192 bit prime field
  secp224k1 : SECG curve over a 224 bit prime field
  secp224r1 : NIST/SECG curve over a 224 bit prime field
  secp256k1 : SECG curve over a 256 bit prime field
  secp384r1 : NIST/SECG curve over a 384 bit prime field
  secp521r1 : NIST/SECG curve over a 521 bit prime field
  prime192v1: NIST/X9.62/SECG curve over a 192 bit prime field
  prime192v2: X9.62 curve over a 192 bit prime field
  prime192v3: X9.62 curve over a 192 bit prime field
  prime239v1: X9.62 curve over a 239 bit prime field
  prime239v2: X9.62 curve over a 239 bit prime field
  prime239v3: X9.62 curve over a 239 bit prime field
  prime256v1: X9.62/SECG curve over a 256 bit prime field
  sect113r1 : SECG curve over a 113 bit binary field
  sect113r2 : SECG curve over a 113 bit binary field
  sect131r1 : SECG/WTLS curve over a 131 bit binary field
  sect131r2 : SECG curve over a 131 bit binary field
  sect163k1 : NIST/SECG/WTLS curve over a 163 bit binary field
  sect163r1 : SECG curve over a 163 bit binary field
  sect163r2 : NIST/SECG curve over a 163 bit binary field
  sect193r1 : SECG curve over a 193 bit binary field
  sect193r2 : SECG curve over a 193 bit binary field
  sect233k1 : NIST/SECG/WTLS curve over a 233 bit binary field
  sect233r1 : NIST/SECG/WTLS curve over a 233 bit binary field
  sect239k1 : SECG curve over a 239 bit binary field
  sect283k1 : NIST/SECG curve over a 283 bit binary field
  sect283r1 : NIST/SECG curve over a 283 bit binary field
  sect409k1 : NIST/SECG curve over a 409 bit binary field
  sect409r1 : NIST/SECG curve over a 409 bit binary field
  sect571k1 : NIST/SECG curve over a 571 bit binary field
  sect571r1 : NIST/SECG curve over a 571 bit binary field
  c2pnb163v1: X9.62 curve over a 163 bit binary field
  c2pnb163v2: X9.62 curve over a 163 bit binary field
  c2pnb163v3: X9.62 curve over a 163 bit binary field
  c2pnb176v1: X9.62 curve over a 176 bit binary field
  c2tnb191v1: X9.62 curve over a 191 bit binary field
  c2tnb191v2: X9.62 curve over a 191 bit binary field
  c2tnb191v3: X9.62 curve over a 191 bit binary field
  c2pnb208w1: X9.62 curve over a 208 bit binary field
  c2tnb239v1: X9.62 curve over a 239 bit binary field
  c2tnb239v2: X9.62 curve over a 239 bit binary field
  c2tnb239v3: X9.62 curve over a 239 bit binary field
  c2pnb272w1: X9.62 curve over a 272 bit binary field
  c2pnb304w1: X9.62 curve over a 304 bit binary field
  c2tnb359v1: X9.62 curve over a 359 bit binary field
  c2pnb368w1: X9.62 curve over a 368 bit binary field
  c2tnb431r1: X9.62 curve over a 431 bit binary field
  wap-wsg-idm-ecid-wtls1: WTLS curve over a 113 bit binary field
  wap-wsg-idm-ecid-wtls3: NIST/SECG/WTLS curve over a 163 bit binary field
  wap-wsg-idm-ecid-wtls4: SECG curve over a 113 bit binary field
  wap-wsg-idm-ecid-wtls5: X9.62 curve over a 163 bit binary field
  wap-wsg-idm-ecid-wtls6: SECG/WTLS curve over a 112 bit prime field
  wap-wsg-idm-ecid-wtls7: SECG/WTLS curve over a 160 bit prime field
  wap-wsg-idm-ecid-wtls8: WTLS curve over a 112 bit prime field
  wap-wsg-idm-ecid-wtls9: WTLS curve over a 160 bit prime field
  wap-wsg-idm-ecid-wtls10: NIST/SECG/WTLS curve over a 233 bit binary field
  wap-wsg-idm-ecid-wtls11: NIST/SECG/WTLS curve over a 233 bit binary field
  wap-wsg-idm-ecid-wtls12: WTLS curve over a 224 bit prime field
  Oakley-EC2N-3: 
	IPSec/IKE/Oakley curve #3 over a 155 bit binary field.
	Not suitable for ECDSA.
	Questionable extension field!
  Oakley-EC2N-4: 
	IPSec/IKE/Oakley curve #4 over a 185 bit binary field.
	Not suitable for ECDSA.
	Questionable extension field!
  brainpoolP160r1: RFC 5639 curve over a 160 bit prime field
  brainpoolP160t1: RFC 5639 curve over a 160 bit prime field
  brainpoolP192r1: RFC 5639 curve over a 192 bit prime field
  brainpoolP192t1: RFC 5639 curve over a 192 bit prime field
  brainpoolP224r1: RFC 5639 curve over a 224 bit prime field
  brainpoolP224t1: RFC 5639 curve over a 224 bit prime field
  brainpoolP256r1: RFC 5639 curve over a 256 bit prime field
  brainpoolP256t1: RFC 5639 curve over a 256 bit prime field
  brainpoolP320r1: RFC 5639 curve over a 320 bit prime field
  brainpoolP320t1: RFC 5639 curve over a 320 bit prime field
  brainpoolP384r1: RFC 5639 curve over a 384 bit prime field
  brainpoolP384t1: RFC 5639 curve over a 384 bit prime field
  brainpoolP512r1: RFC 5639 curve over a 512 bit prime field
  brainpoolP512t1: RFC 5639 curve over a 512 bit prime field
  SM2       : SM2 curve over a 256 bit prime field
提取公钥
fengtairui@fengtairui-virtual-machine:~$ openssl ec -in sm2private_key.pem -pubout -out sm2publickey.pem
read EC key
writing EC key
fengtairui@fengtairui-virtual-machine:~$ cat sm2publickey.pem
-----BEGIN PUBLIC KEY-----
MFowFAYIKoEcz1UBgi0GCCqBHM9VAYItA0IABFqhPq9xRPlERepdKRW/NwZS4qgB
q52jm+kXXMUQk7aJxDrt2JwIjFsOEkhQ2v2gy0wb1oHtJpWWzIl8KqF/Oks=
-----END PUBLIC KEY-----
fengtairui@fengtairui-virtual-machine:~$ openssl asn1parse -inform PEM -in sm2publickey.pem
    0:d=0  hl=2 l=  90 cons: SEQUENCE          
    2:d=1  hl=2 l=  20 cons: SEQUENCE          
    4:d=2  hl=2 l=   8 prim: OBJECT            :sm2
   14:d=2  hl=2 l=   8 prim: OBJECT            :sm2
   24:d=1  hl=2 l=  66 prim: BIT STRING        
加密解密
fengtairui@fengtairui-virtual-machine:~$ openssl pkeyutl -encrypt -pubin -inkey sm2publickey.pem -in ftr.txt -out ftrsm2enc.bin
fengtairui@fengtairui-virtual-machine:~$ openssl pkeyutl -decrypt -inkey sm2private_key.pem -in ftrsm2enc.bin -out ftrsm2dec.txt
fengtairui@fengtairui-virtual-machine:~$ diff ftr.txt ftrsm2dec.txt
签名验签
fengtairui@fengtairui-virtual-machine:~$ openssl sm3 -sign sm2private_key.pem -out ftrsm2.sig ftr.txt
fengtairui@fengtairui-virtual-machine:~$ openssl sm3 -verify sm2publickey.pem -signature ftrsm2.sig ftr.txt
Verified OK
fengtairui@fengtairui-virtual-machine:~$ openssl pkeyutl -sign -in ftr.txt -inkey sm2private_key.pem -out ftrsm2.sig -rawin -digest sm3
fengtairui@fengtairui-virtual-machine:~$ od -tx1 ftrsm2.sig
0000000 30 45 02 20 69 1f d9 ba 63 c7 14 ae 7e 3c c6 8d
0000020 75 0d 95 46 24 f0 dd b9 13 05 12 ed 8b 82 a8 2a
0000040 67 82 a7 35 02 21 00 cc 88 a6 ff 64 7d 3d 7b 79
0000060 ee c0 72 81 9e 50 25 96 c5 5e 3d 9f a9 56 f1 8e
0000100 d6 a2 f3 56 4f c7 98
0000107
fengtairui@fengtairui-virtual-machine:~$ openssl pkeyutl -verify -in ftr.txt -inkey sm2private_key.pem -sigfile ftrsm2.sig -rawin -digest sm3
Signature Verified Successfully
产生的文件提交至Git
fengtairui@fengtairui-virtual-machine:~$ git add sm2private_key.pem sm2private_key.der sm2publickey.pem ftrsm2enc.bin ftrsm2dec.txt ftrsm2.sig
fengtairui@fengtairui-virtual-machine:~$ git commit -m "SM2"
[master ddf5db5] SM2
 6 files changed, 14 insertions(+)
 create mode 100644 ftrsm2.sig
 create mode 100644 ftrsm2dec.txt
 create mode 100644 ftrsm2enc.bin
 create mode 100644 sm2private_key.der
 create mode 100644 sm2private_key.pem
 create mode 100644 sm2publickey.pem
fengtairui@fengtairui-virtual-machine:~$ git log
commit ddf5db57688dedf064e2150d9614e853d49b02a0 (HEAD -> master)
Author: fengtairui <1978274655@qq.com>
Date:   Sun Oct 13 15:09:19 2024 +0800

    SM2

其他命令

fengtairui@fengtairui-virtual-machine:~$ openssl list -commands
asn1parse         ca                ciphers           cmp               
cms               crl               crl2pkcs7         dgst              
dhparam           dsa               dsaparam          ec                
ecparam           enc               engine            errstr            
fipsinstall       gendsa            genpkey           genrsa            
help              info              kdf               list              
mac               nseq              ocsp              passwd            
pkcs12            pkcs7             pkcs8             pkey              
pkeyparam         pkeyutl           prime             rand              
rehash            req               rsa               rsautl            
s_client          s_server          s_time            sess_id           
smime             speed             spkac             srp               
storeutl          ts                verify            version           
x509              

GmSSL

gmssl help

fengtairui@fengtairui-virtual-machine:~$ gmssl help
usage: gmssl command [options]
command -help

Commands:
  help              Print this help message
  version           Print version
  rand              Generate random bytes
  sm2keygen         Generate SM2 keypair
  sm2sign           Generate SM2 signature
  sm2verify         Verify SM2 signature
  sm2encrypt        Encrypt with SM2 public key
  sm2decrypt        Decrypt with SM2 private key
  sm3               Generate SM3 hash
  sm3hmac           Generate SM3 HMAC tag
  sm3_pbkdf2        Hash password into key using PBKDF2 algoritm
  sm3xmss_keygen    Generate SM3-XMSS keypair
  sm4_ecb           Encrypt or decrypt with SM4 ECB
  sm4_cbc           Encrypt or decrypt with SM4 CBC
  sm4_ctr           Encrypt or decrypt with SM4 CTR
  sm4_cfb           Encrypt or decrypt with SM4 CFB
  sm4_ofb           Encrypt or decrypt with SM4 OFB
  sm4_ccm           Encrypt or decrypt with SM4 CCM
  sm4_gcm           Encrypt or decrypt with SM4 GCM
  sm4_xts           Encrypt or decrypt with SM4 XTS
  sm4_cbc_sm3_hmac  Encrypt or decrypt with SM4 CBC with SM3-HMAC
  sm4_ctr_sm3_hmac  Encrypt or decrypt with SM4 CTR with SM3-HMAC
  sm4_cbc_mac       Generate SM4 CBC-MAC
  ghash             Generate GHASH
  zuc               Encrypt or decrypt with ZUC
  sm9setup          Generate SM9 master secret
  sm9keygen         Generate SM9 private key
  sm9sign           Generate SM9 signature
  sm9verify         Verify SM9 signature
  sm9encrypt        SM9 public key encryption
  sm9decrypt        SM9 decryption
  reqgen            Generate certificate signing request (CSR)
  reqsign           Generate certificate from CSR
  reqparse          Parse and print a CSR
  crlget            Download the CRL of given certificate
  crlgen            Sign a CRL with CA certificate and private key
  crlverify         Verify a CRL with issuer's certificate
  crlparse          Parse and print CRL
  certgen           Generate a self-signed certificate
  certparse         Parse and print certificates
  certverify        Verify certificate chain
  certrevoke        Revoke certificate and output RevokedCertificate record
  cmsparse          Parse CMS (cryptographic message syntax) file
  cmsencrypt        Generate CMS EnvelopedData
  cmsdecrypt        Decrypt CMS EnvelopedData
  cmssign           Generate CMS SignedData
  cmsverify         Verify CMS SignedData
  sdfinfo           Print SDF device info
  sdfdigest         Generate SM3 hash with SDF device
  sdfexport         Export SM2 signing public key from SDF device
  sdfsign           Generate SM2 signature with SDF internal private key
  sdfencrypt        SM2/SM4-CBC hybrid encryption with SDF device
  sdfdecrypt        SM2/SM4-CBC hybrid decryption with SDF device
  sdftest           Test vendor's SDF library and device
  tlcp_client       TLCP client
  tlcp_server       TLCP server
  tls12_client      TLS 1.2 client
  tls12_server      TLS 1.2 server
  tls13_client      TLS 1.3 client
  tls13_server      TLS 1.3 server

run `gmssl <command> -help` to print help of the given command

gmssl version

fengtairui@fengtairui-virtual-machine:~$ gmssl version
GmSSL 3.1.2 Dev

SM3

sm3 -help

fengtairui@fengtairui-virtual-machine:~$ gmssl sm3 -help
usage: sm3 [-hex|-bin] [-pubkey pem [-id str]] [-in file|-in_str str] [-out file]
Options

    -hex                   Output hash value as hex string (by default)
    -bin                   Output hash value as binary
    -pubkey pem            Signer's SM2 public key
                           When `-pubkey` is specified, hash with SM2 Z value
    -id str                SM2 Signer's ID string
    -id_hex hex            SM2 Signer's ID in hex format
                           `-id` and `-id_hex` should be used with `-pubkey`
                           `-id` and `-id_hex` should not be used together
                           If `-pubkey` is specified without `-id` or `id_hex`,
                           the default ID string '1234567812345678' is used
    -in_str str            To be hashed string
    -in file | stdin       To be hashed file path
                           `-in_str` and `-in` should not be used together
                           If neither `-in` nor `-in_str` specified, read from stdin
    -out file | stdout     Output file path. If not specified, output to stdout

Examples

    gmssl sm3 -in_str abc

    gmssl sm3 -in_str abc -bin

    gmssl sm3 -in /path/to/file

    gmssl sm3 -pubkey sm2pubkey.pem -id alice -in /path/to/file -bin

  When reading from stdin, make sure the trailing newline character is removed

  Linux/Mac:
    echo -n abc | gmssl sm3

  Windows:
    C:\> echo |set/p="abc" | gmssl sm3

SM3

字符串
fengtairui@fengtairui-virtual-machine:~$ echo -n "ftr" | gmssl sm3
40bedc1b46278fd798932e3f8679cd0bf11807f16daf6cc973f7e4730e1dc4a3
fengtairui@fengtairui-virtual-machine:~$ echo -n "ftr" | gmssl sm3 -hex
40bedc1b46278fd798932e3f8679cd0bf11807f16daf6cc973f7e4730e1dc4a3
fengtairui@fengtairui-virtual-machine:~$ echo -n "ftr" | gmssl sm3 -bin
@��'�ט�.?�y�
            ��m�l�s��sģ
fengtairui@fengtairui-virtual-machine:~$  echo -n "ftr" | gmssl sm3 -bin | od -tx1
0000000 40 be dc 1b 46 27 8f d7 98 93 2e 3f 86 79 cd 0b
0000020 f1 18 07 f1 6d af 6c c9 73 f7 e4 73 0e 1d c4 a3
0000040
文件
fengtairui@fengtairui-virtual-machine:~$ echo -n "ftr" > ftr.txt
fengtairui@fengtairui-virtual-machine:~$ od -tx1 -tc ftr.txt
0000000  66  74  72
          f   t   r
0000003
fengtairui@fengtairui-virtual-machine:~$ gmssl sm3 -in ftr.txt -out ftr.sm3
fengtairui@fengtairui-virtual-machine:~$ cat ftr.sm3
40bedc1b46278fd798932e3f8679cd0bf11807f16daf6cc973f7e4730e1dc4a3
SM2
fengtairui@fengtairui-virtual-machine:~$ gmssl sm2keygen -pass 1234 -out sm2.pem -pubout sm2pub.pem
fengtairui@fengtairui-virtual-machine:~$ ls
123.bin  桌面            ftr.enc        hello.s         sm2.pem
123.txt  a.out           ftrsm2dec.txt  libble_project  sm2private_key.der
1.txt    bestidiocs      ftrsm2enc.bin  ljpsm2enc.bin   sm2private_key.pem
公共的   bestidiocs2024  ftrsm2.sig     main.c          sm2publickey.pem
模板     bitstring.der   ftr.sm3        new_project     sm2pub.pem
视频     bitstring.pem   ftr.txt        r1.bin          snap
图片     build           hello          r2.bin          test.bin
文档     ce_project      hello.c        rc4_example     test.txt
下载     ftr2.txt        hello.i        rc4_example.c
音乐     ftr.b64         hello.o        sm2_key.pem
fengtairui@fengtairui-virtual-machine:~$ echo -n "ftr" | gmssl sm3 -pubkey sm2pub.pem -id 1234567812345678
d7a4040cfa3e860912079c8b667e4182d8d8966fa194f12d899409c3135b067a
产生的文件提交至Git
fengtairui@fengtairui-virtual-machine:~$ git add sm2pub.pem sm2.pem ftr.sm3 ftr.txt  
fengtairui@fengtairui-virtual-machine:~$ git commit -m "sm3"
[master b0ba729] sm3
 4 files changed, 14 insertions(+), 1 deletion(-)
 create mode 100644 ftr.sm3
 create mode 100644 sm2.pem
 create mode 100644 sm2pub.pem
fengtairui@fengtairui-virtual-machine:~$ git log
commit b0ba7298ed4cba31a4986673c0c7643ee88c57ae (HEAD -> master)
Author: fengtairui <1978274655@qq.com>
Date:   Sun Oct 13 15:37:58 2024 +0800

    sm3

SM3HMAC

sm3hmac -help
fengtairui@fengtairui-virtual-machine:~$ gmssl sm3hmac -help
usage: sm3hmac -key hex [-in file | -in_str str] [-bin|-hex] [-out file]
Options

    -key hex               Hex string of the MAC key
    -in_str str            Input as text string
    -in file | stdin       Input file path
                           `-in_str` and `-in` should not be used together
                           If neither `-in` nor `-in_str` specified, read from stdin
    -hex                   Output MAC-tag as hex string (by default)
    -bin                   Output MAC-tag as binary
                           `-hex` and `-bin` should not be used together
    -out file | stdout     Output file path. If not specified, output to stdout

Examples

    KEY_HEX=`gmssl rand -outlen 16 -hex`
    gmssl sm3hmac -key $KEY_HEX -in_str abc

    gmssl sm3hmac -key $KEY_HEX -in_str abc -bin

    gmssl sm3hmac -key $KEY_HEX -in /path/to/file

  When reading from stdin, make sure the trailing newline character is removed

  Linux/Mac:
    echo -n abc | gmssl sm3hmac -key $KEY_HEX

  Windows:
    C:\> echo |set/p="abc" | gmssl sm3hmac -key 11223344556677881122334455667788
rand key
fengtairui@fengtairui-virtual-machine:~$ gmssl rand -help
usage: rand [-hex] [-rdrand|-rdseed] -outlen num [-out file]
fengtairui@fengtairui-virtual-machine:~$ gmssl rand -hex -outlen 16
690A211ECEBA599B8629D014DE1586D3
fengtairui@fengtairui-virtual-machine:~$ echo -n "ftr" | gmssl sm3hmac -key 690A211ECEBA599B8629D014DE1586D3
8289b98e4fa6466a84b72023ccdc77b9da7134bc94648140f9891a460b56ee25

SM4

sm4 -help

fengtairui@fengtairui-virtual-machine:~$ gmssl sm4_cbc -help
usage: gmssl sm4_cbc {-encrypt|-decrypt} -key hex -iv hex [-in file] [-out file]

Options

    -encrypt            Encrypt
    -decrypt            Decrypt
    -key hex            Symmetric key in HEX format
    -iv hex             IV in HEX format
    -in file | stdin    Input data
    -out file | stdout  Output data

Examples

  $ TEXT=`gmssl rand -outlen 20 -hex`
  $ KEY=`gmssl rand -outlen 16 -hex`
  $ IV=`gmssl rand -outlen 16 -hex`
  $ echo -n $TEXT | gmssl sm4_cbc -encrypt -key $KEY -iv $IV -out sm4_cbc_ciphertext.bin
  $ gmssl sm4_cbc -decrypt -key $KEY -iv $IV -in sm4_cbc_ciphertext.bin

SM4

fengtairui@fengtairui-virtual-machine:~$ gmssl rand -help
usage: rand [-hex] [-rdrand|-rdseed] -outlen num [-out file]
fengtairui@fengtairui-virtual-machine:~$ gmssl rand -outlen 16 -out key.bin
fengtairui@fengtairui-virtual-machine:~$ gmssl rand -outlen 16 -out iv.bin
fengtairui@fengtairui-virtual-machine:~$ ls
123.bin  桌面            ftr.enc        hello.s         rc4_example.c
123.txt  a.out           ftrsm2dec.txt  iv.bin          sm2_key.pem
1.txt    bestidiocs      ftrsm2enc.bin  key.bin         sm2.pem
公共的   bestidiocs2024  ftrsm2.sig     libble_project  sm2private_key.der
模板     bitstring.der   ftr.sm3        ljpsm2enc.bin   sm2private_key.pem
视频     bitstring.pem   ftr.txt        main.c          sm2publickey.pem
图片     build           hello          new_project     sm2pub.pem
文档     ce_project      hello.c        r1.bin          snap
下载     ftr2.txt        hello.i        r2.bin          test.bin
音乐     ftr.b64         hello.o        rc4_example     test.txt
fengtairui@fengtairui-virtual-machine:~$ od -tx1 key.bin
0000000 6a ed bb 76 4f 1c e1 69 c9 74 55 90 38 a8 5f 5d
0000020
fengtairui@fengtairui-virtual-machine:~$ od -tx1 iv.bin
0000000 ef a1 32 68 a1 b6 86 aa 3d 71 74 d4 89 90 06 8c
0000020
fengtairui@fengtairui-virtual-machine:~$ echo -n "ftr" | gmssl sm4_cbc -encrypt -key $(xxd -p -c 32 key.bin) -iv $(xxd -p -c 32 iv.bin) -out ftrsm4.cbc
fengtairui@fengtairui-virtual-machine:~$ gmssl sm4_cbc -decrypt -key $(xxd -p -c 32 key.bin) -iv $(xxd -p -c 32 iv.bin) -in ftrsm4.cbc
ftr
fengtairui@fengtairui-virtual-machine:~$ KEY=$(xxd -p -c 32 key.bin)
fengtairui@fengtairui-virtual-machine:~$ echo $KEY
6aedbb764f1ce169c974559038a85f5d
fengtairui@fengtairui-virtual-machine:~$ IV=$(xxd -p -c 32 iv.bin)
fengtairui@fengtairui-virtual-machine:~$ echo $IV
efa13268a1b686aa3d7174d48990068c
fengtairui@fengtairui-virtual-machine:~$ echo -n "ftr" | gmssl sm4_cbc -encrypt -key $KEY -iv $IV -out ftrsm4.cbc2
fengtairui@fengtairui-virtual-machine:~$ gmssl sm4_cbc -decrypt -key $KEY -iv $IV -in ftrsm4.cbc2
ftr
fengtairui@fengtairui-virtual-machine:~$ diff ftrsm4.cbc ftrsm4.cbc2
fengtairui@fengtairui-virtual-machine:~$ gmssl sm4_cbc -encrypt -key $(xxd -p -c 32 key.bin) -iv $(xxd -p -c 32 iv.bin) -in ftr.txt -out ftrsm4.cbc3
fengtairui@fengtairui-virtual-machine:~$ gmssl sm4_cbc -decrypt -key $(xxd -p -c 32 key.bin) -iv $(xxd -p -c 32 iv.bin) -in ftrsm4.cbc3
ftrfengtairui@fengtairui-virtual-machine:~$ diff ftrsm4.cbc ftrsm4.cbc3

产生的文件提交至Git

fengtairui@fengtairui-virtual-machine:~$ git add ftrsm4.cbc ftrsm4.cbc3 ftrsm4.cbc2 iv.bin key.bin 
fengtairui@fengtairui-virtual-machine:~$ git commit -m "SM4"
[master d19171d] SM4
 5 files changed, 5 insertions(+)
 create mode 100644 ftrsm4.cbc
 create mode 100644 ftrsm4.cbc2
 create mode 100644 ftrsm4.cbc3
 create mode 100644 iv.bin
 create mode 100644 key.bin
fengtairui@fengtairui-virtual-machine:~$ git log
commit d19171d67d5f269be97298eaeadcfffafe782f09 (HEAD -> master)
Author: fengtairui <1978274655@qq.com>
Date:   Sun Oct 13 16:06:53 2024 +0800

    SM4

SM2

sm2 -help

fengtairui@fengtairui-virtual-machine:~$ gmssl sm2keygen -help
usage: gmssl sm2keygen -pass str [-out pem] [-pubout pem]

Options

    -pass pass                  Password to encrypt the private key
    -out pem                    Output password-encrypted PKCS #8 private key in PEM format
    -pubout pem                 Output public key in PEM format

Examples

    $ gmssl sm2keygen -pass P@ssw0rd -out sm2.pem
    $ gmssl sm2keygen -pass P@ssw0rd -out sm2.pem -pubout sm2pub.pem

SM2

fengtairui@fengtairui-virtual-machine:~$ gmssl sm2keygen -pass 1234 -out sm2.pem -pubout sm2pub.pem
fengtairui@fengtairui-virtual-machine:~$ cat sm2.pem
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIBBjBhBgkqhkiG9w0BBQ0wVDA0BgkqhkiG9w0BBQwwJwQQoMAlljJ6Fpvn49pS
9lUEQwIDAQAAAgEQMAsGCSqBHM9VAYMRAjAcBggqgRzPVQFoAgQQak2YPv4HDNfq
BwiToF3CiwSBoG1YQCtI7c/fIJawN9XPPdH7L3rWcHcwWJVY4Mm8G0gMQD624Hpa
lQCCIYtZsDrP016A93JUbEf6Bjai8q8JoXJatqzWDzCBBELvWMQ5F1M+K15hEhoK
26FhRoe4+o06sZ200T3SHb74knndsUzFpNVcPhe73liBVQQ69TY61M/OM+JVygTx
9g9tyHRZYAiSlLRivqv3xfNMc6WWientfnw=
-----END ENCRYPTED PRIVATE KEY-----
fengtairui@fengtairui-virtual-machine:~$ cat sm2pub.pem
-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEwvsmpli3nxn9WRySUD0OabkJjj/X
ApddpRzgO0gtx0EdJa/ppDatOdW+TU+Me2wSKEe/FYijDMbSiJR0TkjPdg==
-----END PUBLIC KEY-----
fengtairui@fengtairui-virtual-machine:~$ echo ftr | gmssl sm2sign -key sm2.pem -pass 1234 -out sm2.sig #-id 1234567812345678
fengtairui@fengtairui-virtual-machine:~$ od -tx1 sm2.sig
0000000 30 45 02 21 00 a3 e9 d8 37 35 40 9c 0b 3e 08 2a
0000020 0b 45 c0 4f 08 81 18 a6 60 a3 84 b7 a9 7b 81 29
0000040 8c e8 67 e2 10 02 20 2f ac d8 d5 38 8b 7e c7 44
0000060 3b 57 6d 82 4c 0a e0 2b e5 5d 66 cb 88 00 ab 96
0000100 22 8e d3 bf c7 9d 0d
0000107
fengtairui@fengtairui-virtual-machine:~$ echo ftr | gmssl sm2verify -pubkey sm2pub.pem -sig sm2.sig -id 1234567812345678
verify : success
fengtairui@fengtairui-virtual-machine:~$ echo ftr | gmssl sm2encrypt -pubkey sm2pub.pem -out sm2.der
fengtairui@fengtairui-virtual-machine:~$ od -tx1 sm2.der
0000000 30 6c 02 20 03 46 1f 2e 32 6f 86 a2 fa b7 5b e8
0000020 cf 2d a1 b3 31 8a be e2 a6 bc 6d 5f 46 62 9e fa
0000040 5a c9 08 7e 02 20 7f 2b 70 9f aa b8 2c e9 f7 ba
0000060 e3 e3 86 23 f8 1e 3d 38 6f 64 6c 8e 25 32 a1 79
0000100 93 c2 66 ba 73 38 04 20 27 14 88 b8 48 19 90 35
0000120 a9 e2 52 63 be a3 37 2c a2 97 bb f4 8b 80 ab 05
0000140 6e a1 06 82 cd 57 91 06 04 04 8d 58 90 bc
0000156
fengtairui@fengtairui-virtual-machine:~$ gmssl sm2decrypt -key sm2.pem -pass 1234 -in sm2.der
ftr

产生的文件提交至Git

fengtairui@fengtairui-virtual-machine:~$ git add sm2.pem sm2.der sm2pub.pem sm2.der sm2.sig sm2.pem 
fengtairui@fengtairui-virtual-machine:~$ git commit -m "SM2"
[master 8567abd] SM2
 4 files changed, 11 insertions(+), 10 deletions(-)
 create mode 100644 sm2.der
 rewrite sm2.pem (81%)
 create mode 100644 sm2.sig
fengtairui@fengtairui-virtual-machine:~$ git log
commit 8567abd3d89a0e7fff27e9117201ceff35d7937e (HEAD -> master)
Author: fengtairui <1978274655@qq.com>
Date:   Sun Oct 13 16:16:26 2024 +0800

    SM2

使用OpenSSL命令实现带签名的数字信封协议

生成公私钥对

生成公私钥对

20221320fengtairui和20221328msm需要生成自己的公私钥对。这里我们使用SM2算法,这是一种椭圆曲线加密算法。

fengtairui@fengtairui-virtual-machine:~$ openssl ecparam -name sm2 -genkey -out 20221320fengtairui_sk.pem
fengtairui@fengtairui-virtual-machine:~$ openssl ec -in 20221320fengtairui_sk.pem -pubout -out 20221320fengtairui_pk.pem
read EC key
writing EC key

产生的文件提交至Git并上传至Gitee

fengtairui@fengtairui-virtual-machine:~$ git add 20221320fengtairui_pk.pem 20221320fengtairui_sk.pem
fengtairui@fengtairui-virtual-machine:~$ git commit -m "Generate public and private key pairs for 20221320fengtairui"
[master d80c29f] Generate public and private key pairs for Alice
 2 files changed, 12 insertions(+)
 create mode 100644 20221320fengtairui_pk.pem
 create mode 100644 20221320fengtairui_sk.pem
fengtairui@fengtairui-virtual-machine:~$ git push -u origin master
Username for 'https://gitee.com': 13696447027
Password for 'https://13696447027@gitee.com': 
枚举对象中: 5, 完成.
对象计数中: 100% (5/5), 完成.
使用 8 个线程进行压缩
压缩对象中: 100% (4/4), 完成.
写入对象中: 100% (4/4), 734 字节 | 734.00 KiB/s, 完成.
总共 4(差异 1),复用 0(差异 0),包复用 0
remote: Powered by GITEE.COM [1.1.5]
remote: Set trace flag 554d5e8c
To https://gitee.com/feng-tairui/information-security-design.git
   04700d0..d80c29f  master -> master
Branch 'master' set up to track remote branch 'master' from 'origin'.
fengtairui@fengtairui-virtual-machine:~$ git log
commit d80c29f9b44f27423090add8d679016d4d594883 (HEAD -> master, origin/master)
Author: fengtairui <1978274655@qq.com>
Date:   Sun Oct 13 19:21:50 2024 +0800

    Generate public and private key pairs for 20221320fengtairui

生成随机密钥

生成随机密钥

20221320fengtairui使用openssl rand命令生成16字节的随机密钥k

fengtairui@fengtairui-virtual-machine:~$ openssl rand 16 > 20221320fengtairui.bin
fengtairui@fengtairui-virtual-machine:~$  cat 20221320fengtairui.bin | xxd -p
5ce3001c6efec2daf19cb709477bf7bc

产生的文件提交至Git

fengtairui@fengtairui-virtual-machine:~$ git add 20221320fengtairui.bin
fengtairui@fengtairui-virtual-machine:~$ git commit -m "20221320fengtairui random"
[master 7abf167] 20221320fengtairui random
 1 file changed, 0 insertions(+), 0 deletions(-)
 create mode 100644 20221320fengtairui.bin
fengtairui@fengtairui-virtual-machine:~$ git log
commit 7abf167e393b3e428d43259ee99040ef81d0f210 (HEAD -> master)
Author: fengtairui <1978274655@qq.com>
Date:   Sun Oct 13 19:34:58 2024 +0800

    20221320fengtairui random

加密明文

加密明文

fengtairui@fengtairui-virtual-machine:~$ openssl sm4-cbc -K "5ce3001c6efec2daf19cb709477bf7bc" -iv "da80e405a4998c351b0717093cbe86ab" -in plain.txt -out plain.enc

产生的文件提交至Git

fengtairui@fengtairui-virtual-machine:~$ git add plain.enc
fengtairui@fengtairui-virtual-machine:~$ git commit -m "Encrypted plaintext"
[master 0c951d0] Encrypted plaintext
 1 file changed, 1 insertion(+)
 create mode 100644 plain.enc
fengtairui@fengtairui-virtual-machine:~$ git log
commit 0c951d02e996d17ad512ef4d76cbba51c155df37 (HEAD -> master)
Author: fengtairui <1978274655@qq.com>
Date:   Sun Oct 13 19:44:28 2024 +0800

    Encrypted plaintext

加密随机密钥

加密随机密钥

fengtairui@fengtairui-virtual-machine:~$ openssl pkeyutl -encrypt -pubin -inkey 20221328msmpublic_key.pem -in 20221320fengtairui.bin -out 20221320fengtairui_enc.bin

产生的文件提交至Git

fengtairui@fengtairui-virtual-machine:~$ git add 20221320fengtairui_enc.bin
fengtairui@fengtairui-virtual-machine:~$ git commit -m "Cryptographic random key"
[master 2abb203] Cryptographic random key
 1 file changed, 0 insertions(+), 0 deletions(-)
 create mode 100644 20221320fengtairui_enc.bin
fengtairui@fengtairui-virtual-machine:~$ git log
commit 2abb20371dea1191fb8c76ab437d992707294b9a (HEAD -> master)
Author: fengtairui <1978274655@qq.com>
Date:   Sun Oct 13 19:55:34 2024 +0800

    Cryptographic random key

签名加密后的随机密钥

签名加密后的随机密钥

fengtairui@fengtairui-virtual-machine:~$ openssl pkeyutl -encrypt -inkey 20221320fengtairui_sk.pem -in plain.enc -out plain_enc.bin

产生的文件提交至Git

fengtairui@fengtairui-virtual-machine:~$ git add plain_enc.bin
fengtairui@fengtairui-virtual-machine:~$ git commit -m "Signed and encrypted random key"
[master 4bcad44] Signed and encrypted random key
 1 file changed, 0 insertions(+), 0 deletions(-)
 create mode 100644 plain_enc.bin
fengtairui@fengtairui-virtual-machine:~$ git log
commit 4bcad4454580f648baf9564a7c96695120fccf39 (HEAD -> master)
Author: fengtairui <1978274655@qq.com>
Date:   Sun Oct 13 20:06:21 2024 +0800

    Signed and encrypted random key

发送数字信封

发送数字信封

20221320fengtairui将加密后的明文、加密后的随机密钥和签名组合在一起,发送给2022138msm

fengtairui@fengtairui-virtual-machine:~$ cat plain.enc 20221320fengtairui_enc.bin plain_enc.bin > 20221320fengtaitui_envelope.bin

产生的文件提交至Git并上传至Gitee

fengtairui@fengtairui-virtual-machine:~$ git add 20221320fengtaitui_envelope.binfengtairui@fengtairui-virtual-machine:~$ git commit -m "20221320fengtairui Digital envelope" 
[master bf33ce0] 20221320fengtairui Digital envelope
 1 file changed, 0 insertions(+), 0 deletions(-)
 create mode 100644 20221320fengtaitui_envelope.bin
fengtairui@fengtairui-virtual-machine:~$ git log
commit bf33ce0ff7aa476099bc7e348a8519722f0975c7 (HEAD -> master)
Author: fengtairui <1978274655@qq.com>
Date:   Sun Oct 13 20:13:46 2024 +0800

    20221320fengtairui Digital envelope
fengtairui@fengtairui-virtual-machine:~$ git push -u origin master
Username for 'https://gitee.com': 13696447027
Password for 'https://13696447027@gitee.com': 
枚举对象中: 16, 完成.
对象计数中: 100% (16/16), 完成.
使用 8 个线程进行压缩
压缩对象中: 100% (13/13), 完成.
写入对象中: 100% (15/15), 1.53 KiB | 782.00 KiB/s, 完成.
总共 15(差异 7),复用 0(差异 0),包复用 0
remote: Powered by GITEE.COM [1.1.5]
remote: Set trace flag 244851b5
To https://gitee.com/feng-tairui/information-security-design.git
   d80c29f..bf33ce0  master -> master
Branch 'master' set up to track remote branch 'master' from 'origin'.

验证签名

20221328msm验证签名

liudaotongming@LAPTOP-J23VPJPH:~/information-security-design$ openssl sm3 -verify 20221320fengtairui_pk.pem -sig
nature plain_enc.sig plain.enc
Verified OK

解密随机密钥

liudaotongming@LAPTOP-J23VPJPH:~/information-security-design$ openssl pkeyutl -decrypt -inkey 20221328马申明private_key.pem -in 20221320fengtairui_enc.bin -out rand.txt
liudaotongming@LAPTOP-J23VPJPH:~/information-security-design$ cat rand.txt
5ce3001c6efec2daf19cb709477bf7bc

解密明文

liudaotongming@LAPTOP-J23VPJPH:~/information-security-design$ openssl sm4-cbc -d -K "5ce3001c6efec2daf19cb709477bf7bc" -iv "da80e405a4998c351b0717093cbe86ab" -in plain.enc -out plain.txt
liudaotongming@LAPTOP-J23VPJPH:~/information-security-design$ cat plain.txt
20221320fengtairui

使用GMSSL命令实现带签名的数字信封协议

生成公私钥对

生成公私钥对

20221320fengtairui和20221328msm需要生成自己的公私钥对。这里我们使用SM2算法,这是一种椭圆曲线加密算法。

engtairui@fengtairui-virtual-machine:~$ gmssl sm2keygen -pass 1234 -out 20221320fengtairui_sk.pem -pubout 20221320fengtairui_pub.pem
fengtairui@fengtairui-virtual-machine:~$ cat 20221320fengtairui_sk.pem
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIBBjBhBgkqhkiG9w0BBQ0wVDA0BgkqhkiG9w0BBQwwJwQQPs3JOiZd/BhxcLRG
JQXy5wIDAQAAAgEQMAsGCSqBHM9VAYMRAjAcBggqgRzPVQFoAgQQ6QQpAdcSl43D
2tDp8K5llwSBoBPmG6HbCgM8LuLFFB/VRrw94OPIlJ/4IeP8FFb34O101TALu9L/
mv9rE63gvUX3Ni6lL/MYTbr0wWYrNcR3gnJoK2huRbWOoydf5noD3T3DSD5I4J7M
IT323QoO5kefMVkQ6QiWNEZ42IFHh7MlNVOQ7z6uqnZCUuqC7zyS6EN8N2KhX8QV
MQ1MPLGPGKkC5UiGBLEp9KaOmIF55PIOPRs=
-----END ENCRYPTED PRIVATE KEY-----
fengtairui@fengtairui-virtual-machine:~$ cat 20221320fengtairui_pub.pem
-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEPzTwEaRt3/axN5PgOufdnOAxSgIo
X9QYDFTChWT4uNWrllX5xoTVEfoQo1HP1OmsT5KYqCYn/puBiklk7rt2gw==
-----END PUBLIC KEY-----

产生的文件提交至Git并上传至Gitee

fengtairui@fengtairui-virtual-machine:~$ git add 20221320fengtairui_sk.pem 20221320fengtairui_pub.pem 
fengtairui@fengtairui-virtual-machine:~$ git commit -m "Generate a public and private key pair for 20221320fengtairui"
[master cb27ca6] Generate a public and private key pair for 20221320fengtairui
 2 files changed, 12 insertions(+), 8 deletions(-)
 create mode 100644 20221320fengtairui_pub.pem
 rewrite 20221320fengtairui_sk.pem (99%)
fengtairui@fengtairui-virtual-machine:~$ git push -u origin master
Username for 'https://gitee.com': 13696447027
Password for 'https://13696447027@gitee.com': 
枚举对象中: 6, 完成.
对象计数中: 100% (6/6), 完成.
使用 8 个线程进行压缩
压缩对象中: 100% (4/4), 完成.
写入对象中: 100% (4/4), 830 字节 | 830.00 KiB/s, 完成.
总共 4(差异 1),复用 0(差异 0),包复用 0
remote: Powered by GITEE.COM [1.1.5]
remote: Set trace flag e945f1b3
To https://gitee.com/feng-tairui/information-security-design.git
   5f93510..cb27ca6  master -> master
Branch 'master' set up to track remote branch 'master' from 'origin'.

加密明文

liudaotongming@LAPTOP-J23VPJPH:~$ gmssl sm4_cbc -encrypt -key $(xxd -p -c 32 20221328msmkey.bin) -iv $(xxd -p -c
 32 20221328msmiv.bin) -in 20221328msmplain.txt -out 20221328msmsm4.cbc3

加密随机密钥

liudaotongming@LAPTOP-J23VPJPH:~$ gmssl sm2encrypt -pubkey 20221320fengtairui_pub.pem -in 20221328msmkey.bin -out 20221328msmkey.der

liudaotongming@LAPTOP-J23VPJPH:~$ gmssl sm2encrypt -pubkey 20221320fengtairui_pub.pem -in 20221328msmiv.bin -out
 20221328msmiv.der

签名加密后的随机密钥

liudaotongming@LAPTOP-J23VPJPH:~$ gmssl sm2sign -key sm2.pem -pass 1234 -in 20221328msmsm4.cbc3 -out 20221328msm
S1.bin

验证签名

fengtairui@fengtairui-virtual-machine:~/20221328msm$ gmssl sm2verify -pubkey 20221328msmsm2pub.pem -in 20221328msmsm4.cbc3 -sig 20221328msmS1.bin 
verify : success

解密随机密钥

fengtairui@fengtairui-virtual-machine:~$ gmssl sm2decrypt -key 20221320fengtairui_sk.pem -pass 1234 -in 20221328msmkey.der -out 20221320fengtairui.bin
fengtairui@fengtairui-virtual-machine:~$ gmssl sm2decrypt -key 20221320fengtairui_sk.pem -pass 1234 -in 20221328msmiv.der -out 20221320fengtairui2.bin

解密明文

fengtairui@fengtairui-virtual-machine:~$ gmssl sm4_cbc -decrypt -key $(xxd -p -c 32 20221320fengtairui.bin) -iv $(xxd -p -c 32 20221320fengtairui2.bin) -in 20221328msmsm4.cbc3
20221328马申明
posted @   20221320冯泰瑞  阅读(24)  评论(0编辑  收藏  举报
点击右上角即可分享
微信分享提示