/GmSSL

支持国密SM2/SM3/SM4算法的OpenSSL分支

Primary LanguageCOtherNOASSERTION

About GmSSL

Build Status

GmSSL is an open source cryptographic toolbox that supports SM2 / SM3 / SM4 / SM9 and other national secret (national commercial password) algorithm, SM2 digital certificate and SM2 certificate based on SSL / TLS secure communication protocol to support the national security hardware password device , To provide in line with the national standard programming interface and command line tools, can be used to build PKI / CA, secure communication, data encryption and other standards in line with national security applications. The GmSSL project is a branch of the OpenSSLproject and is compatible with OpenSSL. So GmSSL can replace the application of OpenSSL components, and make the application automatically with national security capabilities. The GmSSL project utilizes a business-friendly BSD open source license, open source and can be used for closed source commercial applications. GmSSL project by the Peking University Guan Zhideputy researcher of the cryptography research group development and maintenance, the project source code hosted in [GitHub](https://github.com /guanzhi/GmSSL). Since its release in 2014, GmSSL has been deployed and applied in multiple projects and products, and has won the second prize of the "One Cup" China Linux Software Contest in 2015 (the highest award) and Open Source China password class recommended items. The core goal of the GmSSL project is to promote the construction of cyberspace security through open source cryptography.

Latest News

  • February 15, 2017 rename master to gmssl-v1,current master branch migrate to OpenSSL-1.1.0。
  • February 12, 2017 Java wrapper support for full crypto library GmSSL-Java-Wrapper
  • January 18, 2017 Updated the project home page
  • More ...

SM Crypto Algorithm

The secret algorithm is the abbreviation of the national commercial cryptographic algorithm. Since 2012, the National Password Authority to the "People's Republic of China password industry standard" approach, have announced the SM2 / SM3 / SM4 and other cryptographic algorithm standards and application specifications. Which "SM" on behalf of "business secret", that is used for commercial, not involving state secrets of the password technology. SM2 is a public key cryptography algorithm based on elliptic curve cryptography, including digital signature, key exchange and public key encryption. It is used to replace international algorithms such as RSA / Diffie-Hellman / ECDSA / ECDH. SM3 is password hash algorithm, SM4 is a block cipher used to replace DES / AES and other international algorithms. SM9 is an identity-based cryptographic algorithm that can replace PKI / CA based on digital certificate. By deploying the secret algorithm, you can reduce the security risks caused by weak passwords and bug implementations and the overhead of deploying PKI / CA.

Quick Start

Quick Start Guide describes the basic instructions for compiling, installing, and gmssl command line tools for GmSSL.

  1. Download the source code (zip),unzip it to current directory.

    $ tar xzvf gmssl-<version>.tar.gz
  2. Compile and install

  Linux (Other platform see Compile and instal)

$ ./config
$ make
$ sudo make install

After installation, you can execute the gmssl command line tool to check for success

$ gmssl version
GmSSL 1.3.0 - OpenSSL 1.0.2d
  1. SM4 encrypt file

    $ gmssl sms4 -e -in <yourfile> -out <yourfile>.sms4
    enter sms4-cbc encryption password: <your-password>
    Verifying - enter sms4-cbc encryption password: <your-password>

    decrypt

    $ gmssl sms4 -d -in <yourfile>.sms4
    enter sms4-cbc decryption password: <your-password>
  2. Generate SM3 digest

    $ gmssl sm3 <yourfile>
    SM3(yourfile)= 66c7f0f462eeedd9d1f2d46bdc10e4e24167c4875cf2f7a2297da02b8f4ba8e0
    
  3. Generate SM2 key and sign

    $ gmssl genpkey -algorithm EC -pkeyopt ec_paramgen_curve:sm2p256v1 \
                    -pkeyopt ec_param_enc:named_curve  -out signkey.pem
    $ gmssl pkeyutl -sign -pkeyopt ec_sign_algor:sm2 -inkey signkey.pem \
                    -in <yourfile> -out <yourfile>.sig

    You can export the public key from signkey.pem to the party that issued the signature

    $ gmssl pkey -pubout -in signkey.pem -out vrfykey.pem
    $ gmssl pkeyutl -verify -pkeyopt ec_sign_algor:sm2 -pubin -inkey vrfykey.pem \
                    -in <yourfile> -sigfile <yourfile>.sig
  4. Generate self-signed certificate

    $ gmssl genpkey -algorithm EC -pkeyopt ec_paramgen_curve:sm2p256v1 \
                    -pkeyopt ec_param_enc:named_curve -out ca.key
    $ gmssl req -sm3 -new -x509 -days 365 -key ca.key -out ca.crt

Project documentation

  • User manual

   * Compile and install

   * Command line tool manual

   * GmSSL EVP API

   * GmSSL Java API

  • Password algorithm

   * SM1 group password

   * SSF33 group password

   * SM2 elliptic curve public key password

   * SM3 password hash algorithm

   * SM4 / SMS4 group password

   * SM9 identity-based password

   * ZUC sequence password

   * CPK combination public key password

   * BF-IBE (Boneh-Franklin Identity-Based Encryption)

   * BB-IBE (Boneh-Boyen Identity-Based Encryption)

  • password hardware

   * Password hardware support

   * Country density SKF password hardware

   * National secret SDF password hardware

   * Key management service

  • Security protocol

   * SSL / TLS protocol

   * National secret SSL VPN protocol

   * National secret IPSec VPN protocol

  • Developer

   * GmSSL Coding Style

   * Roadmap

   * Open source license (GmSSL Licenses)

  • Standards and norms

   * People's Republic of China password industry standard

   * National secret algorithm identification OID