20221320馮泰瑞-實驗一嵌入式開發基礎-1-3學時實踐過程記錄
20221320馮泰瑞《密碼系統設計》實驗一過程
OpenSSL
openssl cmd
fengtairui@fengtairui-virtual-machine:~$ openssl version
OpenSSL 3.0.2 15 Mar 2022 (Library: OpenSSL 3.0.2 15 Mar 2022)
openssl list -help
fengtairui@fengtairui-virtual-machine:~$ openssl list -help
Usage: list [options]
General options:
-help Display this summary
Output options:
-1 List in one column
-verbose Verbose listing
-select val Select a single algorithm
-commands List of standard commands
-standard-commands List of standard commands
-digest-commands List of message digest commands (deprecated)
-digest-algorithms List of message digest algorithms
-kdf-algorithms List of key derivation and pseudo random function algorithms
-random-instances List the primary, public and private random number generator details
-random-generators List of random number generators
-mac-algorithms List of message authentication code algorithms
-cipher-commands List of cipher commands (deprecated)
-cipher-algorithms List of cipher algorithms
-encoders List of encoding methods
-decoders List of decoding methods
-key-managers List of key managers
-key-exchange-algorithms List of key exchange algorithms
-kem-algorithms List of key encapsulation mechanism algorithms
-signature-algorithms List of signature algorithms
-asymcipher-algorithms List of asymmetric cipher algorithms
-public-key-algorithms List of public key algorithms
-public-key-methods List of public key methods
-store-loaders List of store loaders
-providers List of provider information
-engines List of loaded engines
-disabled List of disabled features
-options val List options for specified command
-objects List built in objects (OID<->name mappings)
Provider options:
-provider-path val Provider load path (must be before 'provider' argument if required)
-provider val Provider to load (can be specified multiple times)
-propquery val Property query used when fetching algorithms
openssl help
fengtairui@fengtairui-virtual-machine:~$ openssl help
help:
Standard commands
asn1parse ca ciphers cmp
cms crl crl2pkcs7 dgst
dhparam dsa dsaparam ec
ecparam enc engine errstr
fipsinstall gendsa genpkey genrsa
help info kdf list
mac nseq ocsp passwd
pkcs12 pkcs7 pkcs8 pkey
pkeyparam pkeyutl prime rand
rehash req rsa rsautl
s_client s_server s_time sess_id
smime speed spkac srp
storeutl ts verify version
x509
Message Digest commands (see the `dgst' command for more details)
blake2b512 blake2s256 md4 md5
rmd160 sha1 sha224 sha256
sha3-224 sha3-256 sha3-384 sha3-512
sha384 sha512 sha512-224 sha512-256
shake128 shake256 sm3
Cipher commands (see the `enc' command for more details)
aes-128-cbc aes-128-ecb aes-192-cbc aes-192-ecb
aes-256-cbc aes-256-ecb aria-128-cbc aria-128-cfb
aria-128-cfb1 aria-128-cfb8 aria-128-ctr aria-128-ecb
aria-128-ofb aria-192-cbc aria-192-cfb aria-192-cfb1
aria-192-cfb8 aria-192-ctr aria-192-ecb aria-192-ofb
aria-256-cbc aria-256-cfb aria-256-cfb1 aria-256-cfb8
aria-256-ctr aria-256-ecb aria-256-ofb base64
bf bf-cbc bf-cfb bf-ecb
bf-ofb camellia-128-cbc camellia-128-ecb camellia-192-cbc
camellia-192-ecb camellia-256-cbc camellia-256-ecb cast
cast-cbc cast5-cbc cast5-cfb cast5-ecb
cast5-ofb des des-cbc des-cfb
des-ecb des-ede des-ede-cbc des-ede-cfb
des-ede-ofb des-ede3 des-ede3-cbc des-ede3-cfb
des-ede3-ofb des-ofb des3 desx
rc2 rc2-40-cbc rc2-64-cbc rc2-cbc
rc2-cfb rc2-ecb rc2-ofb rc4
rc4-40 seed seed-cbc seed-cfb
seed-ecb seed-ofb sm4-cbc sm4-cfb
sm4-ctr sm4-ecb sm4-ofb
數據輸入輸出
文本
echo 123 | openssl sm3
fengtairui@fengtairui-virtual-machine:~$ echo 123 | openssl sm3
SM3(stdin)= e95001aed4b6f7de59169913997dace404f05091ed49c37133a9950a69405a9c
echo "123" | openssl sm3
fengtairui@fengtairui-virtual-machine:~$ echo "123" | openssl sm3
SM3(stdin)= e95001aed4b6f7de59169913997dace404f05091ed49c37133a9950a69405a9c
echo 123 | od -tx1 -tc
fengtairui@fengtairui-virtual-machine:~$ echo 123 | od -tx1 -tc
0000000 31 32 33 0a
1 2 3 \n
0000004
echo -n 123 | od -tx1 -tc
fengtairui@fengtairui-virtual-machine:~$ echo -n 123 | od -tx1 -tc
0000000 31 32 33
1 2 3
0000003
echo 123 | openssl sm3
fengtairui@fengtairui-virtual-machine:~$ echo 123 | openssl sm3
SM3(stdin)= e95001aed4b6f7de59169913997dace404f05091ed49c37133a9950a69405a9c
echo -n 123 | openssl sm3
fengtairui@fengtairui-virtual-machine:~$ echo -n 123 | openssl sm3
SM3(stdin)= 6e0f9e14344c5406a0cf5a3b4dfb665f87f4a771a31f7edbb5c72874a32b2957
echo 123 > 123.txt
openssl sm3 -file 123.txt
fengtairui@fengtairui-virtual-machine:~$ echo 123 > 123.txt
fengtairui@fengtairui-virtual-machine:~$ openssl sm3 -file 123.txt
SM3(123.txt)= e95001aed4b6f7de59169913997dace404f05091ed49c37133a9950a69405a9c
echo 123 | openssl sm3
fengtairui@fengtairui-virtual-machine:~$ echo 123 | openssl sm3
SM3(stdin)= e95001aed4b6f7de59169913997dace404f05091ed49c37133a9950a69405a9c
二進制(16進制)
echo "obase=16;123" | bc
fengtairui@fengtairui-virtual-machine:~$ echo "obase=16;123" | bc
7B
echo -n -e "\x7B" > 123.bin
od -tx1 123.bin
fengtairui@fengtairui-virtual-machine:~$ echo -n -e "\x7B" > 123.bin
fengtairui@fengtairui-virtual-machine:~$ od -tx1 123.bin
0000000 7b
0000001
openssl sm3 -file 123.bin
fengtairui@fengtairui-virtual-machine:~$ openssl sm3 -file 123.bin
SM3(123.bin)= 2ed59fea0dbe4e4f02de67ee657eb6be8e22a7db425103402d8a36d7b6f6d344
echo -ne "\x7B" | openssl sm3
fengtairui@fengtairui-virtual-machine:~$ echo -ne "\x7B" | openssl sm3
SM3(stdin)= 2ed59fea0dbe4e4f02de67ee657eb6be8e22a7db425103402d8a36d7b6f6d344
echo 1 > 1.txt <==> echo -e "\x31" > 1.txt
fengtairui@fengtairui-virtual-machine:~$ echo 1 > 1.txt
fengtairui@fengtairui-virtual-machine:~$ cat 1.txt
1
fengtairui@fengtairui-virtual-machine:~$ echo -e "\x31" > 1.txt
fengtairui@fengtairui-virtual-machine:~$ cat 1.txt
1
產生的文件提交至Git
fengtairui@fengtairui-virtual-machine:~$ git add 1.txt 123.bin 123.txt
fengtairui@fengtairui-virtual-machine:~$ git commit -m "Data input/output text Binary system"
[master e50df09] Data input/output text Binary system
3 files changed, 3 insertions(+)
create mode 100644 1.txt
create mode 100644 123.bin
create mode 100644 123.txt
fengtairui@fengtairui-virtual-machine:~$ git log
commit e50df09386b764388533dd1665b1b5cd053d0e2e (HEAD -> master)
Author: fengtairui <1978274655@qq.com>
Date: Sun Oct 13 11:15:40 2024 +0800
Data input/output text Binary system
commit af8a56a4c254dae1c44176dbd05e7f6a04ca16d0
Author: fengtairui <1978274655@qq.com>
Date: Tue Oct 8 19:40:57 2024 +0800
Initial commit with hello.c and compilation artifacts
常用命令
prime
help
openssl prime -help
fengtairui@fengtairui-virtual-machine:~$ openssl prime -help
Usage: prime [options] [number...]
General options:
-help Display this summary
-bits +int Size of number in bits
-checks +int Number of checks
Output options:
-hex Hex output
-generate Generate a prime
-safe When used with -generate, generate a safe prime
Provider options:
-provider-path val Provider load path (must be before 'provider' argument if required)
-provider val Provider to load (can be specified multiple times)
-propquery val Property query used when fetching algorithms
Parameters:
number Number(s) to check for primality if not generating
素數檢查
openssl prime 3
fengtairui@fengtairui-virtual-machine:~$ openssl prime 3
3 (3) is prime
openssl prime 33
fengtairui@fengtairui-virtual-machine:~$ openssl prime 33
21 (33) is not prime
openssl prime -checks 10 33
fengtairui@fengtairui-virtual-machine:~$ openssl prime -checks 10 33
21 (33) is not prime
openssl prime -hex 4F
fengtairui@fengtairui-virtual-machine:~$ openssl prime -hex 4F
4F (4F) is prime
素數產生
fengtairui@fengtairui-virtual-machine:~$ openssl prime -generate -bits 10
1009
fengtairui@fengtairui-virtual-machine:~$ openssl prime 1009
3F1 (1009) is prime
fengtairui@fengtairui-virtual-machine:~$ openssl prime -generate -bits 10 -hex
0329
fengtairui@fengtairui-virtual-machine:~$ openssl prime -hex 0329
329 (0329) is prime
rand
help
fengtairui@fengtairui-virtual-machine:~$ openssl rand -help
Usage: rand [options] num
General options:
-help Display this summary
-engine val Use engine, possibly a hardware device
Output options:
-out outfile Output file
-base64 Base64 encode output
-hex Hex encode output
Random state options:
-rand val Load the given file(s) into the random number generator
-writerand outfile Write random data to the specified file
Provider options:
-provider-path val Provider load path (must be before 'provider' argument if required)
-provider val Provider to load (can be specified multiple times)
-propquery val Property query used when fetching algorithms
Parameters:
num Number of bytes to generate
隨機數產生
fengtairui@fengtairui-virtual-machine:~$ openssl rand 10
??v???'{?fengtairui@fengtairui-virtual-machine:~$ openssl rand 10 | od -tx1
0000000 d9 e6 68 6a 98 d3 db 73 76 fc
0000012
fengtairui@fengtairui-virtual-machine:~$ openssl rand 10 | xxd -p
72c5356b3b939984e324
fengtairui@fengtairui-virtual-machine:~$ openssl rand -hex 10
aaf647aedbf3769a429e
fengtairui@fengtairui-virtual-machine:~$ openssl rand -base64 10
jk1QjJMiUdQkiQ==
隨機數文件
fengtairui@fengtairui-virtual-machine:~$ openssl rand -out r1.bin 10
fengtairui@fengtairui-virtual-machine:~$ od -tx1 r1.bin
0000000 ef 0d d3 ad 30 e0 a7 85 f5 d9
0000012
fengtairui@fengtairui-virtual-machine:~$ openssl rand 10 > r2.bin
fengtairui@fengtairui-virtual-machine:~$ cat r2.bin | xxd -p
05e0c139620f82a8af8b
產生的文件提交至Git
fengtairui@fengtairui-virtual-machine:~$ git add r2.bin r1.bin
fengtairui@fengtairui-virtual-machine:~$ git commit -m "Random number file"
[master 3a3ef29] Random number file
2 files changed, 2 insertions(+)
create mode 100644 r1.bin
create mode 100644 r2.bin
fengtairui@fengtairui-virtual-machine:~$ git log
commit 3a3ef29a950073e111f7650c9666ce473d05203f (HEAD -> master)
Author: fengtairui <1978274655@qq.com>
Date: Sun Oct 13 11:28:51 2024 +0800
Random number file
base64
help
fengtairui@fengtairui-virtual-machine:~$ openssl base64 -help
Usage: base64 [options]
General options:
-help Display this summary
-list List ciphers
-ciphers Alias for -list
-e Encrypt
-d Decrypt
-p Print the iv/key
-P Print the iv/key and exit
-engine val Use engine, possibly a hardware device
Input options:
-in infile Input file
-k val Passphrase
-kfile infile Read passphrase from file
Output options:
-out outfile Output file
-pass val Passphrase source
-v Verbose output
-a Base64 encode/decode, depending on encryption flag
-base64 Same as option -a
-A Used with -[base64|a] to specify base64 buffer as a single line
Encryption options:
-nopad Disable standard block padding
-salt Use salt in the KDF (default)
-nosalt Do not use salt in the KDF
-debug Print debug info
-bufsize val Buffer size
-K val Raw key, in hex
-S val Salt, in hex
-iv val IV in hex
-md val Use specified digest to create a key from the passphrase
-iter +int Specify the iteration count and force use of PBKDF2
-pbkdf2 Use password-based key derivation function 2
-none Don't encrypt
-* Any supported cipher
Random state options:
-rand val Load the given file(s) into the random number generator
-writerand outfile Write random data to the specified file
Provider options:
-provider-path val Provider load path (must be before 'provider' argument if required)
-provider val Provider to load (can be specified multiple times)
-propquery val Property query used when fetching algorithms
編碼解碼
fengtairui@fengtairui-virtual-machine:~$ echo ftr | openssl base64
ZnRyCg==
fengtairui@fengtairui-virtual-machine:~$ echo ftr | openssl base64 -e
ZnRyCg==
fengtairui@fengtairui-virtual-machine:~$ echo ZnRyCg== | openssl base64 -d
ftr
fengtairui@fengtairui-virtual-machine:~$ echo -ne "\x11\x22\x33" | openssl base64
ESIz
fengtairui@fengtairui-virtual-machine:~$ echo ESIz | openssl base64 -d | xxd -p
112233
fengtairui@fengtairui-virtual-machine:~$ echo -ne "\x11\x22\x33\x44" | openssl base64
ESIzRA==
fengtairui@fengtairui-virtual-machine:~$ echo ESIzRA== | openssl base64 -d | xxd -p
11223344
文件編碼解碼
fengtairui@fengtairui-virtual-machine:~$ echo ftr > ftr.txt
fengtairui@fengtairui-virtual-machine:~$ openssl base64 -in ftr.txt -out ftr.b64
fengtairui@fengtairui-virtual-machine:~$ cat ftr.b64
ZnRyCg==
fengtairui@fengtairui-virtual-machine:~$ openssl base64 -d -in ftr.b64 -out ftr2.txt
fengtairui@fengtairui-virtual-machine:~$ diff ftr.txt ftr2.txt
fengtairui@fengtairui-virtual-machine:~$ cat ftr2.txt
ftr
產生的文件提交至Git
fengtairui@fengtairui-virtual-machine:~$ git add ftr.txt ftr.b64 ftr2.txt
fengtairui@fengtairui-virtual-machine:~$ git commit -m "base64 File encoding and decoding"
[master 24ecc5e] base64 File encoding and decoding
3 files changed, 3 insertions(+)
create mode 100644 ftr.b64
create mode 100644 ftr.txt
create mode 100644 ftr2.txt
fengtairui@fengtairui-virtual-machine:~$ git log
commit 24ecc5eb202869bbf3cc34982b66eb245f84d18b (HEAD -> master)
Author: fengtairui <1978274655@qq.com>
Date: Sun Oct 13 11:43:36 2024 +0800
base64 File encoding and decoding
asn1parse
help
fengtairui@fengtairui-virtual-machine:~$ openssl asn1parse -help
Usage: asn1parse [options]
General options:
-help Display this summary
-oid infile file of extra oid definitions
I/O options:
-inform PEM|DER input format - one of DER PEM
-in infile input file
-out outfile output file (output format is always DER)
-noout do not produce any output
-offset +int offset into file
-length +int length of section in file
-strparse +int offset; a series of these can be used to 'dig'
-genstr val string to generate ASN1 structure from
into multiple ASN1 blob wrappings
-genconf val file to generate ASN1 structure from
-strictpem do not attempt base64 decode outside PEM markers
-item val item to parse and print
(-inform will be ignored)
Formatting options:
-i indents the output
-dump unknown data in hex form
-dlimit +int dump the first arg bytes of unknown data in hex form
密碼工程中的格式
fengtairui@fengtairui-virtual-machine:~$ echo -ne "\x03\x02\x04\x90" >bitstring.der
fengtairui@fengtairui-virtual-machine:~$ openssl asn1parse -inform der -i -in bitstring.der
0:d=0 hl=2 l= 2 prim: BIT STRING
fengtairui@fengtairui-virtual-machine:~$ openssl base64 -in bitstring.der -out bitstring.pem
fengtairui@fengtairui-virtual-machine:~$ ls bitstring.pem
bitstring.pem
fengtairui@fengtairui-virtual-machine:~$ openssl asn1parse -inform PEM -in bitstring.pem
0:d=0 hl=2 l= 2 prim: BIT STRING
產生的文件提交至Git
fengtairui@fengtairui-virtual-machine:~$ git add bitstring.der bitstring.pem
fengtairui@fengtairui-virtual-machine:~$ git commit -m "Format in cryptographic engineering"
[master c2cfd08] Format in cryptographic engineering
2 files changed, 2 insertions(+)
create mode 100644 bitstring.der
create mode 100644 bitstring.pem
fengtairui@fengtairui-virtual-machine:~$ git log
commit c2cfd087d62198aa5435e9c0b35399bdb88307c1 (HEAD -> master)
Author: fengtairui <1978274655@qq.com>
Date: Sun Oct 13 11:49:23 2024 +0800
Format in cryptographic engineering
Hash與HMAC
help
fengtairui@fengtairui-virtual-machine:~$ openssl dgst -help
Usage: dgst [options] [file...]
General options:
-help Display this summary
-list List digests
-engine val Use engine e, possibly a hardware device
-engine_impl Also use engine given by -engine for digest operations
-passin val Input file pass phrase source
Output options:
-c Print the digest with separating colons
-r Print the digest in coreutils format
-out outfile Output to filename rather than stdout
-keyform format Key file format (ENGINE, other values ignored)
-hex Print as hex dump
-binary Print in binary form
-xoflen +int Output length for XOF algorithms
-d Print debug info
-debug Print debug info
Signing options:
-sign val Sign digest using private key
-verify val Verify a signature using public key
-prverify val Verify a signature using private key
-sigopt val Signature parameter in n:v form
-signature infile File with signature to verify
-hmac val Create hashed MAC with key
-mac val Create MAC (not necessarily HMAC)
-macopt val MAC algorithm parameters in n:v form or key
-* Any supported digest
-fips-fingerprint Compute HMAC with the key used in OpenSSL-FIPS fingerprint
Random state options:
-rand val Load the given file(s) into the random number generator
-writerand outfile Write random data to the specified file
Provider options:
-provider-path val Provider load path (must be before 'provider' argument if required)
-provider val Provider to load (can be specified multiple times)
-propquery val Property query used when fetching algorithms
Parameters:
file Files to digest (optional; default is stdin)
openssl dgst -list
fengtairui@fengtairui-virtual-machine:~$ openssl dgst -list
Supported digests:
-blake2b512 -blake2s256 -md4
-md5 -md5-sha1 -ripemd
-ripemd160 -rmd160 -sha1
-sha224 -sha256 -sha3-224
-sha3-256 -sha3-384 -sha3-512
-sha384 -sha512 -sha512-224
-sha512-256 -shake128 -shake256
-sm3 -ssl3-md5 -ssl3-sha1
-whirlpool
openssl dgst -sm3 <==> openssl -sm3
fengtairui@fengtairui-virtual-machine:~$ echo ftr | openssl dgst -sm3
SM3(stdin)= 83566dd4c36acb7e0aa656f6e873830f13eac245c998ae5610e6dfa69a752766
fengtairui@fengtairui-virtual-machine:~$ echo ftr | openssl sm3
SM3(stdin)= 83566dd4c36acb7e0aa656f6e873830f13eac245c998ae5610e6dfa69a752766
fengtairui@fengtairui-virtual-machine:~$ echo ftr | openssl sm3
SM3(stdin)= 83566dd4c36acb7e0aa656f6e873830f13eac245c998ae5610e6dfa69a752766
fengtairui@fengtairui-virtual-machine:~$ echo ftr | openssl sm3 -binary
?Vm??j?~
fengtairui@fengtairui-virtual-machine:~$ echo ftr | openssl sm3 -binary | xxd -p
83566dd4c36acb7e0aa656f6e873830f13eac245c998ae5610e6dfa69a75
2766
沒有in參數,直接傳文件
fengtairui@fengtairui-virtual-machine:~$ echo ftr > ftr.txt
fengtairui@fengtairui-virtual-machine:~$ openssl sm3 ftr.txt
SM3(ftr.txt)= 83566dd4c36acb7e0aa656f6e873830f13eac245c998ae5610e6dfa69a752766
fengtairui@fengtairui-virtual-machine:~$ echo ftr | openssl sm3
SM3(stdin)= 83566dd4c36acb7e0aa656f6e873830f13eac245c998ae5610e6dfa69a752766
對稱算法enc
help
fengtairui@fengtairui-virtual-machine:~$ openssl enc -help
Usage: enc [options]
General options:
-help Display this summary
-list List ciphers
-ciphers Alias for -list
-e Encrypt
-d Decrypt
-p Print the iv/key
-P Print the iv/key and exit
-engine val Use engine, possibly a hardware device
Input options:
-in infile Input file
-k val Passphrase
-kfile infile Read passphrase from file
Output options:
-out outfile Output file
-pass val Passphrase source
-v Verbose output
-a Base64 encode/decode, depending on encryption flag
-base64 Same as option -a
-A Used with -[base64|a] to specify base64 buffer as a single line
Encryption options:
-nopad Disable standard block padding
-salt Use salt in the KDF (default)
-nosalt Do not use salt in the KDF
-debug Print debug info
-bufsize val Buffer size
-K val Raw key, in hex
-S val Salt, in hex
-iv val IV in hex
-md val Use specified digest to create a key from the passphrase
-iter +int Specify the iteration count and force use of PBKDF2
-pbkdf2 Use password-based key derivation function 2
-none Don't encrypt
-* Any supported cipher
Random state options:
-rand val Load the given file(s) into the random number generator
-writerand outfile Write random data to the specified file
Provider options:
-provider-path val Provider load path (must be before 'provider' argument if required)
-provider val Provider to load (can be specified multiple times)
-propquery val Property query used when fetching algorithms
fengtairui@fengtairui-virtual-machine:~$ openssl enc -list
Supported ciphers:
-aes-128-cbc -aes-128-cfb -aes-128-cfb1
-aes-128-cfb8 -aes-128-ctr -aes-128-ecb
-aes-128-ofb -aes-192-cbc -aes-192-cfb
-aes-192-cfb1 -aes-192-cfb8 -aes-192-ctr
-aes-192-ecb -aes-192-ofb -aes-256-cbc
-aes-256-cfb -aes-256-cfb1 -aes-256-cfb8
-aes-256-ctr -aes-256-ecb -aes-256-ofb
-aes128 -aes128-wrap -aes192
-aes192-wrap -aes256 -aes256-wrap
-aria-128-cbc -aria-128-cfb -aria-128-cfb1
-aria-128-cfb8 -aria-128-ctr -aria-128-ecb
-aria-128-ofb -aria-192-cbc -aria-192-cfb
-aria-192-cfb1 -aria-192-cfb8 -aria-192-ctr
-aria-192-ecb -aria-192-ofb -aria-256-cbc
-aria-256-cfb -aria-256-cfb1 -aria-256-cfb8
-aria-256-ctr -aria-256-ecb -aria-256-ofb
-aria128 -aria192 -aria256
-bf -bf-cbc -bf-cfb
-bf-ecb -bf-ofb -blowfish
-camellia-128-cbc -camellia-128-cfb -camellia-128-cfb1
-camellia-128-cfb8 -camellia-128-ctr -camellia-128-ecb
-camellia-128-ofb -camellia-192-cbc -camellia-192-cfb
-camellia-192-cfb1 -camellia-192-cfb8 -camellia-192-ctr
-camellia-192-ecb -camellia-192-ofb -camellia-256-cbc
-camellia-256-cfb -camellia-256-cfb1 -camellia-256-cfb8
-camellia-256-ctr -camellia-256-ecb -camellia-256-ofb
-camellia128 -camellia192 -camellia256
-cast -cast-cbc -cast5-cbc
-cast5-cfb -cast5-ecb -cast5-ofb
-chacha20 -des -des-cbc
-des-cfb -des-cfb1 -des-cfb8
-des-ecb -des-ede -des-ede-cbc
-des-ede-cfb -des-ede-ecb -des-ede-ofb
-des-ede3 -des-ede3-cbc -des-ede3-cfb
-des-ede3-cfb1 -des-ede3-cfb8 -des-ede3-ecb
-des-ede3-ofb -des-ofb -des3
-des3-wrap -desx -desx-cbc
-id-aes128-wrap -id-aes128-wrap-pad -id-aes192-wrap
-id-aes192-wrap-pad -id-aes256-wrap -id-aes256-wrap-pad
-id-smime-alg-CMS3DESwrap -rc2 -rc2-128
-rc2-40 -rc2-40-cbc -rc2-64
-rc2-64-cbc -rc2-cbc -rc2-cfb
-rc2-ecb -rc2-ofb -rc4
-rc4-40 -seed -seed-cbc
-seed-cfb -seed-ecb -seed-ofb
-sm4 -sm4-cbc -sm4-cfb
-sm4-ctr -sm4-ecb -sm4-ofb
加密解密
fengtairui@fengtairui-virtual-machine:~$ openssl sm4-cbc -K "2851fa25211a48023794ae9515909603" -iv "da80e405a4998c351b0717093cbe86ab" -in ftr.txt -out ftr.enc
fengtairui@fengtairui-virtual-machine:~$ openssl sm4-cbc -d -K "2851fa25211a48023794ae9515909603" -iv "da80e405a4998c351b0717093cbe86ab" -in ftr.enc -out ftr2.txt
fengtairui@fengtairui-virtual-machine:~$ diff ftr.txt ftr2.txt
fengtairui@fengtairui-virtual-machine:~$ cat ftr2.txt
ftr
產生的文件提交至Git
fengtairui@fengtairui-virtual-machine:~$ git add ftr.txt ftr2.txt ftr.enc
fengtairui@fengtairui-virtual-machine:~$ git commit -m "enc Encryption and decryption"
[master 499d228] enc Encryption and decryption
1 file changed, 1 insertion(+)
create mode 100644 ftr.enc
fengtairui@fengtairui-virtual-machine:~$ git log
commit 499d2288429f94bded36ff64c03052bcd91f2c52 (HEAD -> master)
Author: fengtairui <1978274655@qq.com>
Date: Sun Oct 13 12:15:22 2024 +0800
enc Encryption and decryption
非對稱算法
SM2
產生公私鑰對
fengtairui@fengtairui-virtual-machine:~$ openssl ecparam -genkey -name SM2 -out sm2private_key.pem
fengtairui@fengtairui-virtual-machine:~$ cat sm2private_key.pem
-----BEGIN SM2 PARAMETERS-----
BggqgRzPVQGCLQ==
-----END SM2 PARAMETERS-----
-----BEGIN PRIVATE KEY-----
MIGIAgEAMBQGCCqBHM9VAYItBggqgRzPVQGCLQRtMGsCAQEEIHHkiBwdoIuMyHHl
uBSbVGRkrTSfJ02i7V97O7hcuXjyoUQDQgAEWqE+r3FE+URF6l0pFb83BlLiqAGr
naOb6RdcxRCTtonEOu3YnAiMWw4SSFDa/aDLTBvWge0mlZbMiXwqoX86Sw==
-----END PRIVATE KEY-----
fengtairui@fengtairui-virtual-machine:~$ openssl asn1parse -inform PEM -in sm2private_key.pem
0:d=0 hl=2 l= 8 prim: OBJECT :sm2
fengtairui@fengtairui-virtual-machine:~$ openssl base64 -d -in sm2private_key.pem -out sm2private_key.der
fengtairui@fengtairui-virtual-machine:~$ openssl asn1parse -inform DER -in sm2private_key.der
0:d=0 hl=2 l= 8 prim: OBJECT :sm2
fengtairui@fengtairui-virtual-machine:~$ od -tx1 sm2private_key.der
0000000 06 08 2a 81 1c cf 55 01 82 2d
0000012
fengtairui@fengtairui-virtual-machine:~$ openssl pkey -in sm2private_key.pem -text -noout
Private-Key: (256 bit)
priv:
71:e4:88:1c:1d:a0:8b:8c:c8:71:e5:b8:14:9b:54:
64:64:ad:34:9f:27:4d:a2:ed:5f:7b:3b:b8:5c:b9:
78:f2
pub:
04:5a:a1:3e:af:71:44:f9:44:45:ea:5d:29:15:bf:
37:06:52:e2:a8:01:ab:9d:a3:9b:e9:17:5c:c5:10:
93:b6:89:c4:3a:ed:d8:9c:08:8c:5b:0e:12:48:50:
da:fd:a0:cb:4c:1b:d6:81:ed:26:95:96:cc:89:7c:
2a:a1:7f:3a:4b
ASN1 OID: SM2
openssl ecparam -help
fengtairui@fengtairui-virtual-machine:~$ openssl ecparam -help
Usage: ecparam [options]
General options:
-help Display this summary
-list_curves Prints a list of all curve 'short names'
-engine val Use engine, possibly a hardware device
-genkey Generate ec key
-in infile Input file - default stdin
-inform PEM|DER Input format - default PEM (DER or PEM)
-out outfile Output file - default stdout
-outform PEM|DER Output format - default PEM
Output options:
-text Print the ec parameters in text form
-noout Do not print the ec parameter
-param_enc val Specifies the way the ec parameters are encoded
Parameter options:
-check Validate the ec parameters
-check_named Check that named EC curve parameters have not been modified
-no_seed If 'explicit' parameters are chosen do not use the seed
-name val Use the ec parameters with specified 'short name'
-conv_form val Specifies the point conversion form
Random state options:
-rand val Load the given file(s) into the random number generator
-writerand outfile Write random data to the specified file
Provider options:
-provider-path val Provider load path (must be before 'provider' argument if required)
-provider val Provider to load (can be specified multiple times)
-propquery val Property query used when fetching algorithms
openssl ecparam -list_curves
fengtairui@fengtairui-virtual-machine:~$ openssl ecparam -list_curves
secp112r1 : SECG/WTLS curve over a 112 bit prime field
secp112r2 : SECG curve over a 112 bit prime field
secp128r1 : SECG curve over a 128 bit prime field
secp128r2 : SECG curve over a 128 bit prime field
secp160k1 : SECG curve over a 160 bit prime field
secp160r1 : SECG curve over a 160 bit prime field
secp160r2 : SECG/WTLS curve over a 160 bit prime field
secp192k1 : SECG curve over a 192 bit prime field
secp224k1 : SECG curve over a 224 bit prime field
secp224r1 : NIST/SECG curve over a 224 bit prime field
secp256k1 : SECG curve over a 256 bit prime field
secp384r1 : NIST/SECG curve over a 384 bit prime field
secp521r1 : NIST/SECG curve over a 521 bit prime field
prime192v1: NIST/X9.62/SECG curve over a 192 bit prime field
prime192v2: X9.62 curve over a 192 bit prime field
prime192v3: X9.62 curve over a 192 bit prime field
prime239v1: X9.62 curve over a 239 bit prime field
prime239v2: X9.62 curve over a 239 bit prime field
prime239v3: X9.62 curve over a 239 bit prime field
prime256v1: X9.62/SECG curve over a 256 bit prime field
sect113r1 : SECG curve over a 113 bit binary field
sect113r2 : SECG curve over a 113 bit binary field
sect131r1 : SECG/WTLS curve over a 131 bit binary field
sect131r2 : SECG curve over a 131 bit binary field
sect163k1 : NIST/SECG/WTLS curve over a 163 bit binary field
sect163r1 : SECG curve over a 163 bit binary field
sect163r2 : NIST/SECG curve over a 163 bit binary field
sect193r1 : SECG curve over a 193 bit binary field
sect193r2 : SECG curve over a 193 bit binary field
sect233k1 : NIST/SECG/WTLS curve over a 233 bit binary field
sect233r1 : NIST/SECG/WTLS curve over a 233 bit binary field
sect239k1 : SECG curve over a 239 bit binary field
sect283k1 : NIST/SECG curve over a 283 bit binary field
sect283r1 : NIST/SECG curve over a 283 bit binary field
sect409k1 : NIST/SECG curve over a 409 bit binary field
sect409r1 : NIST/SECG curve over a 409 bit binary field
sect571k1 : NIST/SECG curve over a 571 bit binary field
sect571r1 : NIST/SECG curve over a 571 bit binary field
c2pnb163v1: X9.62 curve over a 163 bit binary field
c2pnb163v2: X9.62 curve over a 163 bit binary field
c2pnb163v3: X9.62 curve over a 163 bit binary field
c2pnb176v1: X9.62 curve over a 176 bit binary field
c2tnb191v1: X9.62 curve over a 191 bit binary field
c2tnb191v2: X9.62 curve over a 191 bit binary field
c2tnb191v3: X9.62 curve over a 191 bit binary field
c2pnb208w1: X9.62 curve over a 208 bit binary field
c2tnb239v1: X9.62 curve over a 239 bit binary field
c2tnb239v2: X9.62 curve over a 239 bit binary field
c2tnb239v3: X9.62 curve over a 239 bit binary field
c2pnb272w1: X9.62 curve over a 272 bit binary field
c2pnb304w1: X9.62 curve over a 304 bit binary field
c2tnb359v1: X9.62 curve over a 359 bit binary field
c2pnb368w1: X9.62 curve over a 368 bit binary field
c2tnb431r1: X9.62 curve over a 431 bit binary field
wap-wsg-idm-ecid-wtls1: WTLS curve over a 113 bit binary field
wap-wsg-idm-ecid-wtls3: NIST/SECG/WTLS curve over a 163 bit binary field
wap-wsg-idm-ecid-wtls4: SECG curve over a 113 bit binary field
wap-wsg-idm-ecid-wtls5: X9.62 curve over a 163 bit binary field
wap-wsg-idm-ecid-wtls6: SECG/WTLS curve over a 112 bit prime field
wap-wsg-idm-ecid-wtls7: SECG/WTLS curve over a 160 bit prime field
wap-wsg-idm-ecid-wtls8: WTLS curve over a 112 bit prime field
wap-wsg-idm-ecid-wtls9: WTLS curve over a 160 bit prime field
wap-wsg-idm-ecid-wtls10: NIST/SECG/WTLS curve over a 233 bit binary field
wap-wsg-idm-ecid-wtls11: NIST/SECG/WTLS curve over a 233 bit binary field
wap-wsg-idm-ecid-wtls12: WTLS curve over a 224 bit prime field
Oakley-EC2N-3:
IPSec/IKE/Oakley curve #3 over a 155 bit binary field.
Not suitable for ECDSA.
Questionable extension field!
Oakley-EC2N-4:
IPSec/IKE/Oakley curve #4 over a 185 bit binary field.
Not suitable for ECDSA.
Questionable extension field!
brainpoolP160r1: RFC 5639 curve over a 160 bit prime field
brainpoolP160t1: RFC 5639 curve over a 160 bit prime field
brainpoolP192r1: RFC 5639 curve over a 192 bit prime field
brainpoolP192t1: RFC 5639 curve over a 192 bit prime field
brainpoolP224r1: RFC 5639 curve over a 224 bit prime field
brainpoolP224t1: RFC 5639 curve over a 224 bit prime field
brainpoolP256r1: RFC 5639 curve over a 256 bit prime field
brainpoolP256t1: RFC 5639 curve over a 256 bit prime field
brainpoolP320r1: RFC 5639 curve over a 320 bit prime field
brainpoolP320t1: RFC 5639 curve over a 320 bit prime field
brainpoolP384r1: RFC 5639 curve over a 384 bit prime field
brainpoolP384t1: RFC 5639 curve over a 384 bit prime field
brainpoolP512r1: RFC 5639 curve over a 512 bit prime field
brainpoolP512t1: RFC 5639 curve over a 512 bit prime field
SM2 : SM2 curve over a 256 bit prime field
提取公鑰
fengtairui@fengtairui-virtual-machine:~$ openssl ec -in sm2private_key.pem -pubout -out sm2publickey.pem
read EC key
writing EC key
fengtairui@fengtairui-virtual-machine:~$ cat sm2publickey.pem
-----BEGIN PUBLIC KEY-----
MFowFAYIKoEcz1UBgi0GCCqBHM9VAYItA0IABFqhPq9xRPlERepdKRW/NwZS4qgB
q52jm+kXXMUQk7aJxDrt2JwIjFsOEkhQ2v2gy0wb1oHtJpWWzIl8KqF/Oks=
-----END PUBLIC KEY-----
fengtairui@fengtairui-virtual-machine:~$ openssl asn1parse -inform PEM -in sm2publickey.pem
0:d=0 hl=2 l= 90 cons: SEQUENCE
2:d=1 hl=2 l= 20 cons: SEQUENCE
4:d=2 hl=2 l= 8 prim: OBJECT :sm2
14:d=2 hl=2 l= 8 prim: OBJECT :sm2
24:d=1 hl=2 l= 66 prim: BIT STRING
加密解密
fengtairui@fengtairui-virtual-machine:~$ openssl pkeyutl -encrypt -pubin -inkey sm2publickey.pem -in ftr.txt -out ftrsm2enc.bin
fengtairui@fengtairui-virtual-machine:~$ openssl pkeyutl -decrypt -inkey sm2private_key.pem -in ftrsm2enc.bin -out ftrsm2dec.txt
fengtairui@fengtairui-virtual-machine:~$ diff ftr.txt ftrsm2dec.txt
簽名驗簽
fengtairui@fengtairui-virtual-machine:~$ openssl sm3 -sign sm2private_key.pem -out ftrsm2.sig ftr.txt
fengtairui@fengtairui-virtual-machine:~$ openssl sm3 -verify sm2publickey.pem -signature ftrsm2.sig ftr.txt
Verified OK
fengtairui@fengtairui-virtual-machine:~$ openssl pkeyutl -sign -in ftr.txt -inkey sm2private_key.pem -out ftrsm2.sig -rawin -digest sm3
fengtairui@fengtairui-virtual-machine:~$ od -tx1 ftrsm2.sig
0000000 30 45 02 20 69 1f d9 ba 63 c7 14 ae 7e 3c c6 8d
0000020 75 0d 95 46 24 f0 dd b9 13 05 12 ed 8b 82 a8 2a
0000040 67 82 a7 35 02 21 00 cc 88 a6 ff 64 7d 3d 7b 79
0000060 ee c0 72 81 9e 50 25 96 c5 5e 3d 9f a9 56 f1 8e
0000100 d6 a2 f3 56 4f c7 98
0000107
fengtairui@fengtairui-virtual-machine:~$ openssl pkeyutl -verify -in ftr.txt -inkey sm2private_key.pem -sigfile ftrsm2.sig -rawin -digest sm3
Signature Verified Successfully
產生的文件提交至Git
fengtairui@fengtairui-virtual-machine:~$ git add sm2private_key.pem sm2private_key.der sm2publickey.pem ftrsm2enc.bin ftrsm2dec.txt ftrsm2.sig
fengtairui@fengtairui-virtual-machine:~$ git commit -m "SM2"
[master ddf5db5] SM2
6 files changed, 14 insertions(+)
create mode 100644 ftrsm2.sig
create mode 100644 ftrsm2dec.txt
create mode 100644 ftrsm2enc.bin
create mode 100644 sm2private_key.der
create mode 100644 sm2private_key.pem
create mode 100644 sm2publickey.pem
fengtairui@fengtairui-virtual-machine:~$ git log
commit ddf5db57688dedf064e2150d9614e853d49b02a0 (HEAD -> master)
Author: fengtairui <1978274655@qq.com>
Date: Sun Oct 13 15:09:19 2024 +0800
SM2
其他命令
fengtairui@fengtairui-virtual-machine:~$ openssl list -commands
asn1parse ca ciphers cmp
cms crl crl2pkcs7 dgst
dhparam dsa dsaparam ec
ecparam enc engine errstr
fipsinstall gendsa genpkey genrsa
help info kdf list
mac nseq ocsp passwd
pkcs12 pkcs7 pkcs8 pkey
pkeyparam pkeyutl prime rand
rehash req rsa rsautl
s_client s_server s_time sess_id
smime speed spkac srp
storeutl ts verify version
x509
GmSSL
gmssl help
fengtairui@fengtairui-virtual-machine:~$ gmssl help
usage: gmssl command [options]
command -help
Commands:
help Print this help message
version Print version
rand Generate random bytes
sm2keygen Generate SM2 keypair
sm2sign Generate SM2 signature
sm2verify Verify SM2 signature
sm2encrypt Encrypt with SM2 public key
sm2decrypt Decrypt with SM2 private key
sm3 Generate SM3 hash
sm3hmac Generate SM3 HMAC tag
sm3_pbkdf2 Hash password into key using PBKDF2 algoritm
sm3xmss_keygen Generate SM3-XMSS keypair
sm4_ecb Encrypt or decrypt with SM4 ECB
sm4_cbc Encrypt or decrypt with SM4 CBC
sm4_ctr Encrypt or decrypt with SM4 CTR
sm4_cfb Encrypt or decrypt with SM4 CFB
sm4_ofb Encrypt or decrypt with SM4 OFB
sm4_ccm Encrypt or decrypt with SM4 CCM
sm4_gcm Encrypt or decrypt with SM4 GCM
sm4_xts Encrypt or decrypt with SM4 XTS
sm4_cbc_sm3_hmac Encrypt or decrypt with SM4 CBC with SM3-HMAC
sm4_ctr_sm3_hmac Encrypt or decrypt with SM4 CTR with SM3-HMAC
sm4_cbc_mac Generate SM4 CBC-MAC
ghash Generate GHASH
zuc Encrypt or decrypt with ZUC
sm9setup Generate SM9 master secret
sm9keygen Generate SM9 private key
sm9sign Generate SM9 signature
sm9verify Verify SM9 signature
sm9encrypt SM9 public key encryption
sm9decrypt SM9 decryption
reqgen Generate certificate signing request (CSR)
reqsign Generate certificate from CSR
reqparse Parse and print a CSR
crlget Download the CRL of given certificate
crlgen Sign a CRL with CA certificate and private key
crlverify Verify a CRL with issuer's certificate
crlparse Parse and print CRL
certgen Generate a self-signed certificate
certparse Parse and print certificates
certverify Verify certificate chain
certrevoke Revoke certificate and output RevokedCertificate record
cmsparse Parse CMS (cryptographic message syntax) file
cmsencrypt Generate CMS EnvelopedData
cmsdecrypt Decrypt CMS EnvelopedData
cmssign Generate CMS SignedData
cmsverify Verify CMS SignedData
sdfinfo Print SDF device info
sdfdigest Generate SM3 hash with SDF device
sdfexport Export SM2 signing public key from SDF device
sdfsign Generate SM2 signature with SDF internal private key
sdfencrypt SM2/SM4-CBC hybrid encryption with SDF device
sdfdecrypt SM2/SM4-CBC hybrid decryption with SDF device
sdftest Test vendor's SDF library and device
tlcp_client TLCP client
tlcp_server TLCP server
tls12_client TLS 1.2 client
tls12_server TLS 1.2 server
tls13_client TLS 1.3 client
tls13_server TLS 1.3 server
run `gmssl <command> -help` to print help of the given command
gmssl version
fengtairui@fengtairui-virtual-machine:~$ gmssl version
GmSSL 3.1.2 Dev
SM3
sm3 -help
fengtairui@fengtairui-virtual-machine:~$ gmssl sm3 -help
usage: sm3 [-hex|-bin] [-pubkey pem [-id str]] [-in file|-in_str str] [-out file]
Options
-hex Output hash value as hex string (by default)
-bin Output hash value as binary
-pubkey pem Signer's SM2 public key
When `-pubkey` is specified, hash with SM2 Z value
-id str SM2 Signer's ID string
-id_hex hex SM2 Signer's ID in hex format
`-id` and `-id_hex` should be used with `-pubkey`
`-id` and `-id_hex` should not be used together
If `-pubkey` is specified without `-id` or `id_hex`,
the default ID string '1234567812345678' is used
-in_str str To be hashed string
-in file | stdin To be hashed file path
`-in_str` and `-in` should not be used together
If neither `-in` nor `-in_str` specified, read from stdin
-out file | stdout Output file path. If not specified, output to stdout
Examples
gmssl sm3 -in_str abc
gmssl sm3 -in_str abc -bin
gmssl sm3 -in /path/to/file
gmssl sm3 -pubkey sm2pubkey.pem -id alice -in /path/to/file -bin
When reading from stdin, make sure the trailing newline character is removed
Linux/Mac:
echo -n abc | gmssl sm3
Windows:
C:\> echo |set/p="abc" | gmssl sm3
SM3
字符串
fengtairui@fengtairui-virtual-machine:~$ echo -n "ftr" | gmssl sm3
40bedc1b46278fd798932e3f8679cd0bf11807f16daf6cc973f7e4730e1dc4a3
fengtairui@fengtairui-virtual-machine:~$ echo -n "ftr" | gmssl sm3 -hex
40bedc1b46278fd798932e3f8679cd0bf11807f16daf6cc973f7e4730e1dc4a3
fengtairui@fengtairui-virtual-machine:~$ echo -n "ftr" | gmssl sm3 -bin
@??'???.??y?
??m?l?s??s?
fengtairui@fengtairui-virtual-machine:~$ echo -n "ftr" | gmssl sm3 -bin | od -tx1
0000000 40 be dc 1b 46 27 8f d7 98 93 2e 3f 86 79 cd 0b
0000020 f1 18 07 f1 6d af 6c c9 73 f7 e4 73 0e 1d c4 a3
0000040
文件
fengtairui@fengtairui-virtual-machine:~$ echo -n "ftr" > ftr.txt
fengtairui@fengtairui-virtual-machine:~$ od -tx1 -tc ftr.txt
0000000 66 74 72
f t r
0000003
fengtairui@fengtairui-virtual-machine:~$ gmssl sm3 -in ftr.txt -out ftr.sm3
fengtairui@fengtairui-virtual-machine:~$ cat ftr.sm3
40bedc1b46278fd798932e3f8679cd0bf11807f16daf6cc973f7e4730e1dc4a3
SM2
fengtairui@fengtairui-virtual-machine:~$ gmssl sm2keygen -pass 1234 -out sm2.pem -pubout sm2pub.pem
fengtairui@fengtairui-virtual-machine:~$ ls
123.bin 桌面 ftr.enc hello.s sm2.pem
123.txt a.out ftrsm2dec.txt libble_project sm2private_key.der
1.txt bestidiocs ftrsm2enc.bin ljpsm2enc.bin sm2private_key.pem
公共的 bestidiocs2024 ftrsm2.sig main.c sm2publickey.pem
模板 bitstring.der ftr.sm3 new_project sm2pub.pem
視頻 bitstring.pem ftr.txt r1.bin snap
圖片 build hello r2.bin test.bin
文檔 ce_project hello.c rc4_example test.txt
下載 ftr2.txt hello.i rc4_example.c
音樂 ftr.b64 hello.o sm2_key.pem
fengtairui@fengtairui-virtual-machine:~$ echo -n "ftr" | gmssl sm3 -pubkey sm2pub.pem -id 1234567812345678
d7a4040cfa3e860912079c8b667e4182d8d8966fa194f12d899409c3135b067a
產生的文件提交至Git
fengtairui@fengtairui-virtual-machine:~$ git add sm2pub.pem sm2.pem ftr.sm3 ftr.txt
fengtairui@fengtairui-virtual-machine:~$ git commit -m "sm3"
[master b0ba729] sm3
4 files changed, 14 insertions(+), 1 deletion(-)
create mode 100644 ftr.sm3
create mode 100644 sm2.pem
create mode 100644 sm2pub.pem
fengtairui@fengtairui-virtual-machine:~$ git log
commit b0ba7298ed4cba31a4986673c0c7643ee88c57ae (HEAD -> master)
Author: fengtairui <1978274655@qq.com>
Date: Sun Oct 13 15:37:58 2024 +0800
sm3
SM3HMAC
sm3hmac -help
fengtairui@fengtairui-virtual-machine:~$ gmssl sm3hmac -help
usage: sm3hmac -key hex [-in file | -in_str str] [-bin|-hex] [-out file]
Options
-key hex Hex string of the MAC key
-in_str str Input as text string
-in file | stdin Input file path
`-in_str` and `-in` should not be used together
If neither `-in` nor `-in_str` specified, read from stdin
-hex Output MAC-tag as hex string (by default)
-bin Output MAC-tag as binary
`-hex` and `-bin` should not be used together
-out file | stdout Output file path. If not specified, output to stdout
Examples
KEY_HEX=`gmssl rand -outlen 16 -hex`
gmssl sm3hmac -key $KEY_HEX -in_str abc
gmssl sm3hmac -key $KEY_HEX -in_str abc -bin
gmssl sm3hmac -key $KEY_HEX -in /path/to/file
When reading from stdin, make sure the trailing newline character is removed
Linux/Mac:
echo -n abc | gmssl sm3hmac -key $KEY_HEX
Windows:
C:\> echo |set/p="abc" | gmssl sm3hmac -key 11223344556677881122334455667788
rand key
fengtairui@fengtairui-virtual-machine:~$ gmssl rand -help
usage: rand [-hex] [-rdrand|-rdseed] -outlen num [-out file]
fengtairui@fengtairui-virtual-machine:~$ gmssl rand -hex -outlen 16
690A211ECEBA599B8629D014DE1586D3
fengtairui@fengtairui-virtual-machine:~$ echo -n "ftr" | gmssl sm3hmac -key 690A211ECEBA599B8629D014DE1586D3
8289b98e4fa6466a84b72023ccdc77b9da7134bc94648140f9891a460b56ee25
SM4
sm4 -help
fengtairui@fengtairui-virtual-machine:~$ gmssl sm4_cbc -help
usage: gmssl sm4_cbc {-encrypt|-decrypt} -key hex -iv hex [-in file] [-out file]
Options
-encrypt Encrypt
-decrypt Decrypt
-key hex Symmetric key in HEX format
-iv hex IV in HEX format
-in file | stdin Input data
-out file | stdout Output data
Examples
$ TEXT=`gmssl rand -outlen 20 -hex`
$ KEY=`gmssl rand -outlen 16 -hex`
$ IV=`gmssl rand -outlen 16 -hex`
$ echo -n $TEXT | gmssl sm4_cbc -encrypt -key $KEY -iv $IV -out sm4_cbc_ciphertext.bin
$ gmssl sm4_cbc -decrypt -key $KEY -iv $IV -in sm4_cbc_ciphertext.bin
SM4
fengtairui@fengtairui-virtual-machine:~$ gmssl rand -help
usage: rand [-hex] [-rdrand|-rdseed] -outlen num [-out file]
fengtairui@fengtairui-virtual-machine:~$ gmssl rand -outlen 16 -out key.bin
fengtairui@fengtairui-virtual-machine:~$ gmssl rand -outlen 16 -out iv.bin
fengtairui@fengtairui-virtual-machine:~$ ls
123.bin 桌面 ftr.enc hello.s rc4_example.c
123.txt a.out ftrsm2dec.txt iv.bin sm2_key.pem
1.txt bestidiocs ftrsm2enc.bin key.bin sm2.pem
公共的 bestidiocs2024 ftrsm2.sig libble_project sm2private_key.der
模板 bitstring.der ftr.sm3 ljpsm2enc.bin sm2private_key.pem
視頻 bitstring.pem ftr.txt main.c sm2publickey.pem
圖片 build hello new_project sm2pub.pem
文檔 ce_project hello.c r1.bin snap
下載 ftr2.txt hello.i r2.bin test.bin
音樂 ftr.b64 hello.o rc4_example test.txt
fengtairui@fengtairui-virtual-machine:~$ od -tx1 key.bin
0000000 6a ed bb 76 4f 1c e1 69 c9 74 55 90 38 a8 5f 5d
0000020
fengtairui@fengtairui-virtual-machine:~$ od -tx1 iv.bin
0000000 ef a1 32 68 a1 b6 86 aa 3d 71 74 d4 89 90 06 8c
0000020
fengtairui@fengtairui-virtual-machine:~$ echo -n "ftr" | gmssl sm4_cbc -encrypt -key $(xxd -p -c 32 key.bin) -iv $(xxd -p -c 32 iv.bin) -out ftrsm4.cbc
fengtairui@fengtairui-virtual-machine:~$ gmssl sm4_cbc -decrypt -key $(xxd -p -c 32 key.bin) -iv $(xxd -p -c 32 iv.bin) -in ftrsm4.cbc
ftr
fengtairui@fengtairui-virtual-machine:~$ KEY=$(xxd -p -c 32 key.bin)
fengtairui@fengtairui-virtual-machine:~$ echo $KEY
6aedbb764f1ce169c974559038a85f5d
fengtairui@fengtairui-virtual-machine:~$ IV=$(xxd -p -c 32 iv.bin)
fengtairui@fengtairui-virtual-machine:~$ echo $IV
efa13268a1b686aa3d7174d48990068c
fengtairui@fengtairui-virtual-machine:~$ echo -n "ftr" | gmssl sm4_cbc -encrypt -key $KEY -iv $IV -out ftrsm4.cbc2
fengtairui@fengtairui-virtual-machine:~$ gmssl sm4_cbc -decrypt -key $KEY -iv $IV -in ftrsm4.cbc2
ftr
fengtairui@fengtairui-virtual-machine:~$ diff ftrsm4.cbc ftrsm4.cbc2
fengtairui@fengtairui-virtual-machine:~$ gmssl sm4_cbc -encrypt -key $(xxd -p -c 32 key.bin) -iv $(xxd -p -c 32 iv.bin) -in ftr.txt -out ftrsm4.cbc3
fengtairui@fengtairui-virtual-machine:~$ gmssl sm4_cbc -decrypt -key $(xxd -p -c 32 key.bin) -iv $(xxd -p -c 32 iv.bin) -in ftrsm4.cbc3
ftrfengtairui@fengtairui-virtual-machine:~$ diff ftrsm4.cbc ftrsm4.cbc3
產生的文件提交至Git
fengtairui@fengtairui-virtual-machine:~$ git add ftrsm4.cbc ftrsm4.cbc3 ftrsm4.cbc2 iv.bin key.bin
fengtairui@fengtairui-virtual-machine:~$ git commit -m "SM4"
[master d19171d] SM4
5 files changed, 5 insertions(+)
create mode 100644 ftrsm4.cbc
create mode 100644 ftrsm4.cbc2
create mode 100644 ftrsm4.cbc3
create mode 100644 iv.bin
create mode 100644 key.bin
fengtairui@fengtairui-virtual-machine:~$ git log
commit d19171d67d5f269be97298eaeadcfffafe782f09 (HEAD -> master)
Author: fengtairui <1978274655@qq.com>
Date: Sun Oct 13 16:06:53 2024 +0800
SM4
SM2
sm2 -help
fengtairui@fengtairui-virtual-machine:~$ gmssl sm2keygen -help
usage: gmssl sm2keygen -pass str [-out pem] [-pubout pem]
Options
-pass pass Password to encrypt the private key
-out pem Output password-encrypted PKCS #8 private key in PEM format
-pubout pem Output public key in PEM format
Examples
$ gmssl sm2keygen -pass P@ssw0rd -out sm2.pem
$ gmssl sm2keygen -pass P@ssw0rd -out sm2.pem -pubout sm2pub.pem
SM2
fengtairui@fengtairui-virtual-machine:~$ gmssl sm2keygen -pass 1234 -out sm2.pem -pubout sm2pub.pem
fengtairui@fengtairui-virtual-machine:~$ cat sm2.pem
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIBBjBhBgkqhkiG9w0BBQ0wVDA0BgkqhkiG9w0BBQwwJwQQoMAlljJ6Fpvn49pS
9lUEQwIDAQAAAgEQMAsGCSqBHM9VAYMRAjAcBggqgRzPVQFoAgQQak2YPv4HDNfq
BwiToF3CiwSBoG1YQCtI7c/fIJawN9XPPdH7L3rWcHcwWJVY4Mm8G0gMQD624Hpa
lQCCIYtZsDrP016A93JUbEf6Bjai8q8JoXJatqzWDzCBBELvWMQ5F1M+K15hEhoK
26FhRoe4+o06sZ200T3SHb74knndsUzFpNVcPhe73liBVQQ69TY61M/OM+JVygTx
9g9tyHRZYAiSlLRivqv3xfNMc6WWientfnw=
-----END ENCRYPTED PRIVATE KEY-----
fengtairui@fengtairui-virtual-machine:~$ cat sm2pub.pem
-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEwvsmpli3nxn9WRySUD0OabkJjj/X
ApddpRzgO0gtx0EdJa/ppDatOdW+TU+Me2wSKEe/FYijDMbSiJR0TkjPdg==
-----END PUBLIC KEY-----
fengtairui@fengtairui-virtual-machine:~$ echo ftr | gmssl sm2sign -key sm2.pem -pass 1234 -out sm2.sig #-id 1234567812345678
fengtairui@fengtairui-virtual-machine:~$ od -tx1 sm2.sig
0000000 30 45 02 21 00 a3 e9 d8 37 35 40 9c 0b 3e 08 2a
0000020 0b 45 c0 4f 08 81 18 a6 60 a3 84 b7 a9 7b 81 29
0000040 8c e8 67 e2 10 02 20 2f ac d8 d5 38 8b 7e c7 44
0000060 3b 57 6d 82 4c 0a e0 2b e5 5d 66 cb 88 00 ab 96
0000100 22 8e d3 bf c7 9d 0d
0000107
fengtairui@fengtairui-virtual-machine:~$ echo ftr | gmssl sm2verify -pubkey sm2pub.pem -sig sm2.sig -id 1234567812345678
verify : success
fengtairui@fengtairui-virtual-machine:~$ echo ftr | gmssl sm2encrypt -pubkey sm2pub.pem -out sm2.der
fengtairui@fengtairui-virtual-machine:~$ od -tx1 sm2.der
0000000 30 6c 02 20 03 46 1f 2e 32 6f 86 a2 fa b7 5b e8
0000020 cf 2d a1 b3 31 8a be e2 a6 bc 6d 5f 46 62 9e fa
0000040 5a c9 08 7e 02 20 7f 2b 70 9f aa b8 2c e9 f7 ba
0000060 e3 e3 86 23 f8 1e 3d 38 6f 64 6c 8e 25 32 a1 79
0000100 93 c2 66 ba 73 38 04 20 27 14 88 b8 48 19 90 35
0000120 a9 e2 52 63 be a3 37 2c a2 97 bb f4 8b 80 ab 05
0000140 6e a1 06 82 cd 57 91 06 04 04 8d 58 90 bc
0000156
fengtairui@fengtairui-virtual-machine:~$ gmssl sm2decrypt -key sm2.pem -pass 1234 -in sm2.der
ftr
產生的文件提交至Git
fengtairui@fengtairui-virtual-machine:~$ git add sm2.pem sm2.der sm2pub.pem sm2.der sm2.sig sm2.pem
fengtairui@fengtairui-virtual-machine:~$ git commit -m "SM2"
[master 8567abd] SM2
4 files changed, 11 insertions(+), 10 deletions(-)
create mode 100644 sm2.der
rewrite sm2.pem (81%)
create mode 100644 sm2.sig
fengtairui@fengtairui-virtual-machine:~$ git log
commit 8567abd3d89a0e7fff27e9117201ceff35d7937e (HEAD -> master)
Author: fengtairui <1978274655@qq.com>
Date: Sun Oct 13 16:16:26 2024 +0800
SM2
使用OpenSSL命令實現帶簽名的數字信封協議
生成公私鑰對
生成公私鑰對
20221320fengtairui和20221328msm需要生成自己的公私鑰對。這里我們使用SM2算法,這是一種橢圓曲線加密算法。
fengtairui@fengtairui-virtual-machine:~$ openssl ecparam -name sm2 -genkey -out 20221320fengtairui_sk.pem
fengtairui@fengtairui-virtual-machine:~$ openssl ec -in 20221320fengtairui_sk.pem -pubout -out 20221320fengtairui_pk.pem
read EC key
writing EC key
產生的文件提交至Git并上傳至Gitee
fengtairui@fengtairui-virtual-machine:~$ git add 20221320fengtairui_pk.pem 20221320fengtairui_sk.pem
fengtairui@fengtairui-virtual-machine:~$ git commit -m "Generate public and private key pairs for 20221320fengtairui"
[master d80c29f] Generate public and private key pairs for Alice
2 files changed, 12 insertions(+)
create mode 100644 20221320fengtairui_pk.pem
create mode 100644 20221320fengtairui_sk.pem
fengtairui@fengtairui-virtual-machine:~$ git push -u origin master
Username for 'https://gitee.com': 13696447027
Password for 'https://13696447027@gitee.com':
枚舉對象中: 5, 完成.
對象計數中: 100% (5/5), 完成.
使用 8 個線程進行壓縮
壓縮對象中: 100% (4/4), 完成.
寫入對象中: 100% (4/4), 734 字節 | 734.00 KiB/s, 完成.
總共 4(差異 1),復用 0(差異 0),包復用 0
remote: Powered by GITEE.COM [1.1.5]
remote: Set trace flag 554d5e8c
To https://gitee.com/feng-tairui/information-security-design.git
04700d0..d80c29f master -> master
Branch 'master' set up to track remote branch 'master' from 'origin'.
fengtairui@fengtairui-virtual-machine:~$ git log
commit d80c29f9b44f27423090add8d679016d4d594883 (HEAD -> master, origin/master)
Author: fengtairui <1978274655@qq.com>
Date: Sun Oct 13 19:21:50 2024 +0800
Generate public and private key pairs for 20221320fengtairui
生成隨機密鑰
生成隨機密鑰
20221320fengtairui使用openssl rand命令生成16字節的隨機密鑰k。
fengtairui@fengtairui-virtual-machine:~$ openssl rand 16 > 20221320fengtairui.bin
fengtairui@fengtairui-virtual-machine:~$ cat 20221320fengtairui.bin | xxd -p
5ce3001c6efec2daf19cb709477bf7bc
產生的文件提交至Git
fengtairui@fengtairui-virtual-machine:~$ git add 20221320fengtairui.bin
fengtairui@fengtairui-virtual-machine:~$ git commit -m "20221320fengtairui random"
[master 7abf167] 20221320fengtairui random
1 file changed, 0 insertions(+), 0 deletions(-)
create mode 100644 20221320fengtairui.bin
fengtairui@fengtairui-virtual-machine:~$ git log
commit 7abf167e393b3e428d43259ee99040ef81d0f210 (HEAD -> master)
Author: fengtairui <1978274655@qq.com>
Date: Sun Oct 13 19:34:58 2024 +0800
20221320fengtairui random
加密明文
加密明文
fengtairui@fengtairui-virtual-machine:~$ openssl sm4-cbc -K "5ce3001c6efec2daf19cb709477bf7bc" -iv "da80e405a4998c351b0717093cbe86ab" -in plain.txt -out plain.enc
產生的文件提交至Git
fengtairui@fengtairui-virtual-machine:~$ git add plain.enc
fengtairui@fengtairui-virtual-machine:~$ git commit -m "Encrypted plaintext"
[master 0c951d0] Encrypted plaintext
1 file changed, 1 insertion(+)
create mode 100644 plain.enc
fengtairui@fengtairui-virtual-machine:~$ git log
commit 0c951d02e996d17ad512ef4d76cbba51c155df37 (HEAD -> master)
Author: fengtairui <1978274655@qq.com>
Date: Sun Oct 13 19:44:28 2024 +0800
Encrypted plaintext
加密隨機密鑰
加密隨機密鑰
fengtairui@fengtairui-virtual-machine:~$ openssl pkeyutl -encrypt -pubin -inkey 20221328msmpublic_key.pem -in 20221320fengtairui.bin -out 20221320fengtairui_enc.bin
產生的文件提交至Git
fengtairui@fengtairui-virtual-machine:~$ git add 20221320fengtairui_enc.bin
fengtairui@fengtairui-virtual-machine:~$ git commit -m "Cryptographic random key"
[master 2abb203] Cryptographic random key
1 file changed, 0 insertions(+), 0 deletions(-)
create mode 100644 20221320fengtairui_enc.bin
fengtairui@fengtairui-virtual-machine:~$ git log
commit 2abb20371dea1191fb8c76ab437d992707294b9a (HEAD -> master)
Author: fengtairui <1978274655@qq.com>
Date: Sun Oct 13 19:55:34 2024 +0800
Cryptographic random key
簽名加密后的隨機密鑰
簽名加密后的隨機密鑰
fengtairui@fengtairui-virtual-machine:~$ openssl pkeyutl -encrypt -inkey 20221320fengtairui_sk.pem -in plain.enc -out plain_enc.bin
產生的文件提交至Git
fengtairui@fengtairui-virtual-machine:~$ git add plain_enc.bin
fengtairui@fengtairui-virtual-machine:~$ git commit -m "Signed and encrypted random key"
[master 4bcad44] Signed and encrypted random key
1 file changed, 0 insertions(+), 0 deletions(-)
create mode 100644 plain_enc.bin
fengtairui@fengtairui-virtual-machine:~$ git log
commit 4bcad4454580f648baf9564a7c96695120fccf39 (HEAD -> master)
Author: fengtairui <1978274655@qq.com>
Date: Sun Oct 13 20:06:21 2024 +0800
Signed and encrypted random key
發送數字信封
發送數字信封
20221320fengtairui將加密后的明文、加密后的隨機密鑰和簽名組合在一起,發送給2022138msm
fengtairui@fengtairui-virtual-machine:~$ cat plain.enc 20221320fengtairui_enc.bin plain_enc.bin > 20221320fengtaitui_envelope.bin
產生的文件提交至Git并上傳至Gitee
fengtairui@fengtairui-virtual-machine:~$ git add 20221320fengtaitui_envelope.binfengtairui@fengtairui-virtual-machine:~$ git commit -m "20221320fengtairui Digital envelope"
[master bf33ce0] 20221320fengtairui Digital envelope
1 file changed, 0 insertions(+), 0 deletions(-)
create mode 100644 20221320fengtaitui_envelope.bin
fengtairui@fengtairui-virtual-machine:~$ git log
commit bf33ce0ff7aa476099bc7e348a8519722f0975c7 (HEAD -> master)
Author: fengtairui <1978274655@qq.com>
Date: Sun Oct 13 20:13:46 2024 +0800
20221320fengtairui Digital envelope
fengtairui@fengtairui-virtual-machine:~$ git push -u origin master
Username for 'https://gitee.com': 13696447027
Password for 'https://13696447027@gitee.com':
枚舉對象中: 16, 完成.
對象計數中: 100% (16/16), 完成.
使用 8 個線程進行壓縮
壓縮對象中: 100% (13/13), 完成.
寫入對象中: 100% (15/15), 1.53 KiB | 782.00 KiB/s, 完成.
總共 15(差異 7),復用 0(差異 0),包復用 0
remote: Powered by GITEE.COM [1.1.5]
remote: Set trace flag 244851b5
To https://gitee.com/feng-tairui/information-security-design.git
d80c29f..bf33ce0 master -> master
Branch 'master' set up to track remote branch 'master' from 'origin'.
驗證簽名
20221328msm驗證簽名
liudaotongming@LAPTOP-J23VPJPH:~/information-security-design$ openssl sm3 -verify 20221320fengtairui_pk.pem -sig
nature plain_enc.sig plain.enc
Verified OK
解密隨機密鑰
liudaotongming@LAPTOP-J23VPJPH:~/information-security-design$ openssl pkeyutl -decrypt -inkey 20221328馬申明private_key.pem -in 20221320fengtairui_enc.bin -out rand.txt
liudaotongming@LAPTOP-J23VPJPH:~/information-security-design$ cat rand.txt
5ce3001c6efec2daf19cb709477bf7bc
解密明文
liudaotongming@LAPTOP-J23VPJPH:~/information-security-design$ openssl sm4-cbc -d -K "5ce3001c6efec2daf19cb709477bf7bc" -iv "da80e405a4998c351b0717093cbe86ab" -in plain.enc -out plain.txt
liudaotongming@LAPTOP-J23VPJPH:~/information-security-design$ cat plain.txt
20221320fengtairui
使用GMSSL命令實現帶簽名的數字信封協議
生成公私鑰對
生成公私鑰對
20221320fengtairui和20221328msm需要生成自己的公私鑰對。這里我們使用SM2算法,這是一種橢圓曲線加密算法。
engtairui@fengtairui-virtual-machine:~$ gmssl sm2keygen -pass 1234 -out 20221320fengtairui_sk.pem -pubout 20221320fengtairui_pub.pem
fengtairui@fengtairui-virtual-machine:~$ cat 20221320fengtairui_sk.pem
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIBBjBhBgkqhkiG9w0BBQ0wVDA0BgkqhkiG9w0BBQwwJwQQPs3JOiZd/BhxcLRG
JQXy5wIDAQAAAgEQMAsGCSqBHM9VAYMRAjAcBggqgRzPVQFoAgQQ6QQpAdcSl43D
2tDp8K5llwSBoBPmG6HbCgM8LuLFFB/VRrw94OPIlJ/4IeP8FFb34O101TALu9L/
mv9rE63gvUX3Ni6lL/MYTbr0wWYrNcR3gnJoK2huRbWOoydf5noD3T3DSD5I4J7M
IT323QoO5kefMVkQ6QiWNEZ42IFHh7MlNVOQ7z6uqnZCUuqC7zyS6EN8N2KhX8QV
MQ1MPLGPGKkC5UiGBLEp9KaOmIF55PIOPRs=
-----END ENCRYPTED PRIVATE KEY-----
fengtairui@fengtairui-virtual-machine:~$ cat 20221320fengtairui_pub.pem
-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEPzTwEaRt3/axN5PgOufdnOAxSgIo
X9QYDFTChWT4uNWrllX5xoTVEfoQo1HP1OmsT5KYqCYn/puBiklk7rt2gw==
-----END PUBLIC KEY-----
產生的文件提交至Git并上傳至Gitee
fengtairui@fengtairui-virtual-machine:~$ git add 20221320fengtairui_sk.pem 20221320fengtairui_pub.pem
fengtairui@fengtairui-virtual-machine:~$ git commit -m "Generate a public and private key pair for 20221320fengtairui"
[master cb27ca6] Generate a public and private key pair for 20221320fengtairui
2 files changed, 12 insertions(+), 8 deletions(-)
create mode 100644 20221320fengtairui_pub.pem
rewrite 20221320fengtairui_sk.pem (99%)
fengtairui@fengtairui-virtual-machine:~$ git push -u origin master
Username for 'https://gitee.com': 13696447027
Password for 'https://13696447027@gitee.com':
枚舉對象中: 6, 完成.
對象計數中: 100% (6/6), 完成.
使用 8 個線程進行壓縮
壓縮對象中: 100% (4/4), 完成.
寫入對象中: 100% (4/4), 830 字節 | 830.00 KiB/s, 完成.
總共 4(差異 1),復用 0(差異 0),包復用 0
remote: Powered by GITEE.COM [1.1.5]
remote: Set trace flag e945f1b3
To https://gitee.com/feng-tairui/information-security-design.git
5f93510..cb27ca6 master -> master
Branch 'master' set up to track remote branch 'master' from 'origin'.
加密明文
liudaotongming@LAPTOP-J23VPJPH:~$ gmssl sm4_cbc -encrypt -key $(xxd -p -c 32 20221328msmkey.bin) -iv $(xxd -p -c
32 20221328msmiv.bin) -in 20221328msmplain.txt -out 20221328msmsm4.cbc3
加密隨機密鑰
liudaotongming@LAPTOP-J23VPJPH:~$ gmssl sm2encrypt -pubkey 20221320fengtairui_pub.pem -in 20221328msmkey.bin -out 20221328msmkey.der
liudaotongming@LAPTOP-J23VPJPH:~$ gmssl sm2encrypt -pubkey 20221320fengtairui_pub.pem -in 20221328msmiv.bin -out
20221328msmiv.der
簽名加密后的隨機密鑰
liudaotongming@LAPTOP-J23VPJPH:~$ gmssl sm2sign -key sm2.pem -pass 1234 -in 20221328msmsm4.cbc3 -out 20221328msm
S1.bin
驗證簽名
fengtairui@fengtairui-virtual-machine:~/20221328msm$ gmssl sm2verify -pubkey 20221328msmsm2pub.pem -in 20221328msmsm4.cbc3 -sig 20221328msmS1.bin
verify : success
解密隨機密鑰
fengtairui@fengtairui-virtual-machine:~$ gmssl sm2decrypt -key 20221320fengtairui_sk.pem -pass 1234 -in 20221328msmkey.der -out 20221320fengtairui.bin
fengtairui@fengtairui-virtual-machine:~$ gmssl sm2decrypt -key 20221320fengtairui_sk.pem -pass 1234 -in 20221328msmiv.der -out 20221320fengtairui2.bin
解密明文
fengtairui@fengtairui-virtual-machine:~$ gmssl sm4_cbc -decrypt -key $(xxd -p -c 32 20221320fengtairui.bin) -iv $(xxd -p -c 32 20221320fengtairui2.bin) -in 20221328msmsm4.cbc3
20221328馬申明
