GmSSL-3.0.0国密支持的验证笔记

2023-10-05 15:57:07

GmSSL-3.0.0国密支持的验证笔记

github上直接下源码编译

github上的tag只有3.0.0和3.1.1两个版本

GmSSL-3.1.1

ubuntu18.04上直接编译报错,放弃了。

GMSSL-3.0.0

cmake直接编译,没有问题

测试1:CA证书生成与签发证书

第一步,生成CA密钥

# root @ ubuntu in /opt/GmSSL-3.0.0/bin [5:54:26] 
$ ../bin/gmssl version
GmSSL 3.0.0# root @ ubuntu in /opt/GmSSL-3.0.0/test [5:55:46] C:130
$ ../bin/gmssl sm2keygen -pass 1234 -out rootcakey.pem
-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEEVtfgydCmbg0DqHI5l9E19PFyBy0
4FEsQ45YbmsYCLRRj2KiFHG2K9XSA1zlFJ3ayfVR4p3L1xFtv7LcgCTqXg==
-----END PUBLIC KEY-----

第二步,生成CA证书

# root @ ubuntu in /opt/GmSSL-3.0.0/test [5:56:14] 
$ ../bin/gmssl certgen -C CN -ST HeNan -L ZhengZhou -O JL -OU HW -CN ROOTCA -days 3650 -key rootcakey.pem -pass 1234 -out rootcacert.pem -key_usage keyCertSign -key_usage cRLSign# root @ ubuntu in /opt/GmSSL-3.0.0/test [5:57:28] 
$ ../bin/gmssl certparse -in rootcacert.pem
CertificatetbsCertificateversion: v3 (2)serialNumber: 39916719DA11E3ED72623D9Bsiganture: sm2sign-with-sm3issuercountryName: CNstateOrProvinceName: HeNanlocalityName: ZhengZhouorganizationName: JLorganizationalUnitName: HWcommonName: ROOTCAvaliditynotBefore: Tue Aug  1 05:57:24 2023notAfter: Fri Jul 29 05:57:24 2033subjectcountryName: CNstateOrProvinceName: HeNanlocalityName: ZhengZhouorganizationName: JLorganizationalUnitName: HWcommonName: ROOTCAsubjectPulbicKeyInfoalgorithmalgorithm: ecPublicKeynamedCurve: sm2p256v1subjectPublicKeyECPoint: 04115B5F83274299B8340EA1C8E65F44D7D3C5C81CB4E0512C438E586E6B1808B4518F62A21471B62BD5D2035CE5149DDAC9F551E29DCBD7116DBFB2DC8024EA5EextensionsExtensionextnID: KeyUsage (2.5.29.15)critical: trueKeyUsage: keyCertSign,cRLSignExtensionextnID: BasicConstraints (2.5.29.19)critical: trueBasicConstraintscA: trueExtensionextnID: AuthorityKeyIdentifier (2.5.29.35)AuthorityKeyIdentifierkeyIdentifier: 3A7F99EF48DCB5D9FAB383BE1D2D769B23E40BB8310B7D82CD1A1172A27C0052signatureAlgorithm: sm2sign-with-sm3signatureValue: 3045022009695034ED4A2D277DF32B094E3B70E23766DAAB3D20E0CD509F6CD85B3D4FA4022100A906ACB14B40ACC6FB9214680A839FD2E157AF0D00858856FE7285B53FA8B014
-----BEGIN CERTIFICATE-----
MIICBjCCAaqgAwIBAgIMOZFnGdoR4+1yYj2bMAwGCCqBHM9VAYN1BQAwXDELMAkG
A1UEBhMCQ04xDjAMBgNVBAgTBUhlTmFuMRIwEAYDVQQHEwlaaGVuZ1pob3UxCzAJ
BgNVBAoTAkpMMQswCQYDVQQLEwJIVzEPMA0GA1UEAxMGUk9PVENBMB4XDTIzMDgw
MTA1NTcyNFoXDTMzMDcyOTA1NTcyNFowXDELMAkGA1UEBhMCQ04xDjAMBgNVBAgT
BUhlTmFuMRIwEAYDVQQHEwlaaGVuZ1pob3UxCzAJBgNVBAoTAkpMMQswCQYDVQQL
EwJIVzEPMA0GA1UEAxMGUk9PVENBMFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAE
EVtfgydCmbg0DqHI5l9E19PFyBy04FEsQ45YbmsYCLRRj2KiFHG2K9XSA1zlFJ3a
yfVR4p3L1xFtv7LcgCTqXqNQME4wDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQF
MAMBAf8wKwYDVR0jBCQwIoAgOn+Z70jctdn6s4O+HS12myPkC7gxC32CzRoRcqJ8
AFIwDAYIKoEcz1UBg3UFAANIADBFAiAJaVA07UotJ33zKwlOO3DiN2baqz0g4M1Q
n2zYWz1PpAIhAKkGrLFLQKzG+5IUaAqDn9LhV68NAIWIVv5yhbU/qLAU
-----END CERTIFICATE-----

第三步,给证书请求文件签发证书

# root @ ubuntu in /opt/GmSSL-3.0.0/test [7:43:43] C:1
$ ../bin/gmssl reqparse -in gbs_req_cert_a77d169.pem 
CertificationRequestcertificationRequestInfoversion: v1 (0)subjectcountryName: CNstateOrProvinceName: HNlocalityName: ZZorganizationName: JLorganizationalUnitName: LiveGBScommonName: 34020000002000000001serialNumber: a77d1691d30cdc6eec2e9fb0acd4a4f4subjectPublicKeyInfoalgorithmalgorithm: ecPublicKeynamedCurve: sm2p256v1subjectPublicKeyECPoint: 0401283C5026D1730DE4DBF81462BB1A7439FCB4C59A9B826E111A4C597DFB97318D8C7D9BCBA93536F14153CF3141A791BFEFA9C95D7D6338624670A62E9D7612attributesAttributetype: (unknown) (1.2.840.113549.1.9.14)values: 301E301C0603551D11041530138111796A6B68746464784073696E612E636F6DsignatureAlgorithmalgorithm: sm2sign-with-sm3signature: : 30460221008FF14C5E568A8BB8D5B29D0B05A472EC916701D084B0306ABAC110F0B2BA128D022100BD01A7FE0335BAAD2F358DF8FEB11E1E7EF75B4EF3AA22D30A2E7905F217E359
-----BEGIN CERTIFICATE REQUEST-----
MIIBfTCCASICAQAwgZAxCzAJBgNVBAYTAkNOMQswCQYDVQQIEwJITjELMAkGA1UE
BxMCWloxCzAJBgNVBAoTAkpMMRAwDgYDVQQLEwdMaXZlR0JTMR0wGwYDVQQDExQz
NDAyMDAwMDAwMjAwMDAwMDAwMTEpMCcGA1UEBRMgYTc3ZDE2OTFkMzBjZGM2ZWVj
MmU5ZmIwYWNkNGE0ZjQwWTATBgcqhkjOPQIBBggqgRzPVQGCLQNCAAQBKDxQJtFz
DeTb+BRiuxp0Ofy0xZqbgm4RGkxZffuXMY2MfZvLqTU28UFTzzFBp5G/76nJXX1j
OGJGcKYunXYSoC8wLQYJKoZIhvcNAQkOMSAwHjAcBgNVHREEFTATgRF5amtodGRk
eEBzaW5hLmNvbTAKBggqgRzPVQGDdQNJADBGAiEAj/FMXlaKi7jVsp0LBaRy7JFn
AdCEsDBqusEQ8LK6Eo0CIQC9Aaf+AzW6rS81jfj+sR4efvdbTvOqItMKLnkF8hfj
WQ==
-----END CERTIFICATE REQUEST-----# root @ ubuntu in /opt/GmSSL-3.0.0/test [5:58:45] 
$ ../bin/gmssl reqsign -in gbs_req_cert_a77d169.pem -days 365 -key_usage keyCertSign -path_len_constraint 0 -cacert rootcacert.pem -key rootcakey.pem -pass 1234 -out gbs_cert.pem    # root @ ubuntu in /opt/GmSSL-3.0.0/test [6:00:14] C:127
$ ../bin.gmssl certparse -in gbs_cert.pem
zsh: no such file or directory: ../bin.gmssl# root @ ubuntu in /opt/GmSSL-3.0.0/test [6:00:24] C:127
$ ../bin/gmssl certparse -in gbs_cert.pem
CertificatetbsCertificateversion: v3 (2)serialNumber: D8646727FE6BB7048619C1D5siganture: sm2sign-with-sm3issuercountryName: CNstateOrProvinceName: HeNanlocalityName: ZhengZhouorganizationName: JLorganizationalUnitName: HWcommonName: ROOTCAvaliditynotBefore: Tue Aug  1 05:59:57 2023notAfter: Wed Jul 31 05:59:57 2024subjectcountryName: CNstateOrProvinceName: HNlocalityName: ZZorganizationName: JLorganizationalUnitName: LiveGBScommonName: 34020000002000000001serialNumber: a77d1691d30cdc6eec2e9fb0acd4a4f4subjectPulbicKeyInfoalgorithmalgorithm: ecPublicKeynamedCurve: sm2p256v1subjectPublicKeyECPoint: 0401283C5026D1730DE4DBF81462BB1A7439FCB4C59A9B826E111A4C597DFB97318D8C7D9BCBA93536F14153CF3141A791BFEFA9C95D7D6338624670A62E9D7612extensionsExtensionextnID: KeyUsage (2.5.29.15)critical: trueKeyUsage: keyCertSignExtensionextnID: BasicConstraints (2.5.29.19)critical: trueBasicConstraintscA: truepathLenConstraint: 0ExtensionextnID: AuthorityKeyIdentifier (2.5.29.35)AuthorityKeyIdentifierkeyIdentifier: 3A7F99EF48DCB5D9FAB383BE1D2D769B23E40BB8310B7D82CD1A1172A27C0052signatureAlgorithm: sm2sign-with-sm3signatureValue: 30440220764BDE97CE2569800D352303587EB888A26C16B61FA6764EA38E1700ADA43577022057F4C7DF30738B4FE0045DB2EEFFD19813109A3BCF8FF654E37D900BE4F5AB2A
-----BEGIN CERTIFICATE-----
MIICPjCCAeOgAwIBAgINANhkZyf+a7cEhhnB1TAMBggqgRzPVQGDdQUAMFwxCzAJ
BgNVBAYTAkNOMQ4wDAYDVQQIEwVIZU5hbjESMBAGA1UEBxMJWmhlbmdaaG91MQsw
CQYDVQQKEwJKTDELMAkGA1UECxMCSFcxDzANBgNVBAMTBlJPT1RDQTAeFw0yMzA4
MDEwNTU5NTdaFw0yNDA3MzEwNTU5NTdaMIGQMQswCQYDVQQGEwJDTjELMAkGA1UE
CBMCSE4xCzAJBgNVBAcTAlpaMQswCQYDVQQKEwJKTDEQMA4GA1UECxMHTGl2ZUdC
UzEdMBsGA1UEAxMUMzQwMjAwMDAwMDIwMDAwMDAwMDExKTAnBgNVBAUTIGE3N2Qx
NjkxZDMwY2RjNmVlYzJlOWZiMGFjZDRhNGY0MFkwEwYHKoZIzj0CAQYIKoEcz1UB
gi0DQgAEASg8UCbRcw3k2/gUYrsadDn8tMWam4JuERpMWX37lzGNjH2by6k1NvFB
U88xQaeRv++pyV19YzhiRnCmLp12EqNTMFEwDgYDVR0PAQH/BAQDAgIEMBIGA1Ud
EwEB/wQIMAYBAf8CAQAwKwYDVR0jBCQwIoAgOn+Z70jctdn6s4O+HS12myPkC7gx
C32CzRoRcqJ8AFIwDAYIKoEcz1UBg3UFAANHADBEAiB2S96XziVpgA01IwNYfriI
omwWth+mdk6jjhcAraQ1dwIgV/TH3zBzi0/gBF2y7v/RmBMQmjvPj/ZU432QC+T1
qyo=
-----END CERTIFICATE-----

CA根证书生成和签发证书流程异常顺利

测试2:设备证书请求和签发验证

第一步,生成设备密钥

# root @ ubuntu in /opt/GmSSL-3.0.0/test [6:32:30] 
$ ../bin/gmssl sm2keygen -pass 1234 -out devicekey.pem
-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEsHPsIaOwTtOKhX/ynbCbcgO7dYZk
1q1MyJPtkONdcJG+xrYhBdwj/pmWxZPqBWUNcbr7BRYBhCWOOm/89gK+UQ==
-----END PUBLIC KEY-----

第二步,生成证书请求文件

# root @ ubuntu in /opt/GmSSL-3.0.0/test [7:36:13] C:1
$ ../bin/gmssl reqgen -C CN -ST HeNan -L ZhengZhou -O JL -OU HW -CN 410102001120070000001 -days 365 -key devicekey.pem -pass 1234 -out devicereq.pem# root @ ubuntu in /opt/GmSSL-3.0.0/test [7:37:44] 
$ ../bin/gmssl reqparse -in devicereq.pem
CertificationRequestcertificationRequestInfoversion: v1 (0)subjectcountryName: CNstateOrProvinceName: HeNanlocalityName: ZhengZhouorganizationName: JLorganizationalUnitName: HWcommonName: 410102001120070000001subjectPublicKeyInfoalgorithmalgorithm: ecPublicKeynamedCurve: sm2p256v1subjectPublicKeyECPoint: 04B073EC21A3B04ED38A857FF29DB09B7203BB758664D6AD4CC893ED90E35D7091BEC6B62105DC23FE9996C593EA05650D71BAFB05160184258E3A6FFCF602BE51signatureAlgorithmalgorithm: sm2sign-with-sm3parameters: NULLsignature: : 3044022004800C1D57E11F65CA240ADE9904238A0AA084AEF6A7108A3F94F7CB60F0BFBC0220339A744AA4D78AE3B362BF79F8F5851105AB1B1A8CB9509297A32D82CA94F6FC
-----BEGIN CERTIFICATE REQUEST-----
MIIBJTCBywIBADBrMQswCQYDVQQGEwJDTjEOMAwGA1UECBMFSGVOYW4xEjAQBgNV
BAcTCVpoZW5nWmhvdTELMAkGA1UEChMCSkwxCzAJBgNVBAsTAkhXMR4wHAYDVQQD
ExU0MTAxMDIwMDExMjAwNzAwMDAwMDEwWTATBgcqhkjOPQIBBggqgRzPVQGCLQNC
AASwc+who7BO04qFf/KdsJtyA7t1hmTWrUzIk+2Q411wkb7GtiEF3CP+mZbFk+oF
ZQ1xuvsFFgGEJY46b/z2Ar5RMAwGCCqBHM9VAYN1BQADRwAwRAIgBIAMHVfhH2XK
JAremQQjigqghK72pxCKP5T3y2Dwv7wCIDOadEqk14rjs2K/efj1hREFqxsajLlQ
kpejLYLKlPb8
-----END CERTIFICATE REQUEST-----

第三步,请求文件签发





本文来自互联网用户投稿,文章观点仅代表作者本人,不代表本站立场,不承担相关法律责任。如若转载,请注明出处。 如若内容造成侵权/违法违规/事实不符,请点击【内容举报】进行投诉反馈!

相关文章

Duilib中list控件支持ctrl和shif多行选中的实现

[ICML2015]Batch Normalization:Accelerating Deep Network Training by Reducing Internal Covariate Shif

win10系统 微软输入法 于eclipse ctrl+shif+f冲突间接处理办法

Codeforces Round #259 (Div. 2) B. Little Pony and Sort by Shif

读LDD3,内存映射与DMA--PAGE_SHIF…

VMware虚拟机安装XP【要先分区,再设置BOOT 启动CD,shif+上移】

更换iBus五笔的左与右Shif

sublime ctrl+shif+f 没用解决办法

idea 对 ctrl + z 的撤销 是 ctrl + shif + z

计算机最早的设计师应用于,计算机应用基础选择题doc.doc

win10自带截图神器:Win+Shift+S

Python基础之文件目录操作

python简述目录_Python基础之文件目录操作(示例代码)

tp5 如何做数据采集

任务2-7(服务器字体+阿里巴巴矢量库)

html标签(1):h1~h6,p,br,pre,hr

TI 电量计介绍与芯片选型指南

几款TI电源芯片简介

TI DSP芯片C2000系列读取FLASH数据

德州仪器(Ti)平台嵌入式开发基础

TI三相电机智能栅极驱动芯片特点分类

省选模拟(12.08) T3 圈圈圈圈圈圈圈圈

Hadoop生态圈技术栈(上)

大数据开发基础入门与项目实战(三)Hadoop核心及生态圈技术栈之6.Impala交互式查询

小猿圈之Linux下Mysql 操作命令

大数据Hadoop生态圈常用面试题

大数据开发基础入门与项目实战(三)Hadoop核心及生态圈技术栈之4.Hive DDL、DQL和数据操作

备战Noip2018模拟赛11(B组)T3 Monogatari 物语

【智能优化算法-圆圈搜索算法】基于圆圈搜索算法Circle Search Algorithm求解单目标优化问题附matlab代码

NYOJ 78 圈水池

递归问题 跑道 汽车 绕圈问题 Python实现

Hadoop生态圈(三):MapReduce

立即
投稿

微信公众账号

微信扫一扫加关注

 返回
顶部