abc/GmSSL
1
0
Fork 0
mirror of https://github.com/guanzhi/GmSSL.git synced 2026-05-07 08:56:17 +08:00
Code Issues Packages Projects Releases Wiki Activity

Update README.md

Browse Source
This commit is contained in:
Simon
2017-06-16 19:02:08 +08:00
committed by GitHub
parent 2df29598f0
commit 5f4a6c72f0
1 changed files with 84 additions and 52 deletions
Download Patch File Download Diff File Expand all files Collapse all files

136
README.md
View File

@@ -1,33 +1,34 @@
## 关于GmSSL
## About GmSSL
[![Build Status](https://travis-ci.org/guanzhi/GmSSL.svg?branch=master)](https://travis-ci.org/guanzhi/GmSSL)
GmSSL是一个开源的密码工具箱支持SM2/SM3/SM4/SM9等国密(国家商用密码)算法、SM2国密数字证书及基于SM2证书的SSL/TLS安全通信协议支持国密硬件密码设备提供符合国密规范的编程接口与命令行工具可以用于构建PKI/CA、安全通信、数据加密等符合国密标准的安全应用。GmSSL项目是[OpenSSL](https://www.openssl.org)项目的分支并与OpenSSL保持接口兼容。因此GmSSL可以替代应用中的OpenSSL组件并使应用自动具备基于国密的安全能力。GmSSL项目采用对商业应用友好的类BSD开源许可证开源且可以用于闭源的商业应用。GmSSL项目由北京大学[关志](http://infosec.pku.edu.cn/~guanzhi/)副研究员的密码学研究组开发维护,项目源码托管于[GitHub](https://github.com/guanzhi/GmSSL)。自2014年发布以来GmSSL已经在多个项目和产品中获得部署与应用并获得2015年度“一铭杯”中国Linux软件大赛二等奖(年度最高奖项)与[开源中国](https://www.oschina.net/p/GmSSL)密码类推荐项目。GmSSL项目的核心目标是通过开源的密码技术推动国内网络空间安全建设。
GmSSL is an open source cryptographic toolbox that supports SM2 / SM3 / SM4 / SM9 and other national secret (national commercial password) algorithm, SM2 digital certificate and SM2 certificate based on SSL / TLS secure communication protocol to support the national security hardware password device , To provide in line with the national standard programming interface and command line tools, can be used to build PKI / CA, secure communication, data encryption and other standards in line with national security applications. The GmSSL project is a branch of the [OpenSSL](https://www.openssl.org)project and is compatible with OpenSSL. So GmSSL can replace the application of OpenSSL components, and make the application automatically with national security capabilities. The GmSSL project utilizes a business-friendly BSD open source license, open source and can be used for closed source commercial applications. GmSSL project by the Peking University [Guan Zhi](http://infosec.pku.edu.cn/~guanzhi/)deputy researcher of the cryptography research group development and maintenance, the project source code hosted in [GitHub](https://github.com /guanzhi/GmSSL). Since its release in 2014, GmSSL has been deployed and applied in multiple projects and products, and has won the second prize of the "One Cup" China Linux Software Contest in 2015 (the highest award) and [Open Source China](https://www.oschina.net/p/GmSSL) password class recommended items. The core goal of the GmSSL project is to promote the construction of cyberspace security through open source cryptography.
## 最新动态
- 2017年2月15日 原master分支更名为gmssl-v1当前master支代码开始迁移至OpenSSL-1.1.0。
- 2017年2月12日 支持完整的密码库Java语言封装[GmSSL-Java-Wrapper](http://gmssl.org/docs/java-api.html)
- 2017年1月18日 更新了项目主页
- [更多 ...](http://gmssl.org/docs/changelog.html)
- February 15, 2017 rename master to gmssl-v1current master branch migrate to OpenSSL-1.1.0。
- February 12, 2017 Java wrapper support for full crypto library [GmSSL-Java-Wrapper](http://gmssl.org/docs/java-api.html)
- January 18, 2017 Updated the project home page
- [More ...](http://gmssl.org/docs/changelog.html)
## 国密算法
## SM Crypto Algorithm
国密算法是国家商用密码算法的简称。自2012年以来国家密码管理局以《中华人民共和国密码行业标准》的方式陆续公布了SM2/SM3/SM4等密码算法标准及其应用规范。其中“SM”代表“商密”即用于商用的、不涉及国家秘密的密码技术。其中SM2为基于椭圆曲线密码的公钥密码算法标准包含数字签名、密钥交换和公钥加密用于替换RSA/Diffie-Hellman/ECDSA/ECDH等国际算法SM3为密码哈希算法用于替代MD5/SHA-1/SHA-256等国际算法SM4为分组密码用于替代DES/AES等国际算法SM9为基于身份的密码算法可以替代基于数字证书的PKI/CA体系。通过部署国密算法可以降低由弱密码和错误实现带来的安全风险和部署PKI/CA带来的开销。
The secret algorithm is the abbreviation of the national commercial cryptographic algorithm. Since 2012, the National Password Authority to the "People's Republic of China password industry standard" approach, have announced the SM2 / SM3 / SM4 and other cryptographic algorithm standards and application specifications. Which "SM" on behalf of "business secret", that is used for commercial, not involving state secrets of the password technology. SM2 is a public key cryptography algorithm based on elliptic curve cryptography, including digital signature, key exchange and public key encryption. It is used to replace international algorithms such as RSA / Diffie-Hellman / ECDSA / ECDH. SM3 is password hash algorithm, SM4 is a block cipher used to replace DES / AES and other international algorithms. SM9 is an identity-based cryptographic algorithm that can replace PKI / CA based on digital certificate. By deploying the secret algorithm, you can reduce the security risks caused by weak passwords and bug implementations and the overhead of deploying PKI / CA.
## 快速上手
## Quick Start
快速上手指南介绍GmSSL的编译、安装和`gmssl`命令行工具的基本指令。
Quick Start Guide describes the basic instructions for compiling, installing, and `gmssl` command line tools for GmSSL.
1. Download the source code ([zip](https://github.com/guanzhi/GmSSL/archive/master.zip))unzip it to current directory.
1. 下载源代码,解压缩至当前工作目录
```sh
$ tar xzvf gmssl-<version>.tar.gz
```
2. 编译与安装
2. Compile and install
Linux平台(其他平台的安装过程见[编译与安装](http://gmssl.org)
  Linux (Other platform see [Compile and instal](http://gmssl.org))
```sh
$ ./config
@@ -35,14 +36,14 @@ GmSSL是一个开源的密码工具箱支持SM2/SM3/SM4/SM9等国密(国家
$ sudo make install
```
安装之后可以执行`gmssl`命令行工具检查是否成功
After installation, you can execute the `gmssl` command line tool to check for success
```sh
$ gmssl version
GmSSL 1.3.0 - OpenSSL 1.0.2d
```
3. SM4加密文件
3. SM4 encrypt file
```sh
$ gmssl sms4 -e -in <yourfile> -out <yourfile>.sms4
@@ -50,21 +51,21 @@ GmSSL是一个开源的密码工具箱支持SM2/SM3/SM4/SM9等国密(国家
Verifying - enter sms4-cbc encryption password: <your-password>
```
解密
decrypt
```sh
$ gmssl sms4 -d -in <yourfile>.sms4
enter sms4-cbc decryption password: <your-password>
```
4. 生成SM3摘要
4. Generate SM3 digest
```
$ gmssl sm3 <yourfile>
SM3(yourfile)= 66c7f0f462eeedd9d1f2d46bdc10e4e24167c4875cf2f7a2297da02b8f4ba8e0
```
5. 生成SM2密钥并签名
5. Generate SM2 key and sign
```sh
$ gmssl genpkey -algorithm EC -pkeyopt ec_paramgen_curve:sm2p256v1 \
@@ -73,7 +74,7 @@ GmSSL是一个开源的密码工具箱支持SM2/SM3/SM4/SM9等国密(国家
-in <yourfile> -out <yourfile>.sig
```
可以将公钥从`signkey.pem`中导出并发发布给验证签名的一方
You can export the public key from `signkey.pem` to the party that issued the signature
```sh
$ gmssl pkey -pubout -in signkey.pem -out vrfykey.pem
@@ -82,37 +83,68 @@ GmSSL是一个开源的密码工具箱支持SM2/SM3/SM4/SM9等国密(国家
```
## 项目文档
## Project documentation
- 用户手册
* [编译与安装](http://gmssl.org/docs/install.html)
* [命令行工具手册](http://gmssl.org/docs/commands.html)
* [GmSSL EVP API](http://gmssl.org/docs/evp-api.html)
* [GmSSL Java API](http://gmssl.org/docs/java-api.html)
- 密码算法
* [SM1分组密码](http://gmssl.org/docs/sm1.html)
* [SSF33分组密码](http://gmssl.org/docs/ssf33.html)
* [SM2椭圆曲线公钥密码](http://gmssl.org/docs/sm2.html)
* [SM3密码杂凑算法](http://gmssl.org/docs/sm3.html)
* [SM4/SMS4分组密码](http://gmssl.org/docs/sm4.html)
* [SM9基于身份的密码](http://gmssl.org/docs/sm9.html)
* [ZUC序列密码](http://gmssl.org/docs/zuc.html)
* [CPK组合公钥密码](http://gmssl.org/docs/cpk.html)
* [BF-IBE (Boneh-Franklin Identity-Based Encryption)](http://gmssl.org/docs/bfibe.html)
* [BB<sub>1</sub>-IBE (Boneh-Boyen Identity-Based Encryption)](http://gmssl.org/docs/bb1ibe.html)
- 密码硬件
* [密码硬件支持](http://gmssl.org/docs/crypto-devices.html)
* [国密SKF密码硬件](http://gmssl.org/docs/skf.html)
* [国密SDF密码硬件](http://gmssl.org/docs/sdf.html)
* [密钥管理服务](http://gmssl.org/docs/keyservice.html)
- 安全协议
* [SSL/TLS协议](http://gmssl.org/docs/ssl.html)
* [国密SSL VPN协议](http://gmssl.org/docs/sslvpn.html)
* [国密IPSec VPN协议](http://gmssl.org/docs/ipsecvpn.html)
- 开发者
* [GmSSL编码风格 (Coding Style)](http://gmssl.org/docs/gmssl-coding-style.html)
* [开发路线 (Road Map)](http://gmssl.org/docs/roadmap.html)
* [开源许可证 (GmSSL Licenses)](http://gmssl.org/docs/licenses.html)
- 标准与规范
* [中华人民共和国密码行业标准](http://gmssl.org/docs/standards.html)
* [国密算法标识OID](http://gmssl.org/docs/oid.html)
- User manual
   * [Compile and install](http://gmssl.org/docs/install.html)
   * [Command line tool manual](http://gmssl.org/docs/commands.html)
   * [GmSSL EVP API](http://gmssl.org/docs/evp-api.html)
   * [GmSSL Java API](http://gmssl.org/docs/java-api.html)
- Password algorithm
   * [SM1 group password](http://gmssl.org/docs/sm1.html)
   * [SSF33 group password](http://gmssl.org/docs/ssf33.html)
   * [SM2 elliptic curve public key password](http://gmssl.org/docs/sm2.html)
   * [SM3 password hash algorithm](http://gmssl.org/docs/sm3.html)
   * [SM4 / SMS4 group password](http://gmssl.org/docs/sm4.html)
   * [SM9 identity-based password](http://gmssl.org/docs/sm9.html)
   * [ZUC sequence password](http://gmssl.org/docs/zuc.html)
   * [CPK combination public key password](http://gmssl.org/docs/cpk.html)
   * [BF-IBE (Boneh-Franklin Identity-Based Encryption)](http://gmssl.org/docs/bfibe.html)
   * [BB-IBE (Boneh-Boyen Identity-Based Encryption)](http://gmssl.org/docs/bb1ibe.html)
- password hardware
   * [Password hardware support](http://gmssl.org/docs/crypto-devices.html)
   * [Country density SKF password hardware](http://gmssl.org/docs/skf.html)
   * [National secret SDF password hardware](http://gmssl.org/docs/sdf.html)
   * [Key management service](http://gmssl.org/docs/keyservice.html)
- Security protocol
   * [SSL / TLS protocol](http://gmssl.org/docs/ssl.html)
   * [National secret SSL VPN protocol](http://gmssl.org/docs/sslvpn.html)
   * [National secret IPSec VPN protocol](http://gmssl.org/docs/ipsecvpn.html)
- Developer
   * [GmSSL Coding Style](http://gmssl.org/docs/gmssl-coding-style.html)
   * [Roadmap](http://gmssl.org/docs/roadmap.html)
   * [Open source license (GmSSL Licenses)](http://gmssl.org/docs/licenses.html)
- Standards and norms
   * [People's Republic of China password industry standard](http://gmssl.org/docs/standards.html)
   * [National secret algorithm identification OID](http://gmssl.org/docs/oid.html)