From ce8470daa062ecc6fafce976e9ace5a284f2225d Mon Sep 17 00:00:00 2001
From: Zhi Guan <guanzhi1980@gmail.com>
Date: Thu, 5 Nov 2015 09:37:28 +0800
Subject: [PATCH] =?UTF-8?q?Created=20SM2=E6=8E=A8=E8=8D=90=E6=A4=AD?=
 =?UTF-8?q?=E5=9C=86=E6=9B=B2=E7=BA=BF=E5=9F=9F=E5=8F=82=E6=95=B0=20(markd?=
 =?UTF-8?q?own)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 SM2推荐椭圆曲线域参数.md | 43 ++++++++++++++++++++++++++++++++++++++++
 1 file changed, 43 insertions(+)
 create mode 100644 SM2推荐椭圆曲线域参数.md

diff --git a/SM2推荐椭圆曲线域参数.md b/SM2推荐椭圆曲线域参数.md
new file mode 100644
index 0000000..9d17555
--- /dev/null
+++ b/SM2推荐椭圆曲线域参数.md
@@ -0,0 +1,43 @@
+在椭圆曲线密码应用中，通信双方需要预先商定一组称为椭圆曲线域参数的系统参数。椭圆曲线域参数生成需要大量的计算，耗时较长，一旦生成之后可以长期、广泛地使用，因此通常由可信的机构经过反复生成不同的椭圆曲线域参数并挑选出安全性和性能俱佳的公布为标准(推荐参数)，椭圆曲线密码库和应用则会以硬编码的方式内置这些参数。
+
+SM2标准中给出了一个推荐的256比特的素数域椭圆曲线域参数，GmSSL内置了这个椭圆曲线域参数，命名为`sm2p256v1`。通过GmSSL命令行可以显示该域参数的详细内容如下：
+
+``` bash
+$ gmssl ecparam -text -noout -name sm2p256v1 -param_enc explicit
+Field Type: prime-field
+Prime:
+    00:ff:ff:ff:fe:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:
+    ff:ff:ff:ff:ff:ff:00:00:00:00:ff:ff:ff:ff:ff:
+    ff:ff:ff
+A:   
+    00:ff:ff:ff:fe:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:
+    ff:ff:ff:ff:ff:ff:00:00:00:00:ff:ff:ff:ff:ff:
+    ff:ff:fc
+B:   
+    28:e9:fa:9e:9d:9f:5e:34:4d:5a:9e:4b:cf:65:09:
+    a7:f3:97:89:f5:15:ab:8f:92:dd:bc:bd:41:4d:94:
+    0e:93
+Generator (uncompressed):
+    04:32:c4:ae:2c:1f:19:81:19:5f:99:04:46:6a:39:
+    c9:94:8f:e3:0b:bf:f2:66:0b:e1:71:5a:45:89:33:
+    4c:74:c7:bc:37:36:a2:f4:f6:77:9c:59:bd:ce:e3:
+    6b:69:21:53:d0:a9:87:7c:c6:2a:47:40:02:df:32:
+    e5:21:39:f0:a0
+Order: 
+    00:ff:ff:ff:fe:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:
+    ff:ff:72:03:df:6b:21:c6:05:2b:53:bb:f4:09:39:
+    d5:41:23
+Cofactor:  1 (0x1)
+```
+
+通过`ecparam`命令可以生成该域参数上的SM2公私钥对。注意，SM2公私要钥对就是标准的椭圆曲线公私要钥对，即可以用于SM2数字签名、密钥交换和公钥加密，也可以用于ECDSA数字签名、ECDH密钥交换和ECIES公钥加密。生成密钥对的命令如下：
+
+``` bash
+$ gmssl ecparam -genkey -name sm2p256v1 -out sm2key.pem
+```
+
+如果用户希望在其他支持椭圆曲线密码(但不支持SM2推荐域参数)的密码库或应用中使用这条曲线，可以通过`ecparam`命令将该域参数导出为标准的PEM格式文件，并导入到目标应用中。
+
+``` bash
+gmssl ecparam -name sm2p256v1 -param_enc explicit -out sm2p256v1.pem
+```