基于铜锁生成CSR、私钥
准备工作
1、Linux环境(本文为Centos)
2、下载铜锁:https://github.com/Tongsuo-Project/Tongsuo/archive/refs/tags/8.4.0.tar.gz
注意:本文以 国密SM2 算法为例
安装步骤
1、解压Tongsuo-8.4.0.tar.gz后,进入安装Tongsuo-8.4.0目录,按照下面指令安装铜锁
tar -xvf Tongsuo-8.4.0.tar.gz
cd Tongsuo-8.4.0
2、配置选项
./config --prefix=/opt/tongsuo
3、编译
make -j
4、安装
make install
5、编辑~/.bashrc,输入环境变量
vim ~/.bashrc
export PATH=/opt/tongsuo/bin:$PATH
export LD_LIBRARY_PATH=/opt/tongsuo/lib64:$LD_LIBRARY_PATH
7、刷新环境变量
source ~/.bashrc
8、检查是否安装成功
tongsuo version
显示如下信息即可:
生成步骤
1、创建自定义工作目录 workspace,切换到此目录,创建配置文件 sm2_tongsuo.cnf ,配置文件内容如下,生成的私钥和csr都在此目录,可自行修改。
[ req ]
default_bits = 256
default_md = sm3
default_keyfile = sm2_private_key.key
distinguished_name = req_distinguished_name
string_mask = utf8only
req_extensions = v3_req
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = CN
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = Beijing
localityName = Locality Name (eg, city)
localityName_default = Beijing
organizationName = Organization Name (eg, company)
organizationName_default = Example Org
organizationalUnitName = Organizational Unit Name (eg, section)
organizationalUnitName_default = IT
commonName = Common Name (e.g. server FQDN or YOUR name)
commonName_default = www.test.com
commonName_max = 64
[ v3_req ]
keyUsage = critical, digitalSignature, nonRepudiation, keyEncipherment
extendedKeyUsage = serverAuth, clientAuth在这里插入代码片
2、生成私钥(私钥名称后缀自定义)
tongsuo ecparam -genkey -name SM2 -outform PEM -out sm2_private_key.key -noout
3、按照提示步骤生成csr(csr名称后缀自定义)
tongsuo req -new -key sm2_private_key.key -out sm2_csr.csr -config sm2_tongsuo.cnf -sm3
4、解析(验证)csr
tongsuo req -in sm2_csr.csr -noout -text
结果如下:
用途:服务器证书申请
将生成的csr、私钥文件发送CA申请证书