实验1-1

已于 2024-10-13 23:09:21 修改
阅读量1.9k 收藏 37
点赞数 23
文章标签: 机器学习
于 2024-10-13 22:57:33 首次发布
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/weixin_72688684/article/details/142900223
版权

文章目录

《密码系统设计》实验

实验项目

实验序号实验名称实验学时数实验目的实验内容实验类型学生学习预期成果
实验一嵌入式开发基础6掌握Linux系统使用与开发方法Linux命令,OpenSSL(GmSSL)命令与开发验证性1.掌握常见的Linux命令与C语言开发方法;
2.掌握OpenSSL(GmSSL)的基本用法与开发;
3.掌握常见商用密码算法的使用

实验一 嵌入式开发基础

1-3 学时实践要求(30 分)

1. 参考云班课相关教学视频,在 Ubuntu或openEuler中(推荐 openEuler)中实践课程思维导图中OpenSSL相关内容,使用Markdown记录详细记录实践过程,每完成一项git commit 一次。(5分)
  • openssl<==>openssl -help
$ openssl
help:

Standard commands
asn1parse         ca                ciphers           cmp
cms               crl               crl2pkcs7         dgst
dhparam           dsa               dsaparam          ec
ecparam           enc               engine            errstr
fipsinstall       gendsa            genpkey           genrsa
help              info              kdf               list
mac               nseq              ocsp              passwd
pkcs12            pkcs7             pkcs8             pkey
pkeyparam         pkeyutl           prime             rand
rehash            req               rsa               rsautl
s_client          s_server          s_time            sess_id
smime             speed             spkac             srp
storeutl          ts                verify            version
x509

Message Digest commands (see the `dgst' command for more details)
blake2b512        blake2s256        md4               md5
rmd160            sha1              sha224            sha256
sha3-224          sha3-256          sha3-384          sha3-512
sha384            sha512            sha512-224        sha512-256
shake128          shake256          sm3

Cipher commands (see the `enc' command for more details)
aes-128-cbc       aes-128-ecb       aes-192-cbc       aes-192-ecb
aes-256-cbc       aes-256-ecb       aria-128-cbc      aria-128-cfb
aria-128-cfb1     aria-128-cfb8     aria-128-ctr      aria-128-ecb
aria-128-ofb      aria-192-cbc      aria-192-cfb      aria-192-cfb1
aria-192-cfb8     aria-192-ctr      aria-192-ecb      aria-192-ofb
aria-256-cbc      aria-256-cfb      aria-256-cfb1     aria-256-cfb8
aria-256-ctr      aria-256-ecb      aria-256-ofb      base64
bf                bf-cbc            bf-cfb            bf-ecb
bf-ofb            camellia-128-cbc  camellia-128-ecb  camellia-192-cbc
camellia-192-ecb  camellia-256-cbc  camellia-256-ecb  cast
cast-cbc          cast5-cbc         cast5-cfb         cast5-ecb
cast5-ofb         des               des-cbc           des-cfb
des-ecb           des-ede           des-ede-cbc       des-ede-cfb
des-ede-ofb       des-ede3          des-ede3-cbc      des-ede3-cfb
des-ede3-ofb      des-ofb           des3              desx
rc2               rc2-40-cbc        rc2-64-cbc        rc2-cbc
rc2-cfb           rc2-ecb           rc2-ofb           rc4
rc4-40            seed              seed-cbc          seed-cfb
seed-ecb          seed-ofb          sm4-cbc           sm4-cfb
sm4-ctr           sm4-ecb           sm4-ofb
输入输出
  • 文本
    • echo xxx | openssl cmd <==> echo “xxx” | openssl cmd
$ echo 123 | openssl sm3
SM3(stdin)= e95001aed4b6f7de59169913997dace404f05091ed49c37133a9950a69405a9c
ld@DESKTOP-69L72QA:~/openssl-gmssl-experiment$ echo "123" | openssl sm3
SM3(stdin)= e95001aed4b6f7de59169913997dace404f05091ed49c37133a9950a69405a9c
    • echo -n “xxx” | openssl cmd <==> echo xxx | openssl cmd
$ echo 123 | openssl sm3
SM3(stdin)= e95001aed4b6f7de59169913997dace404f05091ed49c37133a9950a69405a9c
ld@DESKTOP-69L72QA:~/openssl-gmssl-experiment$ echo "123" | openssl sm3
SM3(stdin)= e95001aed4b6f7de59169913997dace404f05091ed49c37133a9950a69405a9c

ld@DESKTOP-69L72QA:~/openssl-gmssl-experiment$ echo 123 | od -tx1 -tc
0000000  31  32  33  0a
          1   2   3  \n
0000004
ld@DESKTOP-69L72QA:~/openssl-gmssl-experiment$ echo -n 123 | od -tx1 -tc
0000000  31  32  33
          1   2   3
0000003
ld@DESKTOP-69L72QA:~/openssl-gmssl-experiment$ echo 123 | openssl sm3
SM3(stdin)= e95001aed4b6f7de59169913997dace404f05091ed49c37133a9950a69405a9c
ld@DESKTOP-69L72QA:~/openssl-gmssl-experiment$ echo -n 123 | openssl sm3
SM3(stdin)= 6e0f9e14344c5406a0cf5a3b4dfb665f87f4a771a31f7edbb5c72874a32b2957
ld@DESKTOP-69L72QA:~/openssl-gmssl-experiment$ echo 123 > 123.txt
ld@DESKTOP-69L72QA:~/openssl-gmssl-experiment$ openssl sm3 -file 123.txt
SM3(123.txt)= e95001aed4b6f7de59169913997dace404f05091ed49c37133a9950a69405a9c
ld@DESKTOP-69L72QA:~/openssl-gmssl-experiment$ echo 123 | openssl sm3
SM3(stdin)= e95001aed4b6f7de59169913997dace404f05091ed49c37133a9950a69405a9c
  • 二进制(16进制)
    • echo -n -e “\xaa\xbb”
ld@DESKTOP-69L72QA:~/openssl-gmssl-experiment$ echo "obase=16;123" | bc
7B
ld@DESKTOP-69L72QA:~/openssl-gmssl-experiment$ echo -n -e "\x7B" > 123.bin
ld@DESKTOP-69L72QA:~/openssl-gmssl-experiment$ od -tx1 123.bin
0000000 7b
0000001
ld@DESKTOP-69L72QA:~/openssl-gmssl-experiment$ openssl sm3 -file 123.bin
SM3(123.bin)= 2ed59fea0dbe4e4f02de67ee657eb6be8e22a7db425103402d8a36d7b6f6d344
ld@DESKTOP-69L72QA:~/openssl-gmssl-experiment$ echo -ne "\x7B" | openssl sm3
SM3(stdin)= 2ed59fea0dbe4e4f02de67ee657eb6be8e22a7db425103402d8a36d7b6f6d344
    • echo 1 > 1.txt <==> echo -e “\31x” > 1.txt
ld@DESKTOP-69L72QA:~/openssl-gmssl-experiment$ echo 1 > 1.txt
ld@DESKTOP-69L72QA:~/openssl-gmssl-experiment$ ls
1.txt  123.bin  123.txt  sample.txt
ld@DESKTOP-69L72QA:~/openssl-gmssl-experiment$ echo -e "\31x" > 1.txt
ld@DESKTOP-69L72QA:~/openssl-gmssl-experiment$ ls
1.txt  123.bin  123.txt  sample.txt
常用命令
prime
  • help
ld@DESKTOP-69L72QA:~/openssl-gmssl-experiment$ openssl prime -help
Usage: prime [options] [number...]

General options:
 -help               Display this summary
 -bits +int          Size of number in bits
 -checks +int        Number of checks

Output options:
 -hex                Hex output
 -generate           Generate a prime
 -safe               When used with -generate, generate a safe prime

Provider options:
 -provider-path val  Provider load path (must be before 'provider' argument if required)
 -provider val       Provider to load (can be specified multiple times)
 -propquery val      Property query used when fetching algorithms

Parameters:
 number              Number(s) to check for primality if not generating
  • 素性检查
ld@DESKTOP-69L72QA:~/openssl-gmssl-experiment$ openssl prime 3
3 (3) is prime
ld@DESKTOP-69L72QA:~/openssl-gmssl-experiment$ openssl prime 33
21 (33) is not prime
ld@DESKTOP-69L72QA:~/openssl-gmssl-experiment$ openssl prime -checks 10 33
21 (33) is not prime
ld@DESKTOP-69L72QA:~/openssl-gmssl-experiment$ openssl prime -hex 4F
4F (4F) is prime
  • 素数产生
ld@DESKTOP-69L72QA:~/openssl-gmssl-experiment$ openssl prime -generate -bits 10
797
ld@DESKTOP-69L72QA:~/openssl-gmssl-experiment$ openssl prime 997
3E5 (997) is prime
ld@DESKTOP-69L72QA:~/openssl-gmssl-experiment$ openssl prime -generate -bits 10
887
ld@DESKTOP-69L72QA:~/openssl-gmssl-experiment$ openssl prime 821
335 (821) is prime
ld@DESKTOP-69L72QA:~/openssl-gmssl-experiment$ openssl prime -generate -bits 10 -hex
03D1
ld@DESKTOP-69L72QA:~/openssl-gmssl-experiment$ openssl prime -hex 0377
377 (0377) is prime
rand
  • help
ld@DESKTOP-69L72QA:~/openssl-gmssl-experiment$ openssl rand -help
Usage: rand [options] num

General options:
 -help               Display this summary
 -engine val         Use engine, possibly a hardware device

Output options:
 -out outfile        Output file
 -base64             Base64 encode output
 -hex                Hex encode output

Random state options:
 -rand val           Load the given file(s) into the random number generator
 -writerand outfile  Write random data to the specified file

Provider options:
 -provider-path val  Provider load path (must be before 'provider' argument if required)
 -provider val       Provider to load (can be specified multiple times)
 -propquery val      Property query used when fetching algorithms

Parameters:
 num                 Number of bytes to generate
  • 随机数产生
ld@DESKTOP-69L72QA:~/openssl-gmssl-experiment$ openssl rand 10

@�L���`S
ld@DESKTOP-69L72QA:~/openssl-gmssl-experiment$ openssl rand 10 | od -tx1
0000000 f7 44 6c f1 98 7b bb f9 34 90
0000012
ld@DESKTOP-69L72QA:~/openssl-gmssl-experiment$ openssl rand 10 | xxd -p
fb7cd23cd9fa281db961
ld@DESKTOP-69L72QA:~/openssl-gmssl-experiment$ openssl rand -hex 10
23ea77fe4dbafec2e987
ld@DESKTOP-69L72QA:~/openssl-gmssl-experiment$ openssl rand -base64 10
o/kabrMwQcmChw==
  • 随机数文件
ld@DESKTOP-69L72QA:~/openssl-gmssl-experiment$ openssl rand -out r1.bin 10
ld@DESKTOP-69L72QA:~/openssl-gmssl-experiment$ od -tx1 r1.bin
0000000 cc ff 81 c1 e2 c5 a1 30 df 56
0000012
ld@DESKTOP-69L72QA:~/openssl-gmssl-experiment$ openssl rand 10 > r2.bin
ld@DESKTOP-69L72QA:~/openssl-gmssl-experiment$ cat r2.bin | xxd -p
2d3f439ced0f70d3700b
ld@DESKTOP-69L72QA:~/openssl-gmssl-experiment$ ls
1.txt  123.bin  123.txt  r1.bin  r2.bin  sample.txt
base64
  • help
ld@DESKTOP-69L72QA:~/openssl-gmssl-experiment$ openssl base64 -help
Usage: base64 [options]

General options:
 -help               Display this summary
 -list               List ciphers
 -ciphers            Alias for -list
 -e                  Encrypt
 -d                  Decrypt
 -p                  Print the iv/key
 -P                  Print the iv/key and exit
 -engine val         Use engine, possibly a hardware device

Input options:
 -in infile          Input file
 -k val              Passphrase
 -kfile infile       Read passphrase from file

Output options:
 -out outfile        Output file
 -pass val           Passphrase source
 -v                  Verbose output
 -a                  Base64 encode/decode, depending on encryption flag
 -base64             Same as option -a
 -A                  Used with -[base64|a] to specify base64 buffer as a single line

Encryption options:
 -nopad              Disable standard block padding
 -salt               Use salt in the KDF (default)
 -nosalt             Do not use salt in the KDF
 -debug              Print debug info
 -bufsize val        Buffer size
 -K val              Raw key, in hex
 -S val              Salt, in hex
 -iv val             IV in hex
 -md val             Use specified digest to create a key from the passphrase
 -iter +int          Specify the iteration count and force the use of PBKDF2
                     Default: 10000
 -pbkdf2             Use password-based key derivation function 2 (PBKDF2)
                     Use -iter to change the iteration count from 10000
 -none               Don't encrypt
 -*                  Any supported cipher

Random state options:
 -rand val           Load the given file(s) into the random number generator
 -writerand outfile  Write random data to the specified file

Provider options:
 -provider-path val  Provider load path (must be before 'provider' argument if required)
 -provider val       Provider to load (can be specified multiple times)
 -propquery val      Property query used when fetching algorithms
  • 编码解码
ld@DESKTOP-69L72QA:~/openssl-gmssl-experiment$ echo ld | openssl base64
bGQK
ld@DESKTOP-69L72QA:~/openssl-gmssl-experiment$ echo ld | openssl base64 -e
bGQK
ld@DESKTOP-69L72QA:~/openssl-gmssl-experiment$ echo bGQK | openssl base64 -d
ld
ld@DESKTOP-69L72QA:~/openssl-gmssl-experiment$ echo -ne "\x11\x22\x33" | openssl base64
ESIz
ld@DESKTOP-69L72QA:~/openssl-gmssl-experiment$ echo ESIz | openssl base64 -d | xxd -p
112233
ld@DESKTOP-69L72QA:~/openssl-gmssl-experiment$ echo -ne "\x11\x22\x33\x44" | openssl base64
ESIzRA==
ld@DESKTOP-69L72QA:~/openssl-gmssl-experiment$ echo ESIzRA== | openssl base64 -d | xxd -p
11223344
  • 文件编码解码
ld@DESKTOP-69L72QA:~/openssl-gmssl-experiment$ echo ld > ld.txt
ld@DESKTOP-69L72QA:~/openssl-gmssl-experiment$ ls
1.txt  123.bin  123.txt  ld.txt  r1.bin  r2.bin  sample.txt
ld@DESKTOP-69L72QA:~/openssl-gmssl-experiment$ openssl base64 -in ld.txt -out ld.b64
ld@DESKTOP-69L72QA:~/openssl-gmssl-experiment$ ls
1.txt  123.bin  123.txt  ld.b64  ld.txt  r1.bin  r2.bin  sample.txt
ld@DESKTOP-69L72QA:~/openssl-gmssl-experiment$ cat ld.b64
bGQK
ld@DESKTOP-69L72QA:~/openssl-gmssl-experiment$ openssl base64 -d -in ld.b64 -out ld.txt
ld@DESKTOP-69L72QA:~/openssl-gmssl-experiment$ ls
1.txt  123.bin  123.txt  ld.b64  ld.txt  r1.bin  r2.bin  sample.txt
ld@DESKTOP-69L72QA:~/openssl-gmssl-experiment$ openssl base64 -d -in ld.b64 -out ld2.txt
ld@DESKTOP-69L72QA:~/openssl-gmssl-experiment$ ls
1.txt  123.bin  123.txt  ld.b64  ld.txt  ld2.txt  r1.bin  r2.bin  sample.txt
ld@DESKTOP-69L72QA:~/openssl-gmssl-experiment$ diff ld.txt ld2.txt
ld@DESKTOP-69L72QA:~/openssl-gmssl-experiment$ ls
1.txt  123.bin  123.txt  ld.b64  ld.txt  ld2.txt  r1.bin  r2.bin  sample.txt
ld@DESKTOP-69L72QA:~/openssl-gmssl-experiment$ cat ls2.txt
cat: ls2.txt: No such file or directory
ld@DESKTOP-69L72QA:~/openssl-gmssl-experiment$ cat ld2.txt
ld
asn1parse
  • help
ld@DESKTOP-69L72QA:~/openssl-gmssl-experiment$ openssl asn1parse -help
Usage: asn1parse [options]

General options:
 -help            Display this summary
 -oid infile      file of extra oid definitions

I/O options:
 -inform PEM|DER  input format - one of DER PEM
 -in infile       input file
 -out outfile     output file (output format is always DER)
 -noout           do not produce any output
 -offset +int     offset into file
 -length +int     length of section in file
 -strparse +int   offset; a series of these can be used to 'dig'
 -genstr val      string to generate ASN1 structure from
                  into multiple ASN1 blob wrappings
 -genconf val     file to generate ASN1 structure from
 -strictpem       do not attempt base64 decode outside PEM markers
 -item val        item to parse and print
                  (-inform  will be ignored)

Formatting options:
 -i               indents the output
 -dump            unknown data in hex form
 -dlimit +int     dump the first arg bytes of unknown data in hex form
  • 密码工程中的格式
ld@DESKTOP-69L72QA:~/openssl-gmssl-experiment$ echo -ne "\x03\x02\x04\x90" >bitstring.der
ld@DESKTOP-69L72QA:~/openssl-gmssl-experiment$ openssl asn1parse -inform der -i -in bitstring.der
    0:d=0  hl=2 l=   2 prim: BIT STRING
ld@DESKTOP-69L72QA:~/openssl-gmssl-experiment$ openssl base64 -in bitstring.der -out bitstring.pem
ld@DESKTOP-69L72QA:~/openssl-gmssl-experiment$ ls bitstring.pem
bitstring.pem
ld@DESKTOP-69L72QA:~/openssl-gmssl-experiment$ openssl asn1parse -inform PEM -in bitstring.pem
    0:d=0  hl=2 l=   2 prim: BIT STRING
Hash与HMAC:dgst
  • help
ld@DESKTOP-69L72QA:~/openssl-gmssl-experiment$ openssl dgst -help
Usage: dgst [options] [file...]

General options:
 -help               Display this summary
 -list               List digests
 -engine val         Use engine e, possibly a hardware device
 -engine_impl        Also use engine given by -engine for digest operations
 -passin val         Input file pass phrase source

Output options:
 -c                  Print the digest with separating colons
 -r                  Print the digest in coreutils format
 -out outfile        Output to filename rather than stdout
 -keyform format     Key file format (ENGINE, other values ignored)
 -hex                Print as hex dump
 -binary             Print in binary form
 -xoflen +int        Output length for XOF algorithms. To obtain the maximum security strength set this to 32 (or greater) for SHAKE128, and 64 (or greater) for SHAKE256
 -d                  Print debug info
 -debug              Print debug info

Signing options:
 -sign val           Sign digest using private key
 -verify val         Verify a signature using public key
 -prverify val       Verify a signature using private key
 -sigopt val         Signature parameter in n:v form
 -signature infile   File with signature to verify
 -hmac val           Create hashed MAC with key
 -mac val            Create MAC (not necessarily HMAC)
 -macopt val         MAC algorithm parameters in n:v form or key
 -*                  Any supported digest
 -fips-fingerprint   Compute HMAC with the key used in OpenSSL-FIPS fingerprint

Random state options:
 -rand val           Load the given file(s) into the random number generator
 -writerand outfile  Write random data to the specified file

Provider options:
 -provider-path val  Provider load path (must be before 'provider' argument if required)
 -provider val       Provider to load (can be specified multiple times)
 -propquery val      Property query used when fetching algorithms

Parameters:
 file                Files to digest (optional; default is stdin)
  • list
ld@DESKTOP-69L72QA:~/openssl-gmssl-experiment$ openssl dgst -list
Supported digests:
-blake2b512                -blake2s256                -md4
-md5                       -md5-sha1                  -ripemd
-ripemd160                 -rmd160                    -sha1
-sha224                    -sha256                    -sha3-224
-sha3-256                  -sha3-384                  -sha3-512
-sha384                    -sha512                    -sha512-224
-sha512-256                -shake128                  -shake256
-sm3                       -ssl3-md5                  -ssl3-sha1
-whirlpool
  • openssl sm3 <==> openssl dgst -sm3
ld@DESKTOP-69L72QA:~/openssl-gmssl-experiment$ echo ld | openssl dgst -sm3
SM3(stdin)= 2cb60dd13b00b96c418b9d4b96062f9c8de41c615efe78a37e0282adefa60eee
ld@DESKTOP-69L72QA:~/openssl-gmssl-experiment$ echo ld | openssl sm3
SM3(stdin)= 2cb60dd13b00b96c418b9d4b96062f9c8de41c615efe78a37e0282adefa60eee
ld@DESKTOP-69L72QA:~/openssl-gmssl-experiment$ echo ld | openssl sm3 -hex
SM3(stdin)= 2cb60dd13b00b96c418b9d4b96062f9c8de41c615efe78a37e0282adefa60eee
ld@DESKTOP-69L72QA:~/openssl-gmssl-experiment$ echo ld | openssl sm3 -binary
�;�lA��K�/���a^�x�~����
ld@DESKTOP-69L72QA:~/openssl-gmssl-experiment$ echo ld | openssl sm3 -binary | xxd -p
2cb60dd13b00b96c418b9d4b96062f9c8de41c615efe78a37e0282adefa6
0eee
  • 没有 -in 参数,直接传文件
ld@DESKTOP-69L72QA:~/openssl-gmssl-experiment$ echo ld > ld.txt
ld@DESKTOP-69L72QA:~/openssl-gmssl-experiment$ openssl sm3 ld.txt
SM3(ld.txt)= 2cb60dd13b00b96c418b9d4b96062f9c8de41c615efe78a37e0282adefa60eee
ld@DESKTOP-69L72QA:~/openssl-gmssl-experiment$ echo ld | openssl sm3
SM3(stdin)= 2cb60dd13b00b96c418b9d4b96062f9c8de41c615efe78a37e0282adefa60eee
对称算法:enc
  • help
ld@DESKTOP-69L72QA:~/openssl-gmssl-experiment$ openssl enc -help
Usage: enc [options]

General options:
 -help               Display this summary
 -list               List ciphers
 -ciphers            Alias for -list
 -e                  Encrypt
 -d                  Decrypt
 -p                  Print the iv/key
 -P                  Print the iv/key and exit
 -engine val         Use engine, possibly a hardware device

Input options:
 -in infile          Input file
 -k val              Passphrase
 -kfile infile       Read passphrase from file

Output options:
 -out outfile        Output file
 -pass val           Passphrase source
 -v                  Verbose output
 -a                  Base64 encode/decode, depending on encryption flag
 -base64             Same as option -a
 -A                  Used with -[base64|a] to specify base64 buffer as a single line

Encryption options:
 -nopad              Disable standard block padding
 -salt               Use salt in the KDF (default)
 -nosalt             Do not use salt in the KDF
 -debug              Print debug info
 -bufsize val        Buffer size
 -K val              Raw key, in hex
 -S val              Salt, in hex
 -iv val             IV in hex
 -md val             Use specified digest to create a key from the passphrase
 -iter +int          Specify the iteration count and force the use of PBKDF2
                     Default: 10000
 -pbkdf2             Use password-based key derivation function 2 (PBKDF2)
                     Use -iter to change the iteration count from 10000
 -none               Don't encrypt
 -*                  Any supported cipher

Random state options:
 -rand val           Load the given file(s) into the random number generator
 -writerand outfile  Write random data to the specified file

Provider options:
 -provider-path val  Provider load path (must be before 'provider' argument if required)
 -provider val       Provider to load (can be specified multiple times)
 -propquery val      Property query used when fetching algorithms
  • list
ld@DESKTOP-69L72QA:~/openssl-gmssl-experiment$ openssl dgst -list
Supported digests:
-blake2b512                -blake2s256                -md4
-md5                       -md5-sha1                  -ripemd
-ripemd160                 -rmd160                    -sha1
-sha224                    -sha256                    -sha3-224
-sha3-256                  -sha3-384                  -sha3-512
-sha384                    -sha512                    -sha512-224
-sha512-256                -shake128                  -shake256
-sm3                       -ssl3-md5                  -ssl3-sha1
-whirlpool
  • 加密解密
ld@DESKTOP-69L72QA:~/openssl-gmssl-experiment$ openssl sm4-cbc -K "2851fa25211a48023794ae9515909603" -iv "da80e405a4998c
351b0717093cbe86ab" -in ld.txt -out ld.enc
ld@DESKTOP-69L72QA:~/openssl-gmssl-experiment$ openssl sm4-cbc -d -K "2851fa25211a48023794ae9515909603" -iv "da80e405a4998c351b0717093cbe86ab" -in ld.enc -out ld2.txt
ld@DESKTOP-69L72QA:~/openssl-gmssl-experiment$ diff ld.txt ld2.txt
非对称算法
SM2
  • 产生公私钥对
ld@DESKTOP-69L72QA:~/openssl-gmssl-experiment$ openssl ecparam -genkey -name SM2 -out sm2private_key.pem
ld@DESKTOP-69L72QA:~/openssl-gmssl-experiment$ cat sm2private_key.pem
-----BEGIN SM2 PARAMETERS-----
BggqgRzPVQGCLQ==
-----END SM2 PARAMETERS-----
-----BEGIN PRIVATE KEY-----
MIGHAgEAMBMGByqGSM49AgEGCCqBHM9VAYItBG0wawIBAQQghY6P6gy3ObeNLYqR
cPhyNgXdwnkhvut44gTt+lYafAuhRANCAATkshktg7JmXM9nUl0sm19yNho3FEAQ
SKGYRMSwjLt25bfUk8pJSXJe2G2MXRZoPChdEukkWPgGTd3vGqyb4N+x
-----END PRIVATE KEY-----
ld@DESKTOP-69L72QA:~/openssl-gmssl-experiment$ openssl asn1parse -inform PEM -in sm2private_key.pem
    0:d=0  hl=2 l=   8 prim: OBJECT            :sm2
ld@DESKTOP-69L72QA:~/openssl-gmssl-experiment$ openssl base64 -d -in sm2privatekey.pem -out sm2privatekey.der
Can't open "sm2privatekey.pem" for reading, No such file or directory
40E7B1B49B7F0000:error:80000002:system library:BIO_new_file:No such file or directory:../crypto/bio/bss_file.c:67:calling fopen(sm2privatekey.pem, r)
40E7B1B49B7F0000:error:10000080:BIO routines:BIO_new_file:no such file:../crypto/bio/bss_file.c:75:
ld@DESKTOP-69L72QA:~/openssl-gmssl-experiment$ openssl base64 -d -in sm2private_key.pem -out sm2private_key.der
ld@DESKTOP-69L72QA:~/openssl-gmssl-experiment$ openssl asn1parse -inform DER -in sm2private_key.der
    0:d=0  hl=2 l=   8 prim: OBJECT            :sm2
ld@DESKTOP-69L72QA:~/openssl-gmssl-experiment$ od -tx1 sm2private_key.der
0000000 06 08 2a 81 1c cf 55 01 82 2d
0000012
ld@DESKTOP-69L72QA:~/openssl-gmssl-experiment$ openssl pkey -in sm2private_key.pem -text -noout
Private-Key: (256 bit)
priv:
    85:8e:8f:ea:0c:b7:39:b7:8d:2d:8a:91:70:f8:72:
    36:05:dd:c2:79:21:be:eb:78:e2:04:ed:fa:56:1a:
    7c:0b
pub:
    04:e4:b2:19:2d:83:b2:66:5c:cf:67:52:5d:2c:9b:
    5f:72:36:1a:37:14:40:10:48:a1:98:44:c4:b0:8c:
    bb:76:e5:b7:d4:93:ca:49:49:72:5e:d8:6d:8c:5d:
    16:68:3c:28:5d:12:e9:24:58:f8:06:4d:dd:ef:1a:
    ac:9b:e0:df:b1
ASN1 OID: SM2
  • 提取公钥
ld@DESKTOP-69L72QA:~/openssl-gmssl-experiment$ openssl pkey -in sm2private_key.pem -pubout -out sm2public_key.pem
ld@DESKTOP-69L72QA:~/openssl-gmssl-experiment$ cat sm2public_key.pem
-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAE5LIZLYOyZlzPZ1JdLJtfcjYaNxRA
EEihmETEsIy7duW31JPKSUlyXthtjF0WaDwoXRLpJFj4Bk3d7xqsm+DfsQ==
-----END PUBLIC KEY-----
ld@DESKTOP-69L72QA:~/openssl-gmssl-experiment$ openssl asn1parse -inform PEM -in sm2public_key.pem
    0:d=0  hl=2 l=  89 cons: SEQUENCE
    2:d=1  hl=2 l=  19 cons: SEQUENCE
    4:d=2  hl=2 l=   7 prim: OBJECT            :id-ecPublicKey
   13:d=2  hl=2 l=   8 prim: OBJECT            :sm2
   23:d=1  hl=2 l=  66 prim: BIT STRING
  • 加密解密
openssl pkeyutl -encrypt -pubin -inkey sm2public_key.pem -in ld.txt -out
ldsm2enc.bin
ld@DESKTOP-69L72QA:~/openssl-gmssl-experiment$ openssl pkeyutl -decrypt -inkey sm2private_key.pem -in ldsm2enc.bin -out ldsm2dec.txt
ld@DESKTOP-69L72QA:~/openssl-gmssl-experiment$ diff ld.txt ldsm2dec.txt
  • 签名验签
ld@DESKTOP-69L72QA:~/openssl-gmssl-experiment$ openssl sm3 -sign sm2private_key.pem -out ldsm2.sig ld.txt
ld@DESKTOP-69L72QA:~/openssl-gmssl-experiment$ openssl sm3 -verify sm2public_key.pem -signature ldsm2.sig ld.txt
Verified OK
ld@DESKTOP-69L72QA:~/openssl-gmssl-experiment$ openssl pkeyutl -sign -in ld.txt -inkey sm2private_key.pem -out ldsm2.sig
 -rawin -digest sm3
ld@DESKTOP-69L72QA:~/openssl-gmssl-experiment$ od -tx1 ldsm2.sig
0000000 30 46 02 21 00 bf 0e 44 46 c6 41 11 5e f8 1b 07
0000020 e5 16 a9 f3 85 3c 4f 2c 62 24 3d 5f aa 9d 18 8a
0000040 d3 ce 91 27 93 02 21 00 ec da 05 65 cf a6 de 96
0000060 7f 24 e9 75 2a 50 7d 70 a1 e1 f0 d5 28 c9 87 d1
0000100 16 41 94 3c 5d 3a f4 43
0000110
ld@DESKTOP-69L72QA:~/openssl-gmssl-experiment$ openssl pkeyutl -verify -in ld.txt -inkey sm2private_key.pem -sigfile lds
m2.sig -rawin -digest sm3
Signature Verified Successfully
2. 参考云班课相关教学视频,在 Ubuntu或openEuler中(推荐 openEuler)中实践课程课程思维导图中GmSSL相关内容,使用Markdown记录详细记录实践过程,每完成一项git commit 一次。(5‘)

在这里插入图片描述(5分)

  • help
[ld@DESKTOP-69L72QA ~]$ gmssl help
usage: gmssl command [options]
command -help

Commands:
  help              Print this help message
  version           Print version
  rand              Generate random bytes
  sm2keygen         Generate SM2 keypair
  sm2sign           Generate SM2 signature
  sm2verify         Verify SM2 signature
  sm2encrypt        Encrypt with SM2 public key
  sm2decrypt        Decrypt with SM2 private key
  sm3               Generate SM3 hash
  sm3hmac           Generate SM3 HMAC tag
  sm3_pbkdf2        Hash password into key using PBKDF2 algoritm
  sm3xmss_keygen    Generate SM3-XMSS keypair
  sm4_ecb           Encrypt or decrypt with SM4 ECB
  sm4_cbc           Encrypt or decrypt with SM4 CBC
  sm4_ctr           Encrypt or decrypt with SM4 CTR
  sm4_cfb           Encrypt or decrypt with SM4 CFB
  sm4_ofb           Encrypt or decrypt with SM4 OFB
  sm4_ccm           Encrypt or decrypt with SM4 CCM
  sm4_gcm           Encrypt or decrypt with SM4 GCM
  sm4_xts           Encrypt or decrypt with SM4 XTS
  sm4_cbc_sm3_hmac  Encrypt or decrypt with SM4 CBC with SM3-HMAC
  sm4_ctr_sm3_hmac  Encrypt or decrypt with SM4 CTR with SM3-HMAC
  sm4_cbc_mac       Generate SM4 CBC-MAC
  ghash             Generate GHASH
  zuc               Encrypt or decrypt with ZUC
  sm9setup          Generate SM9 master secret
  sm9keygen         Generate SM9 private key
  sm9sign           Generate SM9 signature
  sm9verify         Verify SM9 signature
  sm9encrypt        SM9 public key encryption
  sm9decrypt        SM9 decryption
  reqgen            Generate certificate signing request (CSR)
  reqsign           Generate certificate from CSR
  reqparse          Parse and print a CSR
  crlget            Download the CRL of given certificate
  crlgen            Sign a CRL with CA certificate and private key
  crlverify         Verify a CRL with issuer's certificate
  crlparse          Parse and print CRL
  certgen           Generate a self-signed certificate
  certparse         Parse and print certificates
  certverify        Verify certificate chain
  certrevoke        Revoke certificate and output RevokedCertificate record
  cmsparse          Parse CMS (cryptographic message syntax) file
  cmsencrypt        Generate CMS EnvelopedData
  cmsdecrypt        Decrypt CMS EnvelopedData
  cmssign           Generate CMS SignedData
  cmsverify         Verify CMS SignedData
  sdfinfo           Print SDF device info
  sdfdigest         Generate SM3 hash with SDF device
  sdfexport         Export SM2 signing public key from SDF device
  sdfsign           Generate SM2 signature with SDF internal private key
  sdfencrypt        SM2/SM4-CBC hybrid encryption with SDF device
  sdfdecrypt        SM2/SM4-CBC hybrid decryption with SDF device
  sdftest           Test vendor's SDF library and device
  tlcp_client       TLCP client
  tlcp_server       TLCP server
  tls12_client      TLS 1.2 client
  tls12_server      TLS 1.2 server
  tls13_client      TLS 1.3 client
  tls13_server      TLS 1.3 server

run `gmssl <command> -help` to print help of the given command
  • gmssl version
[ld@DESKTOP-69L72QA ~]$ gmssl version
GmSSL 3.1.2 Dev
SM3
  • help
[ld@DESKTOP-69L72QA ~]$ gmssl sm3 -help
usage: sm3 [-hex|-bin] [-pubkey pem [-id str]] [-in file|-in_str str] [-out file]
Options

    -hex                   Output hash value as hex string (by default)
    -bin                   Output hash value as binary
    -pubkey pem            Signer's SM2 public key
                           When `-pubkey` is specified, hash with SM2 Z value
    -id str                SM2 Signer's ID string
    -id_hex hex            SM2 Signer's ID in hex format
                           `-id` and `-id_hex` should be used with `-pubkey`
                           `-id` and `-id_hex` should not be used together
                           If `-pubkey` is specified without `-id` or `id_hex`,
                           the default ID string '1234567812345678' is used
    -in_str str            To be hashed string
    -in file | stdin       To be hashed file path
                           `-in_str` and `-in` should not be used together
                           If neither `-in` nor `-in_str` specified, read from stdin
    -out file | stdout     Output file path. If not specified, output to stdout

Examples

    gmssl sm3 -in_str abc

    gmssl sm3 -in_str abc -bin

    gmssl sm3 -in /path/to/file

    gmssl sm3 -pubkey sm2pubkey.pem -id alice -in /path/to/file -bin

  When reading from stdin, make sure the trailing newline character is removed

  Linux/Mac:
    echo -n abc | gmssl sm3

  Windows:
    C:\> echo |set/p="abc" | gmssl sm3
  • 字符串
[ld@DESKTOP-69L72QA ~]$ echo -n "ld" | gmssl sm3
d6cd61ff54d3c90b2170c7079402854ac86097343a24f2ca2079bc1e2b811640
[ld@DESKTOP-69L72QA ~]$ echo -n "ld" | gmssl sm3 -hex
d6cd61ff54d3c90b2170c7079402854ac86097343a24f2ca2079bc1e2b811640
[ld@DESKTOP-69L72QA ~]$ echo -n "ld" | gmssl sm3 -bin
��a�T��
            !p���J�`�4:$�� y�+�@[ld@DESKTOP-69L72QA ~]$
[ld@DESKTOP-69L72QA ~]$ echo -n "ld" | gmssl sm3 -bin | od -tx1
0000000 d6 cd 61 ff 54 d3 c9 0b 21 70 c7 07 94 02 85 4a
0000020 c8 60 97 34 3a 24 f2 ca 20 79 bc 1e 2b 81 16 40
0000040
  • 文件
[ld@DESKTOP-69L72QA ~]$ echo -n "ld" > ld.txt
[ld@DESKTOP-69L72QA ~]$ od -tx1 -tc ld.txt
0000000  6c  64
          l   d
0000002
[ld@DESKTOP-69L72QA ~]$ gmssl sm3 -in ld.txt -out ld.sm3
[ld@DESKTOP-69L72QA ~]$ cat ld.sm3
d6cd61ff54d3c90b2170c7079402854ac86097343a24f2ca2079bc1e2b811640
  • SM2
[ld@DESKTOP-69L72QA openssl-gmssl-experiment]$ gmssl sm2keygen -pass 1234 -out sm2.pem -pubout sm2pub.pem
[ld@DESKTOP-69L72QA openssl-gmssl-experiment]$ ls
ld.sm3  ld.txt  sm2.pem  sm2pub.pem
[ld@DESKTOP-69L72QA openssl-gmssl-experiment]$ echo -n "ld" | gmssl sm3 -pubkey sm2pub.pem -id 20221408
821195c9c3434024708ac7bb4791e96f534d2dc135f4f9f88b82d6d4f8f71dc3
  • SM3hmac
    -sm3hmac -help
[ld@DESKTOP-69L72QA openssl-gmssl-experiment]$ gmssl sm3hmac -help
usage: sm3hmac -key hex [-in file | -in_str str] [-bin|-hex] [-out file]
Options

    -key hex               Hex string of the MAC key
    -in_str str            Input as text string
    -in file | stdin       Input file path
                           `-in_str` and `-in` should not be used together
                           If neither `-in` nor `-in_str` specified, read from stdin
    -hex                   Output MAC-tag as hex string (by default)
    -bin                   Output MAC-tag as binary
                           `-hex` and `-bin` should not be used together
    -out file | stdout     Output file path. If not specified, output to stdout

Examples

    KEY_HEX=`gmssl rand -outlen 16 -hex`
    gmssl sm3hmac -key $KEY_HEX -in_str abc

    gmssl sm3hmac -key $KEY_HEX -in_str abc -bin

    gmssl sm3hmac -key $KEY_HEX -in /path/to/file

  When reading from stdin, make sure the trailing newline character is removed

  Linux/Mac:
    echo -n abc | gmssl sm3hmac -key $KEY_HEX

  Windows:
    C:\> echo |set/p="abc" | gmssl sm3hmac -key 11223344556677881122334455667788
    • rand key
[ld@DESKTOP-69L72QA openssl-gmssl-experiment]$ gmssl rand -help
usage: rand [-hex] [-rdrand|-rdseed] -outlen num [-out file]
[ld@DESKTOP-69L72QA openssl-gmssl-experiment]$ gmssl rand -hex -outlen 16
DB39B38AC6B9D04795E28CEC416F29EF
[ld@DESKTOP-69L72QA openssl-gmssl-experiment]$ echo -n "ld" | gmssl sm3hmac -key E5E9CE4A122AEF1B0302032F56B2BFAB
7b0680d623f9bf00e3184fe7ea4a35d55018117c9a70fb491a4f3c047fdb3c58
SM4
  • help
[ld@DESKTOP-69L72QA openssl-gmssl-experiment]$ gmssl sm4 -help
gmssl: illegal option 'sm4'
usage: gmssl command [options]
command -help

Commands:
  help              Print this help message
  version           Print version
  rand              Generate random bytes
  sm2keygen         Generate SM2 keypair
  sm2sign           Generate SM2 signature
  sm2verify         Verify SM2 signature
  sm2encrypt        Encrypt with SM2 public key
  sm2decrypt        Decrypt with SM2 private key
  sm3               Generate SM3 hash
  sm3hmac           Generate SM3 HMAC tag
  sm3_pbkdf2        Hash password into key using PBKDF2 algoritm
  sm3xmss_keygen    Generate SM3-XMSS keypair
  sm4_ecb           Encrypt or decrypt with SM4 ECB
  sm4_cbc           Encrypt or decrypt with SM4 CBC
  sm4_ctr           Encrypt or decrypt with SM4 CTR
  sm4_cfb           Encrypt or decrypt with SM4 CFB
  sm4_ofb           Encrypt or decrypt with SM4 OFB
  sm4_ccm           Encrypt or decrypt with SM4 CCM
  sm4_gcm           Encrypt or decrypt with SM4 GCM
  sm4_xts           Encrypt or decrypt with SM4 XTS
  sm4_cbc_sm3_hmac  Encrypt or decrypt with SM4 CBC with SM3-HMAC
  sm4_ctr_sm3_hmac  Encrypt or decrypt with SM4 CTR with SM3-HMAC
  sm4_cbc_mac       Generate SM4 CBC-MAC
  ghash             Generate GHASH
  zuc               Encrypt or decrypt with ZUC
  sm9setup          Generate SM9 master secret
  sm9keygen         Generate SM9 private key
  sm9sign           Generate SM9 signature
  sm9verify         Verify SM9 signature
  sm9encrypt        SM9 public key encryption
  sm9decrypt        SM9 decryption
  reqgen            Generate certificate signing request (CSR)
  reqsign           Generate certificate from CSR
  reqparse          Parse and print a CSR
  crlget            Download the CRL of given certificate
  crlgen            Sign a CRL with CA certificate and private key
  crlverify         Verify a CRL with issuer's certificate
  crlparse          Parse and print CRL
  certgen           Generate a self-signed certificate
  certparse         Parse and print certificates
  certverify        Verify certificate chain
  certrevoke        Revoke certificate and output RevokedCertificate record
  cmsparse          Parse CMS (cryptographic message syntax) file
  cmsencrypt        Generate CMS EnvelopedData
  cmsdecrypt        Decrypt CMS EnvelopedData
  cmssign           Generate CMS SignedData
  cmsverify         Verify CMS SignedData
  sdfinfo           Print SDF device info
  sdfdigest         Generate SM3 hash with SDF device
  sdfexport         Export SM2 signing public key from SDF device
  sdfsign           Generate SM2 signature with SDF internal private key
  sdfencrypt        SM2/SM4-CBC hybrid encryption with SDF device
  sdfdecrypt        SM2/SM4-CBC hybrid decryption with SDF device
  sdftest           Test vendor's SDF library and device
  tlcp_client       TLCP client
  tlcp_server       TLCP server
  tls12_client      TLS 1.2 client
  tls12_server      TLS 1.2 server
  tls13_client      TLS 1.3 client
  tls13_server      TLS 1.3 server

run `gmssl <command> -help` to print help of the given command
  • SM4
[ld@DESKTOP-69L72QA openssl-gmssl-experiment]$ gmssl rand -help
usage: rand [-hex] [-rdrand|-rdseed] -outlen num [-out file]
[ld@DESKTOP-69L72QA openssl-gmssl-experiment]$ gmssl rand -outlen 16 -out key.bin
[ld@DESKTOP-69L72QA openssl-gmssl-experiment]$ gmssl rand -outlen 16 -out iv.bin
[ld@DESKTOP-69L72QA openssl-gmssl-experiment]$ ls
iv.bin  key.bin  ld.sm3  ld.txt  sm2.pem  sm2pub.pem  sm2.sig
[ld@DESKTOP-69L72QA openssl-gmssl-experiment]$ od -tx1 key.bin
0000000 60 e4 ad 5d a8 bb 98 d7 e5 56 c1 b4 8b bf 7f 84
0000020
[ld@DESKTOP-69L72QA openssl-gmssl-experiment]$ od -tx1 iv.bin
0000000 3a a8 19 77 aa 36 01 35 f0 3d 04 38 d6 ec 70 69
0000020
[ld@DESKTOP-69L72QA openssl-gmssl-experiment]$ echo -n "ld" | gmssl sm4_cbc -encrypt -key $(xxd -p -c 32 key.bin) -iv $(
xxd -p -c 32 iv.bin) -out ldsm4.cbc
[ld@DESKTOP-69L72QA openssl-gmssl-experiment]$ gmssl sm4_cbc -decrypt -key $(xxd -p -c 32 key.bin) -iv $(xxd -p -c 32 iv.bin) -in ldsm4.cbc
ld[ld@DESKTOP-69L72QA openssl-gmssl-experiment]$ KEY=$(xxd -p -c 32 key.bin)
[ld@DESKTOP-69L72QA openssl-gmssl-experiment]$ echo $KEY
60e4ad5da8bb98d7e556c1b48bbf7f84
[ld@DESKTOP-69L72QA openssl-gmssl-experiment]$ IV=$(xxd -p -c 32 iv.bin)
[ld@DESKTOP-69L72QA openssl-gmssl-experiment]$ echo $IV
3aa81977aa360135f03d0438d6ec7069
[ld@DESKTOP-69L72QA openssl-gmssl-experiment]$ echo -n "ld" | gmssl sm4_cbc -encrypt -key $(xxd -p -c 32 key.bin) -iv $(
xxd -p -c 32 iv.bin) -out ldsm4.cbc
[ld@DESKTOP-69L72QA openssl-gmssl-experiment]$ gmssl sm4_cbc -decrypt -key $KEY -iv $IV -in ldsm4.cbc
ld[ld@DESKTOP-69L72QA openssl-gmssl-experiment]$ diff ldsm4.cbc ldsm4.cbc
[ld@DESKTOP-69L72QA openssl-gmssl-experiment]$ gmssl sm4_cbc -encrypt -key $(xxd -p -c 32 key.bin) -iv $(xxd -p -c 32 iv
.bin) -in ld.txt -out ldsm4.cbc3
[ld@DESKTOP-69L72QA openssl-gmssl-experiment]$ gmssl sm4_cbc -decrypt -key $(xxd -p -c 32 key.bin) -iv $(xxd -p -c 32 iv
.bin) -in ldsm4.cbc3
ld[ld@DESKTOP-69L72QA openssl-gmssl-experiment]$ diff ldsm4.cbc ldsm4.cbc3
sm2
  • help
  sm2keygen         Generate SM2 keypair
  sm2sign           Generate SM2 signature
  sm2verify         Verify SM2 signature
  sm2encrypt        Encrypt with SM2 public key
  sm2decrypt        Decrypt with SM2 private key
  • sm2
[ld@DESKTOP-69L72QA openssl-gmssl-experiment]$ gmssl sm2keygen -pass 1234 -out sm2.pem -pubout sm2pub.pem
[ld@DESKTOP-69L72QA openssl-gmssl-experiment]$ cat sm2.pem
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIBBjBhBgkqhkiG9w0BBQ0wVDA0BgkqhkiG9w0BBQwwJwQQLokf0r5y6j4awXWE
o1ZbrQIDAQAAAgEQMAsGCSqBHM9VAYMRAjAcBggqgRzPVQFoAgQQpGr57/tlnjH7
gRAa7KI7AgSBoLkJFCQJYlTemZi+gy5cRQYQoIWUz3wZIoI6m+MhCqSVd5rqZdxG
LPU5eeGM1bOhrtjb5KldUAEkhF3cvWc19Ec0hHB6LtT6JvekS8DanvAjmFiWRpa9
xRfRKVmrO1pdOhkReyM4SaSMQxJE1vApI/GtOjx03nCtCOX5v5D/CLKf0iTBFZMp
2dKdQ+LVBIV/qld1Au7auqIy2exhUMdscEg=
-----END ENCRYPTED PRIVATE KEY-----
[ld@DESKTOP-69L72QA openssl-gmssl-experiment]$ cat sm2pub.pem
-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEwDRtgNKoGQf/yXWWvlj8ACFNNehX
XHi7/NTIxbaEr2YXsPjQMOPsnYUXOSWg6oP08m6jJ6NbmRC7aHQqj1Ls/g==
-----END PUBLIC KEY-----
[ld@DESKTOP-69L72QA openssl-gmssl-experiment]$ echo ld | gmssl sm2sign -key sm2.pem -pass 1234 -out sm2.sig #-id 1234567
812345678
[ld@DESKTOP-69L72QA openssl-gmssl-experiment]$ od -tx1 sm2.sig
0000000 30 44 02 20 5d de 22 b3 63 2e e3 0a 1b 9b e7 82
0000020 6a 62 88 73 ed a9 d6 11 a3 75 2e 95 07 80 0f 48
0000040 d2 38 ed 38 02 20 06 de fa 86 c9 b5 e5 ff 59 f0
0000060 49 4a 88 83 a2 b3 c6 5f 69 22 c3 8d e0 76 61 16
0000100 a0 01 b8 bd 97 65
0000106
3. 两人一组,在 Ubuntu或openEuler中(推荐 openEuler)中使用OpenSSL命令实现带签名的数字信封协议。使用OpenSSL时Alice发送,Bob接收。Ailice,Bob在实验中要替换为自己的8位学号+姓名。 使用Markdown记录详细记录实践过程,每完成一项git commit 一次。(10分)
  • Alice,Bob生成自己的公私钥匙对,记作:(PKa,SKa),(PKb,SKb),Alice,Bob分别拥有:(PKa,SKa,PKb),(PKb,SKb,PKa),实验中把公钥文件拷贝给对方
  • Alice发给Bob的明文plain.txt,内容为自己的姓名学号
  • Alice:sm4 key使用gmssl rand 产生,16字节,记作k
  • Alice:Sm4Enc(k,P) = C
  • Alice:Sm2Enc(PKb,k) = KC
  • Alice:Sm2Sign(SKa,C)= S1
  • Alice: 数字信封 C||KC||S1 发给Bob
  • Bob:Sm2Very(PKa,S1)
  • Bob:Sm2Dec(SKb,KC)= k
  • Bob:Sm4Dec(k,C)= P
openssl
ld@DESKTOP-69L72QA:~/openssl-gmssl-experiment$ cd testopenssl
ld@DESKTOP-69L72QA:~/openssl-gmssl-experiment/testopenssl$ cp /mnt/c/1013/*.pem ./
ld@DESKTOP-69L72QA:~/openssl-gmssl-experiment/testopenssl$ ls
alice_public_key.pem
ld@DESKTOP-69L72QA:~/openssl-gmssl-experiment/testopenssl$ git add .
ld@DESKTOP-69L72QA:~/openssl-gmssl-experiment/testopenssl$ git commit -m "get alice public key"
[master b28feda] get alice public key
 1 file changed, 4 insertions(+)
 create mode 100755 testopenssl/alice_public_key.pem
  • 创造公私密钥对
ld@DESKTOP-69L72QA:~/openssl-gmssl-experiment/testopenssl$ openssl ecparam -genkey -name SM2 -out bob_private_key.pem
ld@DESKTOP-69L72QA:~/openssl-gmssl-experiment/testopenssl$ openssl ec -in bob_privatekey.pem -pubout -out bob_publickey.
pem
read EC key
Could not open file or uri for loading private key from bob_privatekey.pem
40A77C77267F0000:error:16000069:STORE routines:ossl_store_get0_loader_int:unregistered scheme:../crypto/store/store_register.c:237:scheme=file
40A77C77267F0000:error:80000002:system library:file_open:No such file or directory:../providers/implementations/storemgmt/file_store.c:267:calling stat(bob_privatekey.pem)
unable to load Key
ld@DESKTOP-69L72QA:~/openssl-gmssl-experiment/testopenssl$ openssl pkey -in bob_privatekey.pem -pubout -out bob_publicke
y.pem
Could not open file or uri for loading key from bob_privatekey.pem
40C7A5A04E7F0000:error:16000069:STORE routines:ossl_store_get0_loader_int:unregistered scheme:../crypto/store/store_register.c:237:scheme=file
40C7A5A04E7F0000:error:80000002:system library:file_open:No such file or directory:../providers/implementations/storemgmt/file_store.c:267:calling stat(bob_privatekey.pem)
ld@DESKTOP-69L72QA:~/openssl-gmssl-experiment/testopenssl$ openssl pkey -in bob_private_key.pem -pubout -out bob_public_
key.pem
ld@DESKTOP-69L72QA:~/openssl-gmssl-experiment/testopenssl$ ls
alice_public_key.pem  bob_private_key.pem  bob_public_key.pem  bob_publickey.pem
ld@DESKTOP-69L72QA:~/openssl-gmssl-experiment/testopenssl$ git add .
ld@DESKTOP-69L72QA:~/openssl-gmssl-experiment/testopenssl$ git commit -m "create keys"
[master 5140196] create keys
 3 files changed, 12 insertions(+)
 create mode 100644 testopenssl/bob_private_key.pem
 create mode 100644 testopenssl/bob_public_key.pem
 create mode 100644 testopenssl/bob_publickey.pem

获取alice的公钥

ld@DESKTOP-69L72QA:~/openssl-gmssl-experiment/testopenssl$ cp /mnt/c/1013/*.bin ./
ld@DESKTOP-69L72QA:~/openssl-gmssl-experiment/testopenssl$ cp /mnt/c/1013/*.txt  ./
ld@DESKTOP-69L72QA:~/openssl-gmssl-experiment/testopenssl$ ls
alice_public_key.pem  bob_public_key.pem  ciphertext.bin     iv.txt
bob_private_key.pem   bob_publickey.pem   encrypted_key.bin  signature.bin
ld@DESKTOP-69L72QA:~/openssl-gmssl-experiment/testopenssl$ git add .
ld@DESKTOP-69L72QA:~/openssl-gmssl-experiment/testopenssl$ git commit -m "get alice results "
[master 958d94d] get alice results
 4 files changed, 2 insertions(+)
 create mode 100755 testopenssl/ciphertext.bin
 create mode 100755 testopenssl/encrypted_key.bin
 create mode 100755 testopenssl/iv.txt
 create mode 100755 testopenssl/signature.bin
  • 完成
ld@DESKTOP-69L72QA:~/openssl-gmssl-experiment/testopenssl$ ls
alice_public_key.pem  bob_public_key.pem  ciphertext.bin     encrypted_key.bin  signature.bin
bob_private_key.pem   bob_publickey.pem   decrypted_key.txt  iv.txt
ld@DESKTOP-69L72QA:~/openssl-gmssl-experiment/testopenssl$ rm *.pem
rm: remove write-protected regular file 'alice_public_key.pem'? y
ld@DESKTOP-69L72QA:~/openssl-gmssl-experiment/testopenssl$ ls
ciphertext.bin  decrypted_key.txt  encrypted_key.bin  iv.txt  signature.bin
ld@DESKTOP-69L72QA:~/openssl-gmssl-experiment/testopenssl$ cp /mnt/c/1013/*.pem ./
ld@DESKTOP-69L72QA:~/openssl-gmssl-experiment/testopenssl$ ls
alice_public_key.pem  bob_public_key.pem  decrypted_key.txt  iv.txt
bob_private_key.pem   ciphertext.bin      encrypted_key.bin  signature.bin
ld@DESKTOP-69L72QA:~/openssl-gmssl-experiment/testopenssl$ openssl pkeyutl -decrypt -inkey bob_private_key.pem -in encrypted_key.bin -out decrypted_key.txt
ld@DESKTOP-69L72QA:~/openssl-gmssl-experiment/testopenssl$ openssl sm4-cbc -d -K $(cat decrypted_key.txt) -iv $(cat iv.txt) -in ciphertext.bin -out decrypted_plain.txt
ld@DESKTOP-69L72QA:~/openssl-gmssl-experiment/testopenssl$ cat decrypted_plain.txt
20221414xlm
ld@DESKTOP-69L72QA:~/openssl-gmssl-experiment/testopenssl$ git add .
ld@DESKTOP-69L72QA:~/openssl-gmssl-experiment/testopenssl$ git commit -m "openssl finish"
[master 6c3b409] openssl finish
 5 files changed, 7 insertions(+), 5 deletions(-)
 mode change 100644 => 100755 testopenssl/bob_private_key.pem
 mode change 100644 => 100755 testopenssl/bob_public_key.pem
 delete mode 100644 testopenssl/bob_publickey.pem
 create mode 100644 testopenssl/decrypted_key.txt
 create mode 100644 testopenssl/decrypted_plain.txt
4. 两人一组,在 Ubuntu或openEuler中(推荐 openEuler)中使用GmSSL命令实现带签名的数字信封协议。使用GmSSL,Bob发送,Alice接收。Ailice,Bob在实验中要替换为自己的8位学号+姓名。 使用Markdown记录详细记录实践过程,每完成一项git commit 一次。(10分)
gmssl
  • Alice 生成密钥对
Initialized empty Git repository in /home/ld/openssl-gmssl-experiment/testgmssl/.git/
[ld@DESKTOP-69L72QA testgmssl]$ gmssl sm2keygen -pass 1234 -out alice_sm2.pem -pubout alice_sm2pub.pem
[ld@DESKTOP-69L72QA testgmssl]$ ls
alice_sm2.pem  alice_sm2pub.pem
[ld@DESKTOP-69L72QA testgmssl]$ git add .
[ld@DESKTOP-69L72QA testgmssl]$ git commit -m "create keys"
[master (root-commit) 25b63fc] create keys
 2 files changed, 12 insertions(+)
 create mode 100644 alice_sm2.pem
 create mode 100644 alice_sm2pub.pem
  • 交换公钥
[ld@DESKTOP-69L72QA testgmssl]$ cp /mnt/c/1013/*.pem ./
[ld@DESKTOP-69L72QA testgmssl]$ ls
alice_public_key.pem  alice_sm2.pem  alice_sm2pub.pem  bob_private_key.pem  bob_public_key.pem  bob_sm2pub.pem
[ld@DESKTOP-69L72QA testgmssl]$ rm bob_public_key.pem
rm: remove write-protected regular file 'bob_public_key.pem'? y
[ld@DESKTOP-69L72QA testgmssl]$ rm bob_private_key.pem
rm: remove write-protected regular file 'bob_private_key.pem'? y
[ld@DESKTOP-69L72QA testgmssl]$ rm alice_public_key.pem
rm: remove write-protected regular file 'alice_public_key.pem'? y
[ld@DESKTOP-69L72QA testgmssl]$ ls
alice_sm2.pem  alice_sm2pub.pem  bob_sm2pub.pem
[ld@DESKTOP-69L72QA testgmssl]$ git add .
[ld@DESKTOP-69L72QA testgmssl]$ git commit -m "get bob public key"
[master 464e4ca] get bob public key
 1 file changed, 4 insertions(+)
 create mode 100755 bob_sm2pub.pem
  • 使用 SM2 加密 SM4 密钥
[ld@DESKTOP-69L72QA testgmssl]$ echo "20221408ld" > plain.txt
[ld@DESKTOP-69L72QA testgmssl]$ ls
alice_sm2.pem  alice_sm2pub.pem  bob_sm2pub.pem  plain.txt
[ld@DESKTOP-69L72QA testgmssl]$ git add .
[ld@DESKTOP-69L72QA testgmssl]$ gmssl rand -outlen 16 -out key.bin
[ld@DESKTOP-69L72QA testgmssl]$  gmssl rand -outlen 16 -out iv.bin
[ld@DESKTOP-69L72QA testgmssl]$ ls
alice_sm2.pem  alice_sm2pub.pem  bob_sm2pub.pem  iv.bin  key.bin  plain.txt
[ld@DESKTOP-69L72QA testgmssl]$ gmssl sm4_cbc -encrypt -key $(xxd -p -c 32 key.bin) -iv $(xxd -p -c 32 iv.bin) -out miwen.cbc
^C
[ld@DESKTOP-69L72QA testgmssl]$ gmssl sm4_cbc -encrypt -key $(xxd -p -c 32 key.bin) -iv $(xxd -p -c 32 iv.bin) -out miwen.cbc
^C
[ld@DESKTOP-69L72QA testgmssl]$ KEY=$(xxd -p -l 16 key.bin)
[ld@DESKTOP-69L72QA testgmssl]$ IV=$(xxd -p -l 16 iv.bin)
[ld@DESKTOP-69L72QA testgmssl]$ gmssl sm4_cbc -encrypt -key $KEY -iv $IV -out miwen.cbc
^C
[ld@DESKTOP-69L72QA testgmssl]$ gmssl sm4_cbc -encrypt -key $KEY -iv $IV -in plain.txt  -out miwen.cbc
[ld@DESKTOP-69L72QA testgmssl]$ ls
alice_sm2.pem  alice_sm2pub.pem  bob_sm2pub.pem  iv.bin  key.bin  miwen.cbc  plain.txt
[ld@DESKTOP-69L72QA testgmssl]$ gmssl sm2encrypt -pubkey alice_sm2pub.pem -out encry_key.bin  -in key.bin
[ld@DESKTOP-69L72QA testgmssl]$ ls
alice_sm2.pem  alice_sm2pub.pem  bob_sm2pub.pem  encry_key.bin  iv.bin  key.bin  miwen.cbc  plain.txt
[ld@DESKTOP-69L72QA testgmssl]$ git add .
[ld@DESKTOP-69L72QA testgmssl]$ git commit -m "Encrypted SM4 key with SM2 using Bob's public key"
[master 73f938f] Encrypted SM4 key with SM2 using Bob's public key
 5 files changed, 4 insertions(+)
 create mode 100644 encry_key.bin
 create mode 100644 iv.bin
 create mode 100644 key.bin
 create mode 100644 miwen.cbc
 create mode 100644 plain.txt
  • 签名
[ld@DESKTOP-69L72QA testgmssl]$ gmssl sm2sign -key alice_sm2.pem -pass 1234 -out ld_sm2.sig
^C
[ld@DESKTOP-69L72QA testgmssl]$ gmssl sm2sign -key alice_sm2.pem -pass 1234 -out ld_sm2.sig -in miwen.cbc
[ld@DESKTOP-69L72QA testgmssl]$ ls
alice_sm2.pem  alice_sm2pub.pem  bob_sm2pub.pem  encry_key.bin  iv.bin  key.bin  ld_sm2.sig  miwen.cbc  plain.txt
[ld@DESKTOP-69L72QA testgmssl]$ git add .
[ld@DESKTOP-69L72QA testgmssl]$ git commit -m "Signed ciphertext with SM2 using Alice's private key"
[master ce6cf48] Signed ciphertext with SM2 using Alice's private key
 1 file changed, 0 insertions(+), 0 deletions(-)
 create mode 100644 ld_sm2.sig
5. 实验记录中提交 gitee 课程项目链接,提交本次实验相关 git log运行结果
ld@DESKTOP-69L72QA:~/openssl-gmssl-experiment/testopenssl$ git log
commit 6c3b409279365c6e95709f97e63ba7ea9186c219 (HEAD -> master)
Author: userName <userEmail>
Date:   Sun Oct 13 22:28:33 2024 +0800

    openssl finish

commit 958d94d17d58379dc2e6cf453ee34a0165a5418f
Author: userName <userEmail>
Date:   Sun Oct 13 22:20:23 2024 +0800

    get alice results

commit 5140196ac548739e82092c67249bb092dcb1e75e
Author: userName <userEmail>
Date:   Sun Oct 13 22:17:03 2024 +0800

    create keys

commit b28feda09fee4676f94ace49457a79221b7c9bb0
Author: userName <userEmail>
Date:   Sun Oct 13 22:13:56 2024 +0800

    get alice public key

commit 3a6afa127653dbeaf2eefb5ade63c5f4d016a7d1
Author: userName <userEmail>
Date:   Sun Oct 13 20:38:43 2024 +0800

    Initial commit: Add sample file
    [ld@DESKTOP-69L72QA testgmssl]$ git log
commit ce6cf48bd03b218342b607f2048c9038fd0c2d5f (HEAD -> master)
Author: Your Name <you@example.com>
Date:   Sun Oct 13 22:45:41 2024 +0800

    Signed ciphertext with SM2 using Alice's private key

commit 73f938f924a7ba05be9cf017b5e46847dfa58545
Author: Your Name <you@example.com>
Date:   Sun Oct 13 22:43:22 2024 +0800

    Encrypted SM4 key with SM2 using Bob's public key

commit 464e4cab627234668d1a25b294fe0cac0172205e
Author: Your Name <you@example.com>
Date:   Sun Oct 13 22:34:07 2024 +0800

    get bob public key

commit 25b63fc165697270e94d33c3032a2941752dd564
Author: Your Name <you@example.com>
Date:   Sun Oct 13 22:31:15 2024 +0800

    create keys
6. 提交要求:
  • 提交实践过程Markdown和转化的PDF文件
  • 代码,文档托管到gitee或github等,推荐 gitclone
  • 记录实验过程中遇到的问题,解决过程,反思等内容,完成实验报告相关内容
南嘉560
关注
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值