b) 应使用国家密码管理主管部门认证核准的密码技术和产品。文章源自菜鸟学院-https://www.cainiaoxueyuan.com/yunwei/11869.html
# unzip master.zip文章源自菜鸟学院-https://www.cainiaoxueyuan.com/yunwei/11869.html
文章源自菜鸟学院-https://www.cainiaoxueyuan.com/yunwei/11869.html
2、编译安装GmSSL文章源自菜鸟学院-https://www.cainiaoxueyuan.com/yunwei/11869.html
# ./config文章源自菜鸟学院-https://www.cainiaoxueyuan.com/yunwei/11869.html
# make文章源自菜鸟学院-https://www.cainiaoxueyuan.com/yunwei/11869.html
# make install文章源自菜鸟学院-https://www.cainiaoxueyuan.com/yunwei/11869.html
# ln -s /usr/local/lib64/libssl.so.1.1 /usr/lib64/libssl.so.1.1文章源自菜鸟学院-https://www.cainiaoxueyuan.com/yunwei/11869.html
# ln -s /usr/local/lib64/libcrypto.so.1.1 /usr/lib64/libcrypto.so.1.1文章源自菜鸟学院-https://www.cainiaoxueyuan.com/yunwei/11869.html
文章源自菜鸟学院-https://www.cainiaoxueyuan.com/yunwei/11869.html
3、检查GmSSL版本文章源自菜鸟学院-https://www.cainiaoxueyuan.com/yunwei/11869.html
# gmssl version -a文章源自菜鸟学院-https://www.cainiaoxueyuan.com/yunwei/11869.html
文章源自菜鸟学院-https://www.cainiaoxueyuan.com/yunwei/11869.html
4、测试GmSSL加密文章源自菜鸟学院-https://www.cainiaoxueyuan.com/yunwei/11869.html
SM3 digest generation(哈希算法,类似MD5)文章源自菜鸟学院-https://www.cainiaoxueyuan.com/yunwei/11869.html
# echo -n "abc" | gmssl sm3文章源自菜鸟学院-https://www.cainiaoxueyuan.com/yunwei/11869.html
(stdin)= 66c7f0f462eeedd9d1f2d46bdc10e4e24167c4875cf2f7a2297da02b8f4ba8e0文章源自菜鸟学院-https://www.cainiaoxueyuan.com/yunwei/11869.html
文章源自菜鸟学院-https://www.cainiaoxueyuan.com/yunwei/11869.html
SM4 encryptiona and decryption(对称算法,类似AES、3DES)文章源自菜鸟学院-https://www.cainiaoxueyuan.com/yunwei/11869.html
# gmssl sms4 -in README.md -out README.sms4文章源自菜鸟学院-https://www.cainiaoxueyuan.com/yunwei/11869.html
# gmssl sms4 -d -in README.sms4文章源自菜鸟学院-https://www.cainiaoxueyuan.com/yunwei/11869.html
文章源自菜鸟学院-https://www.cainiaoxueyuan.com/yunwei/11869.html
SM2 private key generation(非对称算法,类似RSA)文章源自菜鸟学院-https://www.cainiaoxueyuan.com/yunwei/11869.html
# gmssl genpkey -algorithm EC -pkeyopt ec_paramgen_curve:sm2p256v1 -pkeyopt ec_param_enc:named_curve -out skey.pem文章源自菜鸟学院-https://www.cainiaoxueyuan.com/yunwei/11869.html
文章源自菜鸟学院-https://www.cainiaoxueyuan.com/yunwei/11869.html
Derive the public key from the generated SM2 private key:文章源自菜鸟学院-https://www.cainiaoxueyuan.com/yunwei/11869.html
# gmssl pkey -pubout -in skey.pem -out vkey.pem文章源自菜鸟学院-https://www.cainiaoxueyuan.com/yunwei/11869.html
文章源自菜鸟学院-https://www.cainiaoxueyuan.com/yunwei/11869.html
SM2 signature generation and verification:文章源自菜鸟学院-https://www.cainiaoxueyuan.com/yunwei/11869.html
# gmssl sm3 -binary README.md | gmssl pkeyutl -sign -pkeyopt ec_scheme:sm2 -inkey skey.pem -out README.md.sig文章源自菜鸟学院-https://www.cainiaoxueyuan.com/yunwei/11869.html
文章源自菜鸟学院-https://www.cainiaoxueyuan.com/yunwei/11869.html
# gmssl sm3 -binary README.md | gmssl pkeyutl -verify -pkeyopt ec_scheme:sm2 -pubin -inkey vkey.pem -sigfile README.md.sig文章源自菜鸟学院-https://www.cainiaoxueyuan.com/yunwei/11869.html
文章源自菜鸟学院-https://www.cainiaoxueyuan.com/yunwei/11869.html
# gmssl genpkey -algorithm EC -pkeyopt ec_paramgen_curve:sm2p256v1 -pkeyopt ec_param_enc:named_curve -out dkey.pem文章源自菜鸟学院-https://www.cainiaoxueyuan.com/yunwei/11869.html
文章源自菜鸟学院-https://www.cainiaoxueyuan.com/yunwei/11869.html
# gmssl pkey -pubout -in dkey.pem -out ekey.pem文章源自菜鸟学院-https://www.cainiaoxueyuan.com/yunwei/11869.html
文章源自菜鸟学院-https://www.cainiaoxueyuan.com/yunwei/11869.html
# echo "Top Secret" | gmssl pkeyutl -encrypt -pkeyopt ec_scheme:sm2 -pubin -inkey ekey.pem -out ciphertext.sm2文章源自菜鸟学院-https://www.cainiaoxueyuan.com/yunwei/11869.html
文章源自菜鸟学院-https://www.cainiaoxueyuan.com/yunwei/11869.html
# gmssl pkeyutl -decrypt -pkeyopt ec_scheme:sm2 -inkey dkey.pem -in ciphertext.sm2文章源自菜鸟学院-https://www.cainiaoxueyuan.com/yunwei/11869.html
文章源自菜鸟学院-https://www.cainiaoxueyuan.com/yunwei/11869.html
Self-signed SM2 certificate generation:文章源自菜鸟学院-https://www.cainiaoxueyuan.com/yunwei/11869.html
文章源自菜鸟学院-https://www.cainiaoxueyuan.com/yunwei/11869.html
# gmssl req -new -x509 -key skey.pem -out cert.pem文章源自菜鸟学院-https://www.cainiaoxueyuan.com/yunwei/11869.html
# touch index.txt文章源自菜鸟学院-https://www.cainiaoxueyuan.com/yunwei/11869.html
# echo "01" > serial文章源自菜鸟学院-https://www.cainiaoxueyuan.com/yunwei/11869.html
文章源自菜鸟学院-https://www.cainiaoxueyuan.com/yunwei/11869.html
2、将通过以下自签名生成的放到demoCA目录下,文章源自菜鸟学院-https://www.cainiaoxueyuan.com/yunwei/11869.html
放到demoCA/private文章源自菜鸟学院-https://www.cainiaoxueyuan.com/yunwei/11869.html
文章源自菜鸟学院-https://www.cainiaoxueyuan.com/yunwei/11869.html
3、创建公私钥和证书请求:文章源自菜鸟学院-https://www.cainiaoxueyuan.com/yunwei/11869.html
# gmssl ecparam -genkey -name sm2p256v1 -out文章源自菜鸟学院-https://www.cainiaoxueyuan.com/yunwei/11869.html
# gmssl req -new -sm3 -key -out cacsr.pem文章源自菜鸟学院-https://www.cainiaoxueyuan.com/yunwei/11869.html
文章源自菜鸟学院-https://www.cainiaoxueyuan.com/yunwei/11869.html
4、自签名文章源自菜鸟学院-https://www.cainiaoxueyuan.com/yunwei/11869.html
# gmssl req -x509 -sm3 -days 3650 -key -in cacsr.pem -out文章源自菜鸟学院-https://www.cainiaoxueyuan.com/yunwei/11869.html
# gmssl x509 -req -days 3650 -sm3 -in cacsr.pem -signkey -out文章源自菜鸟学院-https://www.cainiaoxueyuan.com/yunwei/11869.html
文章源自菜鸟学院-https://www.cainiaoxueyuan.com/yunwei/11869.html
5、把pem转化成cer文章源自菜鸟学院-https://www.cainiaoxueyuan.com/yunwei/11869.html
# gmssl x509 -inform pem -in -outform der -out cacert.cer文章源自菜鸟学院-https://www.cainiaoxueyuan.com/yunwei/11869.html
文章源自菜鸟学院-https://www.cainiaoxueyuan.com/yunwei/11869.html
6、ca签名(在demoCA的父目录下执行)文章源自菜鸟学院-https://www.cainiaoxueyuan.com/yunwei/11869.html
# gmssl ca -md sm3 -in client_csr.pem -out client_cert.pem -days 3650文章源自菜鸟学院-https://www.cainiaoxueyuan.com/yunwei/11869.html
文章源自菜鸟学院-https://www.cainiaoxueyuan.com/yunwei/11869.html
7、显示证书信息:文章源自菜鸟学院-https://www.cainiaoxueyuan.com/yunwei/11869.html
# gmssl x509 -text -noout -in文章源自菜鸟学院-https://www.cainiaoxueyuan.com/yunwei/11869.html
# gmssl req -in cacsr.pem -noout -text文章源自菜鸟学院-https://www.cainiaoxueyuan.com/yunwei/11869.html
文章源自菜鸟学院-https://www.cainiaoxueyuan.com/yunwei/11869.html
8、证书通信测试命令文章源自菜鸟学院-https://www.cainiaoxueyuan.com/yunwei/11869.html
SERVER:文章源自菜鸟学院-https://www.cainiaoxueyuan.com/yunwei/11869.html
# gmssl s_server -key server_key.pem -cert server_cert.pem -CAfile -cipher ECDHE-SM4-SM3 -verify 1文章源自菜鸟学院-https://www.cainiaoxueyuan.com/yunwei/11869.html
文章源自菜鸟学院-https://www.cainiaoxueyuan.com/yunwei/11869.html
CLIENT:文章源自菜鸟学院-https://www.cainiaoxueyuan.com/yunwei/11869.html
# gmssl s_client -key client_key.pem -cert client_cert.pem -CAfile -cipher ECDHE-SM4-SM3 -verify 1文章源自菜鸟学院-https://www.cainiaoxueyuan.com/yunwei/11869.html
2、以上制作的证书均为:Signature Algorithm: sm2sign-with-sm3文章源自菜鸟学院-https://www.cainiaoxueyuan.com/yunwei/11869.html
3、当前浏览器如IE、Firefox、Chrome等暂不支持SM2国密证书。需要下载专门的国密浏览器才支持SM2国密证书。文章源自菜鸟学院-https://www.cainiaoxueyuan.com/yunwei/11869.html
2019-05-16 10:21 1F
gmssl生成之后的证书怎么放在apache里面?和openssl生成的证书放在一个地方吗?