《密码系统设计》实验_嵌入式基础密码检验实验-优快云博客

本文链接：https://blog.youkuaiyun.com/m0_73622182/article/details/142922729

《密码系统设计》实验

实验项目

实验序号	实验名称	实验学时数	实验目的	实验内容	实验类型	学生学习预期成果
实验一	嵌入式开发基础	6	掌握Linux系统使用与开发方法	Linux命令，OpenSSL（GmSSL）命令与开发	验证性	1.掌握常见的Linux命令与C语言开发方法； 2.掌握OpenSSL（GmSSL）的基本用法与开发； 3.掌握常见商用密码算法的使用

实验一嵌入式开发基础

《密码系统设计》实验
实验项目
实验序号实验名称实验学时数实验目的实验内容实验类型学生学习预期成果
实验一嵌入式开发基础 6 掌握Linux系统使用与开发方法 Linux命令，OpenSSL（GmSSL）命令与开发验证性 1.掌握常见的Linux命令与C语言开发方法；2.掌握OpenSSL（GmSSL）的基本用法与开发；3.掌握常见商用密码算法的使用
参考云班课相关教学视频，在 Ubuntu或openEuler中（推荐 openEuler）中实践课程思维导图中OpenSSL相关内容，使用Markdown记录详细记录实践过程，每完成一项git commit 一次。（5分）
openssl cmd
[root@player1 roc-exp]# openssl version
OpenSSL 3.3.2 3 Sep 2024 (Library: OpenSSL 3.3.2 3 Sep 2024)
openssl list -help
[root@player1 roc-exp]# openssl -help
help:

Standard commands
asn1parse ca ciphers cmp
cms crl crl2pkcs7 dgst
dhparam dsa dsaparam ec
ecparam enc engine errstr
fipsinstall gendsa genpkey genrsa
help info kdf list
mac nseq ocsp passwd
pkcs12 pkcs7 pkcs8 pkey
pkeyparam pkeyutl prime rand
rehash req rsa rsautl
s_client s_server s_time sess_id
smime speed spkac srp
storeutl ts verify version
x509

Message Digest commands (see the `dgst’ command for more details)
blake2b512 blake2s256 md4 md5
mdc2 rmd160 sha1 sha224
sha256 sha3-224 sha3-256 sha3-384
sha3-512 sha384 sha512 sha512-224
sha512-256 shake128 shake256 sm3

[root@player1 roc-exp]# openssl list -help
Usage: list [options]

General options:
-help Display this summary

Output options:
-1 List in one column
-verbose Verbose listing
-select val Select a single algorithm
-commands List of standard commands
-standard-commands List of standard commands
-all-algorithms List of all algorithms
-digest-commands List of message digest commands (deprecated)
-digest-algorithms List of message digest algorithms
-kdf-algorithms List of key derivation and pseudo random function algorithms
-random-instances List the primary, public and private random number generator details
-random-generators List of random number generators
-mac-algorithms List of message authentication code algorithms
-cipher-commands List of cipher commands (deprecated)
-cipher-algorithms List of symmetric cipher algorithms
-encoders List of encoding methods
-decoders List of decoding methods
-key-managers List of key managers
-key-exchange-algorithms List of key exchange algorithms
-kem-algorithms List of key encapsulation mechanism algorithms
-signature-algorithms List of signature algorithms
-asymcipher-algorithms List of asymmetric cipher algorithms
-public-key-algorithms List of public key algorithms
-public-key-methods List of public key methods
-store-loaders List of store loaders
-providers List of provider information
-engines List of loaded engines
-disabled List of disabled features
-options val List options for specified command
-objects List built in objects (OID<->name mappings)

Cipher commands (see the `enc’ command for more details)
aes-128-cbc aes-128-ecb aes-192-cbc aes-192-ecb
aes-256-cbc aes-256-ecb aria-128-cbc aria-128-cfb
aria-128-cfb1 aria-128-cfb8 aria-128-ctr aria-128-ecb
aria-128-ofb aria-192-cbc aria-192-cfb aria-192-cfb1
aria-192-cfb8 aria-192-ctr aria-192-ecb aria-192-ofb
aria-256-cbc aria-256-cfb aria-256-cfb1 aria-256-cfb8
aria-256-ctr aria-256-ecb aria-256-ofb base64
bf bf-cbc bf-cfb bf-ecb
bf-ofb camellia-128-cbc camellia-128-ecb camellia-192-cbc
camellia-192-ecb camellia-256-cbc camellia-256-ecb cast
cast-cbc cast5-cbc cast5-cfb cast5-ecb
cast5-ofb des des-cbc des-cfb
des-ecb des-ede des-ede-cbc des-ede-cfb
des-ede-ofb des-ede3 des-ede3-cbc des-ede3-cfb
des-ede3-ofb des-ofb des3 desx
idea idea-cbc idea-cfb idea-ecb
idea-ofb rc2 rc2-40-cbc rc2-64-cbc
rc2-cbc rc2-cfb rc2-ecb rc2-ofb
rc4 rc4-40 seed seed-cbc
seed-cfb seed-ecb seed-ofb sm4-cbc
sm4-cfb sm4-ctr sm4-ecb sm4-ofb
zlib
数据输入输出
文本
[root@player1 roc-exp]# echo 123 | openssl sm3
SM3(stdin)= e95001aed4b6f7de59169913997dace404f05091ed49c37133a9950a69405a9c
[root@player1 roc-exp]# echo “123” | openssl sm3
SM3(stdin)= e95001aed4b6f7de59169913997dace404f05091ed49c37133a9950a69405a9c
二进制 -file 通用选项
[root@player1 roc-exp]# echo “obase=16;123” | bc
7B
[root@player1 roc-exp]# echo -n -e “\x7B” > 123.bin
[root@player1 roc-exp]# od -tx1 123.bin
0000000 7b
0000001
[root@player1 roc-exp]# openssl sm3 -file 123.bin
SM3(123.bin)= 2ed59fea0dbe4e4f02de67ee657eb6be8e22a7db425103402d8a36d7b6f6d344
[root@player1 roc-exp]# echo -ne “\x7B” | openssl sm3
SM3(stdin)= 2ed59fea0dbe4e4f02de67ee657eb6be8e22a7db425103402d8a36d7b6f6d344
prime
help
[root@player1 roc-exp]# openssl prime -help
Usage: prime [options] [number…]

General options:
-help Display this summary
-bits +int Size of number in bits
-checks +int Number of checks

Output options:
-hex Hex output
-generate Generate a prime
-safe When used with -generate, generate a safe prime

Parameters:
number Number(s) to check for primality if not generating
素性检查
[root@player1 roc-exp]# openssl prime 3
3 (3) is prime
[root@player1 roc-exp]# openssl prime 33
21 (33) is not prime
[root@player1 roc-exp]# openssl prime -checks 10 33
21 (33) is not prime
[root@player1 roc-exp]# openssl prime -hex 4F
4F (4F) is prime
素数生成
[root@player1 roc-exp]# openssl prime -generate -bits 10
907
[root@player1 roc-exp]# openssl prime 907
38B (907) is prime
[root@player1 roc-exp]# openssl prime -generate -bits 10
929
[root@player1 roc-exp]# openssl prime 929
3A1 (929) is prime
[root@player1 roc-exp]# openssl prime -generate -bits 10 -hex
038B
[root@player1 roc-exp]# openssl prime -hex 038B
38B (038B) is prime
rand
help
[root@player1 roc-exp]# openssl rand -help
Usage: rand [options] num[K|M|G|T]

General options:
-help Display this summary
-engine val Use engine, possibly a hardware device

Output options:
-out outfile Output file
-base64 Base64 encode output
-hex Hex encode output

Random state options:
-rand val Load the given file(s) into the random number generator
-writerand outfile Write random data to the specified file

Parameters:
num Number of bytes to generate
随机数产生
[root@player1 roc-exp]# openssl rand 10
¢¶Խc
[root@player1 roc-exp]# openssl rand 10 | od -tx1
0000000 60 7d 0c c3 c4 ba 9d 56 39 88
0000012
[root@player1 roc-exp]# openssl rand 10 | xxd -p
a1cb9bfff4f9cdfce5fe
[root@player1 roc-exp]# openssl rand -hex 10
9916bb1ea1b24825598d
[root@player1 roc-exp]# openssl rand -base64 10
iAXI4KNa9ZgXwA==
随机数文件
[root@player1 roc-exp]# openssl rand -out r1.bin 10
[root@player1 roc-exp]# od -tx1 r1.bin
0000000 58 70 63 79 af 39 99 ff 18 38
0000012
[root@player1 roc-exp]# openssl rand 10 > r2.bin
[root@player1 roc-exp]# cat r2.bin | xxd -p
e5f910cfbe23e86d242e
base64
help
[root@player1 roc-exp]# openssl base64 -help
Usage: base64 [options]

General options:
-help Display this summary
-list List ciphers
-ciphers Alias for -list
-e Encrypt
-d Decrypt
-p Print the iv/key
-P Print the iv/key and exit
-engine val Use engine, possibly a hardware device

Input options:
-in infile Input file
-k val Passphrase
-kfile infile Read passphrase from file

Output options:
-out outfile Output file
-pass val Passphrase source
-v Verbose output
-a Base64 encode/decode, depending on encryption flag
-base64 Same as option -a
-A Used with -[base64|a] to specify base64 buffer as a single line

Encryption options:
-nopad Disable standard block padding
-salt Use salt in the KDF (default)
-nosalt Do not use salt in the KDF
-debug Print debug info
-bufsize val Buffer size
-K val Raw key, in hex
-S val Salt, in hex
-iv val IV in hex
-md val Use specified digest to create a key from the passphrase
-iter +int Specify the iteration count and force the use of PBKDF2
Default: 10000
-pbkdf2 Use password-based key derivation function 2 (PBKDF2)
Use -iter to change the iteration count from 10000
-none Don’t encrypt
-saltlen +int Specify the PBKDF2 salt length (in bytes)
Default: 16
-z Compress or decompress encrypted data using zlib
-* Any supported cipher

Random state options:
-rand val Load the given file(s) into the random number generator
-writerand outfile Write random data to the specified file

Provider options:
-provider-path val Provider load path (must be before ‘provider’ argument if required)
-provider val Provider to load (can be specified multiple times)
-propquery val Property query used when fetching algorithms
编码解码
[root@player1 roc-exp]# echo lzj | openssl base64
Y2pzCg==
[root@player1 roc-exp]# echo lzj | openssl base64 -e
Y2pzCg==
[root@player1 roc-exp]# echo Y2pzCg== | openssl base64 -d
lzj
[root@player1 roc-exp]# echo -ne “\x11\x22\x33” | openssl base64
ESIz
[root@player1 roc-exp]# echo ESIz | openssl base64 -d | xxd -p
112233
[root@player1 roc-exp]# echo -ne “\x11\x22\x33\x44” | openssl base64
ESIzRA==
[root@player1 roc-exp]# echo ESIzRA== | openssl base64 -d | xxd -p
11223344
文件编码解码
[root@player1 roc-exp]# echo lzj > lzj.txt
[root@player1 roc-exp]# openssl base64 -in lzj.txt -out lzj.b64
[root@player1 roc-exp]# cat lzj.b64
Y2pzCg==
[root@player1 roc-exp]# openssl base64 -d -in lzj.b64 -out lzj2.txt
[root@player1 roc-exp]# diff lzj.txt lzj2.txt
[root@player1 roc-exp]# cat lzj2.txt
lzj
asn1parse
help
[root@player1 roc-exp]# openssl asn1parse -help
Usage: asn1parse [options]

General options:
-help Display this summary
-oid infile file of extra oid definitions

I/O options:
-inform parm input format - one of DER PEM B64
-in infile input file
-out outfile output file (output format is always DER)
-noout do not produce any output
-offset +int offset into file
-length +int length of section in file
-strparse +int offset; a series of these can be used to ‘dig’
-genstr val string to generate ASN1 structure from
into multiple ASN1 blob wrappings
-genconf val file to generate ASN1 structure from
-strictpem equivalent to ‘-inform pem’ (obsolete)
-item val item to parse and print
(-inform will be ignored)

Formatting options:
-i indents the output
-dump unknown data in hex form
-dlimit +int dump the first arg bytes of unknown data in hex form
密码工程中的格式
[root@player1 roc-exp]# echo -ne “\x03\x02\x04\x90” > bitstring.der
[root@player1 roc-exp]# openssl asn1parse -inform der -i -in bitstring.der
0:d=0 hl=2 l= 2 prim: BIT STRING
[root@player1 roc-exp]# openssl base64 -in bitstring.der -out bitstring.pem
[root@player1 roc-exp]# ls bitstring.pem
bitstring.pem
[root@player1 exp1]# openssl asn1parse -inform PEM -in bitstring.pem
Error reading PEM file
00503FC6867F0000:error:0480006C:PEM routines:get_name:no start line:crypto/pem/pem_lib.c:773:
Hash和HMAC
help
[root@player1 exp1]# openssl dgst -help
Usage: dgst [options] [file…]

General options:
-help Display this summary
-list List digests
-engine val Use engine e, possibly a hardware device
-engine_impl Also use engine given by -engine for digest operations
-passin val Input file pass phrase source

Output options:
-c Print the digest with separating colons
-r Print the digest in coreutils format
-out outfile Output to filename rather than stdout
-keyform format Key file format (ENGINE, other values ignored)
-hex Print as hex dump
-binary Print in binary form
-xoflen +int Output length for XOF algorithms. To obtain the maximum security strength set this to 32 (or greater) for SHAKE128, and 64 (or greater) for SHAKE256
-d Print debug info
-debug Print debug info

Signing options:
-sign val Sign digest using private key
-verify val Verify a signature using public key
-prverify val Verify a signature using private key
-sigopt val Signature parameter in n:v form
-signature infile File with signature to verify
-hmac val Create hashed MAC with key
-mac val Create MAC (not necessarily HMAC)
-macopt val MAC algorithm parameters in n:v form or key
-* Any supported digest
-fips-fingerprint Compute HMAC with the key used in OpenSSL-FIPS fingerprint

Random state options:
-rand val Load the given file(s) into the random number generator
-writerand outfile Write random data to the specified file

Parameters:
file Files to digest (optional; default is stdin)
[root@player1 exp1]# openssl dgst -list
Supported digests:
-blake2b512 -blake2s256 -md4
-md5 -md5-sha1 -mdc2
-ripemd -ripemd160 -rmd160
-sha1 -sha224 -sha256
-sha3-224 -sha3-256 -sha3-384
-sha3-512 -sha384 -sha512
-sha512-224 -sha512-256 -shake128
-shake256 -sm3 -ssl3-md5
-ssl3-sha1 -whirlpool
sm3
[root@player1 exp1]# echo lzj | openssl dgst -sm3
SM3(stdin)= 6f5bc2fb3c22e1e235874e3e4c05d9b05aeda29a027f5211c5204de8033dc1d8
[root@player1 exp1]# echo lzj | openssl sm3
SM3(stdin)= 6f5bc2fb3c22e1e235874e3e4c05d9b05aeda29a027f5211c5204de8033dc1d8
[root@player1 exp1]# echo lzj | openssl sm3 -hex
SM3(stdin)= 6f5bc2fb3c22e1e235874e3e4c05d9b05aeda29a027f5211c5204de8033dc1d8
[root@player1 exp1]# echo lzj | openssl sm3 -binary
o[û<"⠵N>LٰZRàM恽
[root@player1 exp1]# echo lzj | openssl sm3 -binary | xxd -p
6f5bc2fb3c22e1e235874e3e4c05d9b05aeda29a027f5211c5204de8033dc1d8
文件
[root@player1 exp1]# cat lzj.txt
lzj
[root@player1 exp1]# openssl sm3 lzj.txt
SM3(lzj.txt)= 6f5bc2fb3c22e1e235874e3e4c05d9b05aeda29a027f5211c5204de8033dc1d8
[root@player1 exp1]# echo lzj | openssl sm3
SM3(stdin)= 6f5bc2fb3c22e1e235874e3e4c05d9b05aeda29a027f5211c5204de8033dc1d8
对称算法
help
[root@player1 exp1]# openssl enc -help
Usage: enc [options]

Input options:
-in infile Input file
-k val Passphrase
-kfile infile Read passphrase from file

Random state options:
-rand val Load the given file(s) into the random number generator
-writerand outfile Write random data to the specified file

Provider options:
-provider-path val Provider load path (must be before ‘provider’ argument if required)
-provider val Provider to load (can be specified multiple times)
-propquery val Property query used when fetching algorithms
加密解密
[root@player1 exp1]# openssl sm4-cbc -K “2851fa25211a48023794ae9515909603” -iv “da80e405a4998c351b0717093cbe86ab” -in lzj.txt -out lzj.enc
[root@player1 exp1]# openssl sm4-cbc -d -K “2851fa25211a48023794ae9515909603” -iv “da80e405a4998c351b0717093cbe86ab” -in lzj.enc -out lzj3.txt
[root@player1 exp1]# diff lzj.txt lzj3.txt
非对称算法
RSA
产生密码对
[root@player1 exp1]# openssl genpkey -algorithm RSA -out private_key.pem
…+…+…+…+…+…+…+++++++++++++++++++++++++++++++++++++++…+++++++++++++++++++++++++++++++++++++++…+.+…+.+…+.+…+…+.+…+…+…+…+…+…+…+…+…+…+…+…+…+.+…+…+…+…+…+…+…+…+…+…+.+…+…+.+…+…++++++
.+…+…+…+…+…+…+…+…+…+…+++++++++++++++++++++++++++++++++++++++…+…+++++++++++++++++++++++++++++++++++++++.+…+…+…+…+…+…+…+…+…+…+…+…+…+…+.+…+…+…+…+…+…+…+…+…+…+…+.+…+…+…+.+…+…+…++++++
[root@player1 exp1]# cat private_key.pem
-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC/B4664/4kJ0ly
179Z9aXLp++PmYVVOhJID4PsRvfvh7v4k+N3svyq1dqqCSIsKZugLFcB0eGHQk51
l9ldxPX2cAv0AI1GtluFyFi4e+OQRVihlk9kc7g5a4kqCQqBt9nacdJy804pSJ4q
ZuuECJDncpV2faPbFuUZxrWK+n41F1enqeyA0GciArkyDOM8WQSOC1i2qTO3vPCt
ZW5f7jrgd1My0yTAkvGpSvlyXNR4CzuFAF3wvxWGrr07ZC+ryeAWTJZO5rxRY/qz
HIVa4PA/TmQJWO2b2VdbFMmld8UWgoyIySZF/5Nl7pLLOhheNtZRRKjiBfcfgAql
Ev/GbBiRAgMBAAECggEARNUVzmzBkchgNFPeHK2hYIkyDmWsgAGtPa7tg7EsvHAF
wLOVJnfliC8Hm/YvjIcvjt77OOol4AV53PBqv9ltIS/Nds3OGhkyUDnZEhx96mm6
XnsZP2JdEr+XTIC2evhCtO4HfSkDVGfYqgGswkYN5H/KsEfkR1jwE0Ig/yN0X29a
Fngdh6MDDdlZ3IzrKo1JfAhg1s+Q1zr4pxXtAaxVdFa9FA6JCkLrqyDzGGcqhqdU
HMQxHAXGvxupEpjM4fsyrFhP9XArcpbqzsQEHatIK3xwrISx+jBmjvjU4WO3vwYD
WTr1uUgMrtoqSyZ2Ck/Qw8WV61v5Q01VRUVbYVWL8wKBgQD0lmTbYfuokcw+30mr
3WY51axkwpN9Oz/sqHypDqQzIzkQaYETj8xiIjUttZFnYd6wkXwnSj00NT0ICNVV
NDRRQ1++kahHAGYPMGao8/F4ATcqRA7GkpIEfx+/VWAKqwukv9qjeYs50oMzAFtz
Vl+ZXbX+znYLGyiUmjv7WL+9+wKBgQDH8Wly15GP2K8/WFIjljW6XQcgq3ERDA4Y
DAO5tLpmLU1sMe7bRqnjM6taYd1XX9xHsaOZU5IxUEpnDH9S/JQHFfnEX/aDufWY
aJHZXr2rN+6U79HMSggx7R6OhPe1XCTEHbQQMq4kgBjsRP5zEV8T7y3hjgbDSl9F
Z2s/TuF54wKBgQCjNrzk3LTHn0tRZUVPJ7XwwBKDRoiPV/tnXGObmMafzVBmEFFv
EVVM4xDjiLcX6upknyDfQx4meaRZeTOK4QRMeg4pKB/ICY8RcbX/5pFrCDycur+1
aNeBoqc30av+Une5n8Ext4jdtAmS/hkIlUnEGRG6kGGbNatVxrpiFq4VAwKBgQCf
Bm6lTblTnLc9/aRO86DGGkmZ/WHPejQXgi7QXGNI8005+bkNpHVo5Oar21ytquvM
Bgil4adMG50huvnl6kheHmdqfhzWhmhFER63sbfPX4wd32SRRGyiMQN1vWI7WA9S
AIH/xB9nno60FOgAY1eoxjpKxKiyWQvPasMNNlL1mwKBgHCa7tzK6slkM6/yhWeZ
18BKL0djusAQwNGS3d6GDu+Mik2ZDOpyNdZjQU3LWF9w9XBWBh++Ssh5be9zrpCE
Nj181qRe3GKA6HkZ768tRV9WAvD1rFd3SZtjb7WR9xlZYB2bwLGXpM9R+sB6z4cF
SyijGAMi35NnZwKxavuG5dK6
-----END PRIVATE KEY-----
[root@player1 exp1]# openssl asn1parse -inform PEM -in private_key.pem
0:d=0 hl=4 l=1214 cons: SEQUENCE
4:d=1 hl=2 l= 1 prim: INTEGER :00
7:d=1 hl=2 l= 13 cons: SEQUENCE
9:d=2 hl=2 l= 9 prim: OBJECT :rsaEncryption
20:d=2 hl=2 l= 0 prim: NULL
22:d=1 hl=4 l=1192 prim: OCTET STRING [HEX DUMP]:308204A40201000282010100BF078EBAE3FE24274972D7BF59F5A5CBA7EF8F9985553A12480F83EC46F7EF87BBF893E377B2FCAAD5DAAA09222C299BA02C5701D1E187424E7597D95DC4F5F6700BF4008D46B65B85C858B87BE3904558A1964F6473B8396B892A090A81B7D9DA71D272F34E29489E2A66EB840890E77295767DA3DB16E519C6B58AFA7E351757A7A9EC80D0672202B9320CE33C59048E0B58B6A933B7BCF0AD656E5FEE3AE0775332D324C092F1A94AF9725CD4780B3B85005DF0BF1586AEBD3B642FABC9E0164C964EE6BC5163FAB31C855AE0F03F4E640958ED9BD9575B14C9A577C516828C88C92645FF9365EE92CB3A185E36D65144A8E205F71F800AA512FFC66C189102030100010282010044D515CE6CC191C8603453DE1CADA16089320E65AC8001AD3DAEED83B12CBC7005C0B3952677E5882F079BF62F8C872F8EDEFB38EA25E00579DCF06ABFD96D212FCD76CDCE1A19325039D9121C7DEA69BA5E7B193F625D12BF974C80B67AF842B4EE077D29035467D8AA01ACC2460DE47FCAB047E44758F0134220FF23745F6F5A16781D87A3030DD959DC8CEB2A8D497C0860D6CF90D73AF8A715ED01AC557456BD140E890A42EBAB20F318672A86A7541CC4311C05C6BF1BA91298CCE1FB32AC584FF5702B7296EACEC4041DAB482B7C70AC84B1FA30668EF8D4E163B7BF0603593AF5B9480CAEDA2A4B26760A4FD0C3C595EB5BF9434D5545455B61558BF302818100F49664DB61FBA891CC3EDF49ABDD6639D5AC64C2937D3B3FECA87CA90EA4332339106981138FCC6222352DB5916761DEB0917C274A3D34353D0808D555343451435FBE91A84700660F3066A8F3F17801372A440EC69292047F1FBF55600AAB0BA4BFDAA3798B39D28333005B73565F995DB5FECE760B1B28949A3BFB58BFBDFB02818100C7F16972D7918FD8AF3F5852239635BA5D0720AB71110C0E180C03B9B4BA662D4D6C31EEDB46A9E333AB5A61DD575FDC47B1A399539231504A670C7F52FC940715F9C45FF683B9F5986891D95EBDAB37EE94EFD1CC4A0831ED1E8E84F7B55C24C41DB41032AE248018EC44FE73115F13EF2DE18E06C34A5F45676B3F4EE179E302818100A336BCE4DCB4C79F4B5165454F27B5F0C0128346888F57FB675C639B98C69FCD506610516F11554CE310E388B717EAEA649F20DF431E2679A45979338AE1044C7A0E29281FC8098F1171B5FFE6916B083C9CBABFB568D781A2A737D1ABFE5277B99FC131B788DDB40992FE19089549C41911BA90619B35AB55C6BA6216AE1503028181009F066EA54DB9539CB73DFDA44EF3A0C61A4999FD61CF7A3417822ED05C6348F34D39F9B90DA47568E4E6ABDB5CADAAEBCC0608A5E1A74C1B9D21BAF9E5EA485E1E676A7E1CD6866845111EB7B1B7CF5F8C1DDF6491446CA2310375BD623B580F520081FFC41F679E8EB414E8006357A8C63A4AC4A8B2590BCF6AC30D3652F59B028180709AEEDCCAEAC96433AFF2856799D7C04A2F4763BAC010C0D192DDDE860EEF8C8A4D990CEA7235D663414DCB585F70F57056061FBE4AC8796DEF73AE9084363D7CD6A45EDC6280E87919EFAF2D455F5602F0F5AC5777499B636FB591F71959601D9BC0B197A4CF51FAC07ACF87054B28A3180322DF93676702B16AFB86E5D2BA
提取公钥
[root@player1 exp1]# openssl rsa -pubout -in private_key.pem -out public_key.pem
writing RSA key
[root@player1 exp1]# cat public_key.pem
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvweOuuP+JCdJcte/WfWl
y6fvj5mFVToSSA+D7Eb374e7+JPjd7L8qtXaqgkiLCmboCxXAdHhh0JOdZfZXcT1
9nAL9ACNRrZbhchYuHvjkEVYoZZPZHO4OWuJKgkKgbfZ2nHScvNOKUieKmbrhAiQ
53KVdn2j2xblGca1ivp+NRdXp6nsgNBnIgK5MgzjPFkEjgtYtqkzt7zwrWVuX+46
4HdTMtMkwJLxqUr5clzUeAs7hQBd8L8Vhq69O2Qvq8ngFkyWTua8UWP6sxyFWuDw
P05kCVjtm9lXWxTJpXfFFoKMiMkmRf+TZe6SyzoYXjbWUUSo4gX3H4AKpRL/xmwY
kQIDAQAB
-----END PUBLIC KEY-----
[root@player1 exp1]# openssl asn1parse -inform PEM -in public_key.pem
0:d=0 hl=4 l= 290 cons: SEQUENCE
4:d=1 hl=2 l= 13 cons: SEQUENCE
6:d=2 hl=2 l= 9 prim: OBJECT :rsaEncryption
17:d=2 hl=2 l= 0 prim: NULL
19:d=1 hl=4 l= 271 prim: BIT STRING
加密解密
[root@player1 exp1]# openssl pkeyutl -help
Usage: pkeyutl [options]

General options:
-help Display this summary
-engine val Use engine, possibly a hardware device
-engine_impl Also use engine given by -engine for crypto operations
-sign Sign input data with private key
-verify Verify with public key
-encrypt Encrypt input data with public key
-decrypt Decrypt input data with private key
-derive Derive shared secret
-config infile Load a configuration file (this may load modules)

Input options:
-in infile Input file - default stdin
-rawin Indicate the input data is in raw form
-inkey val Input key, by default private key
-pubin Input key is a public key
-passin val Input file pass phrase source
-peerkey val Peer key file used in key derivation
-peerform PEM|DER|ENGINE Peer key format (DER/PEM/P12/ENGINE)
-certin Input is a cert with a public key
-rev Reverse the order of the input buffer
-sigfile infile Signature file (verify operation only)
-keyform PEM|DER|ENGINE Private key format (ENGINE, other values ignored)

Output options:
-out outfile Output file - default stdout
-asn1parse asn1parse the output data
-hexdump Hex dump output
-verifyrecover Verify with public key, recover original data

Signing/Derivation options:
-digest val Specify the digest algorithm when signing the raw input data
-pkeyopt val Public key options as opt:value
-pkeyopt_passin val Public key option that is read as a passphrase argument opt:passphrase
-kdf val Use KDF algorithm
-kdflen +int KDF algorithm output length

Random state options:
-rand val Load the given file(s) into the random number generator
-writerand outfile Write random data to the specified file

Provider options:
-provider-path val Provider load path (must be before ‘provider’ argument if required)
-provider val Provider to load (can be specified multiple times)
-propquery val Property query used when fetching algorithms
[root@player1 exp1]# openssl pkeyutl -encrypt -inkey public_key.pem -pubin -in lzj.txt -out lzjrsaenc.bin
[root@player1 exp1]# openssl pkeyutl -decrypt -inkey private_key.pem -in lzjrsaenc.bin -out lzjrsadec.txt
[root@player1 exp1]# ls
123.bin bitstring.pem lzj3.txt lzj.enc lzjrsaenc.bin private_key.pem r1.bin
bitstring.der lzj2.txt lzj.b64 lzjrsadec.txt lzj.txt public_key.pem r2.bin
[root@player1 exp1]# diff lzjrsadec.txt lzj.txt
签名验签
[root@player1 exp1]# openssl dgst -sha256 -sign private_key.pem -out lzj.sig lzj.txt
[root@player1 exp1]# openssl dgst -sha256 -verify public_key.pem -signature lzj.sig lzj.txt
Verified OK
[root@player1 exp1]# openssl pkeyutl -sign -inkey private_key.pem -in lzj.txt -out lzjrsa.sig
[root@player1 exp1]# openssl pkeyutl -verify -in lzj.txt -sigfile lzjrsa.sig -inkey private_key.pem
Signature Verified Successfully
SM2
产生密码对
[root@player1 exp1]# openssl ecparam -genkey -name SM2 -out sm2private_key.pem
[root@player1 exp1]# cat sm2private_key.pem
-----BEGIN SM2 PARAMETERS-----
BggqgRzPVQGCLQ==
-----END SM2 PARAMETERS-----
-----BEGIN PRIVATE KEY-----
MIGHAgEAMBMGByqGSM49AgEGCCqBHM9VAYItBG0wawIBAQQgFTc7TY2+HcSK2Hnd
K8gIZFhykbtTS/yCk2MRvdx/fQyhRANCAASbcKk34EI3oCyq94w2AGb3HHYG3r7L
7/MMLtUZrJyMf5d4MTBw93oYI4sf41JAp8bvOm3BahH8D0iy0tNjiAeq
-----END PRIVATE KEY-----
[root@player1 exp1]# openssl asn1parse -inform PEM -in private_key.pem
0:d=0 hl=4 l=1214 cons: SEQUENCE
4:d=1 hl=2 l= 1 prim: INTEGER :00
7:d=1 hl=2 l= 13 cons: SEQUENCE
9:d=2 hl=2 l= 9 prim: OBJECT :rsaEncryption
20:d=2 hl=2 l= 0 prim: NULL
22:d=1 hl=4 l=1192 prim: OCTET STRING [HEX DUMP]:308204A40201000282010100BF078EBAE3FE24274972D7BF59F5A5CBA7EF8F9985553A12480F83EC46F7EF87BBF893E377B2FCAAD5DAAA09222C299BA02C5701D1E187424E7597D95DC4F5F6700BF4008D46B65B85C858B87BE3904558A1964F6473B8396B892A090A81B7D9DA71D272F34E29489E2A66EB840890E77295767DA3DB16E519C6B58AFA7E351757A7A9EC80D0672202B9320CE33C59048E0B58B6A933B7BCF0AD656E5FEE3AE0775332D324C092F1A94AF9725CD4780B3B85005DF0BF1586AEBD3B642FABC9E0164C964EE6BC5163FAB31C855AE0F03F4E640958ED9BD9575B14C9A577C516828C88C92645FF9365EE92CB3A185E36D65144A8E205F71F800AA512FFC66C189102030100010282010044D515CE6CC191C8603453DE1CADA16089320E65AC8001AD3DAEED83B12CBC7005C0B3952677E5882F079BF62F8C872F8EDEFB38EA25E00579DCF06ABFD96D212FCD76CDCE1A19325039D9121C7DEA69BA5E7B193F625D12BF974C80B67AF842B4EE077D29035467D8AA01ACC2460DE47FCAB047E44758F0134220FF23745F6F5A16781D87A3030DD959DC8CEB2A8D497C0860D6CF90D73AF8A715ED01AC557456BD140E890A42EBAB20F318672A86A7541CC4311C05C6BF1BA91298CCE1FB32AC584FF5702B7296EACEC4041DAB482B7C70AC84B1FA30668EF8D4E163B7BF0603593AF5B9480CAEDA2A4B26760A4FD0C3C595EB5BF9434D5545455B61558BF302818100F49664DB61FBA891CC3EDF49ABDD6639D5AC64C2937D3B3FECA87CA90EA4332339106981138FCC6222352DB5916761DEB0917C274A3D34353D0808D555343451435FBE91A84700660F3066A8F3F17801372A440EC69292047F1FBF55600AAB0BA4BFDAA3798B39D28333005B73565F995DB5FECE760B1B28949A3BFB58BFBDFB02818100C7F16972D7918FD8AF3F5852239635BA5D0720AB71110C0E180C03B9B4BA662D4D6C31EEDB46A9E333AB5A61DD575FDC47B1A399539231504A670C7F52FC940715F9C45FF683B9F5986891D95EBDAB37EE94EFD1CC4A0831ED1E8E84F7B55C24C41DB41032AE248018EC44FE73115F13EF2DE18E06C34A5F45676B3F4EE179E302818100A336BCE4DCB4C79F4B5165454F27B5F0C0128346888F57FB675C639B98C69FCD506610516F11554CE310E388B717EAEA649F20DF431E2679A45979338AE1044C7A0E29281FC8098F1171B5FFE6916B083C9CBABFB568D781A2A737D1ABFE5277B99FC131B788DDB40992FE19089549C41911BA90619B35AB55C6BA6216AE1503028181009F066EA54DB9539CB73DFDA44EF3A0C61A4999FD61CF7A3417822ED05C6348F34D39F9B90DA47568E4E6ABDB5CADAAEBCC0608A5E1A74C1B9D21BAF9E5EA485E1E676A7E1CD6866845111EB7B1B7CF5F8C1DDF6491446CA2310375BD623B580F520081FFC41F679E8EB414E8006357A8C63A4AC4A8B2590BCF6AC30D3652F59B028180709AEEDCCAEAC96433AFF2856799D7C04A2F4763BAC010C0D192DDDE860EEF8C8A4D990CEA7235D663414DCB585F70F57056061FBE4AC8796DEF73AE9084363D7CD6A45EDC6280E87919EFAF2D455F5602F0F5AC5777499B636FB591F71959601D9BC0B197A4CF51FAC07ACF87054B28A3180322DF93676702B16AFB86E5D2BA
提取公钥
[root@player1 exp1]# openssl ec -in sm2private_key.pem -pubout -out sm2public_key.pem
read EC key
writing EC key
[root@player1 exp1]# cat sm2public_key.pem
-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEm3CpN+BCN6AsqveMNgBm9xx2Bt6+
y+/zDC7VGaycjH+XeDEwcPd6GCOLH+NSQKfG7zptwWoR/A9IstLTY4gHqg==
-----END PUBLIC KEY-----
[root@player1 exp1]# openssl asn1parse -inform PEM -in sm2public_key.pem
0:d=0 hl=2 l= 89 cons: SEQUENCE
2:d=1 hl=2 l= 19 cons: SEQUENCE
4:d=2 hl=2 l= 7 prim: OBJECT :id-ecPublicKey
13:d=2 hl=2 l= 8 prim: OBJECT :sm2
23:d=1 hl=2 l= 66 prim: BIT STRING
加密解密
[root@player1 exp1]# openssl pkeyutl -encrypt -pubin -inkey sm2public_key.pem -in lzj.txt -out lzjsm2enc.bin
[root@player1 exp1]# openssl pkeyutl -decrypt -inkey sm2private_key.pem -in lzjsm2enc.bin -out lzjsm2dec.txt
[root@player1 exp1]# diff lzj.txt lzjsm2dec.txt
签名验签
[root@player1 exp1]# openssl sm3 -sign sm2private_key.pem -out lzjsm2.sig lzj.txt
[root@player1 exp1]# openssl sm3 -verify sm2public_key.pem -signature lzjsm2.sig lzj.txt
Verified OK
[root@player1 exp1]# openssl pkeyutl -sign -in lzj.txt -inkey sm2private_key.pem -out lzjsm2.sig -rawin -digest sm3
[root@player1 exp1]# openssl pkeyutl -verify -in lzj.txt -inkey sm2private_key.pem -sigfile lzjsm2.sig -rawin -digest sm3
Signature Verified Successfully
其他签名
DSA (Digital Signature Algorithm)
[root@player1 exp1]# openssl dsaparam -genkey -out private_dsa.pem 2048
[root@player1 exp1]# openssl dsa -pubout -in private_dsa.pem -out public_dsa.pem
read DSA key
writing DSA key
[root@player1 exp1]# openssl dgst -sha256 -sign private_dsa.pem -out lzjdsasign.dss lzj.txt
[root@player1 exp1]# openssl dgst -sha256 -verify public_dsa.pem -signature lzjdsasign.dss lzj.txt
Verified OK
ECDSA (Elliptic Curve Digital Signature Algorithm)
[root@player1 exp1]# openssl ecparam -genkey -name secp256r1 -out private_ecdsa.pem
using curve name prime256v1 instead of secp256r1
[root@player1 exp1]# openssl ec -pubout -in private_ecdsa.pem -out public_ecdsa.pem
read EC key
writing EC key
[root@player1 exp1]# openssl dgst -sha256 -sign private_ecdsa.pem -out lzjecdsasign.ecdsa lzj.txt
[root@player1 exp1]# openssl dgst -sha256 -verify public_ecdsa.pem -signature lzjecdsasign.ecdsa lzj.txt
Verified OK
EdDSA (Edwards-curve Digital Signature Algorithm)
[root@player1 exp1]# openssl genpkey -algorithm ed25519 -out private_eddsa.pem
[root@player1 exp1]# openssl pkey -pubout -in private_eddsa.pem -out public_eddsa.pem
[root@player1 exp1]# openssl pkeyutl -sign -inkey private_eddsa.pem -out lzjeddsasign.eddsa -rawin -in lzj.txt
[root@player1 exp1]# openssl pkeyutl -verify -pubin -inkey public_eddsa.pem -sigfile lzjeddsasign.eddsa -rawin -in lzj.txt
Signature Verified Successfully
其他命令
[root@player1 exp1]# openssl list -commands
asn1parse ca ciphers cmp
cms crl crl2pkcs7 dgst
dhparam dsa dsaparam ec
ecparam enc engine errstr
fipsinstall gendsa genpkey genrsa
help info kdf list
mac nseq ocsp passwd
pkcs12 pkcs7 pkcs8 pkey
pkeyparam pkeyutl prime rand
rehash req rsa rsautl
s_client s_server s_time sess_id
smime speed spkac srp
storeutl ts verify version
x509
参考云班课相关教学视频，在 Ubuntu或openEuler中（推荐 openEuler）中实践课程课程思维导图中GmSSL相关内容，使用Markdown记录详细记录实践过程，每完成一项git commit 一次。（5‘）
gmssl
[root@player1 exp1]# gmssl version
GmSSL 3.1.2 Dev
[root@player1 exp1]# gmssl help
usage: gmssl command [options]
command -help

Commands:
help Print this help message
version Print version
rand Generate random bytes
sm2keygen Generate SM2 keypair
sm2sign Generate SM2 signature
sm2verify Verify SM2 signature
sm2encrypt Encrypt with SM2 public key
sm2decrypt Decrypt with SM2 private key
sm3 Generate SM3 hash
sm3hmac Generate SM3 HMAC tag
sm3_pbkdf2 Hash password into key using PBKDF2 algoritm
sm3xmss_keygen Generate SM3-XMSS keypair
sm4_ecb Encrypt or decrypt with SM4 ECB
sm4_cbc Encrypt or decrypt with SM4 CBC
sm4_ctr Encrypt or decrypt with SM4 CTR
sm4_cfb Encrypt or decrypt with SM4 CFB
sm4_ofb Encrypt or decrypt with SM4 OFB
sm4_ccm Encrypt or decrypt with SM4 CCM
sm4_gcm Encrypt or decrypt with SM4 GCM
sm4_xts Encrypt or decrypt with SM4 XTS
sm4_cbc_sm3_hmac Encrypt or decrypt with SM4 CBC with SM3-HMAC
sm4_ctr_sm3_hmac Encrypt or decrypt with SM4 CTR with SM3-HMAC
sm4_cbc_mac Generate SM4 CBC-MAC
ghash Generate GHASH
zuc Encrypt or decrypt with ZUC
sm9setup Generate SM9 master secret
sm9keygen Generate SM9 private key
sm9sign Generate SM9 signature
sm9verify Verify SM9 signature
sm9encrypt SM9 public key encryption
sm9decrypt SM9 decryption
reqgen Generate certificate signing request (CSR)
reqsign Generate certificate from CSR
reqparse Parse and print a CSR
crlget Download the CRL of given certificate
crlgen Sign a CRL with CA certificate and private key
crlverify Verify a CRL with issuer’s certificate
crlparse Parse and print CRL
certgen Generate a self-signed certificate
certparse Parse and print certificates
certverify Verify certificate chain
certrevoke Revoke certificate and output RevokedCertificate record
cmsparse Parse CMS (cryptographic message syntax) file
cmsencrypt Generate CMS EnvelopedData
cmsdecrypt Decrypt CMS EnvelopedData
cmssign Generate CMS SignedData
cmsverify Verify CMS SignedData
sdfinfo Print SDF device info
sdfdigest Generate SM3 hash with SDF device
sdfexport Export SM2 signing public key from SDF device
sdfsign Generate SM2 signature with SDF internal private key
sdfencrypt SM2/SM4-CBC hybrid encryption with SDF device
sdfdecrypt SM2/SM4-CBC hybrid decryption with SDF device
sdftest Test vendor’s SDF library and device
tlcp_client TLCP client
tlcp_server TLCP server
tls12_client TLS 1.2 client
tls12_server TLS 1.2 server
tls13_client TLS 1.3 client
tls13_server TLS 1.3 server

run gmssl <command> -help to print help of the given command
sm3
help
[root@player1 exp1]# gmssl sm3 -help
usage: sm3 [-hex|-bin] [-pubkey pem [-id str]] [-in file|-in_str str] [-out file]
Options

-hex Output hash value as hex string (by default)
-bin Output hash value as binary
-pubkey pem Signer’s SM2 public key
When -pubkey is specified, hash with SM2 Z value
-id str SM2 Signer’s ID string
-id_hex hex SM2 Signer’s ID in hex format
-id and -id_hex should be used with -pubkey
-id and -id_hex should not be used together
If -pubkey is specified without -id or id_hex,
the default ID string ‘1234567812345678’ is used
-in_str str To be hashed string
-in file | stdin To be hashed file path
-in_str and -in should not be used together
If neither -in nor -in_str specified, read from stdin
-out file | stdout Output file path. If not specified, output to stdout

Examples

gmssl sm3 -in_str abc

gmssl sm3 -in_str abc -bin

gmssl sm3 -in /path/to/file

gmssl sm3 -pubkey sm2pubkey.pem -id alice -in /path/to/file -bin

When reading from stdin, make sure the trailing newline character is removed

Linux/Mac:
echo -n abc | gmssl sm3

Windows:
C:> echo |set/p=“abc” | gmssl sm3
[root@player1 gm]# echo -n “lzj” |gmssl sm3
f700f22f711aa32494c2791150b676ad497fc057b61c87374dbf778c7d8f70db
[root@player1 gm]# echo -n “lzj” |gmssl sm3 -hex
f700f22f711aa32494c2791150b676ad497fc057b61c87374dbf778c7d8f70db
[root@player1 gm]# echo -n “lzj” |gmssl sm3 -bin
[root@player1 gm]# echo -n “lzj” | gmssl sm3 -bin | od -tx1
0000000 f7 00 f2 2f 71 1a a3 24 94 c2 79 11 50 b6 76 ad
0000020 49 7f c0 57 b6 1c 87 37 4d bf 77 8c 7d 8f 70 db
0000040
sm3hmac
[root@player1 gm]# gmssl sm3hmac -help
usage: sm3hmac -key hex [-in file | -in_str str] [-bin|-hex] [-out file]
Options

-key hex Hex string of the MAC key
-in_str str Input as text string
-in file | stdin Input file path
-in_str and -in should not be used together
If neither -in nor -in_str specified, read from stdin
-hex Output MAC-tag as hex string (by default)
-bin Output MAC-tag as binary
-hex and -bin should not be used together
-out file | stdout Output file path. If not specified, output to stdout

Examples

KEY_HEX=gmssl rand -outlen 16 -hex
gmssl sm3hmac -key $KEY_HEX -in_str abc

gmssl sm3hmac -key $KEY_HEX -in_str abc -bin

gmssl sm3hmac -key $KEY_HEX -in /path/to/file

When reading from stdin, make sure the trailing newline character is removed

Linux/Mac:
echo -n abc | gmssl sm3hmac -key $KEY_HEX

Windows:
C:> echo |set/p=“abc” | gmssl sm3hmac -key 11223344556677881122334455667788
[root@player1 gm]# gmssl rand -help
usage: rand [-hex] [-rdrand|-rdseed] -outlen num [-out file]
[root@player1 gm]# gmssl rand -hex -outlen 16
E231C9F7CE893C018F887FEC97A869D3
[root@player1 gm]# echo -n “lzj” | gmssl sm3hmac -key E231C9F7CE893C018F887FEC97A869D3
7cf03dfbfeceda847e69f24892badef9fdb988529d2b5506480c9a30a2b60307
sm4
[root@player1 gm]# gmssl sm4 -help
gmssl: illegal option ‘sm4’
usage: gmssl command [options]
command -help

run gmssl <command> -help to print help of the given command
[root@player1 gm]# gmssl rand -help
usage: rand [-hex] [-rdrand|-rdseed] -outlen num [-out file]
[root@player1 gm]# gmssl rand -outlen 16 -out key.bin
[root@player1 gm]# gmssl rand -outlen 16 -out iv.bin
[root@player1 gm]# ls
lzj.sm3 lzj.txt iv.bin key.bin sm2.pem sm2pub.pem
[root@player1 gm]# od -tx1 key.bin
0000000 ec 8b 1a 8a c3 89 9a f0 d3 a5 76 f4 e9 b5 75 b2
0000020
[root@player1 gm]# od -tx1 iv.bin
0000000 1b a6 e2 09 65 3f 69 93 31 f6 88 00 8b 61 9d 84
0000020
[root@player1 gm]# echo -n “lzj” | gmssl sm4_cbc -encrypt -key $(xxd -p -c 32 key.bin) -iv $(xxd -p -c 32 iv.bin) -out lzjsm4.cbc
[root@player1 gm]# echo -n “lzj” | gmssl sm4_cbc -encrypt -key $(xxd -p -c 32 key.bin) -iv $(xxd -p -c 32 iv.bin) -out lzjsm4.cbc
[root@player1 gm]# gmssl sm4_cbc -decrypt -key $(xxd -p -c 32 key.bin) -iv $(xxd -p -c 32 iv.bin) -in lzjsm4.cbc
lzj

lzj[root@player1 gm]# KEY=$(xxd -p -c 32 key.bin)
[root@player1 gm]# echo $KaTeX parse error: Expected 'EOF', got '#' at position 55: \dotsoot@player1 gm]#̲ IV=$ (xxd -p -c 32 iv.bin)
[root@player1 gm]# echo $IV
1ba6e209653f699331f688008b619d84
[root@player1 gm]# echo -n “lzj” | gmssl sm4_cbc -encrypt -key $KEY -iv $IV -out lzjsm4.cbc2
[root@player1 gm]# gmssl sm4_cbc -decrypt -key $KEY -iv $IV -in lzjsm4.cbc2
lzj
[root@player1 gm]# diff lzjsm4.cbc lzjsm4.cbc2
[root@player1 gm]# gmssl sm4_cbc -encrypt -key $(xxd -p -c 32 key.bin) -iv $(xxd -p -c 32 iv.bin) -in lzj.txt -out lzjsm4.cbc3
[root@player1 gm]# gmssl sm4_cbc -decrypt -key $(xxd -p -c 32 key.bin) -iv $(xxd -p -c 32 iv.bin) -in lzjsm4.cbc3
lzj
[root@player1 gm]# diff lzjsm4.cbc lzjsm4.cbc3
sm2
[root@player1 gm]# gmssl sm2keygen -pass 1327 -out sm2.pem -pubout sm2pub.pem
[root@player1 gm]# cat sm2.pem
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIBBjBhBgkqhkiG9w0BBQ0wVDA0BgkqhkiG9w0BBQwwJwQQrRgKyFg8xb6U59G+
io37sQIDAQAAAgEQMAsGCSqBHM9VAYMRAjAcBggqgRzPVQFoAgQQrPTvw9LS6kzI
C0TFFkVu2ASBoEg3njyHjTdZABQ478kb1juq6LRKpLIMs/SJTwaTZwtCnlDsct7X
brk83yO/RBhDepKYjBt91yPI/mZOax37HoOrkxlaHlPbn+Cs1g4rXmW/u8HpXkP0
eJieWs8sB1ty2U6jZeHTjGhTpSDnpNt/g5R4jEbMjIZXrvyFWL0HivmsbnoboXcR
eZ7rCfUBPles8z1VvEd74FNKRudlbdOUxF0=
-----END ENCRYPTED PRIVATE KEY-----
[root@player1 gm]# cat sm2pub.pem
-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEw4lkrcMgNFD6iOUDqWiUkzdOeofy
hTYsVZ6hkc32f+oQFDcW7gRAmv3HSoFHZWoNKVuz0PB0ioe7/3QllkMtyA==
-----END PUBLIC KEY-----
[root@player1 gm]# echo lzj | gmssl sm2sign -key sm2.pem -pass 1327 -out sm2.sig
[root@player1 gm]# echo lzj | gmssl sm2verify -pubkey sm2pub.pem -sig sm2.sig -id 1234567812345678
verify : success
[root@player1 gm]# echo lzj | gmssl sm2encrypt -pubkey sm2pub.pem -out sm2.der
[root@player1 gm]# od -tx1 sm2.der
0000000 30 6c 02 20 39 19 db a8 98 1b ef 74 4d d4 42 0d
0000020 cb a3 3c 44 9f 00 d0 48 a4 6b 16 6c 4d 7c fa 60
0000040 45 23 39 bf 02 20 57 69 c4 3a 09 3d 15 4a 89 39
0000060 27 db 76 ab 0c 33 35 2a e1 1f 51 09 97 d6 47 43
0000100 e2 8d 19 b0 57 b2 04 20 d5 c9 56 48 6c 34 d9 19
0000120 31 a6 9e 0b e8 c2 c4 f1 26 f6 fd 13 d0 2a 85 b2
0000140 79 85 44 d8 01 b2 98 68 04 04 af 14 f2 5c
0000156
[root@player1 gm]# gmssl sm2decrypt -key sm2.pem -pass 1327 -in sm2.der
lzj
两人一组，在 Ubuntu或openEuler中（推荐 openEuler）中使用OpenSSL命令实现带签名的数字信封协议。使用OpenSSL时Alice发送，Bob接收。Ailice，Bob在实验中要替换为自己的8位学号+姓名。使用Markdown记录详细记录实践过程，每完成一项git commit 一次。（10分）
我是Alice。

[root@player1 exp1]# vim plain.txt
[root@player1 exp1]# openssl rand -out k.bin 16
[root@player1 exp1]# openssl sm4-cbc -kfile k.bin -iv “da80e405a4998c351b0717093cbe86ab” -in plain.txt -out 1327_c
[root@player1 exp1]# openssl pkeyutl -encrypt -pubin -inkey 1324/openssl_1324_pub.pem -in k.bin -out kc.bin
[root@player1 exp1]# openssl pkeyutl -sign -inkey sm2private_key.pem -in 1327_c -out 1327_c.sig

Bob-20221324的操作结果:

$ openssl pkeyutl -verify -inkey openssl_1327_pub.pem -pubin -in 1327_c -sigfile 1327_c.sig
Signature Verified Successfully
$ openssl pkeyutl -decrypt -inkey openssl_1324_pri.pem -in kc.bin -out k.bin
$ ls k.bin
k.bin
$ openssl sm4-cbc -d -kfile k.bin -iv “da80e405a4
998c351b0717093cbe86ab” -in 1327_c -out plain.txt
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
$ cat plain.txt
20221327lzj
两人一组，在 Ubuntu或openEuler中（推荐 openEuler）中使用GmSSL命令实现带签名的数字信封协议。使用GmSSL，Bob发送，Alice接收。Ailice，Bob在实验中要替换为自己的8位学号+姓名。使用Markdown记录详细记录实践过程，每完成一项git commit 一次。（10分）
接收得到Bob发送的数字信封如下：

[root@player1 gm]# ls
1327sm2.der 1324_c.sig lzjsm4.cbc lzjsm4.cbc3 gmssl_1324_pub.pem key.bin sm2.pem sm2.sig
1324_c.cbc3 lzj.sm3 lzjsm4.cbc2 lzj.txt iv.bin sm2.der sm2pub.pem
三个文件：1327sm2.der 1324_c.sig 1324_c.cbc3
Alic执行的命令：

[root@player1 gm]# gmssl sm2verify -pubkey gmssl_1324_pub.pem -sig 1324_c.sig -in 1324_c.cbc3
verify : success
[root@player1 gm]# gmssl sm2decrypt -key sm2.pem -pass 1327 -in 1327sm2.der -out gm_k.bin
[root@player1 gm]# gmssl sm4_cbc -decrypt -key $(xxd -p -c 32 gm_k.bin) -iv $(xxd -p -c 32 iv.bin) -in 1324_c.cbc3 -out
plain.txt
[root@player1 gm]# cat plain.txt
20221324zty
实验记录中提交 gitee 课程项目链接，提交本次实验相关 git log运行结果
提交要求：
提交实践过程Markdown和转化的PDF文件
代码，文档托管到gitee或github等，推荐 gitclone
记录实验过程中遇到的问题，解决过程，反思等内容，完成实验报告相关内容