openssl生成SM2公私钥对命令详解

搞搞搞高傲2023-10-18 18:20

(1)获得openssl支持椭圆曲线算法列表

命令:openssl ecparam -list_curves

返回结果:

secp112r1 : SECG/WTLS curve over a 112 bit prime field

secp112r2 : SECG curve over a 112 bit prime field

secp128r1 : SECG curve over a 128 bit prime field

secp128r2 : SECG curve over a 128 bit prime field

secp160k1 : SECG curve over a 160 bit prime field

secp160r1 : SECG curve over a 160 bit prime field

secp160r2 : SECG/WTLS curve over a 160 bit prime field

secp192k1 : SECG curve over a 192 bit prime field

secp224k1 : SECG curve over a 224 bit prime field

secp224r1 : NIST/SECG curve over a 224 bit prime field

secp256k1 : SECG curve over a 256 bit prime field

secp384r1 : NIST/SECG curve over a 384 bit prime field

secp521r1 : NIST/SECG curve over a 521 bit prime field

prime192v1: NIST/X9.62/SECG curve over a 192 bit prime field

prime192v2: X9.62 curve over a 192 bit prime field

prime192v3: X9.62 curve over a 192 bit prime field

prime239v1: X9.62 curve over a 239 bit prime field

prime239v2: X9.62 curve over a 239 bit prime field

prime239v3: X9.62 curve over a 239 bit prime field

prime256v1: X9.62/SECG curve over a 256 bit prime field

sect113r1 : SECG curve over a 113 bit binary field

sect113r2 : SECG curve over a 113 bit binary field

sect131r1 : SECG/WTLS curve over a 131 bit binary field

sect131r2 : SECG curve over a 131 bit binary field

sect163k1 : NIST/SECG/WTLS curve over a 163 bit binary field

sect163r1 : SECG curve over a 163 bit binary field

sect163r2 : NIST/SECG curve over a 163 bit binary field

sect193r1 : SECG curve over a 193 bit binary field

sect193r2 : SECG curve over a 193 bit binary field

sect233k1 : NIST/SECG/WTLS curve over a 233 bit binary field

sect233r1 : NIST/SECG/WTLS curve over a 233 bit binary field

sect239k1 : SECG curve over a 239 bit binary field

sect283k1 : NIST/SECG curve over a 283 bit binary field

sect283r1 : NIST/SECG curve over a 283 bit binary field

sect409k1 : NIST/SECG curve over a 409 bit binary field

sect409r1 : NIST/SECG curve over a 409 bit binary field

sect571k1 : NIST/SECG curve over a 571 bit binary field

sect571r1 : NIST/SECG curve over a 571 bit binary field

c2pnb163v1: X9.62 curve over a 163 bit binary field

c2pnb163v2: X9.62 curve over a 163 bit binary field

c2pnb163v3: X9.62 curve over a 163 bit binary field

c2pnb176v1: X9.62 curve over a 176 bit binary field

c2tnb191v1: X9.62 curve over a 191 bit binary field

c2tnb191v2: X9.62 curve over a 191 bit binary field

c2tnb191v3: X9.62 curve over a 191 bit binary field

c2pnb208w1: X9.62 curve over a 208 bit binary field

c2tnb239v1: X9.62 curve over a 239 bit binary field

c2tnb239v2: X9.62 curve over a 239 bit binary field

c2tnb239v3: X9.62 curve over a 239 bit binary field

c2pnb272w1: X9.62 curve over a 272 bit binary field

c2pnb304w1: X9.62 curve over a 304 bit binary field

c2tnb359v1: X9.62 curve over a 359 bit binary field

c2pnb368w1: X9.62 curve over a 368 bit binary field

c2tnb431r1: X9.62 curve over a 431 bit binary field

wap-wsg-idm-ecid-wtls1: WTLS curve over a 113 bit binary field

wap-wsg-idm-ecid-wtls3: NIST/SECG/WTLS curve over a 163 bit binary field

wap-wsg-idm-ecid-wtls4: SECG curve over a 113 bit binary field

wap-wsg-idm-ecid-wtls5: X9.62 curve over a 163 bit binary field

wap-wsg-idm-ecid-wtls6: SECG/WTLS curve over a 112 bit prime field

wap-wsg-idm-ecid-wtls7: SECG/WTLS curve over a 160 bit prime field

wap-wsg-idm-ecid-wtls8: WTLS curve over a 112 bit prime field

wap-wsg-idm-ecid-wtls9: WTLS curve over a 160 bit prime field

wap-wsg-idm-ecid-wtls10: NIST/SECG/WTLS curve over a 233 bit binary field

wap-wsg-idm-ecid-wtls11: NIST/SECG/WTLS curve over a 233 bit binary field

wap-wsg-idm-ecid-wtls12: WTLS curve over a 224 bit prime field

Oakley-EC2N-3:

IPSec/IKE/Oakley curve #3 over a 155 bit binary field.

Not suitable for ECDSA.

Questionable extension field!

Oakley-EC2N-4:

IPSec/IKE/Oakley curve #4 over a 185 bit binary field.

Not suitable for ECDSA.

Questionable extension field!

brainpoolP160r1: RFC 5639 curve over a 160 bit prime field

brainpoolP160t1: RFC 5639 curve over a 160 bit prime field

brainpoolP192r1: RFC 5639 curve over a 192 bit prime field

brainpoolP192t1: RFC 5639 curve over a 192 bit prime field

brainpoolP224r1: RFC 5639 curve over a 224 bit prime field

brainpoolP224t1: RFC 5639 curve over a 224 bit prime field

brainpoolP256r1: RFC 5639 curve over a 256 bit prime field

brainpoolP256t1: RFC 5639 curve over a 256 bit prime field

brainpoolP320r1: RFC 5639 curve over a 320 bit prime field

brainpoolP320t1: RFC 5639 curve over a 320 bit prime field

brainpoolP384r1: RFC 5639 curve over a 384 bit prime field

brainpoolP384t1: RFC 5639 curve over a 384 bit prime field

brainpoolP512r1: RFC 5639 curve over a 512 bit prime field

brainpoolP512t1: RFC 5639 curve over a 512 bit prime field

SM2 : SM2 curve over a 256 bit prime field

可以看到最后一行表明当前版本openssl支持SM2,实际上openssl从1.1.1版本开始支持SM2算法。

(2)生成SM2私钥文件

命令:openssl ecparam -outform pem -out sm2PriKey.pem -name sm2 -genkey

返回结果:

-----BEGIN PRIVATE KEY-----

MIGIAgEAMBQGCCqBHM9VAYItBggqgRzPVQGCLQRtMGsCAQEEII4ojT2hPeJ7lPRw

Yio6nrMgG+8uobZe3C6P1WIFJU4joUQDQgAEmzNGkBbTRx/2EhpYSt6WJq3qYGk7

zQSKQWDbNPsBU39j07Kzn3QBYpIa9E50VTSnFxsaUxWbZikEuLWg66xqBQ==

-----END PRIVATE KEY-----

(3)查看私钥文件

命令:openssl ec -in sm2PriKey.pem -text

返回结果:

read EC key

Private-Key: (256 bit)

priv:

8e:28:8d:3d:a1:3d:e2:7b:94:f4:70:62:2a:3a:9e:

b3:20:1b:ef:2e:a1:b6:5e:dc:2e:8f:d5:62:05:25:

4e:23

pub:

04:9b:33:46:90:16:d3:47:1f:f6:12:1a:58:4a:de:

96:26:ad:ea:60:69:3b:cd:04:8a:41:60:db:34:fb:

01:53:7f:63:d3:b2:b3:9f:74:01:62:92:1a:f4:4e:

74:55:34:a7:17:1b:1a:53:15:9b:66:29:04:b8:b5:

a0:eb:ac:6a:05

ASN1 OID: SM2

writing EC key

-----BEGIN SM2 PRIVATE KEY-----

MHcCAQEEII4ojT2hPeJ7lPRwYio6nrMgG+8uobZe3C6P1WIFJU4joAoGCCqBHM9V

AYItoUQDQgAEmzNGkBbTRx/2EhpYSt6WJq3qYGk7zQSKQWDbNPsBU39j07Kzn3QB

YpIa9E50VTSnFxsaUxWbZikEuLWg66xqBQ==

-----END SM2 PRIVATE KEY-----

这里私钥文件中包含公钥及私钥具体信息,可以看到私钥为8E28......4E23共32字节长度,公钥为9B33......6A05共64字节。

(4)生成SM2 公钥文件

命令:openssl ec -in sm2PriKey.pem -pubout -out sm2PubKey.pem

返回结果:

read EC key

writing EC key

-----BEGIN PUBLIC KEY-----

MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEmxmSy4HOD2d2sakaJTw0QFhRGZs2

5umcKzmg12FAsYNjVRmtLxcbydzTMELGKpHHle//IZ0Eqx7P15IKiyoK/g==

-----END PUBLIC KEY-----

(5)使用ASN1dump工具查看密钥具体编码

私钥编码如下图,OID为1.2.156.10197.1.301也就是SM2算法。这里可能需要注意,在有些工具中无法正常处理06082A811CCF5501822D06082A811CCF5501822D的算法标识,而应该是接受06072A8648CE3D020106082A811CCF5501822D的公私钥算法标识。现在的办法是手工修改下,确保能够使用。

相关推荐
Guheyunyi36 分钟前
监测预警系统重塑隧道安全新范式
大数据·运维·人工智能·科技·安全
IT科技那点事儿2 小时前
引领AI安全新时代 Accelerate 2025北亚巡展·北京站成功举办
人工智能·安全
恰薯条的屑海鸥6 小时前
零基础在实践中学习网络安全-皮卡丘靶场(第十四期-XXE模块)
网络·学习·安全·web安全·渗透测试
20242817李臻7 小时前
20242817李臻-安全文件传输系统-项目验收
数据库·安全
DevSecOps选型指南15 小时前
2025软件供应链安全最佳实践︱证券DevSecOps下供应链与开源治理实践
网络·安全·web安全·开源·代码审计·软件供应链安全
ABB自动化15 小时前
for AC500 PLCs 3ADR025003M9903的安全说明
服务器·安全·机器人
恰薯条的屑海鸥15 小时前
零基础在实践中学习网络安全-皮卡丘靶场(第十六期-SSRF模块)
数据库·学习·安全·web安全·渗透测试·网络安全学习
阿部多瑞 ABU17 小时前
主流大语言模型安全性测试(三):阿拉伯语越狱提示词下的表现与分析
人工智能·安全·ai·语言模型·安全性测试
moongoblin19 小时前
行业赋能篇-2-能源行业安全运维升级
运维·安全·协作
Fortinet_CHINA19 小时前
引领AI安全新时代 Accelerate 2025北亚巡展·北京站成功举办
网络·安全
热门推荐
01【图像处理与机器视觉】XJTU期末考点02从零安装 LLaMA-Factory 微调 Qwen 大模型成功及所有的坑03KGG转MP3工具|非KGM文件|解密音频04海康Visionmaster-常见问题排查方法-启动阶段05YOLOv8入门 | 重要性能衡量指标、训练结果评价及分析及影响mAP的因素【发论文关注的指标】06【SpeedAI科研小助手】2分钟极速解决知网维普重复率、AIGC率过高,一键全文降!文件格式不变,公式都保留的!07Coze扣子平台完整体验和实践(附国内和国际版对比)08DeepSeek各版本说明与优缺点分析09VMware虚拟机安装Win7专业版保姆级教程(附镜像包)10R-tree详解