测试环境
Virtual Box,AnolisOS-8.6-x86_64-minimal.iso,4 vCPU, 8G RAM, 60 vDisk。最小化安装。需联网。
系统环境
关闭防火墙
systemctl stop firewalld
systemctl disable firewalld
systemctl status firewalld
selinux关闭
cat /etc/selinux/config
安装Python39
dnf install -y python39 python39-pip
配置国内pip源
mkdir -p ~/.pip
touch ~/.pip/pip.conf
vi ~/.pip/pip.conf
sh
[global]
trusted-host=mirrors.aliyun.com
index-url=http://mirrors.aliyun.com/pypi/simple/安装easy_gmssl
安装依赖
dnf install -y gcc cmake
安装easy_gmssl库
pip3 install easy_gmssl
安装GmSSL 3.1.1
tar -zxvf GmSSL-3.1.1.tar.gz
powershell
cd GmSSL-3.1.1
mkdir build
cd build
cmake ..
make
make installvi /etc/ld.so.conf,添加一行:
/usr/local/lib
加载动态链接
ldconfig
验证版本
gmssl version
生成公钥和私钥
gmssl sm2keygen -pass 123456 -out sm2_private.pem -pubout sm2_public.pem
基于easy_gmssl国密算法的加解密验签小脚本
python
from easy_gmssl import EasySM2SignKey, EasySM2VerifyKey, EasySm4CBC, EasySM3Digest
import os
import logging
# 配置日志
logging.basicConfig(level=logging.INFO, format='%(asctime)s - %(levelname)s - %(message)s')
def sm4_encrypt(key, iv, plaintext):
"""
使用SM4算法进行加密
:param key: 密钥,长度为16字节
:param iv: 初始化向量,长度为16字节
:param plaintext: 明文数据
:return: 加密后的密文
"""
sm4 = EasySm4CBC(key, iv, True)
ciphertext = sm4.Update(plaintext) + sm4.Finish()
return ciphertext
def sm4_decrypt(key, iv, ciphertext):
"""
使用SM4算法进行解密
:param key: 密钥,长度为16字节
:param iv: 初始化向量,长度为16字节
:param ciphertext: 密文数据
:return: 解密后的明文
"""
sm4 = EasySm4CBC(key, iv, False)
plaintext = sm4.Update(ciphertext) + sm4.Finish()
return plaintext
def sm3_hash(data):
"""
使用SM3算法进行哈希计算
:param data: 待哈希的数据
:return: 哈希值
"""
sm3 = EasySM3Digest()
sm3.UpdateData(data)
hash_value, _, _ = sm3.GetHash()
return hash_value.hex()
def sm2_sign(private_key_path, password, data):
"""
使用SM2算法生成数字签名
:param private_key_path: 私钥文件路径
:param password: 私钥文件的密码
:param data: 待签名的数据
:return: 数字签名
"""
sm2_signer = EasySM2SignKey(pem_private_key_file=private_key_path, password=password)
sm2_signer.UpdateData(data)
signature = sm2_signer.GetSignValue()
return signature.hex()
def sm2_verify(public_key_path, data, signature):
"""
使用SM2算法验证数字签名
:param public_key_path: 公钥文件路径
:param data: 待验证的数据
:param signature: 数字签名
:return: 验证结果,True表示验证通过,False表示验证失败
"""
sm2_verifier = EasySM2VerifyKey(pem_public_key_file=public_key_path)
sm2_verifier.UpdateData(data)
return sm2_verifier.VerifySignature(bytes.fromhex(signature))
def encrypt_file(input_file_path, output_file_path, key, iv):
"""
加密文件
:param input_file_path: 待加密文件路径
:param output_file_path: 加密后文件输出路径
:param key: SM4算法密钥
:param iv: SM4算法初始化向量
"""
with open(input_file_path, 'rb') as f:
plaintext = f.read()
ciphertext = sm4_encrypt(key, iv, plaintext)
with open(output_file_path, 'wb') as f:
f.write(ciphertext)
logging.info(f"文件加密完成,输出路径:{output_file_path}")
def decrypt_file(input_file_path, output_file_path, key, iv):
"""
解密文件
:param input_file_path: 待解密文件路径
:param output_file_path: 解密后文件输出路径
:param key: SM4算法密钥
:param iv: SM4算法初始化向量
"""
with open(input_file_path, 'rb') as f:
ciphertext = f.read()
plaintext = sm4_decrypt(key, iv, ciphertext)
with open(output_file_path, 'wb') as f:
f.write(plaintext)
logging.info(f"文件解密完成,输出路径:{output_file_path}")
def sign_file(private_key_path, password, input_file_path, output_file_path):
"""
对文件生成数字签名
:param private_key_path: SM2算法私钥文件路径
:param password: 私钥文件的密码
:param input_file_path: 待签名文件路径
:param output_file_path: 数字签名输出路径
"""
with open(input_file_path, 'rb') as f:
data = f.read()
sign = sm2_sign(private_key_path, password, data)
with open(output_file_path, 'w') as f:
f.write(sign)
logging.info(f"数字签名生成完成,输出路径:{output_file_path}")
def verify_file_signature(public_key_path, input_file_path, sign_file_path):
"""
验证文件的数字签名
:param public_key_path: SM2算法公钥文件路径
:param input_file_path: 待验证文件路径
:param sign_file_path: 数字签名文件路径
:return: 验证结果
"""
with open(input_file_path, 'rb') as f:
data = f.read()
with open(sign_file_path, 'r') as f:
sign = f.read()
result = sm2_verify(public_key_path, data, sign)
return result
def check_file_integrity(input_file_path):
"""
检查文件的完整性
:param input_file_path: 待检查文件路径
:return: 文件的SM3哈希值
"""
with open(input_file_path, 'rb') as f:
data = f.read()
hash_value = sm3_hash(data)
return hash_value
if __name__ == "__main__":
# 示例使用
input_file_path = 'example.txt' # 待处理文件路径
encrypted_file_path = 'encrypted_example.enc' # 加密后文件路径
decrypted_file_path = 'decrypted_example.txt' # 解密后文件路径
sign_file_path = 'sign_example.txt' # 数字签名文件路径
key = b'\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10' # SM4算法密钥
iv = b'\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10' # SM4算法初始化向量
private_key_path = '/root/sm2_private.pem' # SM2算法私钥文件路径
public_key_path = '/root/sm2_public.pem' # SM2算法公钥文件路径
password = "123456" # 私钥文件的密码
# 加密文件
encrypt_file(input_file_path, encrypted_file_path, key, iv)
# 解密文件
decrypt_file(encrypted_file_path, decrypted_file_path, key, iv)
# 生成数字签名
sign_file(private_key_path, password, input_file_path, sign_file_path)
# 验证数字签名
verify_result = verify_file_signature(public_key_path, input_file_path, sign_file_path)
logging.info(f"数字签名验证结果:{verify_result}")
# 检查文件完整性
hash_value = check_file_integrity(input_file_path)
logging.info(f"文件的SM3哈希值:{hash_value}")