suzanne.soy/man-pages
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
gh-pages
man-pages/man7/SM2.7ssl.html
Suzanne Soy 4c89183f2b Added man pages from my system
2021-03-31 01:06:50 +01:00

158 lines
4.7 KiB
HTML
Raw Permalink Blame History

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML><HEAD><TITLE>Man page of SM2</TITLE>
</HEAD><BODY>
<H1>SM2</H1>
Section: OpenSSL (7SSL)<BR>Updated: 2021-03-22<BR><A HREF="#index">Index</A>
<A HREF="/cgi-bin/man/man2html">Return to Main Contents</A><HR>
<A NAME="lbAB">&nbsp;</A>
<H2>NAME</H2>
SM2 - Chinese SM2 signature and encryption algorithm support
<A NAME="lbAC">&nbsp;</A>
<H2>DESCRIPTION</H2>
The <B></B><FONT SIZE="-1"><B>SM2</B></FONT><B></B> algorithm was first defined by the Chinese national standard <FONT SIZE="-1">GM/T
0003-2012</FONT> and was later standardized by <FONT SIZE="-1">ISO</FONT> as <FONT SIZE="-1">ISO/IEC 14888.</FONT> <B></B><FONT SIZE="-1"><B>SM2</B></FONT><B></B> is actually
an elliptic curve based algorithm. The current implementation in OpenSSL supports
both signature and encryption schemes via the <FONT SIZE="-1">EVP</FONT> interface.
<P>
When doing the <B></B><FONT SIZE="-1"><B>SM2</B></FONT><B></B> signature algorithm, it requires a distinguishing identifier
to form the message prefix which is hashed before the real message is hashed.
<A NAME="lbAD">&nbsp;</A>
<H2>NOTES</H2>
<B></B><FONT SIZE="-1"><B>SM2</B></FONT><B></B> signatures can be generated by using the 'DigestSign' series of APIs, for
instance, <B>EVP_DigestSignInit()</B>, <B>EVP_DigestSignUpdate()</B> and <B>EVP_DigestSignFinal()</B>.
Ditto for the verification process by calling the 'DigestVerify' series of APIs.
<P>
There are several special steps that need to be done before computing an <B></B><FONT SIZE="-1"><B>SM2</B></FONT><B></B>
signature.
<P>
The <B></B><FONT SIZE="-1"><B>EVP_PKEY</B></FONT><B></B> structure will default to using <FONT SIZE="-1">ECDSA</FONT> for signatures when it is
created. It should be set to <B></B><FONT SIZE="-1"><B>EVP_PKEY_SM2</B></FONT><B></B> by calling:
<P>
<PRE>
EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2);
</PRE>
<P>
Then an <FONT SIZE="-1">ID</FONT> should be set by calling:
<P>
<PRE>
EVP_PKEY_CTX_set1_id(pctx, id, id_len);
</PRE>
<P>
When calling the <B>EVP_DigestSignInit()</B> or <B>EVP_DigestVerifyInit()</B> functions, a
pre-allocated <B></B><FONT SIZE="-1"><B>EVP_PKEY_CTX</B></FONT><B></B> should be assigned to the <B></B><FONT SIZE="-1"><B>EVP_MD_CTX</B></FONT><B></B>. This is
done by calling:
<P>
<PRE>
EVP_MD_CTX_set_pkey_ctx(mctx, pctx);
</PRE>
<P>
And normally there is no need to pass a <B>pctx</B> parameter to <B>EVP_DigestSignInit()</B>
or <B>EVP_DigestVerifyInit()</B> in such a scenario.
<A NAME="lbAE">&nbsp;</A>
<H2>EXAMPLES</H2>
This example demonstrates the calling sequence for using an <B></B><FONT SIZE="-1"><B>EVP_PKEY</B></FONT><B></B> to verify
a message with the <FONT SIZE="-1">SM2</FONT> signature algorithm and the <FONT SIZE="-1">SM3</FONT> hash algorithm:
<P>
<PRE>
#include &lt;<A HREF="file:///usr/include/openssl/evp.h">openssl/evp.h</A>&gt;
/* obtain an EVP_PKEY using whatever methods... */
EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2);
mctx = EVP_MD_CTX_new();
pctx = EVP_PKEY_CTX_new(pkey, NULL);
EVP_PKEY_CTX_set1_id(pctx, id, id_len);
EVP_MD_CTX_set_pkey_ctx(mctx, pctx);;
EVP_DigestVerifyInit(mctx, NULL, EVP_sm3(), NULL, pkey);
EVP_DigestVerifyUpdate(mctx, msg, msg_len);
EVP_DigestVerifyFinal(mctx, sig, sig_len)
</PRE>
<A NAME="lbAF">&nbsp;</A>
<H2>SEE ALSO</H2>
<B><A HREF="/cgi-bin/man/man2html?3+EVP_PKEY_CTX_new">EVP_PKEY_CTX_new</A></B>(3),
<B><A HREF="/cgi-bin/man/man2html?3+EVP_PKEY_set_alias_type">EVP_PKEY_set_alias_type</A></B>(3),
<B><A HREF="/cgi-bin/man/man2html?3+EVP_DigestSignInit">EVP_DigestSignInit</A></B>(3),
<B><A HREF="/cgi-bin/man/man2html?3+EVP_DigestVerifyInit">EVP_DigestVerifyInit</A></B>(3),
<B><A HREF="/cgi-bin/man/man2html?3+EVP_PKEY_CTX_set1_id">EVP_PKEY_CTX_set1_id</A></B>(3),
<B><A HREF="/cgi-bin/man/man2html?3+EVP_MD_CTX_set_pkey_ctx">EVP_MD_CTX_set_pkey_ctx</A></B>(3)
<A NAME="lbAG">&nbsp;</A>
<H2>COPYRIGHT</H2>
Copyright 2018-2019 The OpenSSL Project Authors. All Rights Reserved.
<P>
Licensed under the OpenSSL license (the ``License''). You may not use
this file except in compliance with the License. You can obtain a copy
in the file <FONT SIZE="-1">LICENSE</FONT> in the source distribution or at
&lt;<A HREF="https://www.openssl.org/source/license.html">https://www.openssl.org/source/license.html</A>&gt;.
<P>
<HR>
<A NAME="index">&nbsp;</A><H2>Index</H2>
<DL>
<DT id="1"><A HREF="#lbAB">NAME</A><DD>
<DT id="2"><A HREF="#lbAC">DESCRIPTION</A><DD>
<DT id="3"><A HREF="#lbAD">NOTES</A><DD>
<DT id="4"><A HREF="#lbAE">EXAMPLES</A><DD>
<DT id="5"><A HREF="#lbAF">SEE ALSO</A><DD>
<DT id="6"><A HREF="#lbAG">COPYRIGHT</A><DD>
</DL>
<HR>
This document was created by
<A HREF="/cgi-bin/man/man2html">man2html</A>,
using the manual pages.<BR>
Time: 00:06:09 GMT, March 31, 2021
</BODY>
</HTML>
Reference in New Issue View Git Blame Copy Permalink