The GmSSL Project

About GmSSL

GmSSL is an open source cryptographic toolbox that supports SM2 / SM3 / SM4 / SM9 and other national secret (national commercial password) algorithm, SM2 digital certificate and SM2 certificate based on SSL / TLS secure communication protocol to support the national security hardware password device , To provide in line with the national standard programming interface and command line tools, can be used to build PKI / CA, secure communication, data encryption and other standards in line with national security applications. The GmSSL project is a branch of the OpenSSLproject and is compatible with OpenSSL. So GmSSL can replace the application of OpenSSL components, and make the application automatically with national security capabilities. The GmSSL project utilizes a business-friendly BSD open source license, open source and can be used for closed source commercial applications. GmSSL project by the Peking University Guan Zhideputy researcher of the cryptography research group development and maintenance, the project source code hosted in GitHub. Since its release in 2014, GmSSL has been deployed and applied in multiple projects and products, and has won the second prize of the “One Cup” China Linux Software Contest in 2015 (the highest award) and Open Source China password class recommended items. The core goal of the GmSSL project is to promote the construction of cyberspace security through open source cryptography.

Latest News

• March 2, 2017 GmSSL project registered its OID {iso(1) identified-organization(3) dod(6) internet(1) private(4) enterprise(1) GmSSL(49549)}
• February 12, 2017 Java wrapper support for full crypto library GmSSL-Java-Wrapper
• January 18, 2017 Updated the project home page
• More …

Recent Plan

• On March 16, 2017, we start the integration work of Speck, Serpent and ZUC, and it would be completed in early April 2017.

  contributors Simon,SuChao,LaiWei,HanShanxin

SM Crypto Algorithm

The secret algorithm is the abbreviation of the national commercial cryptographic algorithm. Since 2012, the National Password Authority to the “People’s Republic of China password industry standard” approach, have announced the SM2 / SM3 / SM4 and other cryptographic algorithm standards and application specifications. Which “SM” on behalf of “business secret”, that is used for commercial, not involving state secrets of the password technology. SM2 is a public key cryptography algorithm based on elliptic curve cryptography, including digital signature, key exchange and public key encryption. It is used to replace international algorithms such as RSA / Diffie-Hellman / ECDSA / ECDH. SM3 is password hash algorithm, SM4 is a block cipher used to replace DES / AES and other international algorithms. SM9 is an identity-based cryptographic algorithm that can replace PKI / CA based on digital certificate. By deploying the secret algorithm, you can reduce the security risks caused by weak passwords and bug implementations and the overhead of deploying PKI / CA.

Quick Start

Quick Start Guide describes the basic instructions for compiling, installing, and gmssl command line tools for GmSSL.

1. Download the source code (zip)，unzip it to current directory.

   $ unzip GmSSL-master.zip
   

2. Compile and install

  Linux (Other platform see Compile and instal)

   $ ./config no-saf no-sdf no-skf no-sof no-zuc
   $ make
   $ sudo make install

After installation, you can execute the gmssl command line tool to check for success

   $ gmssl version
   GmSSL 2.0 - OpenSSL 1.1.0d

1. SM4 encrypt file

   $ gmssl sms4 -e -in <yourfile> -out <yourfile>.sms4
   enter sms4-cbc encryption password: <your-password>
   Verifying - enter sms4-cbc encryption password: <your-password>
   

   decrypt

   $ gmssl sms4 -d -in <yourfile>.sms4
   enter sms4-cbc decryption password: <your-password>
   

2. Generate SM3 digest

   $ gmssl sm3 <yourfile>
   SM3(yourfile)= 66c7f0f462eeedd9d1f2d46bdc10e4e24167c4875cf2f7a2297da02b8f4ba8e0
   

3. Generate SM2 key and sign

   $ gmssl genpkey -algorithm EC -pkeyopt ec_paramgen_curve:sm2p256v1 \
                   -pkeyopt ec_param_enc:named_curve  -out signkey.pem
   $ gmssl pkeyutl -sign -pkeyopt ec_sign_algor:sm2 -inkey signkey.pem \
                   -in <yourfile> -out <yourfile>.sig
   

   You can export the public key from signkey.pem to the party that issued the signature

   $ gmssl pkey -pubout -in signkey.pem out vrfykey.pem
   $ gmssl pkeyutl -verify -pkeyopt ec_sign_algor:sm2 -inkey vrfykey.pem \
                   -in <yourfile> -sigfile <yourfile>.sig
   

  ## Project documentation

• User manual

   * Compile and install

   * Command line tool manual

   * GmSSL EVP API

   * GmSSL Java API

• Password algorithm

   * SM1 group password

   * SSF33 group password

   * SM2 elliptic curve public key password

   * SM3 password hash algorithm

   * SM4 / SMS4 group password

   * SM9 identity-based password

   * ZUC sequence password

   * CPK combination public key password

   * BF-IBE (Boneh-Franklin Identity-Based Encryption)

   * BB-IBE (Boneh-Boyen Identity-Based Encryption)

• password hardware

   * Password hardware support

   * Country density SKF password hardware

   * National secret SDF password hardware

   * Key management service

• Security protocol

   * SSL / TLS protocol

   * National secret SSL VPN protocol

   * National secret IPSec VPN protocol

• Developer

   * GmSSL Coding Style

   * Roadmap

   * Open source license (GmSSL Licenses)

• Standards and norms

   * People’s Republic of China password industry standard

   * National secret algorithm identification OID