- 1想用电脑远程控制手机?两款软件可以轻松做到,还能双向语音!_怎样用电脑远程控制手机
- 2Python发展史简介_python语言的发展历程
- 3黑苹果安装经验总结2023-12
- 4(转载)flask中的jsonify和Python自带的json有什么区别?_from itsdangerous import json as _json
- 5多列不等高布局之横向瀑布流和纵向瀑布流
- 6项目实训(树莓派)(十五)树莓派4B下的ubuntu系统下的Bash的使用和脚本初步-第一部分(变量 脚本 字符串等)
- 7Ubuntu-嵌入式linux开发环境搭建-基本工具安装_ubuntu中的bash怎么安装
- 8Python爬虫学习日志——day2(requests)_爬虫实训日志
- 9张量学习(1):张量的基本概念
- 10【Azure】微软 Azure 基础解析(七)Azure 网络服务中的虚拟网络 VNet、网关、负载均衡器 Load Balancer
gmssl 指令使用_gmssl 命令手册
赞
踩
gmssl
下载地址
https://github.com/guanzhi/GmSSL
安装方法:
cmake CMakeLists.txt
make
生成执行文件在bin 目录下, 即执行文件gmssl
说明,由于gmssl 变成3.0 以后,命令字都发生变化,网上找不到资料,以下是我花了一下时间摸索出来的,供大家参考
使用方法
./gmssl -help 查询所有的指令,如下
./bin/gmssl: illegal option ‘-help’
usage: ./bin/gmssl command [options]
command -help
Commands:
help Print this help message
version Print version
rand Generate random bytes
sm2keygen Generate SM2 keypair
sm2sign Generate SM2 signature
sm2verify Verify SM2 signature
sm2encrypt Encrypt with SM2 public key
sm2decrypt Decrypt with SM2 private key
sm3 Generate SM3 hash
sm3hmac Generate SM3 HMAC tag
sm4 Encrypt or decrypt with SM4
zuc Encrypt or decrypt with ZUC
sm9setup Generate SM9 master secret
sm9keygen Generate SM9 private key
sm9sign Generate SM9 signature
sm9verify Verify SM9 signature
sm9encrypt SM9 public key encryption
sm9decrypt SM9 decryption
pbkdf2 Generate key from password
reqgen Generate certificate signing request (CSR)
reqsign Generate certificate from CSR
reqparse Parse and print a CSR
crlget Download the CRL of given certificate
crlgen Sign a CRL with CA certificate and private key
crlverify Verify a CRL with issuer’s certificate
crlparse Parse and print CRL
certgen Generate a self-signed certificate
certparse Parse and print certificates
certverify Verify certificate chain
certrevoke Revoke certificate and output RevokedCertificate record
cmsparse Parse CMS (cryptographic message syntax) file
cmsencrypt Generate CMS EnvelopedData
cmsdecrypt Decrypt CMS EnvelopedData
cmssign Generate CMS SignedData
cmsverify Verify CMS SignedData
sdfutil SDF crypto device utility
skfutil SKF crypto device utility
tlcp_client TLCP client
tlcp_server TLCP server
tls12_client TLS 1.2 client
tls12_server TLS 1.2 server
tls13_client TLS 1.3 client
tls13_server TLS 1.3 server
run gmssl <command> -help to print help of the given command
此时一头蒙,虽然知道上面写的指令干什么用,但是没有告诉我们怎么用
偶然机会发现,查询办法为:
/bin/gmssl “上面的命令字” -help, 可得使用办法,如我查询到的签发子证书
Examples
# Generate self-signed root CA certificate gmssl sm2keygen -pass P@ssw0rd -out rootcakey.pem gmssl certgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN ROOTCA -days 3650 \ -key rootcakey.pem -pass P@ssw0rd \ -ca -path_len_constraint 6 \ -key_usage keyCertSign -key_usage cRLSign \ -crl_http_uri http://pku.edu.cn/ca.crl \ -ca_issuers_uri http://pku.edu.cn/ca.crt -ocsp_uri http://ocsp.pku.edu.cn \ -out rootcacert.pem # Generate sub-CA certificate request gmssl sm2keygen -pass P@ssw0rd -out cakey.pem gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN CA -key cakey.pem -pass P@ssw0rd -out careq.pem # Sign certificate request to generate sub-CA certificate gmssl reqsign -in careq.pem -serial_len 12 -days 365 \ -cacert rootcacert.pem -key rootcakey.pem -pass P@ssw0rd \ -ca -path_len_constraint 0 \ -key_usage keyCertSign -key_usage cRLSign \ -crl_http_uri http://pku.edu.cn/ca.crl \ -ca_issuers_uri http://pku.edu.cn/ca.crt -ocsp_uri http://ocsp.pku.edu.cn \ -out cacert.pem
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
指令说明:
实操
//根私钥
./bin/gmssl sm2keygen -pass 1234 -out /data/ssl/private/prikey.pem //私钥
//根公钥–没有什么用
./bin/gmssl sm2keygen -pass 1234 -pubout /data/ssl/private/pubkey.pem //公钥
根 csr 请求文件 生成
./bin/gmssl reqgen -CN www.deepthink.ai -key /data/ssl/private/privatekey.pem -pass 1234 -out /data/ssl/clr/reqcsr.pem
CA 证书–根证书
./bin/gmssl certgen -C CN -ST GuangDong -L ShenZhen -O JL -OU SZWL -CN ROOTCA -days 3650 -key /data/ssl/private/privatekey.pem -pass 1234 -out /data/ssl/certs/cert.pem -key_usage keyCertSign -key_usage cRLSign
//生成私钥办法
gmssl sm2keygen -pass P@ssw0rd -out rootcakey.pem
//生成CA 证书办法
gmssl certgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN ROOTCA -days 3650
-key rootcakey.pem -pass P@ssw0rd
-ca -path_len_constraint 6
-key_usage keyCertSign -key_usage cRLSign
-crl_http_uri http://pku.edu.cn/ca.crl
-ca_issuers_uri http://pku.edu.cn/ca.crt -ocsp_uri http://ocsp.pku.edu.cn
-out rootcacert.pem
签发子证书
用户私钥
./bin/gmssl sm2keygen -pass 1234 -out /data/ssl/user/user_prikey.pem
用户公钥
./bin/gmssl sm2keygen -pass 1234 -pubout /data/ssl/user/ user_pubkey.pem // 没有什么用
用户crs
gmssl reqgen -C www.deepthink.ai -ST GuangDong -L DongGuan -O JL -OU TETA -CN ROOTCA CA -key /data/ssl/user/user_prikey.pem -pass 1234 -out /data/ssl/user/user_crs.pem
签发子证书
gmssl reqsign -in /data/ssl/user/user_crs.pem -serial_len 12 -days 365
-cacert /data/ssl/certs/cert.pem -key /data/ssl/private/prikey.pem -pass1234
-ca -path_len_constraint 0
-key_usage keyCertSign -key_usage cRLSign
-out /data/ssl/user/ user_subcert.pem
结束!
