当前位置：首页 > news >正文

基于AnolisOS 8.6安装GmSSL 3.1.1及easy_gmssl库测试国密算法

news 2025/6/30 7:22:25

测试环境

Virtual Box，AnolisOS-8.6-x86_64-minimal.iso，4 vCPU, 8G RAM, 60 vDisk。最小化安装。需联网。

系统环境

关闭防火墙
systemctl stop firewalld
systemctl disable firewalld
systemctl status firewalld
selinux关闭
cat /etc/selinux/config

安装Python39

dnf install -y python39 python39-pip

配置国内pip源

mkdir -p ~/.pip
touch ~/.pip/pip.conf
vi ~/.pip/pip.conf

[global]
trusted-host=mirrors.aliyun.com
index-url=http://mirrors.aliyun.com/pypi/simple/

安装easy_gmssl

安装依赖
dnf install -y gcc cmake
安装easy_gmssl库
pip3 install easy_gmssl

安装GmSSL 3.1.1

tar -zxvf GmSSL-3.1.1.tar.gz

cd GmSSL-3.1.1
mkdir build
cd build
cmake ..
make
make install

vi /etc/ld.so.conf，添加一行：
/usr/local/lib
加载动态链接
ldconfig

验证版本
gmssl version

生成公钥和私钥
gmssl sm2keygen -pass 123456 -out sm2_private.pem -pubout sm2_public.pem

基于easy_gmssl国密算法的加解密验签小脚本

from easy_gmssl import EasySM2SignKey, EasySM2VerifyKey, EasySm4CBC, EasySM3Digest
import os
import logging# 配置日志
logging.basicConfig(level=logging.INFO, format='%(asctime)s - %(levelname)s - %(message)s')def sm4_encrypt(key, iv, plaintext):"""使用SM4算法进行加密:param key: 密钥，长度为16字节:param iv: 初始化向量，长度为16字节:param plaintext: 明文数据:return: 加密后的密文"""sm4 = EasySm4CBC(key, iv, True)ciphertext = sm4.Update(plaintext) + sm4.Finish()return ciphertextdef sm4_decrypt(key, iv, ciphertext):"""使用SM4算法进行解密:param key: 密钥，长度为16字节:param iv: 初始化向量，长度为16字节:param ciphertext: 密文数据:return: 解密后的明文"""sm4 = EasySm4CBC(key, iv, False)plaintext = sm4.Update(ciphertext) + sm4.Finish()return plaintextdef sm3_hash(data):"""使用SM3算法进行哈希计算:param data: 待哈希的数据:return: 哈希值"""sm3 = EasySM3Digest()sm3.UpdateData(data)hash_value, _, _ = sm3.GetHash()return hash_value.hex()def sm2_sign(private_key_path, password, data):"""使用SM2算法生成数字签名:param private_key_path: 私钥文件路径:param password: 私钥文件的密码:param data: 待签名的数据:return: 数字签名"""sm2_signer = EasySM2SignKey(pem_private_key_file=private_key_path, password=password)sm2_signer.UpdateData(data)signature = sm2_signer.GetSignValue()return signature.hex()def sm2_verify(public_key_path, data, signature):"""使用SM2算法验证数字签名:param public_key_path: 公钥文件路径:param data: 待验证的数据:param signature: 数字签名:return: 验证结果，True表示验证通过，False表示验证失败"""sm2_verifier = EasySM2VerifyKey(pem_public_key_file=public_key_path)sm2_verifier.UpdateData(data)return sm2_verifier.VerifySignature(bytes.fromhex(signature))def encrypt_file(input_file_path, output_file_path, key, iv):"""加密文件:param input_file_path: 待加密文件路径:param output_file_path: 加密后文件输出路径:param key: SM4算法密钥:param iv: SM4算法初始化向量"""with open(input_file_path, 'rb') as f:plaintext = f.read()ciphertext = sm4_encrypt(key, iv, plaintext)with open(output_file_path, 'wb') as f:f.write(ciphertext)logging.info(f"文件加密完成，输出路径：{output_file_path}")def decrypt_file(input_file_path, output_file_path, key, iv):"""解密文件:param input_file_path: 待解密文件路径:param output_file_path: 解密后文件输出路径:param key: SM4算法密钥:param iv: SM4算法初始化向量"""with open(input_file_path, 'rb') as f:ciphertext = f.read()plaintext = sm4_decrypt(key, iv, ciphertext)with open(output_file_path, 'wb') as f:f.write(plaintext)logging.info(f"文件解密完成，输出路径：{output_file_path}")def sign_file(private_key_path, password, input_file_path, output_file_path):"""对文件生成数字签名:param private_key_path: SM2算法私钥文件路径:param password: 私钥文件的密码:param input_file_path: 待签名文件路径:param output_file_path: 数字签名输出路径"""with open(input_file_path, 'rb') as f:data = f.read()sign = sm2_sign(private_key_path, password, data)with open(output_file_path, 'w') as f:f.write(sign)logging.info(f"数字签名生成完成，输出路径：{output_file_path}")def verify_file_signature(public_key_path, input_file_path, sign_file_path):"""验证文件的数字签名:param public_key_path: SM2算法公钥文件路径:param input_file_path: 待验证文件路径:param sign_file_path: 数字签名文件路径:return: 验证结果"""with open(input_file_path, 'rb') as f:data = f.read()with open(sign_file_path, 'r') as f:sign = f.read()result = sm2_verify(public_key_path, data, sign)return resultdef check_file_integrity(input_file_path):"""检查文件的完整性:param input_file_path: 待检查文件路径:return: 文件的SM3哈希值"""with open(input_file_path, 'rb') as f:data = f.read()hash_value = sm3_hash(data)return hash_valueif __name__ == "__main__":# 示例使用input_file_path = 'example.txt'  # 待处理文件路径encrypted_file_path = 'encrypted_example.enc'  # 加密后文件路径decrypted_file_path = 'decrypted_example.txt'  # 解密后文件路径sign_file_path = 'sign_example.txt'  # 数字签名文件路径key = b'\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10'  # SM4算法密钥iv = b'\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10'  # SM4算法初始化向量private_key_path = '/root/sm2_private.pem'  # SM2算法私钥文件路径public_key_path = '/root/sm2_public.pem'    # SM2算法公钥文件路径password = "123456"  # 私钥文件的密码# 加密文件encrypt_file(input_file_path, encrypted_file_path, key, iv)# 解密文件decrypt_file(encrypted_file_path, decrypted_file_path, key, iv)# 生成数字签名sign_file(private_key_path, password, input_file_path, sign_file_path)# 验证数字签名verify_result = verify_file_signature(public_key_path, input_file_path, sign_file_path)logging.info(f"数字签名验证结果：{verify_result}")# 检查文件完整性hash_value = check_file_integrity(input_file_path)logging.info(f"文件的SM3哈希值：{hash_value}")