Comments (5)
emmansun
commented on June 14, 2024
如果你的未加密私钥符合RFC 5915,那么可以用:
/*
from RFC 5915
ECPrivateKey ::= SEQUENCE {
version INTEGER, -- value MUST be (1)
privateKey OCTET STRING, -- big endian encoding of integer 这里不是以INTEGER编码的,因此长度固定
parameters [0] EXPLICIT ECParameters OPTIONAL,
-- ONLY namedCurve OID is permitted, by RFC 5480
-- MUST always include this field, by RFC 5915
publicKey [1] EXPLICIT BIT STRING OPTIONAL -- compressed_point
-- SHOULD always include this field, by RFC 5915 }
ECParameters ::= CHOICE { namedCurve OBJECT IDENTIFIER }
*/
sm2_private_key_from_pem
sm2_private_key_from_der
如果是无加密的pkcs#8,则用
/*
PKCS #8 PrivateKeyInfo from RFC 5208
PrivateKeyInfo ::= SEQUENCE {
version Version { v1(0) },
privateKeyAlgorithm AlgorithmIdentifier,
privateKey OCTET STRING, -- DER-encoding of ECPrivateKey
attributes [0] IMPLICIT SET OF Attribute OPTIONAL }
*/
sm2_private_key_info_from_pem
sm2_private_key_info_from_der
from gmssl.
ChuLiqiang
commented on June 14, 2024
如果你的未加密私钥符合RFC 5915,那么可以用:
/* from RFC 5915 ECPrivateKey ::= SEQUENCE { version INTEGER, -- value MUST be (1) privateKey OCTET STRING, -- big endian encoding of integer 这里不是以INTEGER编码的,因此长度固定 parameters [0] EXPLICIT ECParameters OPTIONAL, -- ONLY namedCurve OID is permitted, by RFC 5480 -- MUST always include this field, by RFC 5915 publicKey [1] EXPLICIT BIT STRING OPTIONAL -- compressed_point -- SHOULD always include this field, by RFC 5915 } ECParameters ::= CHOICE { namedCurve OBJECT IDENTIFIER } */ sm2_private_key_from_pem sm2_private_key_from_der如果是无加密的pkcs#8,则用
/* PKCS #8 PrivateKeyInfo from RFC 5208 PrivateKeyInfo ::= SEQUENCE { version Version { v1(0) }, privateKeyAlgorithm AlgorithmIdentifier, privateKey OCTET STRING, -- DER-encoding of ECPrivateKey attributes [0] IMPLICIT SET OF Attribute OPTIONAL } */ sm2_private_key_info_from_pem sm2_private_key_info_from_der
您好,我们跟踪了一下代码,发现是GMSSL中的私钥带了一个"a0",但是我们获取到的私钥没有包含“a0”,这块有标准吗? 这个碰到一些问题是不是就需要改源码?
<OBJECT_IDENTIFIER Comment="China GM Standards Committee" Description="sm2ECC">1.2.156.10197.1.301</OBJECT_IDENTIFIER>
GMSSL解析出的未加密的私钥和ASN.1值:
-----BEGIN PRIVATE KEY-----
MIGTAgEAMBMGByqGSM49AgEGCCqBHM9VAYItBHkwdwIBAQQgTIpwoZcgX4s0Gl4B
pc+/Fk0qMCqwalAVz/3gDk76wvCgCgYIKoEcz1UBgi2hRANCAASxBIypyTZzpYTh
LX2zJRwagYdLhDm/HKt8BFrEtFMRNdR3cRsptnQ3B65GVMl5cza5y08sO+M6YsGh
zaz5FZVG
-----END PRIVATE KEY-----
<SEQUENCE>
<INTEGER/>
<SEQUENCE>
<OBJECT_IDENTIFIER Comment="ANSI X9.62 public key type" Description="ecPublicKey">1.2.840.10045.2.1</OBJECT_IDENTIFIER>
<OBJECT_IDENTIFIER Comment="China GM Standards Committee" Description="sm2ECC">1.2.156.10197.1.301</OBJECT_IDENTIFIER>
</SEQUENCE>
<OCTET_STRING>
<SEQUENCE>
<INTEGER>1</INTEGER>
<OCTET_STRING>0x4C8A70A197205F8B341A5E01A5CFBF164D2A302AB06A5015CFFDE00E4EFAC2F0</OCTET_STRING>
<NODE Sign="a0">
<OBJECT_IDENTIFIER Comment="China GM Standards Committee" Description="sm2ECC">1.2.156.10197.1.301</OBJECT_IDENTIFIER>
</NODE>
<NODE Sign="a1">
<BIT_STRING>0x0004B1048CA9C93673A584E12D7DB3251C1A81874B8439BF1CAB7C045AC4B4531135D477711B29B6743707AE4654C9797336B9CB4F2C3BE33A62C1A1CDACF9159546</BIT_STRING>
</NODE>
</SEQUENCE>
</OCTET_STRING>
</SEQUENCE>
其它人提供的私钥格式:
-----BEGIN PRIVATE KEY-----
MIGHAgEAMBMGByqGSM49AgEGCCqBHM9VAYItBG0wawIBAQQgOa3ppbTLiG5kUG6n
kubkr/0I+Ebivvodq9BaQYMpNsKhRANCAAScDe21aIlS3W0XSwQ8AuBiF681dhJR
rqXMnhlsYzw1CIdGW9ptWuWZwsgbWXVvIOj+2ud26/mrR1B0WZ9iKGHZ
-----END PRIVATE KEY-----
<SEQUENCE>
<INTEGER/>
<SEQUENCE>
<OBJECT_IDENTIFIER Comment="ANSI X9.62 public key type" Description="ecPublicKey">1.2.840.10045.2.1</OBJECT_IDENTIFIER>
<OBJECT_IDENTIFIER Comment="China GM Standards Committee" Description="sm2ECC">1.2.156.10197.1.301</OBJECT_IDENTIFIER>
</SEQUENCE>
<OCTET_STRING>
<SEQUENCE>
<INTEGER>1</INTEGER>
<OCTET_STRING>0x39ADE9A5B4CB886E64506EA792E6E4AFFD08F846E2BEFA1DABD05A41832936C2</OCTET_STRING>
<NODE Sign="a1">
<BIT_STRING>0x00049C0DEDB5688952DD6D174B043C02E06217AF35761251AEA5CC9E196C633C350887465BDA6D5AE599C2C81B59756F20E8FEDAE776EBF9AB475074599F622861D9</BIT_STRING>
</NODE>
</SEQUENCE>
</OCTET_STRING>
</SEQUENCE>
from gmssl.
emmansun
commented on June 14, 2024
你这个a0部分(tag 0)就是ECPrivateKey的
parameters [0] EXPLICIT ECParameters OPTIONAL,
-- ONLY namedCurve OID is permitted, by RFC 5480
-- MUST always include this field, by RFC 5915
部分,绝大部分实现应该包含这个值。当然,如果解析功能做得兼容性好一点,也能解析。
Line 216 in cfdcd0c
if (asn1_int_from_der(&ver, &d, &dlen) != 1
|| asn1_octet_string_from_der(&prikey, &prikey_len, &d, &dlen) != 1
|| asn1_explicit_from_der(0, ¶ms, ¶ms_len, &d, &dlen) != 1
|| asn1_explicit_from_der(1, &pubkey, &pubkey_len, &d, &dlen) != 1
|| asn1_check(ver == EC_private_key_version) != 1
|| asn1_length_is_zero(dlen) != 1) {
error_print();
return -1;
}这个实现看来是必须要有ECParameters的。
from gmssl.
ChuLiqiang
commented on June 14, 2024
你这个a0部分(tag 0)就是ECPrivateKey的
parameters [0] EXPLICIT ECParameters OPTIONAL, -- ONLY namedCurve OID is permitted, by RFC 5480 -- MUST always include this field, by RFC 5915部分,绝大部分实现应该包含这个值。当然,如果解析功能做得兼容性好一点,也能解析。
Line 216 in cfdcd0c
if (asn1_int_from_der(&ver, &d, &dlen) != 1 || asn1_octet_string_from_der(&prikey, &prikey_len, &d, &dlen) != 1 || asn1_explicit_from_der(0, ¶ms, ¶ms_len, &d, &dlen) != 1 || asn1_explicit_from_der(1, &pubkey, &pubkey_len, &d, &dlen) != 1 || asn1_check(ver == EC_private_key_version) != 1 || asn1_length_is_zero(dlen) != 1) { error_print(); return -1; }这个实现看来是必须要有ECParameters的。
parameters [0] EXPLICIT ECParameters OPTIONAL,
-- ONLY namedCurve OID is permitted, by RFC 5480
-- MUST always include this field, by RFC 5915
上面这个你从哪看的?
from gmssl.
emmansun
commented on June 14, 2024
项目源代码啊include/gmssl/sm2.h。当然目前不加密的私钥封装主要也就这两种:RFC 5915/SEC1,pkcs#8。
from gmssl.
Related Issues (20)
- 使用国密提供的cUrl工具(gmcurl_linux_x64)测试openresty+gmssl2.5.4国密双证书时,时通时不通,详细信息如下: HOT 2
- 您好,我想要一份开发者文档
- 可否调整WIndows版release可执行文件的依赖库 HOT 1
- 能否增加去除sm2私钥密码保护的功能
- V3.1.1使用windows 10 Visual studio 2022 编译时报错 HOT 1
- 按 README 所说无法得到 Linux 下的静态库 HOT 1
- 3.0比2.0的并发加解密性能低?
- 3.0比2.0的并发加解密性能低?
- 官网 403 HOT 1
- 加密证书签发问题
- 请问3.1.1版本是否支持AIX HOT 2
- Python的ssl加载证书出错
- 国密 tomcat已经验证没问题, 使用iOS 的GmSSL最新sdk访问 localhost 报错,访问其他国密地址没有问题
- sm2.h文件报不存在 HOT 2
- 请求新加全局控制打印函数的功能,可以使得gmssl库不打屏 HOT 1
- 请求添加类似openssl 的 sslPending 的函数接口
- 请求添加 获取 TLS_CTX 、TLS_CONNECT 的size的接口
- sm2_encrypt_demo.c运行解密失败 HOT 2
- win 下面 golang cgo编译 报/x86_64-w64-mingw32/bin/ld.exe: cannot find -lgmssl HOT 1
- 可否在sm2_signtest.c添加secp256r1曲线的相关代码? HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from gmssl.