sm2证书生成(openssl3.0)

时间:2024-06-10 14:47:01

1、下载安装包
https://www.openssl.org/source/openssl-3.0.14.tar.gz

2、解压到指定位置
/appserver/openssl-3.0.14

3、安装依赖包
yum -y install gcc perl make zlib-devel perl-CPAN

4、编译
./config shared --prefix=/appserver/SM
make depend
make
make install

5、更新动态链接库数据
echo "/appserver/SM/lib64" >> /etc/ld.so.conf
注意目录不是lib了,变成lib64了

6、重新加载动态链接库
ldconfig -v

7、使用
cd /appserver/SM/bin/
./openssl version -a

8、生成密钥
./openssl ecparam -genkey -name SM2 -out sm2PriKey.pem
./openssl pkey -in sm2PriKey.pem -pubout -out sm2PubKey.pem
./openssl pkey -in sm2PriKey.pem -text
./openssl pkcs8 -topk8 -inform PEM -in sm2PriKey.pem -outform pem -nocrypt -out sm2PriKeyPkcs8.pem
注意命令有变化不能用openssl ec工具查看,不知道为啥???
会报错:
read EC key
unable to enable public key encoding
4087CB19AE7F0000:error:030000A3:digital envelope routines:EVP_PKEY_set_params:invalid key:crypto/evp/p_lib.c:2380:

9、生成的密钥
sm2PubKey.pem

-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEybmKGpoI5d/oTwu4d+TQPk64NcYs
lmCjNMTfSsLgdtORNIJAbfLzv5VAJj0hhUBki5dcpRcZcuCaC+tJElfXSg==
-----END PUBLIC KEY-----

sm2PriKeyPkcs8.pem

-----BEGIN PRIVATE KEY-----
MIGHAgEAMBMGByqGSM49AgEGCCqBHM9VAYItBG0wawIBAQQgMAxtsR1bNnXQgNNH
4u9MB9xJJ1ONJSyfWETQpMLwvhmhRANCAATJuYoamgjl3+hPC7h35NA+Trg1xiyW
YKM0xN9KwuB205E0gkBt8vO/lUAmPSGFQGSLl1ylFxly4JoL60kSV9dK
-----END PRIVATE KEY-----

./openssl pkey -in sm2PriKey.pem -text

-----BEGIN PRIVATE KEY-----
MIGHAgEAMBMGByqGSM49AgEGCCqBHM9VAYItBG0wawIBAQQgMAxtsR1bNnXQgNNH
4u9MB9xJJ1ONJSyfWETQpMLwvhmhRANCAATJuYoamgjl3+hPC7h35NA+Trg1xiyW
YKM0xN9KwuB205E0gkBt8vO/lUAmPSGFQGSLl1ylFxly4JoL60kSV9dK
-----END PRIVATE KEY-----
Private-Key: (256 bit)
priv:
    30:0c:6d:b1:1d:5b:36:75:d0:80:d3:47:e2:ef:4c:
    07:dc:49:27:53:8d:25:2c:9f:58:44:d0:a4:c2:f0:
    be:19
pub:
    04:c9:b9:8a:1a:9a:08:e5:df:e8:4f:0b:b8:77:e4:
    d0:3e:4e:b8:35:c6:2c:96:60:a3:34:c4:df:4a:c2:
    e0:76:d3:91:34:82:40:6d:f2:f3:bf:95:40:26:3d:
    21:85:40:64:8b:97:5c:a5:17:19:72:e0:9a:0b:eb:
    49:12:57:d7:4a
ASN1 OID: SM2