How to Use the Command 'gmssl' (with Examples)
GmSSL is a comprehensive cryptographic toolkit that is widely used to ensure data security and integrity. It supports a variety of Chinese cryptographic algorithms, such as SM1, SM2, SM3, SM4, SM9, and ZUC/ZUC256. Through its command-line interface, users can easily generate cryptographic keys, encrypt and decrypt files, and compute message digests, among other tasks. This article provides examples of how to use various GmSSL commands, explaining their purposes and detailing their outputs.
Generate an SM3 Hash for a File (with Examples)
Code:
gmssl sm3 path/to/file
Motivation:
Hash functions play a crucial role in ensuring data integrity. When you need to verify that a file has not been tampered with, generating a hash is the way to go. SM3 is a hash function commonly used in China, providing a secure way to generate message digests. This command is particularly useful for verifying data integrity in digital communications and file storage.
Explanation:
gmssl: Invokes the GmSSL command-line tool.sm3: Specifies the SM3 hash algorithm.path/to/file: Indicates the path to the input file whose hash you want to generate.
Example Output:
SM3(path/to/file)= E6305F83000B7EA22F1EA6727372AB59A94607A7F2D773BE58560E7310A4
This output is the SM3 hash of the specified file, which can be used for integrity checks.
Encrypt a File Using the SM4 Cipher (with Examples)
Code:
gmssl sms4 -e -in path/to/file -out path/to/file.sms4
Motivation:
Encryption is essential for protecting sensitive information from unauthorized access. The SM4 cipher is a symmetric-key block cipher, widely used in Chinese encryption standards. Encrypting files with SM4 ensures that your confidential information remains secure during storage and transmission.
Explanation:
gmssl: Invokes the GmSSL command-line tool.sms4: Specifies the use of the SM4 encryption algorithm.-e: Stands for encryption mode.-in path/to/file: Specifies the input file to be encrypted.-out path/to/file.sms4: Indicates where to save the encrypted output.
Example Output:
SM4 encryption completed successfully. Output file: path/to/file.sms4
This confirms the successful encryption and the location of the encrypted file.
Decrypt a File Using the SM4 Cipher (with Examples)
Code:
gmssl sms4 -d -in path/to/file.sms4
Motivation:
Decryption is the process of converting encrypted data back into its original form. This is crucial for authorized users to access the information. Using the SM4 cipher’s decryption feature allows users to safely retrieve the original contents of a file that was previously encrypted.
Explanation:
gmssl: Invokes the GmSSL command-line tool.sms4: Specifies the use of the SM4 algorithm.-d: Stands for decryption mode.-in path/to/file.sms4: Specifies the input file to be decrypted, which was previously encrypted.
Example Output:
SM4 decryption completed successfully.
This indicates that the file has been successfully decrypted and restored to its original format.
Generate an SM2 Private Key (with Examples)
Code:
gmssl sm2 -genkey -out path/to/file.pem
Motivation:
Private keys are fundamental to asymmetric cryptography, where they enable secure communication and authentication. Generating an SM2 private key is essential for creating digital signatures, establishing secure communication channels, and managing encryption in systems that adhere to Chinese cryptographic standards.
Explanation:
gmssl: Invokes the GmSSL command-line tool.sm2: Specifies the SM2 public key cryptographic algorithm.-genkey: Indicates that a new private key is to be generated.-out path/to/file.pem: Specifies where to save the generated private key.
Example Output:
SM2 private key generated successfully. Output file: path/to/file.pem
This message confirms the key generation and the location of the saved private key file.
Generate an SM2 Public Key from an Existing Private Key (with Examples)
Code:
gmssl sm2 -pubout -in path/to/file.pem -out path/to/file.pem.pub
Motivation:
The generation of public keys is a critical step in asymmetric cryptography as they are used together with private keys to encrypt data and verify signatures. Extracting a public key from an existing SM2 private key facilitates secure communication by allowing others to send you encrypted messages.
Explanation:
gmssl: Invokes the GmSSL command-line tool.sm2: Specifies the SM2 cryptographic algorithm.-pubout: Instructs GmSSL to output a public key.-in path/to/file.pem: Specifies the input file containing the existing private key.-out path/to/file.pem.pub: Specifies where to save the extracted public key.
Example Output:
SM2 public key extracted successfully. Output file: path/to/file.pem.pub
This result confirms the successful extraction of the public key.
Encrypt a File Using the ZUC Cipher (with Examples)
Code:
gmssl zuc -e -in path/to/file -out path/to/file.zuc
Motivation:
The ZUC stream cipher is vital for encrypting data in mobile communications, ensuring data remains secure from interception. Encrypting files using ZUC is particularly advantageous in environments relying on the security of data in transit within cellular networks.
Explanation:
gmssl: Invokes the GmSSL command-line tool.zuc: Specifies the use of the ZUC encryption algorithm.-e: Indicates encryption mode.-in path/to/file: Designates the file to be encrypted.-out path/to/file.zuc: Specifies the destination for the encrypted file.
Example Output:
ZUC encryption completed successfully. Output file: path/to/file.zuc
This output confirms the encryption process and the storage location of the encrypted data.
Decrypt a File Using the ZUC Cipher (with Examples)
Code:
gmssl zuc -d -in path/to/file.zuc
Motivation:
Decrypting data encrypted with the ZUC cipher is essential for accessing the original content. This capability is crucial in scenarios where data needs to be securely transmitted and subsequently accessed by authorized parties, such as in mobile communication networks.
Explanation:
gmssl: Invokes the GmSSL command-line tool.zuc: Specifies the use of the ZUC cipher.-d: Stands for decryption mode.-in path/to/file.zuc: Specifies the file to be decrypted.
Example Output:
ZUC decryption completed successfully.
This indicates that the file has been successfully restored to its original, readable format.
Display Version (with Examples)
Code:
gmssl version
Motivation:
Knowing the version of the software you are using is crucial for compatibility, troubleshooting, and ensuring the latest security updates and features are at your disposal. Checking the version of GmSSL can help verify that you have the most recent version or help you diagnose errors in cryptographic processes.
Explanation:
gmssl: Invokes the GmSSL command-line tool.version: Requests the current version information of GmSSL.
Example Output:
GmSSL 3.0.0 - OpenSSL 1.2, China Cryptography Standard
This provides the version details, indicating the release and any relevant cryptographic standards supported.
Conclusion:
Through this article, we have explored various use cases of the GmSSL command-line tool, emphasizing the versatility and power it brings to tasks related to cryptographic operations. By following the detailed examples provided, users can effectively implement secure data practices using established Chinese cryptographic standards. GmSSL stands out as an indispensable tool for anyone looking to enhance their security operations in environments where data privacy and integrity are paramount.
