Generating and checking SM2 signatures

Jörg Heßdörfer Joerg.Hessdoerfer at sea-gmbh.com
Fri Apr 24 11:53:14 UTC 2020 

Hello Billy,

On 23.04.2020 04:36, Billy Brumley wrote:
>> I'm tasked to implement certain cryptographic functions (chiefly
>> signature creation/validation) using the SM2 algorithm for a
>> communication testing application. My problem is that the standard which
>> I need to follow (which is, unfortunately, not a public standard) states
>> that the signature needs to be generated over H(data input) || H(some
>> ID) , so I cannot use the EVP-Method as I understand it from
>> https://www.openssl.org/docs/manmaster/man7/SM2.html (here, H is the SM3
>> hash function). This would be possible to achieve by generating the
>> digest and then using the (albeit deprecated) function ECDSA_do_sign for
>> ECDSA but I don't know how to do it for SM2.
> It seems like you're trying to roll your own SM2 -- don't do that ;)

No, actually I don't. But tell that the standards groups ;-)

>> Is there any way to do this with openssl? Any help or pointer is very
>> much appreciated!
> I ... think it is possible directly with EVP and control strings. Step through
>
> openssl pkeyutl -inkey private.key -in /some/file -rawin -sign
> -pkeyopt sm2_id:foobar
>
> in a debugger and that should get you on the right path.
>
> BBB
thanks for the pointer! This got me started in the right direction. I 
did not use the debugger, but the source code of pkeyutil instead ;-)

I can now (I hope) generate signatures without using the built-in digest 
hash first, by simply calling

EVP_DigestSignInit(mctx, NULL, NULL, NULL, pkey)

instead of

EVP_DigestSignInit(mctx, NULL, EVP_sm3(), NULL, pkey)

Thank you again and stay well,
     Jörg

-- 
Jörg Heßdörfer
S.E.A. Datentechnik GmbH
Mülheimer Straße 7
53840 Troisdorf
Tel.: +49 2241 12737-19
Fax.: +49 2241 12737-14
E-Mail: Joerg.Hessdoerfer at sea-gmbh.com
Web : http://www.sea-gmbh.com

Informationen nach 37aHGB, 35a GmbH-Gesetz:
S.E.A.
Science& Engineering Applications
Datentechnik GmbH
Sitz der Gesellschaft Köln
Handelsregister Köln HRB 27016
Geschäftsführer: Dr. Gerd Schmitz, Wolfram Koerver

More information about the openssl-users mailing list