[openssl-users] Using SM2 ECIES in 1.1.1

Akira Takahashi takahashi.akira.58s at kyoto-u.jp
Mon Oct 29 05:27:38 UTC 2018

Thanks a lot for your advice.
Just calling EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2) right after loading a key worked perfectly and I was able to reuse the code in pkeyutl since everything else was indeed almost identical to RSA!

Best regards,

On 10/25/2018 12:14 AM, Matt Caswell wrote:
> On 24/10/2018 15:55, Akira Takahashi wrote:
>> Hi all,
>> Since the version 1.1.1 supports the SM2 public key cryptography suite I
>> am trying to test its ECIES (found in crypto/sm2/sm2_crypto.c) over
>> different standardized prime curves i.e. not just sm2p256v1.
>> Is there CLI or minimal code snippet to achieve it via the EVP interface?
>> The current man page of SM2 seems to only describe SM2 as a signature
>> algorithm, but not as a public key encryption.
> You can use the EVP_PKEY_encrypt() function for this purpose.
> A generic example (not SM2 specific) is on the EVP_PKEY_encrypt() man page:
> https://www.openssl.org/docs/man1.1.1/man3/EVP_PKEY_encrypt.html
> Doing this for SM2 is essentially the same as shown in that example
> except of course don't call the RSA specific
> EVP_PKEY_CTX_set_rsa_padding() function.
> Setting up of the EVP_PKEY itself to contain an SM2 key is the same as
> for sign/verify, i.e. you need to call EVP_PKEY_set_alias_type(). There
> is no need to set an id though. See:
> https://www.openssl.org/docs/man1.1.1/man7/SM2.html
> Hope that helps,
> Matt

More information about the openssl-users mailing list