Generating and checking SM2 signatures

Billy Brumley bbrumley at gmail.com
Thu Apr 23 02:36:17 UTC 2020


> I'm tasked to implement certain cryptographic functions (chiefly
> signature creation/validation) using the SM2 algorithm for a
> communication testing application. My problem is that the standard which
> I need to follow (which is, unfortunately, not a public standard) states
> that the signature needs to be generated over H(data input) || H(some
> ID) , so I cannot use the EVP-Method as I understand it from
> https://www.openssl.org/docs/manmaster/man7/SM2.html (here, H is the SM3
> hash function). This would be possible to achieve by generating the
> digest and then using the (albeit deprecated) function ECDSA_do_sign for
> ECDSA but I don't know how to do it for SM2.

It seems like you're trying to roll your own SM2 -- don't do that ;)

> Is there any way to do this with openssl? Any help or pointer is very
> much appreciated!

I ... think it is possible directly with EVP and control strings. Step through

openssl pkeyutl -inkey private.key -in /some/file -rawin -sign
-pkeyopt sm2_id:foobar

in a debugger and that should get you on the right path.

BBB


More information about the openssl-users mailing list