Generating and checking SM2 signatures
Matt Caswell
matt at openssl.org
Thu Apr 23 08:41:00 UTC 2020
On 23/04/2020 03:36, Billy Brumley wrote:
>> I'm tasked to implement certain cryptographic functions (chiefly
>> signature creation/validation) using the SM2 algorithm for a
>> communication testing application. My problem is that the standard which
>> I need to follow (which is, unfortunately, not a public standard) states
>> that the signature needs to be generated over H(data input) || H(some
>> ID) , so I cannot use the EVP-Method as I understand it from
>> https://www.openssl.org/docs/manmaster/man7/SM2.html (here, H is the SM3
>> hash function). This would be possible to achieve by generating the
>> digest and then using the (albeit deprecated) function ECDSA_do_sign for
>> ECDSA but I don't know how to do it for SM2.
>
> It seems like you're trying to roll your own SM2 -- don't do that ;)
Agreed - I echo Billy's concern!
>
>> Is there any way to do this with openssl? Any help or pointer is very
>> much appreciated!
>
> I ... think it is possible directly with EVP and control strings. Step through
>
> openssl pkeyutl -inkey private.key -in /some/file -rawin -sign
> -pkeyopt sm2_id:foobar
>
> in a debugger and that should get you on the right path.
Unfortunately, the SM2 id does something different to this I think. I'm
not an SM2 expert but I believe that does:
H( H(stuff || id || other_stuff) || M )
You should be able to use the EVP_PKEY_sign_init()/EVP_PKEY_sign()
functions to sign pre-digested input.
https://www.openssl.org/docs/manmaster/man3/EVP_PKEY_sign.html
Matt
More information about the openssl-users
mailing list