Using SM2 ECIES in 1.1.1

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Using SM2 ECIES in 1.1.1

Akira Takahashi
Hi all,


Since the version 1.1.1 supports the SM2 public key cryptography suite I am
trying to test its ECIES (found in crypto/sm2/sm2_crypto.c) over different
standardized prime curves i.e. not just sm2p256v1.

Is there CLI or minimal code snippet to achieve it via the EVP interface?

The current man page of SM2 seems to only describe SM2 as a signature algorithm,
but not as a public key encryption.


Thank you in advance for your help!

Akira



--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Using SM2 ECIES in 1.1.1

Matt Caswell-2


On 24/10/2018 15:55, Akira Takahashi wrote:

> Hi all,
>
>
> Since the version 1.1.1 supports the SM2 public key cryptography suite I
> am trying to test its ECIES (found in crypto/sm2/sm2_crypto.c) over
> different standardized prime curves i.e. not just sm2p256v1.
>
> Is there CLI or minimal code snippet to achieve it via the EVP interface?
>
> The current man page of SM2 seems to only describe SM2 as a signature
> algorithm, but not as a public key encryption.

You can use the EVP_PKEY_encrypt() function for this purpose.

A generic example (not SM2 specific) is on the EVP_PKEY_encrypt() man page:

https://www.openssl.org/docs/man1.1.1/man3/EVP_PKEY_encrypt.html

Doing this for SM2 is essentially the same as shown in that example
except of course don't call the RSA specific
EVP_PKEY_CTX_set_rsa_padding() function.

Setting up of the EVP_PKEY itself to contain an SM2 key is the same as
for sign/verify, i.e. you need to call EVP_PKEY_set_alias_type(). There
is no need to set an id though. See:

https://www.openssl.org/docs/man1.1.1/man7/SM2.html

Hope that helps,

Matt
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Using SM2 ECIES in 1.1.1

Akira Takahashi
Thanks a lot for your advice.
Just calling EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2) right after loading a key worked perfectly and I was able to reuse the code in pkeyutl since everything else was indeed almost identical to RSA!

Best regards,
Akira

On 10/25/2018 12:14 AM, Matt Caswell wrote:

>
> On 24/10/2018 15:55, Akira Takahashi wrote:
>> Hi all,
>>
>>
>> Since the version 1.1.1 supports the SM2 public key cryptography suite I
>> am trying to test its ECIES (found in crypto/sm2/sm2_crypto.c) over
>> different standardized prime curves i.e. not just sm2p256v1.
>>
>> Is there CLI or minimal code snippet to achieve it via the EVP interface?
>>
>> The current man page of SM2 seems to only describe SM2 as a signature
>> algorithm, but not as a public key encryption.
> You can use the EVP_PKEY_encrypt() function for this purpose.
>
> A generic example (not SM2 specific) is on the EVP_PKEY_encrypt() man page:
>
> https://www.openssl.org/docs/man1.1.1/man3/EVP_PKEY_encrypt.html
>
> Doing this for SM2 is essentially the same as shown in that example
> except of course don't call the RSA specific
> EVP_PKEY_CTX_set_rsa_padding() function.
>
> Setting up of the EVP_PKEY itself to contain an SM2 key is the same as
> for sign/verify, i.e. you need to call EVP_PKEY_set_alias_type(). There
> is no need to set an id though. See:
>
> https://www.openssl.org/docs/man1.1.1/man7/SM2.html
>
> Hope that helps,
>
> Matt

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users