基于AnolisOS 8.6安装GmSSL 3.1.1及easy_gmssl库测试国密算法

测试环境

Virtual Box，AnolisOS-8.6-x86_64-minimal.iso，4 vCPU, 8G RAM, 60 vDisk。最小化安装。需联网。

系统环境

关闭防火墙
systemctl stop firewalld
systemctl disable firewalld
systemctl status firewalld
selinux关闭
cat /etc/selinux/config

安装Python39

dnf install -y python39 python39-pip

配置国内pip源

mkdir -p ~/.pip
touch ~/.pip/pip.conf
vi ~/.pip/pip.conf

[global]
trusted-host=mirrors.aliyun.com
index-url=http://mirrors.aliyun.com/pypi/simple/

安装easy_gmssl

安装依赖
dnf install -y gcc cmake
安装easy_gmssl库
pip3 install easy_gmssl

安装GmSSL 3.1.1

tar -zxvf GmSSL-3.1.1.tar.gz

cd GmSSL-3.1.1
mkdir build
cd build
cmake ..
make
make install

vi /etc/ld.so.conf，添加一行：
/usr/local/lib
加载动态链接
ldconfig

验证版本
gmssl version

生成公钥和私钥
gmssl sm2keygen -pass 123456 -out sm2_private.pem -pubout sm2_public.pem

基于easy_gmssl国密算法的加解密验签小脚本

from easy_gmssl import EasySM2SignKey, EasySM2VerifyKey, EasySm4CBC, EasySM3Digest
import os
import logging

# 配置日志
logging.basicConfig(level=logging.INFO, format='%(asctime)s - %(levelname)s - %(message)s')

def sm4_encrypt(key, iv, plaintext):
    """
    使用SM4算法进行加密
    :param key: 密钥，长度为16字节
    :param iv: 初始化向量，长度为16字节
    :param plaintext: 明文数据
    :return: 加密后的密文
    """
    sm4 = EasySm4CBC(key, iv, True)
    ciphertext = sm4.Update(plaintext) + sm4.Finish()
    return ciphertext

def sm4_decrypt(key, iv, ciphertext):
    """
    使用SM4算法进行解密
    :param key: 密钥，长度为16字节
    :param iv: 初始化向量，长度为16字节
    :param ciphertext: 密文数据
    :return: 解密后的明文
    """
    sm4 = EasySm4CBC(key, iv, False)
    plaintext = sm4.Update(ciphertext) + sm4.Finish()
    return plaintext

def sm3_hash(data):
    """
    使用SM3算法进行哈希计算
    :param data: 待哈希的数据
    :return: 哈希值
    """
    sm3 = EasySM3Digest()
    sm3.UpdateData(data)
    hash_value, _, _ = sm3.GetHash()
    return hash_value.hex()

def sm2_sign(private_key_path, password, data):
    """
    使用SM2算法生成数字签名
    :param private_key_path: 私钥文件路径
    :param password: 私钥文件的密码
    :param data: 待签名的数据
    :return: 数字签名
    """
    sm2_signer = EasySM2SignKey(pem_private_key_file=private_key_path, password=password)
    sm2_signer.UpdateData(data)
    signature = sm2_signer.GetSignValue()
    return signature.hex()

def sm2_verify(public_key_path, data, signature):
    """
    使用SM2算法验证数字签名
    :param public_key_path: 公钥文件路径
    :param data: 待验证的数据
    :param signature: 数字签名
    :return: 验证结果，True表示验证通过，False表示验证失败
    """
    sm2_verifier = EasySM2VerifyKey(pem_public_key_file=public_key_path)
    sm2_verifier.UpdateData(data)
    return sm2_verifier.VerifySignature(bytes.fromhex(signature))

def encrypt_file(input_file_path, output_file_path, key, iv):
    """
    加密文件
    :param input_file_path: 待加密文件路径
    :param output_file_path: 加密后文件输出路径
    :param key: SM4算法密钥
    :param iv: SM4算法初始化向量
    """
    with open(input_file_path, 'rb') as f:
        plaintext = f.read()
    ciphertext = sm4_encrypt(key, iv, plaintext)
    with open(output_file_path, 'wb') as f:
        f.write(ciphertext)
    logging.info(f"文件加密完成，输出路径：{output_file_path}")

def decrypt_file(input_file_path, output_file_path, key, iv):
    """
    解密文件
    :param input_file_path: 待解密文件路径
    :param output_file_path: 解密后文件输出路径
    :param key: SM4算法密钥
    :param iv: SM4算法初始化向量
    """
    with open(input_file_path, 'rb') as f:
        ciphertext = f.read()
    plaintext = sm4_decrypt(key, iv, ciphertext)
    with open(output_file_path, 'wb') as f:
        f.write(plaintext)
    logging.info(f"文件解密完成，输出路径：{output_file_path}")

def sign_file(private_key_path, password, input_file_path, output_file_path):
    """
    对文件生成数字签名
    :param private_key_path: SM2算法私钥文件路径
    :param password: 私钥文件的密码
    :param input_file_path: 待签名文件路径
    :param output_file_path: 数字签名输出路径
    """
    with open(input_file_path, 'rb') as f:
        data = f.read()
    sign = sm2_sign(private_key_path, password, data)
    with open(output_file_path, 'w') as f:
        f.write(sign)
    logging.info(f"数字签名生成完成，输出路径：{output_file_path}")

def verify_file_signature(public_key_path, input_file_path, sign_file_path):
    """
    验证文件的数字签名
    :param public_key_path: SM2算法公钥文件路径
    :param input_file_path: 待验证文件路径
    :param sign_file_path: 数字签名文件路径
    :return: 验证结果
    """
    with open(input_file_path, 'rb') as f:
        data = f.read()
    with open(sign_file_path, 'r') as f:
        sign = f.read()
    result = sm2_verify(public_key_path, data, sign)
    return result

def check_file_integrity(input_file_path):
    """
    检查文件的完整性
    :param input_file_path: 待检查文件路径
    :return: 文件的SM3哈希值
    """
    with open(input_file_path, 'rb') as f:
        data = f.read()
    hash_value = sm3_hash(data)
    return hash_value

if __name__ == "__main__":
    # 示例使用
    input_file_path = 'example.txt'  # 待处理文件路径
    encrypted_file_path = 'encrypted_example.enc'  # 加密后文件路径
    decrypted_file_path = 'decrypted_example.txt'  # 解密后文件路径
    sign_file_path = 'sign_example.txt'  # 数字签名文件路径

    key = b'\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10'  # SM4算法密钥
    iv = b'\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10'  # SM4算法初始化向量

    private_key_path = '/root/sm2_private.pem'  # SM2算法私钥文件路径
    public_key_path = '/root/sm2_public.pem'    # SM2算法公钥文件路径
    password = "123456"  # 私钥文件的密码

    # 加密文件
    encrypt_file(input_file_path, encrypted_file_path, key, iv)

    # 解密文件
    decrypt_file(encrypted_file_path, decrypted_file_path, key, iv)

    # 生成数字签名
    sign_file(private_key_path, password, input_file_path, sign_file_path)

    # 验证数字签名
    verify_result = verify_file_signature(public_key_path, input_file_path, sign_file_path)
    logging.info(f"数字签名验证结果：{verify_result}")

    # 检查文件完整性
    hash_value = check_file_integrity(input_file_path)
    logging.info(f"文件的SM3哈希值：{hash_value}")