NAME<\/a> SM2 \u2212 Chinese SM2 signature and encryption algorithm support<\/p>\n The SM2<\/small><\/b> algorithm was first defined by the Chinese national standard GM\/T 0003\u22122012<\/small> and was later standardized by ISO<\/small> as ISO\/IEC 14888. SM2<\/b><\/small> is actually an elliptic curve based algorithm. The current implementation in OpenSSL supports both signature and encryption schemes via the EVP<\/small> interface.<\/p>\n When doing the SM2<\/small><\/b> signature algorithm, it requires a distinguishing identifier to form the message prefix which is hashed before the real message is hashed.<\/p>\n SM2<\/small><\/b> signatures can be generated by using the \u2019DigestSign\u2019 series of APIs, for instance, EVP_DigestSignInit()<\/b>, EVP_DigestSignUpdate()<\/b> and EVP_DigestSignFinal()<\/b>. Ditto for the verification process by calling the \u2019DigestVerify\u2019 series of APIs.<\/p>\n There are several special steps that need to be done before computing an SM2<\/small><\/b> signature.<\/p>\n The EVP_PKEY<\/small><\/b> structure will default to using ECDSA<\/small> for signatures when it is created. It should be set to EVP_PKEY_SM2<\/small><\/b> by calling:<\/p>\n EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2);<\/p>\n Then an ID<\/small> should be set by calling:<\/p>\n EVP_PKEY_CTX_set1_id(pctx, id, id_len);<\/p>\n When calling the EVP_DigestSignInit()<\/b> or EVP_DigestVerifyInit()<\/b> functions, a preallocated EVP_PKEY_CTX<\/small><\/b> should be assigned to the EVP_MD_CTX<\/small><\/b> . This is done by calling:<\/p>\n EVP_MD_CTX_set_pkey_ctx(mctx, pctx);<\/p>\n And normally there is no need to pass a pctx<\/b> parameter to EVP_DigestSignInit()<\/b> or EVP_DigestVerifyInit()<\/b> in such a scenario.<\/p>\n This example demonstrates the calling sequence for using an EVP_PKEY<\/small><\/b> to verify a message with the SM2<\/small> signature algorithm and the SM3<\/small> hash algorithm:<\/p>\n #include
DESCRIPTION<\/a>
NOTES<\/a>
EXAMPLES<\/a>
SEE ALSO<\/a>
COPYRIGHT<\/a> <\/p>\n
\nNAME <\/a> <\/h2>\n
DESCRIPTION <\/a> <\/h2>\n
NOTES <\/a> <\/h2>\n
EXAMPLES <\/a> <\/h2>\n
\/bin \/boot \/dead.letter \/dev \/etc \/home \/initrd \/lib \/lib64 \/lost+found \/media \/mnt \/opt \/proc \/release-notes.html \/release-notes.txt \/root \/run \/sbin \/srv \/sys \/tmp \/usr \/var obtain an EVP_PKEY using whatever methods… bodies\/ usr\/
EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2);
mctx = EVP_MD_CTX_new();
pctx = EVP_PKEY_CTX_new(pkey, NULL);
EVP_PKEY_CTX_set1_id(pctx, id, id_len);
EVP_MD_CTX_set_pkey_ctx(mctx, pctx);;
EVP_DigestVerifyInit(mctx, NULL, EVP_sm3(), NULL, pkey);
EVP_DigestVerifyUpdate(mctx, msg, msg_len);
EVP_DigestVerifyFinal(mctx, sig, sig_len)<\/p>\nSEE ALSO <\/a> <\/h2>\n