• 欢迎访问速搜资源吧,如果在网站上找不到你需要的资源,可以在留言板上留言,管理员会尽量满足你!

【速搜问答】GmSSL是什么

问答 admin 2年前 (2020-08-28) 627次浏览 已收录 0个评论

汉英对照:
Chinese-English Translation:

GmSSL是一个开源的密码工具箱,支持SM2/SM3/SM4/SM9/ZUC等国密(国家商用密码)算法、SM2国密数字证书及基于SM2证书的SSL/TLS安全通信协议,支持国密硬件密码设备,提供符合国密规范的编程接口与命令行工具。

Gmssl is an open source password toolbox, which supports SM2 / SM3 / SM4 / SM9 / zuc and other national secret (national commercial cipher) algorithms, SM2 national secret digital certificate and SSL / TLS secure communication protocol based on SM2 certificate. It supports national secret hardware cryptographic equipment, and provides programming interface and command-line tools conforming to the national secret specification.

GmSSL 是一个开源的密码工具箱,支持 SM2/SM3/SM4/SM9/ZUC 等国密(国家商用密码)算法、SM2 国密数字证书及基于 SM2 证书的 SSL/TLS 安全通信协议,支持国密硬件密码设备,提供符合国密规范的编程接口与命令行工具,可以用于构建 PKI/CA、安全通信、数据加密等符合国密标准的安全应用。GmSSL 项目是 OpenSSL 项目的分支,并与 OpenSSL 保持接口兼容。因此 GmSSL 可以替代应用中的 OpenSSL 组件,并使应用自动具备基于国密的安全能力。GmSSL 项目采用对商业应用友好的类 BSD 开源许可证,开源且可以用于闭源的商业应用。

Gmssl is an open source password toolbox, which supports SM2 / SM3 / SM4 / SM9 / zuc and other national secret (national commercial cipher) algorithm, SM2 national secret digital certificate and SSL / TLS secure communication protocol based on SM2 certificate. It supports national secret hardware cryptographic equipment, provides programming interface and command-line tools that conform to the national secret specification, and can be used to build PKI / Ca, secure communication, data encryption and other security applications that meet the national security standards. The gmssl project is a branch of the OpenSSL project and maintains interface compatibility with OpenSSL. Therefore, gmssl can replace the OpenSSL component in the application and make the application automatically have the security capability based on the national secret. Gmssl project adopts BSD like open source license which is friendly to commercial application, and can be used for closed source commercial applications.

GmSSL 项目由北京大学关志副研究员的密码学研究组开发维护,项目源码托管于 GitHub。自 2014 年发布以来,GmSSL 已经在多个项目和产品中获得部署与应用,并获得 2015 年度“一铭杯”中国 Linux 软件大赛二等奖(年度最高奖项)与开源中国密码类推荐项目。GmSSL 项目的核心目标是通过开源的密码技术推动国内网络空间安全建设。

Gmssl project is developed and maintained by the cryptography research group of Guan Zhi, associate researcher of Peking University. The source code of the project is hosted in GitHub. Since its release in 2014, gmssl has been deployed and applied in a number of projects and products, and won the second prize of 2015 “Yiming Cup” China linux software competition (the highest award of the year) and the open source Chinese cryptography recommendation project. The core goal of gmssl project is to promote the construction of domestic Cyberspace Security through open source cryptography technology.

关键特性

Key features

支持 SM2/SM3/SM4/SM9/ZUC 等全部已公开国密算法

Support SM2 / SM3 / SM4 / SM9 / zuc and other public secret algorithms

支持国密 SM2 双证书 SSL 套件和国密 SM9 标识密码套件

Support Sm2 Dual Certificate SSL suite and SM9 identity cipher suite

高效实现在主流处理器上可完成 4.5 万次 SM2 签名[^注 1]

Efficient implementation can complete 45000 SM2 signatures on mainstream processors

支持动态接入具备 SKF/SDF 接口的硬件密码模块[^注 2]

Support dynamic access to hardware cryptographic module with SKF / SDF interface [^ note 2]

支持门限签名、秘密共享和白盒密码等高级安全特性[^注 2]

It supports advanced security features such as threshold signature, secret sharing and white box cryptography

支持 Java、Go、PHP 等多语言接口绑定和 REST 服务接口

Support Java, go, PHP and other multi language interface binding and rest service interface

路线图

road map

更快、更小、更安全是下一个大版本升级(GmSSL v3.0)的主要目标,我们将从下列方向进行改进:

Faster, smaller and more secure are the main goals of the next big version upgrade (gmssl V3.0). We will make improvements in the following directions:

采用 CMake 替代目前基于 Perl 的构建系统

Cmake is used to replace the current Perl based construction system

支持 Linux/Windows/macOS/Android/iOS 等主流操作系统,移除对嵌入式 OS 等其他系统的支持

Support mainstream operating systems such as Linux / Windows / MacOS / Android / IOS, and remove support for other systems such as embedded OS

支持 X86/ARM/RISC-V,针对上述平台 64 位指令集做汇编层面的优化

Support x86 / arm / risc-v, optimize the 64 bit instruction set of the above platform at the assembly level

将 C 语言标准由目前的 C89 更新为最新的 C99 或 C11,及部分 GCC 特性,移除对 Perl 的依赖

The C language standard is updated from the current C89 to the latest C99 or C11, and some GCC features, and the dependency on Perl is removed

移除不安全的算法和协议,仅支持国密算法和主流国际算法,提升对 AEAD、TLS 1.3 等新标准的默认支持力度

Remove unsafe algorithms and protocols, only support national secret algorithms and mainstream international algorithms, and enhance the default support for new standards such as aead and TLS 1.3

提升密码算法抗木马、抗侧信道攻击的安全性

Improve the security of cryptographic algorithm against Trojan horse and side channel attack

降低运行时堆内存的使用量,降低总体二进制代码体积

Reduce runtime heap memory usage and overall binary code volume

提供特定于国密算法和协议的统一的多语言(支持 Rust/Java/Go/PHP)封装

Provide unified multi language (support rust / Java / go / PHP) encapsulation specific to national secret algorithm and protocol

保持和 OpenSSL 最新版本的兼容性,实现 GmSSL 和 OpenSSL 在同一个软件中的共存

Maintain the compatibility with the latest version of OpenSSL, and realize the coexistence of gmssl and OpenSSL in the same software

国密算法

National secret algorithm

国密算法是国家商用密码算法的简称。自 2012 年以来,国家密码管理局以《中华人民共和国密码行业标准》的方式,陆续公布了 SM2/SM3/SM4 等密码算法标准及其应用规范。其中“SM”代表“商密”,即用于商用的、不涉及国家秘密的密码技术。其中 SM2 为基于椭圆曲线密码的公钥密码算法标准,包含数字签名、密钥交换和公钥加密,用于替换 RSA/Diffie-Hellman/ECDSA/ECDH 等国际算法;SM3 为密码哈希算法,用于替代 MD5/SHA-1/SHA-256 等国际算法;SM4 为分组密码,用于替代 DES/AES 等国际算法;SM9 为基于身份的密码算法,可以替代基于数字证书的 PKI/CA 体系。通过部署国密算法,可以降低由弱密码和错误实现带来的安全风险和部署 PKI/CA 带来的开销。

National secret algorithm is the abbreviation of national commercial cipher algorithm. Since 2012, the State Password Administration has successively published SM2 / SM3 / SM4 cryptographic algorithm standards and their application specifications in the form of “the people’s Republic of China cryptographic industry standard”. Among them, “SM” stands for “commercial secret”, that is, it is used for commercial use and does not involve state secrets. Among them, SM2 is the public key cryptography algorithm standard based on elliptic curve cryptography, including digital signature, key exchange and public key encryption, which is used to replace RSA / Diffie Hellman / ECDSA / ecdh and other international algorithms; SM3 is cryptographic hash algorithm, which is used to replace MD5 / SHA-1 / SHA-256 and other International algorithms; SM4 is block cipher, which is used to replace DES / AES and other international algorithms; SM9 is used to replace international algorithms such as DES / AES It can replace PKI / CA system based on digital certificate. By deploying the national secret algorithm, we can reduce the security risk caused by weak password and wrong implementation and the cost of deploying PKI / ca.

子项目

Sub project

本项目包括一些相对独立的子项目:

This project includes some relatively independent sub projects:

国密浏览器:基于 Chromium 的支持国密 SSL 和证书的通用浏览器

National secret browser: a universal browser supporting SSL and certificate based on chromium

SDF ENGINE:支持提供 SDF 接口的 PCI-E 密码卡和服务器密码机

SDF engine: supports PCI-E password card and server password machine providing SDF interface

SKF ENGINE:支持提供 SKF 接口的 USB-KEY、TF 卡等智能密码钥匙

SKF engine: support USB-Key, TF card and other smart password keys with SKF interface

SM9 密钥服务:为个人用户提供基于电子邮件地址的 SM9 标识密钥服务

SM9 key service: provide SM9 identity key service based on e-mail address for individual users

自助 CA 服务:提供自助式的网站 DV 证书服务和 S/MIME 邮件证书服务

Self service CA service: provide self-service website DV certificate service and S / MIME mail certificate service

国密标准文本:提供全面的国密 GM/T 系列标准文本

National secret standard text: provide comprehensive national secret GM / T series standard text


速搜资源网 , 版权所有丨如未注明 , 均为原创丨转载请注明原文链接:【速搜问答】GmSSL是什么
喜欢 (0)
[361009623@qq.com]
分享 (0)
发表我的评论
取消评论
表情 贴图 加粗 删除线 居中 斜体 签到

Hi,您需要填写昵称和邮箱!

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址