本文主要是介绍GMT0009 SM2密钥算法使用规范以及密钥对保护数据解析,希望对大家解决编程问题提供一定的参考价值,需要的开发者们随着小编来一起学习吧!
密钥对保护数据格式
在SM2密钥对传递时,需要对SM2密钥对进行加密保护,即数字信封,具体的保护方法为:
- 产生一个对称密钥
- 按对称密码算法标识指定的算法对SM2私钥进行加密,得到私钥的密文,若对称算法为分组算法,则其运算模式为ECB
- 使用外部SM2公钥加密对称密钥得到对称密钥密文
- 将私钥密文、对称密钥密文封装得到密钥对保护数据中
SM2密钥对的保护数据格式的ASN.1定义为:
对称密钥算法标识
AlgorithmIdentifier也是一个sequence 规范可在RFC5280中查看
SM2对称密文加密数据格式
SM2 算法加密后的数据格式的ASN.1定义为:
SM2公钥
SM2私钥密文
SM2私钥密文即是由对称密钥SM4进行加密的密文,密文长度是16的倍数
java 解析密钥对保护数据
// 结构拆解ASN1Sequence env = (ASN1Sequence) ASN1Object.fromByteArray(envelope);// 1. 算法标识DEREncodable obj0 = env.getObjectAt(0);if (!(obj0 instanceof DERSequence))throw new Exception("format is invaild, obj(0) is not sequence");DEREncodable obj0_0 = ((DERSequence) obj0).getObjectAt(0);if (!(obj0_0 instanceof DERObjectIdentifier))throw new Exception("format is invaild, obj(0).(0) is not object identifier");// 2. 对称密钥密文DEREncodable obj1 = env.getObjectAt(1);if (!(obj1 instanceof DERSequence))throw new Exception("format is invaild, obj(1) is not sequence");DEREncodable obj1_0 = ((DERSequence) obj1).getObjectAt(0);if (!(obj1_0 instanceof DERInteger))throw new Exception("format is invaild, obj(1).(0) is not integer");DEREncodable obj1_1 = ((DERSequence) obj1).getObjectAt(1);if (!(obj1_1 instanceof DERInteger))throw new Exception("format is invaild, obj(1).(1) is not integer");DEREncodable obj1_2 = ((DERSequence) obj1).getObjectAt(2);if (!(obj1_2 instanceof DEROctetString))throw new Exception("format is invaild, obj(1).(2) is not octect string");DEREncodable obj1_3 = ((DERSequence) obj1).getObjectAt(3);if (!(obj1_3 instanceof DEROctetString))throw new Exception("format is invaild, obj(1).(3) is not octect string");// SM2 公钥DEREncodable obj2 = env.getObjectAt(2);if (!(obj2 instanceof DERBitString))throw new Exception("format is invaild, obj(2) is not bit string");// SM2私钥密文DEREncodable obj3 = env.getObjectAt(3);if (!(obj3 instanceof DERBitString))throw new Exception("format is invaild, obj(3) is not bit string");
这篇关于GMT0009 SM2密钥算法使用规范以及密钥对保护数据解析的文章就介绍到这儿,希望我们推荐的文章对编程师们有所帮助!
