Download Latest Version gmsmtk_linux-x86.zip (2.1 MB)
Email in envelope

Get an email when there's a new version of GMSM Toolkit ☭

Home
Name Modified Size InfoDownloads / Week
gmsmtk_win32.zip 2022-09-01 2.1 MB
0
gmsmtk_linux-armel.zip 2022-09-01 2.0 MB
0
gmsmtk_linux-amd64.zip 2022-09-01 2.2 MB
0
gmsmtk_linux-x86.zip 2022-09-01 2.1 MB
0
README.md 2022-07-19 5.9 kB
0
Totals: 5 Items   8.5 MB 0

GMSM Toolkit

ISC License GoDoc Go Report Card GitHub go.mod Go version GitHub release (latest by date)

Multi purpose cross-platform cryptography tool for asymmetric/symmetric encryption, cipher-based message authentication code (CMAC), recursive hash digest, hash-based message authentication code (HMAC) and PBKDF2 function.

SM2/SM3/SM4 Chinese National Standard Algorithms:

  • GM/T 0003-2012 - SM2 Public key algorithm 256-bit.
  • GM/T 0004-2012 - SM3 Message digest algorithm. 256-bit hash value.
  • GM/T 0002-2012 - SM4 Symmetric block cipher with 128-bit key.

Modes of operation:

  • GCM: Galois/Counter Mode (AEAD)
  • CTR: Counter Mode
  • OFB: Output Feedback Mode

Cryptographic Functions:

  • Asymmetric Encryption/Decryption
  • Symmetric Encryption/Decryption
  • Digital Signature (ECDSA)
  • Shared Key Agreement (ECDH)
  • Recusive Hash Digest + Check
  • CMAC (Cipher-based message authentication code)
  • HMAC (Hash-based message authentication code)
  • PBKDF2 (Password-based key derivation function 2)
  • TLS (Transport Layer Security)

Usage:

 -bits int
       Bit-length. (for DERIVE, PBKDF2 and RAND) (default 128)
 -check string
       Check hashsum file. ('-' for STDIN)
 -crypt string
       Encrypt/Decrypt with SM4 symmetric block cipher.
 -digest string
       Target file/wildcard to generate hashsum list. ('-' for STDIN)
 -hex string
       Encode/Decode [e|d] binary string to hex format and vice-versa.
 -hkdf
       HMAC-based key derivation function.
 -info string
       Associated data, additional info. (for HKDF and AEAD encryption)
 -iter int
       Iterations. (for PBKDF2 and SHRED commands) (default 1)
 -iv string
       Initialization vector. (for symmetric encryption)
 -key string
       Private/Public key, Secret key or Password.
 -keygen
       Generate asymmetric EC-SM2 keypair.
 -mac string
       Compute Cipher-based/Hash-based message authentication code.
 -mode string
       Mode of operation: GCM, CTR or OFB. (default "GCM")
 -pbkdf2
       Password-based key derivation function.
 -pkeyutl string
       DERIVE shared secret, ENCRYPT/DECRYPT with asymmetric algorithm.
 -pub string
       Remote's side public key/remote's side public IP/local port.
 -rand
       Generate random cryptographic key.
 -recursive
       Process directories recursively.
 -salt string
       Salt. (for PBKDF2 and HKDF commands)
 -shred string
       Files/Path/Wildcard to apply data sanitization method.
 -sign
       Sign with PrivateKey.
 -signature string
       Input signature. (for verification only)
 -tcp string
       Encrypted TCP/IP Transfer Protocol. [dump|send|ip|listen|dial]
 -verify
       Verify with PublicKey.
 -version
       Print version information.

Examples:

Asymmetric SM2 keypair generation:

./gmsmtk -keygen

Derive shared secret key (SM2-ECDH):

./gmsmtk -pkeyutl derive_a -key $PrivateKeyB -pub $PublicKeyA [-salt RandA;RandB] [-bits 64|128|256]
./gmsmtk -pkeyutl derive_b -key $PrivateKeyA -pub $PublicKeyB [-salt RandA;RandB] [-bits 64|128|256]

Derive shared secret key (ECDH Non-standard):

./gmsmtk -pkeyutl derive -key $PrivateKey -pub $PublicKey [-bits 64|128|256]

Signature (SM2-ECDSA):

./gmsmtk -sign -key $PrivateKey < file.ext > sign.txt
sign=$(cat sign.txt)
./gmsmtk -verify -key $PublicKey -signature $sign < file.ext
echo $?

Asymmetric encryption/decryption with SM2 algorithm:

./gmsmtk -pkeyutl enc -key $PublicKey < plaintext.ext > ciphertext.ext
./gmsmtk -pkeyutl dec -key $PrivateKey < ciphertext.ext > plaintext.ext

Symmetric encryption/decryption with SM4 block cipher:

./gmsmtk -crypt enc -key $128bitkey < plaintext.ext > ciphertext.ext
./gmsmtk -crypt dec -key $128bitkey < ciphertext.ext > plaintext.ext

CMAC-SM4 (cipher-based message authentication code):

./gmsmtk -mac cmac -key $64bitkey < file.ext

SM3 hashsum (list):

./gmsmtk -digest "*.*" [-recursive]

SM3 hashsum (single):

./gmsmtk -digest - < file.ext

HMAC-SM3 (hash-based message authentication code):

./gmsmtk -mac hmac -key $128bitkey < file.ext

PBKDF2 (password-based key derivation function 2):

./gmsmtk -pbkdf2 -key "pass" -iter 10000 -salt "salt"

Note:

The PBKDF2 function can be combined with the CRYPT and HMAC commands:

./gmsmtk -crypt -pbkdf2 -key "pass" < plaintext.ext > ciphertext.ext
./gmsmtk -mac hmac -pbkdf2 -key "pass" -iter 10000 -salt "salt" < file.ext

Shred (Data sanitization method, 25 iterations):

Prevents data recovery using standard recovery tools.

./gmsmtk -shred key.pem -iter 25

Bin to Hex/Hex to Bin:

echo somestring|./gmsmtk -hex enc
echo hexstring|./gmsmtk -hex dec

TLS TCP/IP Layer Dump/Send:

./gmsmtk -tcp ip > PublicIP.txt
./gmsmtk -tcp dump [-pub "8081"] > Pubkey.txt
./gmsmtk -tcp send [-pub "127.0.0.1:8081"] < Pubkey.txt

Random Art (Public Key Fingerprint):

./gmsmtk -key $pubkey
./gmsmtk -key - < Pubkey.txt

License

This project is licensed under the ISC License.

Source: README.md, updated 2022-07-19