CN105743655B - Hash calculation and signature sign test calculate isolated SM2 signature sign test implementation method - Google Patents

Hash calculation and signature sign test calculate isolated SM2 signature sign test implementation method Download PDF

Info

Publication number
CN105743655B
CN105743655B CN201610176957.0A CN201610176957A CN105743655B CN 105743655 B CN105743655 B CN 105743655B CN 201610176957 A CN201610176957 A CN 201610176957A CN 105743655 B CN105743655 B CN 105743655B
Authority
CN
China
Prior art keywords
interface
sign test
signature
hash
message
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201610176957.0A
Other languages
Chinese (zh)
Other versions
CN105743655A (en
Inventor
潘无穷
王平建
王展
黎火荣
关翀
荆继武
林璟锵
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Institute of Information Engineering of CAS
Data Assurance and Communication Security Research Center of CAS
Original Assignee
Institute of Information Engineering of CAS
Data Assurance and Communication Security Research Center of CAS
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Institute of Information Engineering of CAS, Data Assurance and Communication Security Research Center of CAS filed Critical Institute of Information Engineering of CAS
Priority to CN201610176957.0A priority Critical patent/CN105743655B/en
Publication of CN105743655A publication Critical patent/CN105743655A/en
Application granted granted Critical
Publication of CN105743655B publication Critical patent/CN105743655B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3066Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • H04L9/3252Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using DSA or related signature schemes, e.g. elliptic based signatures, ElGamal or Schnorr schemes

Abstract

Isolated SM2 signature sign test implementation method is calculated the present invention relates to a kind of Hash calculation and signature sign test, this method records the corresponding relationship between message and cryptographic Hash when realizing Hash calculation interface, cryptographic Hash needed for inquiring corresponding former message according to cryptographic Hash when realizing that signature and sign test calculate interface and SM2 signature or sign test being calculated by former message.It is calculated to separate Hash calculation and the signature/sign test of SM2 algorithm, has achieved the purpose that Hash calculation interface can be used alone and the input of the cryptographic Hash of signature/sign test can be directly using the purpose of the result of Hash calculation;Using other cryptographic algorithms and in system that the corresponding interface meets international api interface specification, layer identification code can not be modified in script, interface is directly replaced and realizes part to achieve the purpose that replace original cryptographic algorithm using SM2 algorithm.

Description

Hash calculation and signature sign test calculate isolated SM2 signature sign test implementation method
Technical field
The invention belongs to information security cryptographic algorithm security fields, and in particular to a kind of Hash calculation and sign test of signing calculate Isolated SM2 signature sign test implementation method.
Background technique
SM2 is the ellipse curve public key cipher algorithm that national Password Management office issued on December 17th, 2010.SM2 signature Algorithm is the signature algorithm based on SM2 cryptographic algorithm.
If message to be signed is M, in order to obtain the digital signature (r, s) of message M, r, s are Elliptic Curve Cryptosystem Two result parameters used in calculating are collectively regarded as digital signature in SM2 signature algorithm.SM2 signature algorithm process is such as Under:
1. calculatingWherein ZA is user's other information, | | it is bound symbol.
User's other information " Z in SM2 algorithmA" it is described as follows: it is entlen that the user A as signer, which has length,AThan Special recognizes mark IDA, remember ENTLAIt is by integer entlenATwo bytes made of conversion, in SM2 elliptic curve number label In name algorithm, signer and verifier require the Hash Value Z that user A is acquired with cryptographic Hash functionA.By GM/T0003.1- 20124.2.6 the method provided with 4.2.5, by the coordinate x of elliptic curve equation parameter a, b, GG、yGAnd PACoordinate xA、yA's Data type conversion is Bit String, calculates ZA=Hv(ENTLA||IDA||a||b||xG||yG||xA||yA)。
2. calculatingH is the hash algorithm that signature sign test both sides appoint, what v expression Hash calculation obtained disappears Cease length of summarization.E is converted into integer according to certain rule.
3. (r, s) is calculated using SM2 public key algorithm, referring specifically to GM/T 0003.1-for the e after conversion 2012 4.2.6 and 4.2.5.
In order to verify M ' and its digital signature (r ', s '), sign test algorithm flow is as follows:
1. setting
2. calculatingE ' is converted into integer.
Whether 3. verifying e ' according to SM2 public key algorithm to match with (r ', s '), matching is then verified, and is mismatched then Derivative does not pass through.
Other common signature sign test algorithms and SM2 signature sign test algorithm are different, such as message M, RSA signature Algorithm flow is as follows:
1. calculating e=Hv| | M calculates the cryptographic Hash of message.
2. obtaining the signature of message using the private key encryption e of RSA public key algorithm.
For message M ' and signature s, sign test algorithm flow is as follows:
1. calculating e '=Hv| | M ' calculates the cryptographic Hash of message.
2. obtaining e " using the public key decryptions s of RSA public key algorithm, whether verifying e '=e " is true, and establishment is then verified Pass through, it is invalid, it verifies and does not pass through.
It is a kind of relevant api interface of common information security that Hash calculation and signature sign test, which calculate interface,.It is calculated by password Method implementor, which programs, realizes api interface and corresponding cryptographic algorithm, and interface caller is by calling api interface to realize complicated Kazakhstan Uncommon calculate calculates with signature sign test.It is (hereinafter referred to as " general to connect that common cryptographic algorithms' implementation module follows general api interface specification Mouth specification ");Hash calculation interface inputs origination message in general-purpose interface specification, exports the cryptographic Hash of message;Signature calculation interface The cryptographic Hash for inputting message, exports the signature of message;Sign test calculates the cryptographic Hash of interface input signature and message, and whether output tests Card passes through.
It is two different api interfaces that signature calculation interface and sign test, which calculate interface, but is connect in the present invention with the two The relevant many operations of mouth are all identical, therefore the signature sign test interface mentioned hereinafter refers to two api interfaces, and Identical operation can be used to the two interfaces.
It is can be used alone of separating that Hash calculation, which calculates interface with signature sign test, in general-purpose interface specification, practical to sign Hash calculation interface and signature sign test is successively called to calculate interface when sign test.Outbound message is calculated by Hash calculation interface first Cryptographic Hash, then interface is calculated by signature sign test, signature is signed or verified to cryptographic Hash.Such as:
The API for the Cryptography module that Microsoft's Windows system provides is as follows:
Hash calculation interface:
Signature calculation interface:
It is difficult to realize according to signature sign test module of the above api interface format exploitation SM2 algorithm on Windows. The cryptographic Hash for the not former message of input that SM2 algorithm signature sign test calculates, the cryptographic Hash after being added to user's other information. This calculated result that will lead to the Hash calculation interface for meeting international interface specification when SM2 algorithm signature sign test can not be direct The input of interface is calculated as signature sign test, the code for meeting general-purpose interface specification based on International Algorithmics such as RSA is used instead originally When SM2 algorithm, interface is inconsistent, and original signature sign test library can not directly be replaced with to new SM2 signature sign test library.
Summary of the invention
Present invention aim to address how to allow SM2 algorithm Hash calculation interface with signature sign test calculate interface meet it is general The problem of function of completing SM2 signature sign test can be used in conjunction with while interface specification again, propose a kind of SM2 calculation The Hash calculation interface of method and signature sign test calculate the implementation method of interface, the algorithms library realized using this method, can be according to General-purpose interface specification separates Hash calculation interface and signature sign test calculates interface, while upper layer identification code can successively call two and connect Mouth is to complete SM2 signature sign test function.
A kind of Hash calculation and signature sign test of the invention calculates isolated SM2 signature sign test implementation method, realizes It is separation that Hash calculation interface and SM2 signature sign test, which calculate interface, meets international api interface specification;Hash calculation connects Mouth can be independently operated, the cryptographic Hash for calculating message, can be direct using the cryptographic Hash that above-mentioned Hash calculation interface is calculated For calling SM2 signature sign test to calculate interface calculate the signature or verifying signature.As it was noted above, SM2 signature sign test in the present invention It calculates interface and refers to SM2 signature calculation interface and SM2 sign test calculating the two api interfaces of interface.
Present invention provide that when realizing Hash calculation interface, calculate the cryptographic Hash of former message and return, but by cryptographic Hash and The corresponding relationship of former message is stored in a table of comparisons (or mapping table).The table of comparisons should be Hash calculation and label Name sign test calculating is shared, and can be realized by modes such as global variable, file storage, databases.
When realizing that signature/sign test calculates interface, the control of previous step storage is searched by the cryptographic Hash in input parameter Table finds the corresponding former message of cryptographic Hash, calculates user's other information ZA, obtain ZA=Hv(ENTLA||IDA||a||b||xG|| yG||xA||yA), H in formulavIt is specific hash algorithm, is SM3 algorithm, ENTL according to China's Standard GeneralAIt is IDALength Degree, IDAFor the ID, a, b, x for uniquely indicating identity when user's signature sign testG、yGIt is the preconfiguration parameters of elliptic curve, all It is fixed, xA、yAFor public key PACoordinate, can be obtained from public key, these information sign sign test calculate when be all to hold very much Easily obtain.It calculatesNew information is obtained, calculates cryptographic Hash for sign test of signing using new information.
Interface realizing method designed according to this invention, the Hash calculation interface and signature sign test of SM2 algorithm calculate interface Meet general-purpose interface specification, while can successively call to complete SM2 signature sign test function.
Meet Hash calculation and the SM2 signature sign test realization system for sign test calculating separation interface of signing the present invention also provides a kind of System calculates interface including isolated Hash calculation interface and SM2 signature sign test, and the Hash calculation interface is for calculating message Cryptographic Hash, the SM2 signature sign test calculate the cryptographic Hash that interface is used to be calculated using the Hash calculation interface and calculate label Name or verifying signature.
Further, the corresponding relationship between the Hash calculation interface record cryptographic Hash and former message, forms message- Cryptographic Hash mapping table;The SM2 signature sign test calculates what interface was locally stored by the cryptographic Hash inquiry in input parameter Message-cryptographic Hash mapping table obtains the corresponding former message of the cryptographic Hash, then adds user's other information for former message New cryptographic Hash is calculated afterwards, is calculated for subsequent SM2 signature sign test.
It in the prior art, is not the Hash of former message since the input of SM2 signature sign test calculating is different from international algorithm Calculated result, is the cryptographic Hash of the extension message after being added to user's other information on former message basis, therefore the Hash of SM2 Realization can not be separated with signature sign test calculating by calculating.The present invention records between message and cryptographic Hash when realizing Hash calculation interface Corresponding relationship, the corresponding former message of inquiry cryptographic Hash and calculated by original message when realizing that signature and sign test calculate interface It is calculated to cryptographic Hash needed for SM2 signature or sign test for signing with sign test, to separate the Hash calculation and label of SM2 algorithm Name/sign test calculates, and has achieved the purpose that Hash calculation interface can be used alone and the input of the cryptographic Hash of signature/sign test can Directly to use the purpose of the result of Hash calculation.
The SM2 algorithm Hash calculation interface and signature sign test that the present invention realizes calculate interface and meet international api interface Specification can not in script using other cryptographic algorithms and in engineering that the corresponding interface meets international api interface specification Layer identification code in modification directly replaces interface and realizes part to achieve the purpose that replace original cryptographic algorithm using SM2 algorithm.
Detailed description of the invention
Fig. 1 is Hash calculation interface implementation process.
Fig. 2 is that signature sign test calculates interface implementation process.
Fig. 3 is that Hash calculation interface and sign test of signing calculate the general flow chart that interface is realized.
Specific embodiment
Below by specific embodiments and the drawings, the present invention will be further described.
Fig. 1 is the flow chart of the implementation method of Hash calculation interface of the invention, is specifically comprised the following steps:
1) former message is inputted;
2) cryptographic Hash of message is normally calculated;
3) cryptographic Hash of message and former message are stored in (message --- the cryptographic Hash) table of comparisons (mapping table);It should The table of comparisons should be that Hash calculation and signature sign test are calculated and shared, and can pass through the side such as global variable, file storage, database Formula is realized;
4) it is returned cryptographic Hash as return value.
Fig. 2 is the flow chart for the implementation method that signature sign test of the invention calculates interface, is specifically comprised the following steps:
1) cryptographic Hash of calculate the signature or sign test is wanted in input;
2) former message is searched according to cryptographic Hash: in (message --- cryptographic Hash) table of comparisons, searches the Kazakhstan in incoming parameter It is uncommon to be worth corresponding former message, if searched less than former message, failure result is returned to, informing signature sign test fails, and provides mistake Lose reason;
3) user's other information is obtained, Z is calculatedA
4) Z is connectedAWith former message, that is, calculateObtain new information;
5) cryptographic Hash for calculating new information is calculated for subsequent signature sign test;
6) it is signed, is returned the result according to SM2 algorithm standard rules calculate the signature or verifying.
Fig. 3 is that Hash calculation interface and sign test of signing calculate the general flow chart that interface is realized, is process in Fig. 1 and Fig. 2 In conjunction with specific steps are seen above, and details are not described herein again.
The above embodiments are merely illustrative of the technical solutions of the present invention rather than is limited, the ordinary skill of this field Personnel can be with modification or equivalent replacement of the technical solution of the present invention are made, without departing from the spirit and scope of the present invention, this The protection scope of invention should be subject to described in claims.

Claims (6)

1. a kind of Hash calculation and signature sign test calculate isolated SM2 signature sign test implementation method, which is characterized in that using separation Hash calculation interface and SM2 signature sign test calculate interface, first by the Hash calculation interface calculating message cryptographic Hash, Then it is used for obtained cryptographic Hash that SM2 signature sign test to be called to calculate interface and be signed with calculate the signature or verifying;Realizing Hash When calculating interface, the corresponding relationship between cryptographic Hash and former message is recorded, message-cryptographic Hash mapping table is formed, will correspond to Relationship is stored in the signature addressable position of sign test calculation code;When realizing that SM2 signature sign test calculates interface, joined by input Cryptographic Hash in number inquires stored message-cryptographic Hash mapping table, obtains the corresponding former message of the cryptographic Hash, then New cryptographic Hash is calculated after adding user's other information as defined in SM2 algorithm for former message, based on subsequent SM2 signature sign test It calculates.
2. the method according to claim 1, wherein it includes SM2 signature meter that SM2 signature sign test, which calculates interface, It calculates interface and SM2 sign test calculates interface.
3. the method according to claim 1, wherein the Hash calculation interface and signature sign test calculate interface symbol Close international api interface specification;Script is using other cryptographic algorithms and the corresponding interface meets international api interface rule In the engineering of model, the upper layer application code for calling cryptographic calculations is not modified, interface is directly replaced and realizes that part uses SM2 to reach Algorithm replaces the purpose of original cryptographic algorithm.
4. the method according to claim 1, wherein the storage of the message-cryptographic Hash mapping table passes through Global variable, file storage or database mode are realized.
5. the method according to claim 1, wherein the expression formula of user's other information are as follows:
ZA=Hv(ENTLA||IDA||a||b||xG||yG||xA||yA),
Wherein, HvThe hash algorithm used when being Hash calculation, ENTLAIt is IDALength, IDAIt is unique when for user's signature sign test Indicate the ID, a, b, x of identityG、yGIt is the preconfiguration parameters of elliptic curve, xA、yAIt is obtained from public key;Then it calculatesNew information is obtained, wherein M is message to be signed, calculates cryptographic Hash using new information and calculates for sign test of signing.
6. a kind of meet Hash calculation and the SM2 signature sign test realization system for sign test calculating separation interface of signing, it is characterised in that: Interface is calculated including isolated Hash calculation interface and SM2 signature sign test, the Hash calculation interface is used to calculate the Kazakhstan of message Uncommon value, the SM2 signature sign test calculate the cryptographic Hash calculate the signature that interface is used to be calculated using the Hash calculation interface Or verifying signature;Corresponding relationship between the Hash calculation interface record cryptographic Hash and former message, forms message-cryptographic Hash Corresponding relationship is stored in the signature addressable position of sign test calculation code by mapping table;The SM2 signature sign test calculating connects Mouth inquires stored message-cryptographic Hash mapping table by the cryptographic Hash in input parameter, and it is corresponding to obtain the cryptographic Hash Former message calculates new cryptographic Hash after then adding user's other information as defined in SM2 algorithm for former message, for subsequent SM2 signature sign test calculates.
CN201610176957.0A 2016-03-25 2016-03-25 Hash calculation and signature sign test calculate isolated SM2 signature sign test implementation method Active CN105743655B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610176957.0A CN105743655B (en) 2016-03-25 2016-03-25 Hash calculation and signature sign test calculate isolated SM2 signature sign test implementation method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610176957.0A CN105743655B (en) 2016-03-25 2016-03-25 Hash calculation and signature sign test calculate isolated SM2 signature sign test implementation method

Publications (2)

Publication Number Publication Date
CN105743655A CN105743655A (en) 2016-07-06
CN105743655B true CN105743655B (en) 2019-07-16

Family

ID=56251559

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610176957.0A Active CN105743655B (en) 2016-03-25 2016-03-25 Hash calculation and signature sign test calculate isolated SM2 signature sign test implementation method

Country Status (1)

Country Link
CN (1) CN105743655B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108809658B (en) * 2018-07-20 2021-06-01 武汉大学 SM 2-based identity base digital signature method and system
CN110941861B (en) * 2019-12-16 2022-04-29 中国南方电网有限责任公司 File protection method and device, computer equipment and medium
CN112926983A (en) * 2021-04-13 2021-06-08 无锡井通网络科技有限公司 Block chain-based deposit certificate transaction encryption system and method

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103138938A (en) * 2013-03-22 2013-06-05 中金金融认证中心有限公司 SM2 certificate application method based on cryptographic service provider (CSP)
CN104735068A (en) * 2015-03-24 2015-06-24 江苏物联网研究发展中心 SIP security authentication method based on commercial passwords

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103138938A (en) * 2013-03-22 2013-06-05 中金金融认证中心有限公司 SM2 certificate application method based on cryptographic service provider (CSP)
CN104735068A (en) * 2015-03-24 2015-06-24 江苏物联网研究发展中心 SIP security authentication method based on commercial passwords

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
《SM2密码算法的Java实现与评测》;聂意新等;《信息网络安全》;20130810;全文 *
《SM2椭圆曲线门限密码算法》;尚铭等;《密码学报》;20140415;全文 *

Also Published As

Publication number Publication date
CN105743655A (en) 2016-07-06

Similar Documents

Publication Publication Date Title
CN106504008B (en) A kind of fair contract signature method based on block chain
US10594688B2 (en) Privacy-enhanced biometrics-secret binding scheme
WO2020048241A1 (en) Blockchain cross-chain authentication method and system, and server and readable storage medium
Omar et al. Identity management in IoT networks using blockchain and smart contracts
JP6180177B2 (en) Encrypted data inquiry method and system capable of protecting privacy
CN105743655B (en) Hash calculation and signature sign test calculate isolated SM2 signature sign test implementation method
US20120033807A1 (en) Device and user authentication
CN104717232B (en) A kind of cryptographic system towards group
CN112311538B (en) Identity verification method, device, storage medium and equipment
CN102571355B (en) Method and device for importing secret key without landing
CN107809311A (en) The method and system that a kind of unsymmetrical key based on mark is signed and issued
CN109245899B (en) Trust chain design method based on SM9 cryptographic algorithm
TW202046221A (en) Method and device for creating block chain account and verifying block chain transaction
CN106059760B (en) A kind of cryptographic system from user terminal crypto module calling system private key
US20180287803A1 (en) Public Key Infrastructure & Method of Distribution
CN103701598A (en) SM2 signature algorithm-based double-check signature method and digital signature equipment
CN104506554B (en) A kind of mobile phone terminal accesses the safety method of cloud storage service device
CN106209730B (en) Method and device for managing application identifier
CN113452705B (en) Encrypted communication method, device, electronic equipment and storage medium
CN107104788A (en) The ciphering signature method and apparatus of terminal and its non-repudiation
WO2021071421A1 (en) Methods, systems, and devices for managing digital assets
CN107919963B (en) Authenticator and implementation method thereof
CN113343255A (en) Data interaction method based on privacy protection
CN106856431A (en) Improved ECDSA and sign test method
CN116346336A (en) Key distribution method based on multi-layer key generation center and related system

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant