JDK增加了对国密算法的支持, 但是不支持SM2P256V1(推荐椭圆曲率参数).

SM2标准中给出了一个推荐的256比特的素数域椭圆曲线域参数,GmSSL内置了这个椭圆曲线域参数,命名为sm2p256v1.

关于 标识 1.2.156.10197.1.301, 是SM2证书制作时加进去的:

制作SM2证书,需加入SM2签名算法DerObjectIdentifier标识1.2.156.10197.1.501(基于SM3的SM2算法签名),密钥对的生成使用国密推荐曲线参数,然后如上所示自行实现SM2签名验证算法.

如果JAVA要支持 SM2P256V1 ,需要调用CurveDB.add方法加入该参数.

//国密推荐256位曲线参数
    private static final String P_STR = "FFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00000000FFFFFFFFFFFFFFFF";
    private static final String A_STR = "FFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00000000FFFFFFFFFFFFFFFC";
    private static final String B_STR = "28E9FA9E9D9F5E344D5A9E4BCF6509A7F39789F515AB8F92DDBCBD414D940E93";
    private static final String N_STR = "FFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFF7203DF6B21C6052B53BBF40939D54123";
    //base point
    private static final String X_STR = "32C4AE2C1F1981195F9904466A39C9948FE30BBFF2660BE1715A4589334C74C7";
    private static final String Y_STR = "BC3736A2F4F6779C59BDCEE36B692153D0A9877CC62A474002DF32E52139F0A0";
private static final String SPLIT_PATTERN = ",|\\[|\\]";

try {
            //add sm2p256v1 support to EC CurveDB
            Pattern localPattern = Pattern.compile(SPLIT_PATTERN);
            Class[] argTypes = {
                    String.class, String.class, int.class, String.class, String.class,
                    String.class, String.class, String.class, String.class, int.class, Pattern.class};
            Object[] args = new Object[]{
                    "sm2p256v1", "1.2.156.10197.1.301",
                    1, P_STR, A_STR, B_STR, X_STR, Y_STR, N_STR, 1, localPattern};
            Method add = CurveDB.class.getDeclaredMethod("add", argTypes);
            add.setAccessible(true);
            add.invoke(CurveDB.class, args);
        } catch (Exception e) {
            throw new RuntimeException(e.getMessage(), e);
        }

参考: 国密算法SM2证书 http://www.jonllen.com/jonllen/work/162.aspx

发表评论

电子邮件地址不会被公开。 必填项已用*标注