LinuxCommandLibrary

gmssl

Perform cryptographic operations using national standard algorithms

TLDR

Generate an SM3 hash for a file

$ gmssl sm3 [path/to/file]
copy

Encrypt a file using the SM4 cipher
$ gmssl sms4 -e -in [path/to/file] -out [path/to/file.sms4]
copy

Decrypt a file using the SM4 cipher
$ gmssl sms4 -d -in [path/to/file.sms4]
copy

Generate an SM2 private key
$ gmssl sm2 -genkey -out [path/to/file.pem]
copy

Generate an SM2 public key from an existing private key
$ gmssl sm2 -pubout -in [path/to/file.pem] -out [path/to/file.pem.pub]
copy

Encrypt a file using the ZUC cipher
$ gmssl zuc -e -in [path/to/file] -out [path/to/file.zuc]
copy

Decrypt a file using the ZUC cipher
$ gmssl zuc -d -in [path/to/file.zuc]
copy

Display version
$ gmssl version
copy

SYNOPSIS

gmssl [global-options] <command> [<command-options> [<args>]]

PARAMETERS

-h, --help
    Display help for gmssl or specific command

-H, --html-help
    Display HTML-formatted help

-V, --version
    Print GMSSL version information

-v, --verbose
    Enable verbose output

-e, --engine <id>
    Specify crypto engine (e.g., 'gmapi')

-rand <files>
    Files for random seed

-config <file>
    Configuration file path

-provider <path>
    Load provider library

DESCRIPTION

GMSSL is an open-source cryptographic library and command-line tool suite designed primarily for China's national commercial cryptographic standards, including SM2 (elliptic curve public-key), SM3 (hash), SM4 (block cipher), SM9 (identity-based), and ZUC (stream cipher), alongside support for international algorithms like AES, SHA-2, RSA, and ECC. It serves as a drop-in alternative to OpenSSL, offering similar syntax and functionality but optimized for SM-series algorithms required in Chinese regulated environments.

The gmssl command provides a unified interface for key generation, signing/verification, encryption/decryption, hashing, certificate management, and more. It is widely used in finance, government, and telecom sectors in China for compliance with GB/T standards. Installation typically via source compilation or packages on Linux distributions. Key advantages include FIPS-like validation for SM algos and high performance on x86/ARM platforms.

CAVEATS

Primarily for SM algorithms; some OpenSSL commands unsupported. Requires compatible engines for hardware acceleration. Not FIPS-certified outside China standards.

COMMON SUBCOMMANDS

version: Show version.
sm2keygen: Generate SM2 keys.
sm2sign/sm2verify: Sign/verify.
sm4: SM4 encrypt/decrypt.
sm3: Compute SM3 hash.
x509: Certificate ops.

EXAMPLE USAGE

gmssl sm2keygen -out priv.pem -pubout pub.pem
gmssl sm3 -hex input.txt

HISTORY

Originated from GMSSL project (2015) by PKU and collaborators to implement SM standards. Evolved to v3.x with OpenSSL 1.1/3.0 compatibility, active maintenance via GitHub.

SEE ALSO

openssl(1), sm2keygen(1), dgst(1)

Copied to clipboard