Why Can't I Wrap Asymmetric Keys by Using -sms4-wrap-pad in GmSSL?
Symptom
By default, the -sms4-wrap-pad algorithm is not enabled in GmSSL. To wrap a key, upgrade GmSSL to the latest version and patch it first.
Solution
Use bash commands to install and patch GmSSL.
- Switch to the root user.
sudo su -
- Download the latest GmSSL version from https://www.github.com/guanzhi/GmSSL/.
- Download and decompress the binary file.
- Download the latest GmSSL version.
curl -LO https://github.com/guanzhi/GmSSL/archive/master.zip
unzip master.zip
cd GmSSL-master
- Run the following commands:
sed -i "/BIO_get_cipher_ctx(benc, &ctx);/a\ EVP_CIPHER_CTX_set_flags(ctx, EVP_CIPHER_CTX_FLAG_WRAP_ALLOW);" apps/enc.c
- Recompile and install GmSSL.
./config && make && make install
If the following error message is displayed when you run the GmSSL command: gmssl: relocation error: gmssl: symbol PBEPARAM_it, version OPENSSL_xxxx not defined in file libcrypto.so.1.1 with link time reference
Run the following commands:
ldd /usr/local/bin/gmssl
mv libcrypto.so.1.1 /usr/lib64/libcrypto.so.1.1
mv libssl.so.1.1 /usr/lib64/libssl.so.1.1
Did this article solve your problem?
Thank you for your score!Your feedback would help us improve the website.