{ "content": [ { "type": "text", "text": "# EVP_PKEY-SM2 (man)\n\n## NAME\n\nEVPPKEY-SM2, EVPKEYMGMT-SM2, SM2 - EVPPKEY keytype support for the Chinese SM2 signature and encryption algorithms\n\n## DESCRIPTION\n\nThe SM2 algorithm was first defined by the Chinese national standard GM/T 0003-2012 and was\nlater standardized by ISO as ISO/IEC 14888. SM2 is actually an elliptic curve based\nalgorithm. The current implementation in OpenSSL supports both signature and encryption\nschemes via the EVP interface.\n\n## Sections\n\n- **NAME**\n- **DESCRIPTION** (1 subsections)\n- **NOTES**\n- **EXAMPLES**\n- **SEE ALSO**\n- **COPYRIGHT**\n\nUse structuredContent.sections for detailed options, examples, and full documentation.\n" } ], "structuredContent": { "command": "EVP_PKEY-SM2", "section": "", "mode": "man", "summary": "EVPPKEY-SM2, EVPKEYMGMT-SM2, SM2 - EVPPKEY keytype support for the Chinese SM2 signature and encryption algorithms", "synopsis": null, "tldr_summary": null, "tldr_examples": [], "tldr_source": null, "flags": [], "examples": [ "This example demonstrates the calling sequence for using an EVPPKEY to verify a message with", "the SM2 signature algorithm and the SM3 hash algorithm:", "#include ", "/* obtain an EVPPKEY using whatever methods... */", "mctx = EVPMDCTXnew();", "pctx = EVPPKEYCTXnew(pkey, NULL);", "EVPPKEYCTXset1id(pctx, id, idlen);", "EVPMDCTXsetpkeyctx(mctx, pctx);", "EVPDigestVerifyInit(mctx, NULL, EVPsm3(), NULL, pkey);", "EVPDigestVerifyUpdate(mctx, msg, msglen);", "EVPDigestVerifyFinal(mctx, sig, siglen)" ], "see_also": [ { "name": "EVPPKEYCTXnew", "section": "3", "url": "https://www.chedong.com/phpMan.php/man/EVPPKEYCTXnew/3/json" }, { "name": "EVPDigestSignInit", "section": "3", "url": "https://www.chedong.com/phpMan.php/man/EVPDigestSignInit/3/json" }, { "name": "EVPDigestVerifyInit", "section": "3", "url": "https://www.chedong.com/phpMan.php/man/EVPDigestVerifyInit/3/json" }, { "name": "EVPPKEYCTXset1id", "section": "3", "url": "https://www.chedong.com/phpMan.php/man/EVPPKEYCTXset1id/3/json" }, { "name": "EVPMDCTXsetpkeyctx", "section": "3", "url": "https://www.chedong.com/phpMan.php/man/EVPMDCTXsetpkeyctx/3/json" } ], "section_outline": [ { "name": "NAME", "lines": 3, "subsections": [] }, { "name": "DESCRIPTION", "lines": 8, "subsections": [ { "name": "Common SM2 parameters", "lines": 10 } ] }, { "name": "NOTES", "lines": 23, "subsections": [] }, { "name": "EXAMPLES", "lines": 14, "subsections": [] }, { "name": "SEE ALSO", "lines": 3, "subsections": [] }, { "name": "COPYRIGHT", "lines": 9, "subsections": [] } ], "sections": { "NAME": { "content": "EVPPKEY-SM2, EVPKEYMGMT-SM2, SM2 - EVPPKEY keytype support for the Chinese SM2 signature\nand encryption algorithms\n", "subsections": [] }, "DESCRIPTION": { "content": "The SM2 algorithm was first defined by the Chinese national standard GM/T 0003-2012 and was\nlater standardized by ISO as ISO/IEC 14888. SM2 is actually an elliptic curve based\nalgorithm. The current implementation in OpenSSL supports both signature and encryption\nschemes via the EVP interface.\n\nWhen doing the SM2 signature algorithm, it requires a distinguishing identifier to form the\nmessage prefix which is hashed before the real message is hashed.\n", "subsections": [ { "name": "Common SM2 parameters", "content": "SM2 uses the parameters defined in \"Common EC parameters\" in EVPPKEY-EC(7). The following\nparameters are different:\n\n\"cofactor\" (OSSLPKEYPARAMECCOFACTOR) \nThis parameter is ignored for SM2.\n\n(OSSLPKEYPARAMDEFAULTDIGEST) \nGetter that returns the default digest name. (Currently returns \"SM3\" as of OpenSSL\n3.0).\n" } ] }, "NOTES": { "content": "SM2 signatures can be generated by using the 'DigestSign' series of APIs, for instance,\nEVPDigestSignInit(), EVPDigestSignUpdate() and EVPDigestSignFinal(). Ditto for the\nverification process by calling the 'DigestVerify' series of APIs.\n\nBefore computing an SM2 signature, an EVPPKEYCTX needs to be created, and an SM2 ID must be\nset for it, like this:\n\nEVPPKEYCTXset1id(pctx, id, idlen);\n\nBefore calling the EVPDigestSignInit() or EVPDigestVerifyInit() functions, that\nEVPPKEYCTX should be assigned to the EVPMDCTX, like this:\n\nEVPMDCTXsetpkeyctx(mctx, pctx);\n\nThere is normally no need to pass a pctx parameter to EVPDigestSignInit() or\nEVPDigestVerifyInit() in such a scenario.\n\nSM2 can be tested with the openssl-speed(1) application since version 3.0. Currently, the\nonly valid algorithm name is sm2.\n\nSince version 3.0, SM2 keys can be generated and loaded only when the domain parameters\nspecify the SM2 elliptic curve.\n", "subsections": [] }, "EXAMPLES": { "content": "This example demonstrates the calling sequence for using an EVPPKEY to verify a message with\nthe SM2 signature algorithm and the SM3 hash algorithm:\n\n#include \n\n/* obtain an EVPPKEY using whatever methods... */\nmctx = EVPMDCTXnew();\npctx = EVPPKEYCTXnew(pkey, NULL);\nEVPPKEYCTXset1id(pctx, id, idlen);\nEVPMDCTXsetpkeyctx(mctx, pctx);\nEVPDigestVerifyInit(mctx, NULL, EVPsm3(), NULL, pkey);\nEVPDigestVerifyUpdate(mctx, msg, msglen);\nEVPDigestVerifyFinal(mctx, sig, siglen)\n", "subsections": [] }, "SEE ALSO": { "content": "EVPPKEYCTXnew(3), EVPDigestSignInit(3), EVPDigestVerifyInit(3), EVPPKEYCTXset1id(3),\nEVPMDCTXsetpkeyctx(3)\n", "subsections": [] }, "COPYRIGHT": { "content": "Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved.\n\nLicensed under the Apache License 2.0 (the \"License\"). You may not use this file except in\ncompliance with the License. You can obtain a copy in the file LICENSE in the source\ndistribution or at .\n\n\n\n3.0.2 2026-06-02 EVPPKEY-SM2(7SSL)", "subsections": [] } } } }