SM2-DE

Posted 七彩蜗牛

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了SM2-DE相关的知识,希望对你有一定的参考价值。

SM2单证书认证

下端 导入根证书以及通用证书[具有签名和加密证书的功能]和远端的证书[获取远端公钥信息]   

1、配置证书域

crypto ca identity gernal 
 exit  

 

2、通过复制粘贴的方式导入根证书以及设备证书:

JR-29(config)#crypto ca import certificate to gernal % Input the certificate data, press <Enter> twice to finish: -----BEGIN CERTIFICATE----- MIIBDzCBtQIEVDj6BDAKBggqgRzPVQGDdTASMRAwDgYDVQQDDAdzbTJyb290MB4X DTE0MTAxMTA5MzYwMFoXDTI0MTAwODA5MzYwMFowEjEQMA4GA1UEAwwHc20yX2Vu YzBZMBMGByqGSM49AgEGCCqBHM9VAYItA0IABHMWXxhtoCSlKOt9/A4S5OJQxEqX qzXjox3VaC4QkjkwRfUtxlqaX3r+ZHwnwaetv367KIJNyiTaYEvUxROFvTcwCgYI KoEcz1UBg3UDSQAwRgIhAJV27mJY+SHNQdfF+NyEsReD5q8MztMr5tL5A2Oe3XKK AiEAofW8H3r7FtB7yfit8t60/7NIEqSy59VppDOUItiq7lg= -----END CERTIFICATE-----

% Input the private key data, press <Enter> twice after data to finish or press <Enter> without data to ignore: -----BEGIN EC PRIVATE KEY----- MHcCAQEEIKr0NTOsTN3+U3V6C4ihXIKxvcB8+zlvFEekFwYIb04woAoGCCqBHM9V AYItoUQDQgAEcxZfGG2gJKUo6338DhLk4lDESperNeOjHdVoLhCSOTBF9S3GWppf ev5kfCfBp62/frsogk3KJNpgS9TFE4W9Nw== -----END EC PRIVATE KEY-----

% PKI: Import Certificate success.

3、查看证书:

JR-29#show crypto ca certificates Root CA Certificate:   //根证书   

Status: Valid   

Serial Number: 00   

Subject: CN=sm2root   

Issuer : CN=sm2root   

Validity     

Start date: 2014-10-11 06:45:39     

End   date: 2034-10-06 06:45:39   

Key Type: SM2(256 bit)    Usage: Sign   

Fingerprint(sm3):6b27621fef2ed9ced84d8aba1e91d53557efbe1aec582ce56300f3ef54dc5889   

Fingerprint(sha1):210054dd0a4b3813110c4a18dffb162951575d08  

 Associated Identity: gernal       

  index: 7

My Certificate:      //通用证书:设备证书的公钥+私钥   

Status: Valid   

Serial Number: 5438fa04   

Subject: CN=sm2_enc   

Issuer : CN=sm2root   

Validity     

Start date: 2014-10-11 09:36:00     

End   date: 2024-10-08 09:36:00  

 Key Type: SM2(256 bit)   

Usage: General   

Fingerprint(sm3):e69993f0ab5e1427bb8b1083b438b728a7b6342394963e4badca76a266e45a30   

Fingerprint(sha1):62bb496ee7d4575701444b7c16453f1614115ac4   

Associated Identity: gernal        

index: 9

My Certificate:   

Status: Valid   

Serial Number: 5438fa02   

Subject: CN=sm2_sig   

Issuer : CN=sm2root   

Validity      Start date: 2014-10-11 09:35:59      End   date: 2024-10-08 09:35:59   

Key Type: SM2(256 bit)   

Usage: General   

Fingerprint(sm3):9ff3091d12ad208edf63cab29ace4c8abb05304a23fb3b475d3781b2e1d3b47f   

Fingerprint(sha1):f30fff1c6e2a097b71ae674a43ce0e1ff5422034   

Associated Identity: gernal        

index: 11     

Remote Certificate:   //远端证书  远端设备的公钥   

Status: Valid   

Serial Number: 5438fa04   

Subject: CN=sm2_enc   

Issuer : CN=sm2root   

Validity      Start date: 2014-10-11 09:36:00      End   date: 2024-10-08 09:36:00   

Key Type: SM2(256 bit)   

Usage: General   

Fingerprint(sm3):e69993f0ab5e1427bb8b1083b438b728a7b6342394963e4badca76a266e45a30   

Fingerprint(sha1):62bb496ee7d4575701444b7c16453f1614115ac4   

Associated Identity: gernal        

index: 10

4、ipsec配置:

crypto tunnel 4gdx  

local interface fastcellular2/0  

peer address 10.0.4.254  

set peer-id CN=sm2_enc     //证书认证时本地远端ID为所认证证书的名称。

 set local-id CN=sm2_sig

 set authentication sm2-de  //选择单证书认证,即通用证书认证。

 set sec-level basic

 set auto-up

 exit

 crypto policy 4gdx

 flow 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0 ip tunnel 4gdx

 exit  

上端配置:导入根证书以及通用证书[具有签名和加密证书的功能]

上端导入证书的方法与下端一致,不需要导入下端的公钥信息。

crypto tunnel 4gdx

 local address 10.0.4.254

 peer any  set peer-id CN=sm2_sig

 set local-id CN=sm2_enc  

set authentication sm2-de

 set sec-level basic  

exit    

crypto policy 4gdx  

flow 192.168.2.0 255.255.255.0 192.168.1.0 255.255.255.0 ip tunnel 4gdx  set reverse-route  

exit  

以上是关于SM2-DE的主要内容,如果未能解决你的问题,请参考以下文章

VSCode自定义代码片段——CSS选择器

谷歌浏览器调试jsp 引入代码片段,如何调试代码片段中的js

片段和活动之间的核心区别是啥?哪些代码可以写成片段?

VSCode自定义代码片段——.vue文件的模板

VSCode自定义代码片段6——CSS选择器

VSCode自定义代码片段——声明函数