GmSSL

GmSSL is an open-source cryptographic library developed by Peking University, offering comprehensive support for Chinese national cryptographic algorithms, standards, and secure communication protocols. It's compatible with major operating systems and processors, including mobile devices, and supports various domestic cryptographic hardware. This document details its features, installation, and usage.

GmSSL

GmSSL is a domestic commercial cryptographic open source library independently developed by Peking University. It achieves comprehensive functional coverage of national cryptographic algorithms, standards and secure communication protocols. It supports mainstream operating systems and processors including mobile terminals, and supports cryptographic keys and passwords. Cards and other typical domestic cryptographic hardware provide feature-rich command line tools and multiple compiled language programming interfaces.

Main features

download

Compile and install

GmSSL 3 uses the cmake build system. After downloading the source code, unzip it, enter the source code directory, and execute:

After make install is completed, GmSSL will install the gmssl command line tool in the default installation directory, create the gmssl directory in the header file directory, and install libgmssl.a, libgmssl.so and other library files in the library directory.

Visual Studio environment compilation

Execute in Visual Studio command prompt:

Main functions

cryptographic algorithm

Certificates and digital envelopes

SSL protocol

Multilingual interface

GmSSL provides a variety of multi-programming language bindings through sub-projects

Support national secret hardware

GmSSL has built-in support for SDF cryptographic hardware (usually a PCI-E interface cryptographic card or server cryptographic machine) and SKF cryptographic hardware (usually a small USB cryptographic key). Tested cryptographic product models include:

Developers can also use GmSSL's sub-project SoftSDF (https://github.com/GmSSL/SoftSDF) to develop software SDF modules with equivalent functions (but without the equivalent security of cryptographic hardware key protection). and testing, and then replace it with hardware SDF during formal deployment.

OpenSSL compatibility

GmSSL version 3.0 rewrote all the code and changed the original API. Therefore, the current GmSSL version is incompatible with OpenSSL, and it is impossible to directly replace OpenSSL with GmSSL for compilation. GmSSL provides the sub-project OpenSSL-Compatibility-Layer (https://github.com/GmSSL/OpenSSL-Compatibility-Layer), which provides the compatibility layer of OpenSSL. Applications such as Nginx can call GmSSL functions through OpenSSL-Compatibility-Layer. After testing, the compatibility layer is currently compatible with versions between Nginx 1.16 ~ 1.25.

Benchmark

The performance test result is the best result among 5 tests under single-core and single-thread without modifying the processor's default configuration. Since the turbo frequency is not turned off or the core and size settings are not configured, this result is usually slightly higher than the average score per core in multi-core and multi-threading.

MacBook Pro 13-inch 2018: 2.7 GHz Quad-Core Intel Core i7, Intel Iris Plus Graphics 655. 8 GB 2133 HMz LPDDR3. macOS Sonoma 14.3.

MacBook Air M2 2022. Apple M2. 16 GB. Sonoma 14.5.

ChangeLog

Since version 3.1.1

developers

Stargazers over time