GithubHelp home page GithubHelp logo

kms_sm's Introduction

kms_sm

CITA-Cloudkms微服务的实现,采用国密签名算法(sm2)和哈希算法(sm3)组合。

编译docker镜像

docker build -t citacloud/kms_sm .

使用方法

$ kms -h
kms 6.4.0
Rivtower Technologies.
This doc string acts as a help message when the user runs '--help' as do all doc strings on fields

USAGE:
    kms <SUBCOMMAND>

OPTIONS:
    -h, --help       Print help information
    -V, --version    Print version information

SUBCOMMANDS:
    help    Print this message or the help of the given subcommand(s)
    run     run this service

kms-run

运行kms服务。

$ kms run -h
kms-run 
run this service

USAGE:
    kms run [OPTIONS]

OPTIONS:
    -c, --config <CONFIG_PATH>    Chain config path [default: config.toml]
    -h, --help                    Print help information
    -l, --log <LOG_FILE>          log config path [default: kms-log4rs.yaml]

参数:

  1. 微服务配置文件。

    参见示例example/config.toml

    其中:

    • kms_port 为该服务监听的端口号。
    • db_key 为加密保存私钥时使用的对称密码。

  2. 日志配置文件。

    参见示例kms-log4rs.yaml

    其中:

    • level 为日志等级。可选项有:ErrorWarnInfoDebugTrace,默认为Info
    • appenders 为输出选项,类型为一个数组。可选项有:标准输出(stdout)和滚动的日志文件(journey-service),默认为同时输出到两个地方。
$ kms run -c example/config.toml -l kms-log4rs.yaml
2022-03-09T14:54:32.552334012+08:00 INFO kms - grpc port of this service: 60005
2022-03-09T14:54:32.598372534+08:00 INFO kms - db path of this service: kms.db
2022-03-09T14:54:32.602300277+08:00 INFO kms::kms - get old config: type is sm
2022-03-09T14:54:32.602648623+08:00 INFO kms::kms - verify config
2022-03-09T14:54:32.602911280+08:00 INFO kms::kms - config check ok!
2022-03-09T14:54:32.603056920+08:00 INFO kms - start grpc server!

设计

密码学算法相关的接口只是对签名算法(sm2)和哈希算法(sm3)的简单封装。

私钥管理部分,类似密码管理软件。

用户配置的db_key为主密钥,将其hash保存在数据库中,用来在启动的时候进行校验。

创建账户生成的私钥使用主密钥进行对称加密(sm4),将密文保存在sqlite数据库中,并将其在数据库中的序号作为key_id返回给用户,用来区分多个账户。

因此,当使用账户私钥,比如签名的时候,需要指定所使用账户的key_id。从sqlite数据库中加载出私钥的密文之后,再使用主密钥解密,得到原始的私钥。

kms_sm's People

Contributors

pencil-yao avatar rink1969 avatar whfuyn avatar jlerxky avatar naughtydogofschrodinger avatar

Watchers

James Cloos avatar avatar

kms_sm's Issues

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.