Multi-purpose cross-platform cryptography tool for asymmetric/symmetric encryption, digital signature, cipher-based message authentication code (CMAC), hash digest, hash-based message authentication code (HMAC) and PBKDF2 function.
- GM/T 0003-2012 - SM2 Public key algorithm 256-bit.
- GM/T 0004-2012 - SM3 Message digest algorithm. 256-bit hash value.
- GM/T 0002-2012 - SM4 128-bit block cipher with 128-bit key.
- GM/T 0001-2012 - ZUC Zu Chongzhi stream cipher 128/256-bit key.
- GCM: Galois/Counter Mode (AEAD) (default)
- CTR: Counter Mode
- OFB: Output Feedback Mode
- Asymmetric Encryption
- Symmetric Encryption + AEAD mode
- Digital Signature (ECDSA)
- Shared Key Agreement (ECDH)
- Recusive Hash Digest + Check
- CMAC (Cipher-based message authentication code)
- HMAC (Hash-based message authentication code)
- HKDF (HMAC-based key derivation function)
- PBKDF2 (Password-based key derivation function 2)
- TLS 1.2 (Transport Layer Security)
- Shred: Data sanitization method
- Bin to Hex/Hex to Bin string conversion
- Random Art (Public key Fingerprint)
-bits int
Bit-length. (for DERIVE, PBKDF2 and RAND) (default 128)
-check string
Check hashsum file. ('-' for STDIN)
-crypt string
Encrypt/Decrypt with SM4 symmetric block cipher.
-digest string
Target file/wildcard to generate hashsum list. ('-' for STDIN)
-hex string
Encode/Decode [e|d] binary string to hex format and vice-versa.
-hkdf
HMAC-based key derivation function.
-info string
Associated data, additional info. (for HKDF and AEAD encryption)
-iter int
Iterations. (for PBKDF2 and SHRED commands) (default 1)
-iv string
Initialization vector. (for symmetric encryption)
-key string
Private/Public key, Secret key or Password.
-keygen
Generate asymmetric EC-SM2 keypair.
-mac string
Compute Cipher-based/Hash-based message authentication code.
-mode string
Mode of operation: GCM, CTR or OFB. (default "GCM")
-pbkdf2
Password-based key derivation function.
-pkeyutl string
DERIVE shared secret, ENCRYPT/DECRYPT with asymmetric algorithm.
-pub string
Remote's side public key/remote's side public IP/local port.
-rand
Generate random cryptographic key.
-recursive
Process directories recursively.
-salt string
Salt. (for PBKDF2 and HKDF commands)
-shred string
Files/Path/Wildcard to apply data sanitization method.
-sign
Sign with PrivateKey.
-signature string
Input signature. (for verification only)
-tcp string
Encrypted TCP/IP Transfer Protocol. [dump|send|ip|listen|dial]
-verify
Verify with PublicKey.
-version
Print version information.
./gmsmtk -keygen
./gmsmtk -pkeyutl derive_a -key $PrivateKeyB -pub $PublicKeyA [-info RandA;RandB] [-bits 64|128|256] ./gmsmtk -pkeyutl derive_b -key $PrivateKeyA -pub $PublicKeyB [-info RandA;RandB] [-bits 64|128|256]
./gmsmtk -pkeyutl derive -key $PrivateKey -pub $PublicKey [-bits 64|128|256]
./gmsmtk -sign -key $PrivateKey < file.ext > sign.txt sign=$(cat sign.txt) ./gmsmtk -verify -key $PublicKey -signature $sign < file.ext echo $?
./gmsmtk -pkeyutl enc -key $PublicKey < plaintext.ext > ciphertext.ext ./gmsmtk -pkeyutl dec -key $PrivateKey < ciphertext.ext > plaintext.ext
./gmsmtk -crypt enc -key $128bitkey < plaintext.ext > ciphertext.ext ./gmsmtk -crypt dec -key $128bitkey < ciphertext.ext > plaintext.ext
./gmsmtk -mac cmac -key $64bitkey < file.ext ./gmsmtk -mac cmac -key $64bitkey -signature $128bitmac < file.ext
./gmsmtk -crypt eea128 -key $128bitkey < plaintext.ext > ciphertext.ext ./gmsmtk -crypt eea128 -key $128bitkey < ciphertext.ext > plaintext.ext
./gmsmtk -mac eia128 -key $128bitkey < file.ext ./gmsmtk -mac eia128 -key $128bitkey -signature $32bitmac < file.ext
./gmsmtk -digest "*.*" [-recursive]
./gmsmtk -digest - < file.ext
./gmsmtk -mac hmac -key $128bitkey < file.ext ./gmsmtk -mac hmac -key $128bitkey -signature $256bitmac < file.ext
./gmsmtk -pbkdf2 -key "pass" -iter 10000 -salt "salt"
The PBKDF2 function can be combined with the CRYPT and HMAC commands:
./gmsmtk -crypt enc -pbkdf2 -key "pass" < plaintext.ext > ciphertext.ext ./gmsmtk -mac hmac -pbkdf2 -key "pass" -iter 10000 -salt "salt" < file.ext
Prevents data recovery using standard recovery tools.
./gmsmtk -shred "keypair.ini" -iter 25
./gmsmtk -hex enc < File.ext > File.hex ./gmsmtk -hex dec < File.hex > File.ext ./gmsmtk -hex dump < File.ext
./gmsmtk -tcp ip > PublicIP.txt ./gmsmtk -tcp dump [-pub "8081"] > Token.jwt ./gmsmtk -tcp send [-pub "127.0.0.1:8081"] < Token.jwt
./gmsmtk -tcp listen [-pub "8081"] ./gmsmtk -tcp dial [-pub "127.0.0.1:8081"]
./gmsmtk -key $pubkey
This project is licensed under the ISC License.