GMObjC is an Objective-C open source library based on OpenSSL's national secret (SM2, SM3, SM4) algorithms, suitable for iOS and macOS development. It encapsulates multiple encryption algorithms released by the State Cryptography Administration of China, including:
- SM2: Supports encryption and decryption based on elliptic curves (ECC), key negotiation (ECDH) and signature algorithms.
- SM3: A national secret hash algorithm similar to the SHA series, including SM3 and HMAC.
- SM4: Implements symmetric block encryption algorithms.
For detailed documentation, please visit https://muzipiao.github.io/gmdocs/zh/.
Run the following command in the terminal:
git clone https://github.com/muzipiao/GMObjC.git
cd GMObjC
pod install
open GMObjC.xcworkspace// Generate public and private keys, both of which are in HEX-encoded string format
GMSm2Key *keyPair = [GMSm2Utils generateKey];
// SM2 public key "0408E3FFF9505BCFAF9307E665...695C99DF42424F28E9004CDE4678F63D698"
NSString *pubKey = keyPair.publicKey;
// SM2 private key "90F3A42B9FE24AB196305FD92EC82E647616C3A3694441FB3422E7838E24DEAE"
NSString *priKey = keyPair.privateKey;// Plain text (string type)
NSString *plaintext = @"123456";
// SM2 encryption string type, the result is ASN1 format ciphertext, and encoded in HEX format
NSString *asn1Hex = [GMSm2Utils encryptText:plaintext publicKey:pubKey];
// Decrypt to get the string plain text "123456"
NSString *plaintext = [GMSm2Utils decryptHex:asn1Hex privateKey:priKey];
// ASN1 decoded to C1C3C2 format (HEX encoding format)
NSString *c1c3c2Hex = [GMSm2Utils asn1DecodeToC1C3C2Hex:asn1Hex hasPrefix:NO];
// Ciphertext order C1C3C2 and C1C2C3 can be converted to each other
NSString *c1c2c3Hex = [GMSm2Utils convertC1C3C2HexToC1C2C3:c1c3c2Hex hasPrefix:NO];NSString *plaintext = @"123456";
// When userID is nil or empty, the default is 1234567812345678; when it is not empty, the signature and verification need the same ID
NSString *userID = @"lifei_zdjl@126.com";
// The signature result is a 128-byte Hex string concatenated by RS, the first 64 bytes are R, and the last 64 bytes are S
NSString *signRS = [GMSm2Utils signText:plaintext privateKey:priKey userText:userID];
// Verify the signature, return YES if the verification is successful, otherwise the verification fails
BOOL isOK = [GMSm2Utils verifyText:plaintext signRS:signRS publicKey:pubKey userText:userID];- The client randomly generates a pair of public and private keys clientPubKey and clientPriKey;
- The server randomly generates a pair of public and private keys serverPubKey and serverPriKey;
- Both parties use network requests or other methods to exchange public keys clientPubKey and serverPubKey, and keep the private keys themselves;
- The clientECDH and serverECDH calculated by both parties They should be equal, and this key can be used as the key for symmetric encryption.
// The client client obtains the public key serverPubKey from the server, and the client negotiates a 32-byte symmetric key clientECDH, which is 64 bytes after conversion to Hex
NSString *clientECDH = [GMSm2Utils computeECDH:serverPubKey privateKey:clientPriKey];
// The client client sends the public key clientPubKey to the server, and the server negotiates a 32-byte symmetric key serverECDH, which is 64 bytes after conversion to Hex
NSString *serverECDH = [GMSm2Utils computeECDH:clientPubKey privateKey:serverPriKey];
// In the case of all plaintext transmission, the client and server negotiate an equal symmetric key, and clientECDH==serverECDH holds
if ([clientECDH isEqualToString:serverECDH]) {
NSLog(@"ECDH key negotiation is successful, and the negotiated symmetric key is:\n%@", clientECDH);
}else{
NSLog(@"ECDH Key negotiation failed");
}The SM3 digest algorithm can calculate digests for text and files. The length of the SM3 digest is a 64-byte HEX-encoded format string.
// String input, return hexadecimal digest
NSString *digest = [GMSm3Utils hashWithText:@"Hello, SM3!"];
// SM3 is used to calculate HMAC digest by default, and other algorithms such as MD5, SHA1, SHA224/256/384/512 are also supported
NSString *hmac = [GMSm3Utils hmacWithText:@"Message" keyText:@"SecretKey"];SM4 symmetric encryption is relatively simple and supports two encryption modes: ECB and CBC.
- ECB electronic codebook mode, the ciphertext is divided into blocks of equal length (filled if insufficient), and encrypted block by block.
- CBC ciphertext block chaining mode, the ciphertext of the previous block and the plaintext of the current block are XORed and then encrypted.
// String encryption and decryption, the key length of HEX encoding format is 32 bytes
NSString *sm4KeyHex = @"0123456789abcdef0123456789abcdef";
NSString *plaintext = @"Hello, SM4!";
// ECB encryption. The ciphertext is in HEX encoding format
NSString *ciphertext = [GMSm4Utils encryptTextWithECB:plaintext keyHex:sm4KeyHex];
// Decryption. The decrypted result is "Hello, SM4!"
NSString *decrypted = [GMSm4Utils decryptTextWithECB:ciphertext keyHex:sm4KeyHex];
// CBC mode requires 16 bytes (32 bytes in HEX encoding format) initialization vector (IV)
NSString *ivecHex = @"0123456789abcdef0123456789abcdef";
// Encryption. The ciphertext is in HEX encoding format
NSString *ciphertext = [GMSm4Utils encryptTextWithCBC:plaintext keyHex:sm4KeyHex ivecHex:ivecHex];
// Decryption. The decrypted result is "Hello, SM4!"
NSString *decrypted = [GMSm4Utils decryptTextWithCBC:ciphertext keyHex:sm4KeyHex ivecHex:ivecHex];Warning: Version 4.0.0 has major changes and is incompatible with the API names of 3.x.x. Please pay attention to compilation errors if you need to upgrade.
| GMObjC Version | Supported Architecture | Compatible Platforms | Compatible Versions |
|---|---|---|---|
| 4.0.0 | x86_64 arm64 | iOS OSX | iOS>= iOS 9.0, OSX>=10.13 |
| 3.3.8 | x86_64 arm64 | iOS | >= iOS 9.0 |
GMObjC is released under the MIT license, see LICENSE for details.