Enables compliant usage of OpenSSL toolkit within China
[13 September, 2018 — Hong Kong & Newark, US]
Ribose has contributed the SM2, SM3 and SM4 Chinese cryptographic algorithms to the OpenSSL cryptographic library, which are now available for general use as part of OpenSSL’s version 1.1.1 release.
SM2, SM3, SM4 are “commercial cryptography” algorithms, mandated by the State Cryptographic Administration to be used within China, in accordance with the “Regulation on the Administration of Commercial Cryptography” issued by the State Council of the PRC in 1999. The algorithms are widely applied in technologies used within China to enable legal usage of cryptography, including public key infrastructure (PKI), identification and banking cards, Trusted Platform Module, and the OpenPGP and Transport Layer Security protocols.
SM2 is an elliptic curve cryptographic system (ECC) that provides algorithms for public-key encryption, digital signatures, key agreement, and also parameters for the SM2-specific elliptic curve. SM2 was first published in 2010, and standardized as Chinese cryptographic standard GM/T 0003 and GB/T 32918 (5 parts).
SM3 is a cryptographic hash algorithm designed by Prof. Xiaoyun Wang as a counterpart to the NIST SHA-256 algorithm with several strengthening features. SM3 was first published in 2010, and standardized as Chinese cryptographic standard GM/T 0004 and GB/T 32905.
SM4 is a symmetric encryption algorithm designed for data encryption. The Chinese counterpart to AES (Advanced Encryption Standard), it is a 128-bit blockcipher designed for speed and suitability for encryption on low-powered devices. Designed by Prof. Shu-Wang Lu, it was standardized as Chinese cryptographic standard GM/T 0002 and GB/T 32907.
Matt Caswell of OpenSSL said, “The OpenSSL project develops and disseminates open and freely available technology to enable people worldwide to protect their data and communication. By supporting the Chinese cryptographic standards (SM2, SM3 and SM4) we hope to enable broader usage of OpenSSL within China for those industries adopting these national algorithms. We sincerely thank Ribose for their contributions to the OpenSSL project.”
According to Ribose founder Ronald Tse, “Ribose is a staunch supporter of open-source and allowing people to secure their own data — this contribution enables people and organizations operating in China to legally utilize the market-leading cryptographic library, OpenSSL, to protect their information. We appreciate the opportunity to collaborate with the OpenSSL team and commend them for supporting cryptography usage worldwide.”
Ribose is the award-winning developer of asymmetric security™ technologies trusted by industries with heightened cybersecurity needs. Having pioneered the comprehensive approach to verifiable cybersecurity, Ribose is a Deloitte Technology FAST 20 and Red Herring Top 100 Global company, and received the CSA APAC Enterprise Award and several Stevie® Awards for cybersecurity innovations.
Ribose is the only cloud service provider (CSP) triple-assured by the Cloud Security Alliance, the first CSP to receive BSI’s Kitemark for Secure Digital Transactions, and the first to achieve certification to the highest security tiers in NIST CSF and MTCS. It is also certified to ISO 14001, ISO/IEC 20000, ISO 22301, ISO/IEC 27001, ISO/IEC 27017, ISO/IEC 27018 and ISO 45001.
Learn more at: ribose.com.
OpenSSL Software Foundation is the non-profit corporation that maintains the OpenSSL toolkit. The OpenSSL toolkit is the market-leading cryptographic library, and serves as a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. Licensed under an Apache-style license, the OpenSSL toolkit is freely available for most commercial and non-commercial purposes.
Learn more at: openssl.org
Originally published at BusinessWire.