[xmlsec] OpenSSL Gost support

Dmitry Belyavsky beldmit at gmail.com
Thu Aug 18 12:03:36 PDT 2011


Greetings!

Do you mean smth similar to src/openssl/kt_rsa.c?
I hope I don't need it using the X509 cert format. Am I wrong?

On Thu, Aug 18, 2011 at 10:43 PM, Aleksey Sanin <aleksey at aleksey.com> wrote:
> You also need to implement key type for gost keys. Take a look at how
> RSA keys are done.
>
> Aleksey
>
>
> On 8/18/11 11:39 AM, Dmitry Belyavsky wrote:
>>
>> Greetings!
>>
>> I'm implementing the Russian GOST support to OpenSSL-builded XMLSec. I
>> have some questions.
>>
>> 1. The support is expected to be in X.509 format only. I hope that
>> linking against OpenSSL 1.0 will work good enough after I implement
>> the necessary transforms. When I run make check, I get the following:
>>
>>
>> Test: /aleksey-xmldsig-01/enveloped-gost (success)
>> /home/beldmit/xmlsec1-1.2.18/apps/xmlsec1 check-transforms  --crypto
>> openssl --crypto-config /tmp/xmlsec-crypto-config enveloped-signature
>> gostr34102001-gostr3411 gostr3411
>> Transforms "enveloped-signature" found
>> Transforms "gostr34102001-gostr3411" found
>> Transforms "gostr3411" found
>> /home/beldmit/xmlsec1-1.2.18/apps/xmlsec1 check-key-data  --crypto
>> openssl --crypto-config /tmp/xmlsec-crypto-config gost
>> Error: key data "gost" not found
>>
>> How can I fix it?
>>
>> 2. I configure XMLSec with
>>
>> ./configure --with-openssl=/usr --with-pic=yes --enable-gost
>> But it seems to use static linking instead of using dynamic. How can I fix
>> it?
>>
>> Thank you!
>>
>



-- 
SY, Dmitry Belyavsky


More information about the xmlsec mailing list