[xmlsec] OpenSSL Gost support
aleksey at aleksey.com
Thu Aug 18 12:05:08 PDT 2011
Yes. You don't need to do X509 certs but you need to define a key to use
with the gost algorithm :)
On 8/18/11 12:03 PM, Dmitry Belyavsky wrote:
> Do you mean smth similar to src/openssl/kt_rsa.c?
> I hope I don't need it using the X509 cert format. Am I wrong?
> On Thu, Aug 18, 2011 at 10:43 PM, Aleksey Sanin<aleksey at aleksey.com> wrote:
>> You also need to implement key type for gost keys. Take a look at how
>> RSA keys are done.
>> On 8/18/11 11:39 AM, Dmitry Belyavsky wrote:
>>> I'm implementing the Russian GOST support to OpenSSL-builded XMLSec. I
>>> have some questions.
>>> 1. The support is expected to be in X.509 format only. I hope that
>>> linking against OpenSSL 1.0 will work good enough after I implement
>>> the necessary transforms. When I run make check, I get the following:
>>> Test: /aleksey-xmldsig-01/enveloped-gost (success)
>>> /home/beldmit/xmlsec1-1.2.18/apps/xmlsec1 check-transforms --crypto
>>> openssl --crypto-config /tmp/xmlsec-crypto-config enveloped-signature
>>> gostr34102001-gostr3411 gostr3411
>>> Transforms "enveloped-signature" found
>>> Transforms "gostr34102001-gostr3411" found
>>> Transforms "gostr3411" found
>>> /home/beldmit/xmlsec1-1.2.18/apps/xmlsec1 check-key-data --crypto
>>> openssl --crypto-config /tmp/xmlsec-crypto-config gost
>>> Error: key data "gost" not found
>>> How can I fix it?
>>> 2. I configure XMLSec with
>>> ./configure --with-openssl=/usr --with-pic=yes --enable-gost
>>> But it seems to use static linking instead of using dynamic. How can I fix
>>> Thank you!
More information about the xmlsec