[xmlsec] OpenSSL Gost support

Dmitry Belyavsky beldmit at gmail.com
Thu Sep 1 13:13:22 PDT 2011


Greetings!

What does the phrase from log

Test: /aleksey-xmldsig-01/enveloped-gost (success)

mean? Has it really been tested? If so, I've just completed my
mission... If not, how can I enable this test for OpenSSL?

Thank you!
On Thu, Aug 18, 2011 at 11:11 PM, Aleksey Sanin <aleksey at aleksey.com> wrote:
> Sorry, I already forgot file names :) You don't need key transport. You need
> actual
> key data implementation: see src/openssl/evp.c
>
> Aleksey
>
>
> On 8/18/11 12:08 PM, Dmitry Belyavsky wrote:
>>
>> Greetings!
>>
>> Sorry, I don't understand. The Gost algorithm is DSA-like, not
>> RSA-like. Why should I implement the rsa-like transport?..
>>
>> Thank you!
>>
>> On Thu, Aug 18, 2011 at 11:05 PM, Aleksey Sanin<aleksey at aleksey.com>
>>  wrote:
>>>
>>> Yes. You don't need to do X509 certs but you need to define a key to use
>>> with the gost algorithm :)
>>>
>>> Aleksey
>>>
>>>
>>> On 8/18/11 12:03 PM, Dmitry Belyavsky wrote:
>>>>
>>>> Greetings!
>>>>
>>>> Do you mean smth similar to src/openssl/kt_rsa.c?
>>>> I hope I don't need it using the X509 cert format. Am I wrong?
>>>>
>>>> On Thu, Aug 18, 2011 at 10:43 PM, Aleksey Sanin<aleksey at aleksey.com>
>>>>  wrote:
>>>>>
>>>>> You also need to implement key type for gost keys. Take a look at how
>>>>> RSA keys are done.
>>>>>
>>>>> Aleksey
>>>>>
>>>>>
>>>>> On 8/18/11 11:39 AM, Dmitry Belyavsky wrote:
>>>>>>
>>>>>> Greetings!
>>>>>>
>>>>>> I'm implementing the Russian GOST support to OpenSSL-builded XMLSec. I
>>>>>> have some questions.
>>>>>>
>>>>>> 1. The support is expected to be in X.509 format only. I hope that
>>>>>> linking against OpenSSL 1.0 will work good enough after I implement
>>>>>> the necessary transforms. When I run make check, I get the following:
>>>>>>
>>>>>>
>>>>>> Test: /aleksey-xmldsig-01/enveloped-gost (success)
>>>>>> /home/beldmit/xmlsec1-1.2.18/apps/xmlsec1 check-transforms  --crypto
>>>>>> openssl --crypto-config /tmp/xmlsec-crypto-config enveloped-signature
>>>>>> gostr34102001-gostr3411 gostr3411
>>>>>> Transforms "enveloped-signature" found
>>>>>> Transforms "gostr34102001-gostr3411" found
>>>>>> Transforms "gostr3411" found
>>>>>> /home/beldmit/xmlsec1-1.2.18/apps/xmlsec1 check-key-data  --crypto
>>>>>> openssl --crypto-config /tmp/xmlsec-crypto-config gost
>>>>>> Error: key data "gost" not found
>>>>>>
>>>>>> How can I fix it?
>>>>>>
>>>>>> 2. I configure XMLSec with
>>>>>>
>>>>>> ./configure --with-openssl=/usr --with-pic=yes --enable-gost
>>>>>> But it seems to use static linking instead of using dynamic. How can I
>>>>>> fix
>>>>>> it?
>>>>>>
>>>>>> Thank you!
>>>>>>
>>>>
>>
>>
>



-- 
SY, Dmitry Belyavsky


More information about the xmlsec mailing list