[xmlsec] OpenSSL Gost support
Aleksey Sanin
aleksey at aleksey.com
Thu Sep 1 13:55:06 PDT 2011
There is GOST implementation for MS Crypto.
Aleksey
On 9/1/11 1:13 PM, Dmitry Belyavsky wrote:
> Greetings!
>
> What does the phrase from log
>
> Test: /aleksey-xmldsig-01/enveloped-gost (success)
>
> mean? Has it really been tested? If so, I've just completed my
> mission... If not, how can I enable this test for OpenSSL?
>
> Thank you!
> On Thu, Aug 18, 2011 at 11:11 PM, Aleksey Sanin<aleksey at aleksey.com> wrote:
>> Sorry, I already forgot file names :) You don't need key transport. You need
>> actual
>> key data implementation: see src/openssl/evp.c
>>
>> Aleksey
>>
>>
>> On 8/18/11 12:08 PM, Dmitry Belyavsky wrote:
>>> Greetings!
>>>
>>> Sorry, I don't understand. The Gost algorithm is DSA-like, not
>>> RSA-like. Why should I implement the rsa-like transport?..
>>>
>>> Thank you!
>>>
>>> On Thu, Aug 18, 2011 at 11:05 PM, Aleksey Sanin<aleksey at aleksey.com>
>>> wrote:
>>>> Yes. You don't need to do X509 certs but you need to define a key to use
>>>> with the gost algorithm :)
>>>>
>>>> Aleksey
>>>>
>>>>
>>>> On 8/18/11 12:03 PM, Dmitry Belyavsky wrote:
>>>>> Greetings!
>>>>>
>>>>> Do you mean smth similar to src/openssl/kt_rsa.c?
>>>>> I hope I don't need it using the X509 cert format. Am I wrong?
>>>>>
>>>>> On Thu, Aug 18, 2011 at 10:43 PM, Aleksey Sanin<aleksey at aleksey.com>
>>>>> wrote:
>>>>>> You also need to implement key type for gost keys. Take a look at how
>>>>>> RSA keys are done.
>>>>>>
>>>>>> Aleksey
>>>>>>
>>>>>>
>>>>>> On 8/18/11 11:39 AM, Dmitry Belyavsky wrote:
>>>>>>> Greetings!
>>>>>>>
>>>>>>> I'm implementing the Russian GOST support to OpenSSL-builded XMLSec. I
>>>>>>> have some questions.
>>>>>>>
>>>>>>> 1. The support is expected to be in X.509 format only. I hope that
>>>>>>> linking against OpenSSL 1.0 will work good enough after I implement
>>>>>>> the necessary transforms. When I run make check, I get the following:
>>>>>>>
>>>>>>>
>>>>>>> Test: /aleksey-xmldsig-01/enveloped-gost (success)
>>>>>>> /home/beldmit/xmlsec1-1.2.18/apps/xmlsec1 check-transforms --crypto
>>>>>>> openssl --crypto-config /tmp/xmlsec-crypto-config enveloped-signature
>>>>>>> gostr34102001-gostr3411 gostr3411
>>>>>>> Transforms "enveloped-signature" found
>>>>>>> Transforms "gostr34102001-gostr3411" found
>>>>>>> Transforms "gostr3411" found
>>>>>>> /home/beldmit/xmlsec1-1.2.18/apps/xmlsec1 check-key-data --crypto
>>>>>>> openssl --crypto-config /tmp/xmlsec-crypto-config gost
>>>>>>> Error: key data "gost" not found
>>>>>>>
>>>>>>> How can I fix it?
>>>>>>>
>>>>>>> 2. I configure XMLSec with
>>>>>>>
>>>>>>> ./configure --with-openssl=/usr --with-pic=yes --enable-gost
>>>>>>> But it seems to use static linking instead of using dynamic. How can I
>>>>>>> fix
>>>>>>> it?
>>>>>>>
>>>>>>> Thank you!
>>>>>>>
>>>
>
>
More information about the xmlsec
mailing list