X-Git-Url: http://www.wagner.pp.ru/gitweb/?a=blobdiff_plain;f=README.gost;h=65544b9170b4ee179ec8ff245ceae7fab5c71c85;hb=HEAD;hp=777f5ab0c561fb8102c7b516fb7426a6d8417fe5;hpb=83e55e6a3b50e0bf5eab2c64b8402709e85f24e8;p=openssl-gost%2Fengine.git diff --git a/README.gost b/README.gost index 777f5ab..65544b9 100644 --- a/README.gost +++ b/README.gost @@ -60,62 +60,6 @@ their own means to load engines. Also, applications which operate with private keys, should use generic EVP_PKEY API instead of using RSA or other algorithm-specific API. -CONFIGURATION FILE - -The very minimal example of the configuration file is provided in this -distribution and named 'example.conf'. - -Configuration file should include following statement in the global -section, i.e. before first bracketed section header (see config(5) for details) - - openssl_conf = openssl_def - -where openssl_def is name of the section in configuration file which -describes global defaults. - -This section should contain following statement: - - [openssl_def] - engines = engine_section - -which points to the section which describes list of the engines to be -loaded. This section should contain: - - [engine_section] - gost = gost_section - -And section which describes configuration of the engine should contain - - [gost_section] - engine_id = gost - dynamic_path = /usr/lib/ssl/engines/libgost.so - default_algorithms = ALL - CRYPT_PARAMS = id-Gost28147-89-CryptoPro-A-ParamSet - -BouncyCastle cryptoprovider has some problems with private key parsing from PrivateKeyInfo, -so if you want to use old private key representation format, which supported by BC, -you must add: - PK_PARAMS = LEGACY_PK_WRAP - -to [gost_section] - -Where engine_id parameter specifies name of engine (should be "gost"). -dynamic_path is a location of the loadable shared library implementing the -engine. If the engine is compiled statically or is located in the OpenSSL -engines directory, this line can be omitted. -default_algorithms parameter specifies that all algorithms, provided by -engine, should be used. - -The CRYPT_PARAMS parameter is engine-specific. It allows the user to choose -between different parameter sets of symmetric cipher algorithm. RFC 4357 -specifies several parameters for the GOST 28147-89 algorithm, but OpenSSL -doesn't provide user interface to choose one when encrypting. So use engine -configuration parameter instead. - -Value of this parameter can be either short name, defined in OpenSSL -obj_dat.h header file or numeric representation of OID, defined in RFC -4357. - USAGE WITH COMMAND LINE openssl UTILITY 1. Generation of private key @@ -126,8 +70,8 @@ USAGE WITH COMMAND LINE openssl UTILITY Use -pkeyopt option to pass paramset to algorithm. The following paramsets are supported by gost2001: 0,A,B,C,XA,XB - gost2012_256: 0,A,B,C,XA,XB - gost2012_512: A,B + gost2012_256: 0,A,B,C,XA,XB,TCA,TCB,TCC,TCD + gost2012_512: A,B,C You can also use numeric representation of OID as to destinate paramset. @@ -208,7 +152,7 @@ Russian clients and RSA/DSA ciphersuites for foreign clients. Calculation of HMAC based on GOST R 34.11-94 - openssl dgst -md_gost94 -mac hmac -macopt key:<32 bytes of key> datafile + openssl dgst -md_gost94 -hmac <32 bytes of key> datafile (or use hexkey if key contain NUL bytes) Calculation of GOST 28147 MAC