1 Building and Installation
2 =========================
7 To build and install OpenSSL GOST Engine, you will need
11 * CMake (2.8 or newer)
13 Here is a quick build guide:
20 You will find built binaries in `../bin` directory.
22 If you want to build against a specific OpenSSL instance (you will need it
23 if you have more than one OpenSSL instance for example), you can use
24 the `cmake` variable `CMAKE_C_FLAGS` to specify path to include files and
25 shared libraries of the desirable OpenSSL instance
27 $ cmake -DCMAKE_C_FLAGS='-I/PATH/TO/OPENSSL/include -L/PATH/TO/OPENSSL/lib' ..
29 If you use Visual Studio, see READMEWIN.txt for details.
34 For now OpenSSL GOST Engine does not have an installation script, so you have to
37 Copy `gostsum` and `gost12sum` binaries to your binary directory. For example
41 # cp gostsum gost12sum /usr/local/bin
43 Then, if you like to install man files properly, you can do it as follows:
46 # mkdir -p /usr/local/man/man1
47 # cp gost12sum.1 gostsum.1 /usr/local/man/man1
49 The engine library `gost.so` should be installed into OpenSSL engine directory.
50 Use the following command to get its name:
53 ENGINESDIR: "/usr/lib/i386-linux-gnu/engines-1.1"
55 Then simply copy `gost.so` there
57 # cp bin/gost.so /usr/lib/i386-linux-gnu/engines-1.1
60 Finally, to start using GOST Engine through OpenSSL, you should edit
61 `openssl.cnf` configuration file as specified below.
67 The very minimal example of the configuration file is provided in this
68 distribution and named `example.conf`.
70 Configuration file should include following statement in the global
71 section, i.e. before first bracketed section header (see config(5) for details)
73 openssl_conf = openssl_def
75 where `openssl_def` is name of the section in configuration file which
76 describes global defaults.
78 This section should contain following statement:
81 engines = engine_section
83 which points to the section which describes list of the engines to be
84 loaded. This section should contain:
89 And section which describes configuration of the engine should contain
93 dynamic_path = /usr/lib/ssl/engines/libgost.so
94 default_algorithms = ALL
95 CRYPT_PARAMS = id-Gost28147-89-CryptoPro-A-ParamSet
97 BouncyCastle cryptoprovider has some problems with private key parsing from
98 PrivateKeyInfo, so if you want to use old private key representation format,
99 which supported by BC, you must add:
101 PK_PARAMS = LEGACY_PK_WRAP
105 Where `engine_id` parameter specifies name of engine (should be `gost`).
107 `dynamic_path is` a location of the loadable shared library implementing the
108 engine. If the engine is compiled statically or is located in the OpenSSL
109 engines directory, this line can be omitted.
111 `default_algorithms` parameter specifies that all algorithms, provided by
112 engine, should be used.
114 The `CRYPT_PARAMS` parameter is engine-specific. It allows the user to choose
115 between different parameter sets of symmetric cipher algorithm. [RFC 4357][1]
116 specifies several parameters for the GOST 28147-89 algorithm, but OpenSSL
117 doesn't provide user interface to choose one when encrypting. So use engine
118 configuration parameter instead.
120 Value of this parameter can be either short name, defined in OpenSSL
121 `obj_dat.h` header file or numeric representation of OID, defined in
124 [1]:https://tools.ietf.org/html/rfc4357 "RFC 4357"