1 Building and Installation
2 =========================
7 To build and install OpenSSL GOST Engine, you will need
11 * CMake (2.8 or newer)
13 Here is a quick build guide:
20 You will find built binaries in `../bin` directory.
22 If you want to build against a specific OpenSSL instance (you will need it
23 if you have more than one OpenSSL instance for example), you can use
24 the `cmake` variable `CMAKE_C_FLAGS` to specify path to include files and
25 shared libraries of the desirable OpenSSL instance
27 $ cmake -DCMAKE_C_FLAGS='-I/PATH/TO/OPENSSL/include -L/PATH/TO/OPENSSL/lib' ..
32 For now OpenSSL GOST Engine does not have an installation script, so you have to
35 Copy `gostsum` and `gost12sum` binaries to your binary directory. For example
39 # cp gostsum gost12sum /usr/local/bin
41 Then, if you like to install man files properly, you can do it as follows:
44 # mkdir -p /usr/local/man/man1
45 # cp gost12sum.1 gostsum.1 /usr/local/man/man1
47 The engine library `gost.so` should be installed into OpenSSL engine directory.
48 Use the following command to get its name:
51 ENGINESDIR: "/usr/lib/i386-linux-gnu/engines-1.1"
53 Then simply copy `gost.so` there
55 # cp bin/gost.so /usr/lib/i386-linux-gnu/engines-1.1
58 Finally, to start using GOST Engine through OpenSSL, you should edit
59 `openssl.cnf` configuration file as specified below.
65 The very minimal example of the configuration file is provided in this
66 distribution and named `example.conf`.
68 Configuration file should include following statement in the global
69 section, i.e. before first bracketed section header (see config(5) for details)
71 openssl_conf = openssl_def
73 where `openssl_def` is name of the section in configuration file which
74 describes global defaults.
76 This section should contain following statement:
79 engines = engine_section
81 which points to the section which describes list of the engines to be
82 loaded. This section should contain:
87 And section which describes configuration of the engine should contain
91 dynamic_path = /usr/lib/ssl/engines/libgost.so
92 default_algorithms = ALL
93 CRYPT_PARAMS = id-Gost28147-89-CryptoPro-A-ParamSet
95 BouncyCastle cryptoprovider has some problems with private key parsing from
96 PrivateKeyInfo, so if you want to use old private key representation format,
97 which supported by BC, you must add:
99 PK_PARAMS = LEGACY_PK_WRAP
103 Where `engine_id` parameter specifies name of engine (should be `gost`).
105 `dynamic_path is` a location of the loadable shared library implementing the
106 engine. If the engine is compiled statically or is located in the OpenSSL
107 engines directory, this line can be omitted.
109 `default_algorithms` parameter specifies that all algorithms, provided by
110 engine, should be used.
112 The `CRYPT_PARAMS` parameter is engine-specific. It allows the user to choose
113 between different parameter sets of symmetric cipher algorithm. [RFC 4357][1]
114 specifies several parameters for the GOST 28147-89 algorithm, but OpenSSL
115 doesn't provide user interface to choose one when encrypting. So use engine
116 configuration parameter instead.
118 Value of this parameter can be either short name, defined in OpenSSL
119 `obj_dat.h` header file or numeric representation of OID, defined in
122 [1]:https://tools.ietf.org/html/rfc4357 "RFC 4357"