Re: [openssl-users] Re: create certificate request programmatically using OpenSSL API

Mon, 30 Jul 2012 02:17:49 -0700

GOST is not a block cipher, it's the acronym for "GOsudarstvennyi STandard", which means "State Standard". It's not dedicated to cryptography.
Speaking of GOST standard is redundant, but clearer for non russian locutors. 


There's a block cipher (poorly) defined as a GOST standard, referenced 
"GOST 28147-89". Attempts to be adopted as an ISO standard have failed. 
The S-Box to use is not defined in the standard, whence 2 compliant 
implementations can be non interoperable.



There's also a hash algorithm defined as a GOST standard, referenced 
"GOST R 34.11-94" or "GOST 34.311-95", using GOST 28147-89 inside. "GOST 
R 34.11-94" in itself is also useless because of the lack of S-Box 
standard. The RFC 4357 defines 2 S-Boxes.



And finally there's a digital signature defined as a GOST standard, 
referenced "GOST R 34.10-94" and superseded by "GOST R 34.10-2001" 
(RFC5832), consider it similar to ECDSA. It uses "GOST R 34.11-94" to 
hash data (just as {EC}DSA uses SHA{1,2*}).


--
Erwann ABALEA

Le 28/07/2012 21:31, Jeffrey Walton a écrit :

On Fri, Jul 27, 2012 at 9:00 AM, Abyss Lingvo <xidex...@yahoo.com> wrote:

Hi all!

The last problem is how to create GOST key pair for certificate.
It is clear how to create RSA keys.
Sample is here : http://www.openssl.org/docs/crypto/EVP_PKEY_keygen.html

  #include <openssl/evp.h>
  #include <openssl/rsa.h>
  EVP_PKEY_CTX *ctx;
  EVP_PKEY *pkey = NULL;
  ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL);
  if (!ctx)
         /* Error occurred */
  if (EVP_PKEY_keygen_init(ctx) <= 0)
         /* Error */
  if (EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 2048) <= 0)
         /* Error */
  /* Generate key */
  if (EVP_PKEY_keygen(ctx, &pkey) <= 0)
                                   /* Error */

Unfortunately there is no EVP_PKEY_GOST constant and I can't create EVP_PKEY
containing GOST key pair.

Does anybody know how to create GOST key pair?

GOST is a block cipher. It uses a symmetric key, not public/private keys.

Jeff
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

























					Reply via email to