Hello Sergei, thanks for the really extensive answer - I know that the development was not that "coordinated" and some things were done while moving too fast but please lets just stop to discuss about the past.
I will turn my question the other way round - would it be sufficient for your use cases if we support the "official" openssl GOST engine, namely allow certificates with the gost94 and gost2001 algorithms? I started playing a bit with the GOST stuff and as fas as I can see, it would be just a matter of setting the gost engine property and use some algorithm specific parameters - that would be no problem. If you require deeper support, I would consider to clone the current OpenSSL/RSA based backend to a second instance and invite your team to implement the GOST stuff based on a common API. We are on a good way to get back to that API based approach and removed a lot of the "direct crypto hacks" from the past, so that should also work out. Oliver -- Protect your environment - close windows and adopt a penguin!
smime.p7s
Description: S/MIME Cryptographic Signature
------------------------------------------------------------------------------ Open source business process management suite built on Java and Eclipse Turn processes into business applications with Bonita BPM Community Edition Quickly connect people, data, and systems into organized workflows Winner of BOSSIE, CODIE, OW2 and Gartner awards http://p.sf.net/sfu/Bonitasoft
_______________________________________________ OpenXPKI-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-devel
