How to generate and use asymmetric GOST keys?

2007-07-31 Thread André Ziermann 
Hi,
 
I'm playing with openssl 0.9.9 with a GOST engine.
Does anybody know, how to get more info about commmand line options for 
openssl req 
and
openssl 
if one wants to use them with GOST engine to generate and use asymmetric 
GOST-94 or GOST-2001 keys?
 
First I tried the req command as proposed here: 
http://www.cryptocom.ru/OpenSource/readme.html
 
req -newkey gost94: -keyout mykey.p8 -out mykey.req
 
They claim that you need no parameters, so you should leave an empty string 
after the colon
But the shell seems to expect a file name (of a file containing 
parameters) after the colon.
 
OpenSSL req -newkey gost94: -keyout mykey.p8 -out mykey.req
Can't open parameter file
10925:error:02001002:system library:fopen:No such file or directory:bss_file.c:1
22:fopen('','r')
10925:error:2006D080:BIO routines:BIO_new_file:no such file:bss_file.c:125:
error in req
OpenSSL
 
The command req -newkey gost94:   -keyout mykey.p8 -out mykey.req does not 
work either.  is taken for a file name.
 
When I put there the name of an existing file, things became bizarr:
 
OpenSSL req -newkey gost94:parameters.txt  -keyout mykey.p8 -out mykey.req
Error reading parameter file parameters.txt
10925:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:687:Expec
ting: PARAMETERS
10925:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:687:Expec
ting: CERTIFICATE
error in req
OpenSSL
 
If you do not type a colon at all, you still don't get your key:
 
OpenSSL req -newkey gost94 -keyout mykey.p8 -out mykey.req
Generating a 1024 bit GOST94 private key
Error Generating Key
10925:error:8007106B:lib(128):PKEY_GOST94_KEYGEN:no parameters set:gost_pmeth.c:
274:
error in req
OpenSSL
 
Although it was said on the cited page that there are no parameters needed, the 
shell complains about not having any. Is it a bug?
Thanks for help.
 
André Ziermann
Senior Solution Engineer

SECUDE IT Security GmbH
Goebelstrasse 21
64293 Darmstadt / Germany

Tel. : +49 (0)6151 82897 21
Fax : +49 (0)6151 82897 26
Mobile : +49 (0) 170 987 81 73
[EMAIL PROTECTED]
www.secude.com



Handelsregister Darmstadt: HRB 9081
Geschäftsführer: Dr. Heiner Kromer 
 


smime.p7s
Description: S/MIME Cryptographic Signature

Re: How to generate and use asymmetric GOST keys?

2007-07-31 Thread Кольцов Андрей 
The parameter after colon is not a file name but a name of parameter set 
or OID

For signing keys name can be 'A', 'B', 'C'/

openssl req -newkey gost2001:A


The recommended way to generate GOST requests is to use two commands

openssl genpkey -algorithm gost2001 -pkeyopt paramset:A -out mykey.p8
openssk req -new -key mykey.p8 -out mykey.req





Hi,
 
I'm playing with openssl 0.9.9 with a GOST engine.
Does anybody know, how to get more info about commmand line options for 
openssl req 
and
openssl 
if one wants to use them with GOST engine to generate and use asymmetric GOST-94 or GOST-2001 keys?
 
First I tried the req command as proposed here: http://www.cryptocom.ru/OpenSource/readme.html
 
req -newkey gost94: -keyout mykey.p8 -out mykey.req
 
They claim that you need no parameters, so you should leave an empty string after the colon

But the shell seems to expect a file name (of a file containing parameters) 
after the colon.
 
OpenSSL req -newkey gost94: -keyout mykey.p8 -out mykey.req

Can't open parameter file
10925:error:02001002:system library:fopen:No such file or directory:bss_file.c:1
22:fopen('','r')
10925:error:2006D080:BIO routines:BIO_new_file:no such file:bss_file.c:125:
error in req
OpenSSL
 
The command req -newkey gost94:   -keyout mykey.p8 -out mykey.req does not work either.  is taken for a file name.
 
When I put there the name of an existing file, things became bizarr:
 
OpenSSL req -newkey gost94:parameters.txt  -keyout mykey.p8 -out mykey.req

Error reading parameter file parameters.txt
10925:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:687:Expec
ting: PARAMETERS
10925:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:687:Expec
ting: CERTIFICATE
error in req
OpenSSL
 
If you do not type a colon at all, you still don't get your key:
 
OpenSSL req -newkey gost94 -keyout mykey.p8 -out mykey.req

Generating a 1024 bit GOST94 private key
Error Generating Key
10925:error:8007106B:lib(128):PKEY_GOST94_KEYGEN:no parameters set:gost_pmeth.c:
274:
error in req
OpenSSL
 
Although it was said on the cited page that there are no parameters needed, the shell complains about not having any. Is it a bug?

Thanks for help.
 
André Ziermann

Senior Solution Engineer

SECUDE IT Security GmbH
Goebelstrasse 21
64293 Darmstadt / Germany

Tel. : +49 (0)6151 82897 21
Fax : +49 (0)6151 82897 26
Mobile : +49 (0) 170 987 81 73
[EMAIL PROTECTED]
www.secude.com



Handelsregister Darmstadt: HRB 9081
Geschäftsführer: Dr. Heiner Kromer 
 

  

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]