The parameter after colon is not a file name but a name of parameter set
or OID
For signing keys name can be 'A', 'B', 'C'/
openssl req -newkey gost2001:A
The recommended way to generate GOST requests is to use two commands
openssl genpkey -algorithm gost2001 -pkeyopt paramset:A -out mykey.p8
openssk req -new -key mykey.p8 -out mykey.req
Hi,
I'm playing with openssl 0.9.9 with a GOST engine.
Does anybody know, how to get more info about commmand line options for
openssl req
and
openssl
if one wants to use them with GOST engine to generate and use asymmetric GOST-94 or GOST-2001 keys?
First I tried the req command as proposed here: http://www.cryptocom.ru/OpenSource/readme.html
req -newkey gost94: -keyout mykey.p8 -out mykey.req
They claim that you need no parameters, so you should leave an empty string after the colon
But the shell seems to expect a file name (of a file containing parameters)
after the colon.
OpenSSL req -newkey gost94: -keyout mykey.p8 -out mykey.req
Can't open parameter file
10925:error:02001002:system library:fopen:No such file or directory:bss_file.c:1
22:fopen('','r')
10925:error:2006D080:BIO routines:BIO_new_file:no such file:bss_file.c:125:
error in req
OpenSSL
The command req -newkey gost94: -keyout mykey.p8 -out mykey.req does not work either. is taken for a file name.
When I put there the name of an existing file, things became bizarr:
OpenSSL req -newkey gost94:parameters.txt -keyout mykey.p8 -out mykey.req
Error reading parameter file parameters.txt
10925:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:687:Expec
ting: PARAMETERS
10925:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:687:Expec
ting: CERTIFICATE
error in req
OpenSSL
If you do not type a colon at all, you still don't get your key:
OpenSSL req -newkey gost94 -keyout mykey.p8 -out mykey.req
Generating a 1024 bit GOST94 private key
Error Generating Key
10925:error:8007106B:lib(128):PKEY_GOST94_KEYGEN:no parameters set:gost_pmeth.c:
274:
error in req
OpenSSL
Although it was said on the cited page that there are no parameters needed, the shell complains about not having any. Is it a bug?
Thanks for help.
André Ziermann
Senior Solution Engineer
SECUDE IT Security GmbH
Goebelstrasse 21
64293 Darmstadt / Germany
Tel. : +49 (0)6151 82897 21
Fax : +49 (0)6151 82897 26
Mobile : +49 (0) 170 987 81 73
[EMAIL PROTECTED]
www.secude.com
Handelsregister Darmstadt: HRB 9081
Geschäftsführer: Dr. Heiner Kromer
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]