I believe that today GOST only supported on Windows through mscrypto.

To add GOST support for openssl, you will need to implement GOST keys
and encryption/decryption support. It should be straightforward
copy/paste/replace from, for example, RSA keys/encryption
implementation.

Hint: I love patches :)

Aleksey


On 4/5/2010 11:52 PM, [email protected] wrote:
*--- Исходное сообщение ---*

*От:* "[email protected]" <[email protected]>

*Отправлено:* 06.04.2010 01:23:14

*Тема:* xmlsec, openssl , gost

1. i install openssl 1.0 (use ./config shared ), xmlsec 1.2.4 (use
./configure --enable-gost --with-openssl="/usr/local/ssl") in slax

2. generate key : openssl genpkey -algorithm gost2001 -pkeyopt
paramset:A -out seckey.pem

*sign1-tmpl-rus.xml (from test)*

* *

*<?xml version="1.0" encoding="UTF-8"?>*

*<!-- *

*XML Security Library example: Simple signature template file for sign1
example. *

*-->*

*<Envelope xmlns="urn:envelope">*

* <Data>*

*Hello, World!*

* </Data>*

* <Signature xmlns="http://www.w3.org/2000/09/xmldsig#";>*

* <SignedInfo>*

* <CanonicalizationMethod
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"; />*

* <SignatureMethod
Algorithm="http://www.w3.org/2001/04/xmldsig-more#gostr34102001-gostr3411"/>*

* <Reference URI="">*

* <Transforms>*

* <Transform
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"; />*

*<Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116";>*

*<XPath
xmlns:dsig="http://www.w3.org/2000/09/xmldsig#";>not(ancestor-or-self::dsig:Signature)</XPath>*

*</Transform>*

* </Transforms>*

* <DigestMethod
Algorithm="http://www.w3.org/2001/04/xmldsig-more#gostr3411"/>*

* <DigestValue></DigestValue>*

* </Reference>*

* </SignedInfo>*

* <SignatureValue/>*

* <KeyInfo>*

*<X509Data>*

*<X509Certificate></X509Certificate>*

*</X509Data>*

*</KeyInfo>*

*</Signature>*

*</Envelope>*

* *

sign1 - one of examples (by default it use openssl engine)

command ./sign1 sign1-tmpl-rus.xml seckey.pem

get this

func=xmlSecOpenSSLEvpKeyAdopt:file=evp.c:line=241:obj=unknown:subj=unknown:error=14:invalid
type:evp key type 811 not supported

func=xmlSecOpenSSLAppKeyLoadBIO:file=app.c:line=333:obj=unknown:subj=xmlSecOpenSSLEvpKeyAdopt:error=1:xmlsec
library function failed:

func=xmlSecOpenSSLAppKeyLoad:file=app.c:line=143:obj=unknown:subj=xmlSecOpenSSLAppKeyLoadBIO:error=1:xmlsec
library function failed:filename=seckey.pem;errno=0

Error: failed to load private pem key from "seckey.pem"

what should I do?:)



_______________________________________________
xmlsec mailing list
[email protected]
http://www.aleksey.com/mailman/listinfo/xmlsec
_______________________________________________
xmlsec mailing list
[email protected]
http://www.aleksey.com/mailman/listinfo/xmlsec

Reply via email to