X-Git-Url: http://wagner.pp.ru/gitweb/?a=blobdiff_plain;f=README.gost;h=3579665ba23fbfae128adb49beead98c7697eb18;hb=929a0c5b77fc8a5d2094790ad3c81da463ed0df3;hp=c6b9b314bd2b84e412de7691a57ee58106c93e3b;hpb=e82ffccee43ac1e07c5b74c6a00c71705d7e319a;p=openssl-gost%2Fengine.git diff --git a/README.gost b/README.gost index c6b9b31..3579665 100644 --- a/README.gost +++ b/README.gost @@ -14,7 +14,7 @@ via high-level libopenssl calls. OpenSSL GOST Engine also includes 'gostsum' and 'gost12sum' command line tools for generating and checking GOST R34.11-94 and GOST R34.11-2012 hashsums. -They have the same purposes and behavior as well known sha1sum and md5sum +They have the same purposes and behavior as the well-known sha1sum and md5sum utilities. These utilities can be used independently from OpenSSL. ALGORITHMS SUPPORTED @@ -60,62 +60,6 @@ their own means to load engines. Also, applications which operate with private keys, should use generic EVP_PKEY API instead of using RSA or other algorithm-specific API. -CONFIGURATION FILE - -The very minimal example of the configuration file is provided in this -distribution and named 'example.conf'. - -Configuration file should include following statement in the global -section, i.e. before first bracketed section header (see config(5) for details) - - openssl_conf = openssl_def - -where openssl_def is name of the section in configuration file which -describes global defaults. - -This section should contain following statement: - - [openssl_def] - engines = engine_section - -which points to the section which describes list of the engines to be -loaded. This section should contain: - - [engine_section] - gost = gost_section - -And section which describes configuration of the engine should contain - - [gost_section] - engine_id = gost - dynamic_path = /usr/lib/ssl/engines/libgost.so - default_algorithms = ALL - CRYPT_PARAMS = id-Gost28147-89-CryptoPro-A-ParamSet - -BouncyCastle cryptoprovider has some problems with private key parsing from PrivateKeyInfo, -so if you want to use old private key representation format, which supported by BC, -you must add: - PK_PARAMS = LEGACY_PK_WRAP - -to [gost_section] - -Where engine_id parameter specifies name of engine (should be "gost"). -dynamic_path is a location of the loadable shared library implementing the -engine. If the engine is compiled statically or is located in the OpenSSL -engines directory, this line can be omitted. -default_algorithms parameter specifies that all algorithms, provided by -engine, should be used. - -The CRYPT_PARAMS parameter is engine-specific. It allows the user to choose -between different parameter sets of symmetric cipher algorithm. RFC 4357 -specifies several parameters for the GOST 28147-89 algorithm, but OpenSSL -doesn't provide user interface to choose one when encrypting. So use engine -configuration parameter instead. - -Value of this parameter can be either short name, defined in OpenSSL -obj_dat.h header file or numeric representation of OID, defined in RFC -4357. - USAGE WITH COMMAND LINE openssl UTILITY 1. Generation of private key @@ -126,8 +70,8 @@ USAGE WITH COMMAND LINE openssl UTILITY Use -pkeyopt option to pass paramset to algorithm. The following paramsets are supported by gost2001: 0,A,B,C,XA,XB - gost2012_256: 0,A,B,C,XA,XB - gost2012_512: A,B + gost2012_256: 0,A,B,C,XA,XB,TCA,TCB,TCC,TCD + gost2012_512: A,B,C You can also use numeric representation of OID as to destinate paramset.