X-Git-Url: http://wagner.pp.ru/gitweb/?a=blobdiff_plain;f=README.gost;h=74c5eb2f55991c667769539b074c2370a1584f67;hb=82d1ac30943cbe9223f024466404e7be720379b6;hp=3a48d9568db125d636571deb2e11cb0ec672dcda;hpb=be94de0b86a7ac68bfe5949e113ad08fd444f374;p=openssl-gost%2Fengine.git diff --git a/README.gost b/README.gost index 3a48d95..74c5eb2 100644 --- a/README.gost +++ b/README.gost @@ -8,14 +8,14 @@ OpenSSL and applications which use it. ALGORITHMS SUPPORTED -GOST R 34.10-94 and GOST R 34.10-2001 - digital signature algorithms. +GOST R 34.10-2001 and GOST R 34.10-2012 - digital signature algorithms. Also support key exchange based on public keys. See RFC 4357 for details of VKO key exchange algorithm. These algorithms use 256 bit private keys. Public keys are 1024 bit for 94 and 512 bit for 2001 (which is elliptic-curve based). Key exchange algorithms (VKO R 34.10) are supported on these keys too. -GOST R 34.11-94 Message digest algorithm. 256-bit hash value +GOST R 34.11-2012 Message digest algorithm. 256- and 512-bit hash values. GOST 28147-89 - Symmetric cipher with 256-bit key. Various modes are defined in the standard, but only CFB and CNT modes are implemented @@ -32,6 +32,8 @@ GOST 28147-89 MAC mode. Message authentication code. While most MAC It is implemented as combination of EVP_PKEY type and EVP_MD type. +GOST R 34.13–2015 - Symmetric cypher Grasshopper ("Kuznechik") + USAGE OF THESE ALGORITHMS This engine is designed to allow usage of this algorithms in the @@ -79,6 +81,12 @@ And section which describes configuration of the engine should contain default_algorithms = ALL CRYPT_PARAMS = id-Gost28147-89-CryptoPro-A-ParamSet +BouncyCastle cryptoprovider has some problems with private key parsing from PrivateKeyInfo, +so if you want to use old private key representation format, which supported by BC, +you must add: + PK_PARAMS = LEGACY_PK_WRAP +to [gost_section] + Where engine_id parameter specifies name of engine (should be "gost"). dynamic_path is a location of the loadable shared library implementing the engine. If the engine is compiled statically or is located in the OpenSSL