[xmlsec] xmlsec, openssl , gost
Aleksey Sanin
aleksey at aleksey.com
Tue Apr 6 08:41:32 PDT 2010
I believe that today GOST only supported on Windows through mscrypto.
To add GOST support for openssl, you will need to implement GOST keys
and encryption/decryption support. It should be straightforward
copy/paste/replace from, for example, RSA keys/encryption
implementation.
Hint: I love patches :)
Aleksey
On 4/5/2010 11:52 PM, waterfall at inbox.ru wrote:
> *--- Исходное сообщение ---*
>
> *От:* "waterfall at evol.ru" <waterfall at evol.ru>
>
> *Отправлено:* 06.04.2010 01:23:14
>
> *Тема:* xmlsec, openssl , gost
>
> 1. i install openssl 1.0 (use ./config shared ), xmlsec 1.2.4 (use
> ./configure --enable-gost --with-openssl="/usr/local/ssl") in slax
>
> 2. generate key : openssl genpkey -algorithm gost2001 -pkeyopt
> paramset:A -out seckey.pem
>
> *sign1-tmpl-rus.xml (from test)*
>
> * *
>
> *<?xml version="1.0" encoding="UTF-8"?>*
>
> *<!-- *
>
> *XML Security Library example: Simple signature template file for sign1
> example. *
>
> *-->*
>
> *<Envelope xmlns="urn:envelope">*
>
> * <Data>*
>
> *Hello, World!*
>
> * </Data>*
>
> * <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">*
>
> * <SignedInfo>*
>
> * <CanonicalizationMethod
> Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />*
>
> * <SignatureMethod
> Algorithm="http://www.w3.org/2001/04/xmldsig-more#gostr34102001-gostr3411"/>*
>
> * <Reference URI="">*
>
> * <Transforms>*
>
> * <Transform
> Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />*
>
> *<Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">*
>
> *<XPath
> xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">not(ancestor-or-self::dsig:Signature)</XPath>*
>
> *</Transform>*
>
> * </Transforms>*
>
> * <DigestMethod
> Algorithm="http://www.w3.org/2001/04/xmldsig-more#gostr3411"/>*
>
> * <DigestValue></DigestValue>*
>
> * </Reference>*
>
> * </SignedInfo>*
>
> * <SignatureValue/>*
>
> * <KeyInfo>*
>
> *<X509Data>*
>
> *<X509Certificate></X509Certificate>*
>
> *</X509Data>*
>
> *</KeyInfo>*
>
> *</Signature>*
>
> *</Envelope>*
>
> * *
>
> sign1 - one of examples (by default it use openssl engine)
>
> command ./sign1 sign1-tmpl-rus.xml seckey.pem
>
> get this
>
> func=xmlSecOpenSSLEvpKeyAdopt:file=evp.c:line=241:obj=unknown:subj=unknown:error=14:invalid
> type:evp key type 811 not supported
>
> func=xmlSecOpenSSLAppKeyLoadBIO:file=app.c:line=333:obj=unknown:subj=xmlSecOpenSSLEvpKeyAdopt:error=1:xmlsec
> library function failed:
>
> func=xmlSecOpenSSLAppKeyLoad:file=app.c:line=143:obj=unknown:subj=xmlSecOpenSSLAppKeyLoadBIO:error=1:xmlsec
> library function failed:filename=seckey.pem;errno=0
>
> Error: failed to load private pem key from "seckey.pem"
>
> what should I do?:)
>
>
>
> _______________________________________________
> xmlsec mailing list
> xmlsec at aleksey.com
> http://www.aleksey.com/mailman/listinfo/xmlsec
More information about the xmlsec
mailing list