How to generate and use asymmetric GOST keys?

Tue, 31 Jul 2007 10:07:02 -0700 

Hi,
 
I'm playing with openssl 0.9.9 with a GOST engine.
Does anybody know, how to get more info about commmand line options for 
openssl> req 
and
openssl> 
if one wants to use them with GOST engine to generate and use asymmetric 
GOST-94 or GOST-2001 keys?
 
First I tried the req command as proposed here: 
http://www.cryptocom.ru/OpenSource/readme.html
 
"req -newkey gost94: -keyout mykey.p8 -out mykey.req"
 
They claim that you need no parameters, so you should leave "an empty string 
after the colon"
But the shell seems to expect a file name (of a file containing 
parameters) after the colon.
 
OpenSSL> req -newkey gost94: -keyout mykey.p8 -out mykey.req
Can't open parameter file
10925:error:02001002:system library:fopen:No such file or directory:bss_file.c:1
22:fopen('','r')
10925:error:2006D080:BIO routines:BIO_new_file:no such file:bss_file.c:125:
error in req
OpenSSL>
 
The command "req -newkey gost94:""   -keyout mykey.p8 -out mykey.req" does not 
work either. "" is taken for a file name.
 
When I put there the name of an existing file, things became bizarr:
 
OpenSSL> req -newkey gost94:parameters.txt  -keyout mykey.p8 -out mykey.req
Error reading parameter file parameters.txt
10925:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:687:Expec
ting: PARAMETERS
10925:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:687:Expec
ting: CERTIFICATE
error in req
OpenSSL>
 
If you do not type a colon at all, you still don't get your key:
 
OpenSSL> req -newkey gost94 -keyout mykey.p8 -out mykey.req
Generating a 1024 bit GOST94 private key
Error Generating Key
10925:error:8007106B:lib(128):PKEY_GOST94_KEYGEN:no parameters set:gost_pmeth.c:
274:
error in req
OpenSSL>
 
Although it was said on the cited page that there are no parameters needed, the 
shell complains about not having any. Is it a bug?
Thanks for help.
 
André Ziermann
Senior Solution Engineer

SECUDE IT Security GmbH
Goebelstrasse 21
64293 Darmstadt / Germany

Tel. : +49 (0)6151 82897 21
Fax : +49 (0)6151 82897 26
Mobile : +49 (0) 170 987 81 73
[EMAIL PROTECTED]
www.secude.com



Handelsregister Darmstadt: HRB 9081
Geschäftsführer: Dr. Heiner Kromer 
 

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Reply via email to