Re: How to generate and use asymmetric GOST keys?

Tue, 31 Jul 2007 22:24:06 -0700

The parameter after colon is not a file name but a name of parameter set or OID 
For signing keys name can be 'A', 'B', 'C'/

openssl req -newkey gost2001:A


The recommended way to generate GOST requests is to use two commands

openssl genpkey -algorithm gost2001 -pkeyopt paramset:A -out mykey.p8
openssk req -new -key mykey.p8 -out mykey.req





Hi,
I'm playing with openssl 0.9.9 with a GOST engine. Does anybody know, how to get more info about commmand line options for openssl> req and openssl> if one wants to use them with GOST engine to generate and use asymmetric GOST-94 or GOST-2001 keys? First I tried the req command as proposed here: http://www.cryptocom.ru/OpenSource/readme.html "req -newkey gost94: -keyout mykey.p8 -out mykey.req" They claim that you need no parameters, so you should leave "an empty string after the colon" 
But the shell seems to expect a file name (of a file containing parameters) 
after the colon.
OpenSSL> req -newkey gost94: -keyout mykey.p8 -out mykey.req 
Can't open parameter file
10925:error:02001002:system library:fopen:No such file or directory:bss_file.c:1
22:fopen('','r')
10925:error:2006D080:BIO routines:BIO_new_file:no such file:bss_file.c:125:
error in req
OpenSSL>
The command "req -newkey gost94:"" -keyout mykey.p8 -out mykey.req" does not work either. "" is taken for a file name. When I put there the name of an existing file, things became bizarr: OpenSSL> req -newkey gost94:parameters.txt -keyout mykey.p8 -out mykey.req 
Error reading parameter file parameters.txt
10925:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:687:Expec
ting: PARAMETERS
10925:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:687:Expec
ting: CERTIFICATE
error in req
OpenSSL>
If you do not type a colon at all, you still don't get your key: OpenSSL> req -newkey gost94 -keyout mykey.p8 -out mykey.req 
Generating a 1024 bit GOST94 private key
Error Generating Key
10925:error:8007106B:lib(128):PKEY_GOST94_KEYGEN:no parameters set:gost_pmeth.c:
274:
error in req
OpenSSL>
Although it was said on the cited page that there are no parameters needed, the shell complains about not having any. Is it a bug? 
Thanks for help.
André Ziermann 
Senior Solution Engineer

SECUDE IT Security GmbH
Goebelstrasse 21
64293 Darmstadt / Germany

Tel. : +49 (0)6151 82897 21
Fax : +49 (0)6151 82897 26
Mobile : +49 (0) 170 987 81 73
[EMAIL PROTECTED]
www.secude.com



Handelsregister Darmstadt: HRB 9081
Geschäftsführer: Dr. Heiner Kromer 
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to