Hi AFAIK it's the same. Btw made a small mistake: > openssl req -engine gost -new -newkey gost2001 -pkeyopt paramset:XA -keyout > test.key -nodes -x509 -subj /CN=ServerTest
Ie. Forgot the -engine gost. You can also add the conf section to openssl.cnf , as suggested in the README.gost > Le 9 févr. 2014 à 13:01, Nomad Esst <noname.e...@yahoo.com> a écrit : > > Hi > Thanks. > Do openssl commands differ from Linux to FreeBSD? > > > On Sunday, February 9, 2014 11:53 AM, Alexandre Aufrere > <alexandre.aufr...@opentrust.com> wrote: > Hi > > You should use them as usual, just adding -engine gost to the commands. > > Also, since you'll probably need gost certs, don't forget to generate: > openssl req -new -newkey gost2001 -pkeyopt paramset:XA -keyout test.key > -nodes -x509 -subj /CN=ServerTest > > Knowing that, in GOST 2001, paramset A is required for client auth, and > paramset XA for server auth. All other parameters are chosen automatically > (though this will change a bit in GOST 2012). > > > > > > De: "Nomad Esst" <noname.e...@yahoo.com> > À: openssl-users@openssl.org > Envoyé: Dimanche 9 Février 2014 11:51:42 > Objet: Re: Adding my own algorithm into openssl > > Hi > Thanks Dmitry. > I will do that as soon as I complete writing my engine. > But first I want to establish a secure connection between s_server and > s_client involving gost engine in order to get more familiar with gost as a > written engine. What should I do? How can I run the test? > > > > On Sunday, February 9, 2014 11:10 AM, Dmitry Belyavsky <beld...@gmail.com> > wrote: > Hello! > > If you are going to use your algorithm to your own SSL ciphersuites, you have > to patch the libssl library itself. > If you execute the command grep -ri gost ssl/ in your openssl directory, you > find all the places than should be patched for it though not all may be > necessary to patch for your purpose. > > > > > On Sun, Feb 9, 2014 at 11:13 AM, Nomad Esst <noname.e...@yahoo.com> wrote: > Thanks for your useful reply. > It seems that gost is loaded into openssl successfully. I used the command > you mentioned and the output was correct. > I'm planning to write my own engine but first I want to establish a secure > connection between s_server and s_client involving gost engine in order to > get more familiar with gost as a written engine. What should I do? > > > On Sunday, February 9, 2014 10:38 AM, Dmitry Belyavsky <beld...@gmail.com> > wrote: > Hello! > > You should call, for example, the > > openssl engine -c gost > > command. > > If engine is loaded, you see the list of gost algorithms. > gost89 and gost89-cnt are the cipher algorithms. > > > On Sun, Feb 9, 2014 at 10:27 AM, Nomad Esst <noname.e...@yahoo.com> wrote: > Thanks. > I have some problems using gost as engine. I followed the instructions as > mentioned in readme file. But I can't see the ciphers in the list. What else > should I do? > > > On Saturday, February 8, 2014 5:06 PM, Dmitry Belyavsky <beld...@gmail.com> > wrote: > Hello! > > You can take the ccgost engine as example. > > > On Sat, Feb 8, 2014 at 12:24 PM, Nomad Esst <noname.e...@yahoo.com> wrote: > Hi > I'm new here and I know what I'm going to ask is some kind of a frequent > question and has been asked many times but please help me with that since I > don't really get a clean solution on how "add a custom algorithm/engine into > openssl". > According to some google searches I have added a simple engine but It does > not do anything. It's just an engine which can be load into openssl. How can > complete this engine and add some encryption algorithm? > > Thanks in advance. > > > > > -- > SY, Dmitry Belyavsky > > > > > > -- > SY, Dmitry Belyavsky > > > > > > -- > SY, Dmitry Belyavsky > > > > > > -- > Alexandre Aufrere - Keynectis-OpenTrust > International PreSales Manager ME, APAC and CIS > P. +971 4 433 7608 > M. +971 55 716 2423 > >
