diff options
author | Nikolay Shaplov <dhyan@nataraj.su> | 2017-09-16 22:02:29 +0300 |
---|---|---|
committer | Nikolay Shaplov <dhyan@nataraj.su> | 2017-10-18 16:57:40 +0300 |
commit | daa809969846b2bbd0675623545488765dea2fe0 (patch) | |
tree | f220b41944bca147d3dd1a2b71e4fcd9098ad32f /README.gost | |
parent | d36465ded9a5d764080cd83968515177092c7818 (diff) | |
download | gost-engine-daa809969846b2bbd0675623545488765dea2fe0.zip gost-engine-daa809969846b2bbd0675623545488765dea2fe0.tar.gz gost-engine-daa809969846b2bbd0675623545488765dea2fe0.tar.bz2 |
New INSTALL.md file instead of old CMake_ReadMe.md; Also moved "CONFIGURATION FILE" section from README.gost into INSTALL.md. That section were reformatted to MarkDown, but it's content were not changed
Diffstat (limited to 'README.gost')
-rw-r--r-- | README.gost | 56 |
1 files changed, 0 insertions, 56 deletions
diff --git a/README.gost b/README.gost index 777f5ab..db6b4b9 100644 --- a/README.gost +++ b/README.gost @@ -60,62 +60,6 @@ their own means to load engines. Also, applications which operate with private keys, should use generic EVP_PKEY API instead of using RSA or other algorithm-specific API. -CONFIGURATION FILE - -The very minimal example of the configuration file is provided in this -distribution and named 'example.conf'. - -Configuration file should include following statement in the global -section, i.e. before first bracketed section header (see config(5) for details) - - openssl_conf = openssl_def - -where openssl_def is name of the section in configuration file which -describes global defaults. - -This section should contain following statement: - - [openssl_def] - engines = engine_section - -which points to the section which describes list of the engines to be -loaded. This section should contain: - - [engine_section] - gost = gost_section - -And section which describes configuration of the engine should contain - - [gost_section] - engine_id = gost - dynamic_path = /usr/lib/ssl/engines/libgost.so - default_algorithms = ALL - CRYPT_PARAMS = id-Gost28147-89-CryptoPro-A-ParamSet - -BouncyCastle cryptoprovider has some problems with private key parsing from PrivateKeyInfo, -so if you want to use old private key representation format, which supported by BC, -you must add: - PK_PARAMS = LEGACY_PK_WRAP - -to [gost_section] - -Where engine_id parameter specifies name of engine (should be "gost"). -dynamic_path is a location of the loadable shared library implementing the -engine. If the engine is compiled statically or is located in the OpenSSL -engines directory, this line can be omitted. -default_algorithms parameter specifies that all algorithms, provided by -engine, should be used. - -The CRYPT_PARAMS parameter is engine-specific. It allows the user to choose -between different parameter sets of symmetric cipher algorithm. RFC 4357 -specifies several parameters for the GOST 28147-89 algorithm, but OpenSSL -doesn't provide user interface to choose one when encrypting. So use engine -configuration parameter instead. - -Value of this parameter can be either short name, defined in OpenSSL -obj_dat.h header file or numeric representation of OID, defined in RFC -4357. - USAGE WITH COMMAND LINE openssl UTILITY 1. Generation of private key |