我想使用OpenSSL生成私有/公共/(证书签名请求)并稍后签署一些数据.但我想使用OpenSSL GOST引擎.
我下载了OpenSSL 1.0.0并修改了openssl.cfg文件:
openssl_conf = openssl_def
[openssl_def]
engines = engine_section
[engine_section]
gost = gost_section
[gost_section]
engine_id = gost
dynamic_path = ./gost.dll
default_algorithms = ALL
CRYPT_PARAMS = id-Gost28147-89-CryptoPro-A-ParamSet
我可以生成私钥和CSR(单行命令字符串):
openssl req -newkey gost2001 -pkeyopt paramset:A -passout pass:aofvlgzm \
-subj "/C=RU/ST=Moscow/L=Moscow/O=foo_bar/OU=foo_bar/CN=developer/ \
emailAddress=vany.egorov@gmail.com" \
-new > certificate_signing_request.csr
我得到2个文件:
我知道我可以做(打印私钥和公钥的(未加密的)文本表示):
openssl genpkey -algorithm gost2001 -pkeyopt paramset:A -text
我使用GOST代替RSA,这就是为什么我不能这样做:
openssl rsa -in privkey.pem -pubout -out pubkey.pem
Enter pass phrase for privkey.pem:
6132:error:0607907F:digital envelope routines:EVP_PKEY_get1_RSA:expecting …目前我需要为GOST 34.10-2001签名算法生成密钥对.很高兴发现充气城堡提供商支持这种算法,但我无法生成密钥对并将其保存到任何类型的任何密钥库.目前我尝试了这个命令(如果keyalg是DSA和sigalg,这个命令效果很好SHA1withDSA):
keytool -genkey -alias test1 -keyalg ECGOST3410 -keysize 512 -sigalg GOST3411withECGOST3410 \
-keypass test_1 -validity 1000 -storetype JKS -keystore test1.jks -storepass test_1 -v \
-provider org.bouncycastle.jce.provider.BouncyCastleProvider -providerpath "bcprov-jdk16-1.46.jar"
但我有一个错误:
keytool error: java.lang.IllegalArgumentException: unknown key size.
java.lang.IllegalArgumentException: unknown key size.
at sun.security.x509.CertAndKeyGen.generate(CertAndKeyGen.java:134)
at sun.security.tools.KeyTool.doGenKeyPair(KeyTool.java:1156)
at sun.security.tools.KeyTool.doCommands(KeyTool.java:786)
at sun.security.tools.KeyTool.run(KeyTool.java:172)
at sun.security.tools.KeyTool.main(KeyTool.java:166)
当我尝试操作keysize或keysize从命令中删除选项时,我可以看到完全相同的错误.但有一些特殊情况.当我设置keysize为256我有另一个错误:
keytool error: java.lang.IllegalArgumentException: key size not configurable.
java.lang.IllegalArgumentException: key size not configurable.
at sun.security.x509.CertAndKeyGen.generate(CertAndKeyGen.java:134)
at sun.security.tools.KeyTool.doGenKeyPair(KeyTool.java:1156)
at …