带有GOST引擎的OpenSSL
我想使用OpenSSL生成私有/公共/(证书签名请求)并在以后对一些数据进行签名。但是我想用 我下载了OpenSSL1.0.0并修改了OpenSSL.cfg文件:带有GOST引擎的OpenSSL,openssl,gost3410,Openssl,Gost3410,我想使用OpenSSL生成私有/公共/(证书签名请求)并在以后对一些数据进行签名。但是我想用 我下载了OpenSSL1.0.0并修改了OpenSSL.cfg文件: openssl_conf = openssl_def [openssl_def] engines = engine_section [engine_section] gost = gost_section [gost_section] engine_id = gost
openssl_conf = openssl_def
[openssl_def]
engines = engine_section
[engine_section]
gost = gost_section
[gost_section]
engine_id = gost
dynamic_path = ./gost.dll
default_algorithms = ALL
CRYPT_PARAMS = id-Gost28147-89-CryptoPro-A-ParamSet
我可以生成私钥和CSR(单行命令字符串):
我得到2个文件:
- 证书\u签名\u请求.csr
- privkey.pem
openssl rsa -in privkey.pem -pubout -out pubkey.pem
Enter pass phrase for privkey.pem:
6132:error:0607907F:digital envelope routines:EVP_PKEY_get1_RSA:expecting an rsa key:.\crypto\evp\p_lib.c:288:
我的问题是:如何使用gost生成/获取公钥(可能来自私钥或csr?
我使用:
- Windows7专业版x64李>
- OpenSSL 1.0.0李>
- Gost引擎
/openssl-req-newkey gost2001-pkeyopt参数集:A-passout pass:aofvlgzm-subc”/C=RU/ST=Moscow/L=Moscow/O=foo_-bar/OU=foo_-bar/CN=developer/emailAddress=vany。egorov@gmail.com“-keyout private.key.pem-out csr.csr
使用private.key.pem对CSR(CSR.CSR)进行签名(!!!仅限管理命令提示符!!!)
如果不是管理员:“无法写入“随机状态”
/openssl x509-req-days 365-in csr.csr-signkey private.key.pem-out crt.crt
获取公钥
/opensslx509-通知pem-in-crt.crt-pubkey-noout>public.key.pem
获取GOST2001-md_gost94 hex
/openssl.exe dgst-hex-sign private.key.pem message.xml
获取MIME应用程序/x-pkcs7-signature
/openssl smime-sign-inkey private.key.pem-signer crt.crt-in message.xml
openssl genpkey -algorithm gost2001 -pkeyopt paramset:A -text
openssl rsa -in privkey.pem -pubout -out pubkey.pem
Enter pass phrase for privkey.pem:
6132:error:0607907F:digital envelope routines:EVP_PKEY_get1_RSA:expecting an rsa key:.\crypto\evp\p_lib.c:288: