Ukrainian official cryptography standards implemented as an engine module for OpenSSL.
openssl x509 -in <filename>.cer -noout -text -inform der -nameopt oneline,-esc_msb,utf8
For files issues by АЦСК ІДД ДФС. Note that while extension is .cer
, it's actually a DER file.
ln -s libukrypto.dylib libukrypto.1.so
0xs₁s₀
.check
optional.Currently, upstream openssl
lacks the correct OID definitions for Ukrainian algorithms, so they are created at runtime via legacy.c
.
After OIDs are merged upstream it would be possible to skip compiling the definitions, see FINA_VENKO
macro. In future when there is no
point to support openssl
version that does not have the correct OIDS, the whole glue code will be dropped and replaced with nice
static structure definitions à la tutorial.