gostR3410-2012 support - Githubissues

opendnssec / SoftHSMv2

SoftHSM version 2

http://www.softhsm.org/

Other

778 stars 342 forks source link

gostR3410-2012 support #404

Open eugene-bright opened 6 years ago

eugene-bright commented 6 years ago

Story

SoftHSM should support later version of gostR3410 algorithms (of year 2012). It will enable Russian users to replace CryptoPro CSP with it.

Technical information

Specs:

Official documentation in English

Other implementations:

Openssl GOST engine

eugene-bright commented 6 years ago

Comprehensive document list. http://gostcrypt.github.io/pages/references.html

bellgrim commented 6 years ago

SoftHSM support GOST as specified by PKCS#11: http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/errata01/os/pkcs11-curr-v2.40-errata01-os-complete.html#_Toc441850720

The standard uses GOST R 34.10-2001, so we cannot use the version from 2012.

eugene-bright commented 6 years ago

During the conversation on the related project LudovicRousseau/PyKCS11#28 I realised the lack of PKCS11 specification for GOST 2012. But practically proprietary pkcs11 libraries implement vendor extensions which are being used in browser plugins right now. I try to gather information on this extension. It would allow to replace proprietary libraries with SoftHSM. But it's my low priority task now.