search

schors / gost-russian-ca

Russian Certificate Authority certificates. Directory and file
The Unlicense
80 stars 2 forks source link

readme

Russian CA certificates directory and file

What is it?

There are CA and intermediate certificates used in the official document circulation in Russia. This set of certificates can be used with classic OpenSSL, LibreSSL ang GnuTLS libraries.

Certificates files are created using the https://github.com/schors/gost-ca-parse parser.

In fact, this is the task of the Minsvyaz. It must do this, but it can't. I don't know why. I don't have to do this. But I can.

The motherland hears

Features

Examples

Try to verify Roskomnadzor dump of restricted sites

via OpenSSL

git clone https://github.com/schors/gost-russian-ca.git ./
openssl smime -verify -engine gost -CAfile gost-russian-ca.git/certs/ca-certificates.pem \
        -in dump.xml.sig -inform DER -content dump.xml  -out /dev/null

via LibreSSL

git clone https://github.com/schors/gost-russian-ca.git ./
openssl smime -verify -CAfile gost-russian-ca.git/certs/ca-certificates.pem \
        -in dump.xml.sig -inform DER -content dump.xml  -out /dev/null

Of course, you may run c_rehash utility in the certs directory and then use -CAdir option.

via GnuTLS

This requires GnuTLS >= 3.6.4

git clone https://github.com/schors/gost-russian-ca.git ./
certtool --p7-verify --load-ca-certificate gost-russian-ca.git/certs/ca-certificates.pem \
        --infile dump.xml.sig --inder --load-data dump.xml

Notes

This works on OpenSSL versions 1.0.0 - 1.0.2 includes Alpine Linux except CentOS Linux. CentOS users must suffer. Debian, Mint and Ubuntu Linux with OpenSSL above version 1.1.0 requires extra package libengine-gost-openssl1.1 maintained by unnamed guy Wartan Hachaturow. LibreSSL tests on Alpine Linux above version 3.5.

Links

For nuts

UNLICENSE