Каталог статей
Главная Регистрация Вход
Меню сайта


Форма входа


Категории раздела
Oracle DB [72]
Materials concerning Oracle database
Howto [24]
Все про Oracle [65]
Разработка на SQL и PL/SQL для Oracle, анализ работы базы
Построение Web-интерфейса: все что касается JSF, ADF и AJAX [9]
Разное [19]
Solaris [46]
Что касается администрирования Solaris
Linux [29]
Заметки по настройке Linux
AIX [1]
AIX, настройка Oracle на AIX
Java [15]
Cryptography [10]
Windows [1]
Java [35]
PostgreSQL [2]


Поиск


Друзья сайта
  • Официальный блог
  • Сообщество uCoz
  • FAQ по системе
  • Инструкции для uCoz


    • Статистика
    Онлайн всего: 1
    Гостей: 1
    Пользователей: 0
    Приветствую Вас, Гость · RSS 08.05.2024, 14:42
    Главная » Статьи » Cryptography
    Create and convert between types of gost certificate with openssl
    Note on certificate formats:

    Encodings (also used as extensions)

    • .DER = The DER extension is used for binary DER encoded certificates. These files may also bear the CER or the CRT extension.
    • .PEM = The PEM extension is used for different types of X.509v3 files which contain ASCII (Base64) armored data prefixed with a "—– BEGIN …” line.

    Common Extensions

    • .CRT = The CRT extension is used for certificates. The certificates may be encoded as binary DER or as ASCII PEM. The CER and CRT extensions are nearly synonymous.  Most common among *nix systems
    • CER = alternate form of .crt (Microsoft Convention) You can use MS to convert .crt to .cer (.both DER encoded .cer, or base64[PEM] encoded .cer)  The .cer file extension is also recognized by IE as a command to run a MS cryptoAPI command (specifically rundll32.exe cryptext.dll,CryptExtOpenCER) which displays a dialogue for importing and/or viewing certificate contents.
    • .KEY = The KEY extension is used both for public and private PKCS#8 keys. The keys may be encoded as binary DER or as ASCII PEM.

    The only time CRT and CER can safely be interchanged is when the encoding type can be identical.  (ie  PEM encoded CRT = PEM encoded CER)


    Generate a key:

    1) Create private key:
    openssl genpkey -engine gost -algorithm gost2001 -pkeyopt paramset:A -out test.key

    2) Generate certificate request
    openssl req -engine gost -new -key test.key -out test.p10

    3) Generate self-signed certificate (in pem format)
    openssl x509 -req -in test.p10 -engine gost -signkey test.key -out test.pem

    4) Convert into pem
    openssl x509 -in test.pem -inform pem -out test.crt -outform der

    Get info on certificate:

    openssl x509 -engine gost -in test.crt -noout -text -nameopt utf8,sep_multiline

    Dates of start and end of the certificate validity:
    openssl x509 -engine gost -in test.crt -noout -startdate
    openssl x509 -engine gost -in test.crt -noout -dates

    encrypt data using gost

    mime format:
    /opt/cryptopack2/bin/openssl smime -encrypt -gost89 -in $1 -binary -out $1.enc test.crt

    plain binary:
    openssl smime -encrypt -engine gost -in data.zip -binary -outform der test.crt

    plain base64:
    openssl smime -encrypt -engine gost -in data.zip -binary -outform der test.crt | base64 | tr -d "\n"
    Категория: Cryptography | Добавил: basil (07.08.2013)
    Просмотров: 3403 | Рейтинг: 0.0/0
    Всего комментариев: 0
    Имя *:
    Email *:
    Код *:
    Бесплатный конструктор сайтов - uCoz