PKI (Public Key Infrastructure) with GOST R 34.10-2012
Generate CA Key Pair
edgetk -pkey keygen -algorithm gost2012 -bits 512 -paramset C -prv "CA_Priv.pem" -pass nil -pub "CA_Public.pem"
CA key pair generated successfully:
Private key saved to: albanese.atwebpages.com/directrix/CA_Priv.pem
Public key saved to: albanese.atwebpages.com/directrix/CA_Public.pem
Fingerprint: xGnHenZZtWD5IIMgtaoR7IzN5n5kVxXWUiW16IuF1u0=
GOST2012 (512-bit)
+-----------------+
| +OO^^^^^^^^^^|
| ..o=E/^^^^^^^^|
| ...ooXO^^O^^^|
| =. XB*O=O^^|
| o + S.Xo=oBB=|
| * O . B .o|
| o o . . |
| . |
| |
+-----------------+
Generate Self-Signed CA Certificate
edgetk -pkey certgen -algorithm gost2012 -key CA_Priv.pem -cert CA_Cert.pem -subj "/CN=CA/OU=/O=/ST=/L=/C=/emailAddress=ca@test.com" -days 365
Self-signed CA certificate generated successfully:
Raw Content of CA_Cert.pem
-----BEGIN CERTIFICATE-----
MIIC2DCCAkSgAwIBAgIUCjqIHzBP3738yoATpdu2lJMwU5wwCgYIKoUDBwEBAwMw
WjEJMAcGA1UEBhMAMQkwBwYDVQQIEwAxCTAHBgNVBAcTADEJMAcGA1UECRMAMQkw
BwYDVQQREwAxCTAHBgNVBAoTADEJMAcGA1UECxMAMQswCQYDVQQDEwJDQTAeFw0y
NTA0MDQwNDM4NDJaFw0yNjA0MDQwNDM4NDJaMFoxCTAHBgNVBAYTADEJMAcGA1UE
CBMAMQkwBwYDVQQHEwAxCTAHBgNVBAkTADEJMAcGA1UEERMAMQkwBwYDVQQKEwAx
CTAHBgNVBAsTADELMAkGA1UEAxMCQ0EwgaAwFwYIKoUDBwEBAQIwCwYJKoUDBwEC
AQIDA4GEAASBgNtRw6So65JFOzo/yBSm2/CyjU/OVb+Tb654x4+JGUenAgN7byWs
mQanF7fb/l4yX5sgLFwsdRyPRiAH2GR+i9UWkSiWjJhpOwIN+40reY6OY2UAHEEj
O7DAphNbM6PjcDZQzyGGj1eDvynPw+3aA5Dpatg2DV2gNSj2bBLapSp/o4GfMIGc
MA4GA1UdDwEB/wQEAwIB/jAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEw
DwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU+hKsMvOODf6SqTRa4DZik3HJ9Nww
HwYDVR0jBBgwFoAU+hKsMvOODf6SqTRa4DZik3HJ9NwwGgYDVR0RBBMwEYICQ0GB
C2NhQHRlc3QuY29tMAoGCCqFAwcBAQMDA4GBACn8ZRVBvNgpRzGzW5YsQn78E9Vf
k/ZqCMqlmsGS3n+9uneIiX8vj0iLRpxEAutZdJm1smHxaL7sKuM0dP2P5sQ4atYW
J0EtCqz7suU6ZCP8IwbV5XnKgKu5FgDMD9BjECnZOCzQBSTfMCriS4KKojArq6J/
WUZgsO0zKhztIL1A
-----END CERTIFICATE-----
Certificate Content: CA_Cert.pem
edgetk -pkey text -cert CA_Cert.pem
Certificate:
Data:
Version: 3 (0x2)
Serial Number : 58395208813610938606376391769129982682232542108 (A3A881F304FDFBDFCCA8013A5DBB6949330539C)
CommonName : CA
EmailAddresses: [ca@test.com]
IsCA : true
Curve : id-tc26-gost-3410-12-512-paramSetC
Issuer
C=,ST=,L=,STREET=,POSTALCODE=,O=,OU=,CN=CA
Subject
C=,ST=,L=,STREET=,POSTALCODE=,O=,OU=,CN=CA
Validity
Not Before: Apr 4 04:38:42 2025 UTC
Not After : Apr 4 04:38:42 2026 UTC
Pub.X
d5:8b:7e:64:d8:07:20:46:8f:1c:75:2c:5c:2c:20:
9b:5f:32:5e:fe:db:b7:17:a7:06:99:ac:25:6f:7b:
03:02:a7:47:19:89:8f:c7:78:ae:6f:93:bf:55:ce:
4f:8d:b2:f0:db:a6:14:c8:3f:3a:3b:45:92:eb:a8:
a4:c3:51:db
Pub.Y
7f:2a:a5:da:12:6c:f6:28:35:a0:5d:0d:36:d8:6a:
e9:90:03:da:ed:c3:cf:29:bf:83:57:8f:86:21:cf:
50:36:70:e3:a3:33:5b:13:a6:c0:b0:3b:23:41:1c:
00:65:63:8e:8e:79:2b:8d:fb:0d:02:3b:69:98:8c:
96:28:91:16
SubjectKeyId : fa12ac32f38e0dfe92a9345ae036629371c9f4dc
AuthorityKeyId: fa12ac32f38e0dfe92a9345ae036629371c9f4dc
Signature Algorithm: GOST512
29:fc:65:15:41:bc:d8:29:47:31:b3:5b:96:2c:42:7e:fc:13:
d5:5f:93:f6:6a:08:ca:a5:9a:c1:92:de:7f:bd:ba:77:88:89:
7f:2f:8f:48:8b:46:9c:44:02:eb:59:74:99:b5:b2:61:f1:68:
be:ec:2a:e3:34:74:fd:8f:e6:c4:38:6a:d6:16:27:41:2d:0a:
ac:fb:b2:e5:3a:64:23:fc:23:06:d5:e5:79:ca:80:ab:b9:16:
00:cc:0f:d0:63:10:29:d9:38:2c:d0:05:24:df:30:2a:e2:4b:
82:8a:a2:30:2b:ab:a2:7f:59:46:60:b0:ed:33:2a:1c:ed:20:
bd:40
IsValid: trueGenerate User's Asymmetric Key Pair
edgetk -pkey keygen -algorithm gost2012 -bits 256 -paramset A -prv "User_Priv.pem" -pass nil -pub "User_Public.pem"
User's key pair generated successfully:
Private key saved to: albanese.atwebpages.com/directrix/User_Priv.pem
Public key saved to: albanese.atwebpages.com/directrix/User_Public.pem
Fingerprint: /0TGCA9yuMkmaSUx1ZHMZp06Mmn0hkag9PLsljrEz9k=
GOST2012 (256-bit)
+-----------------+
|o+*@^^^^^^^@^^^^^|
|.E +X/O%O^B/+/^^^|
|. . oBX.**% ++O^#|
| . ..o X * .oO=|
| . S * |
| . * |
| |
| |
| |
+-----------------+
Key Content: User_Priv.pem
edgetk -pkey text -key User_Priv.pem
-----BEGIN GOST PRIVATE KEY-----
MEACAQAwFwYIKoUDBwEBAQEwCwYJKoUDBwECAQEBBCIEIKb9XkTO52+17ENSj3WM
/RueXAnB0y/J18K9QqWEngk8
-----END GOST PRIVATE KEY-----
Private key: A6FD5E44CEE76FB5EC43528F758CFD1B9E5C09C1D32FC9D7C2BD42A5849E093C
Public key:
X:4E5DCEABA9E6E65EB343E6E2EC7666F8E02EE1F0D9F1D8D744C66F5583CD5782
Y:8000D0F31E0CFDAC6DD3171055B8CD479F94AEA9ECF99B8BB77E46549747B8E9
Curve: id-tc26-gost-3410-12-256-paramSetA
KeyID: da18e662bc1b02dca608aa6c506074adf7d6ee0f
Key Content: User_Public.pem
edgetk -pkey text -key User_Public.pem
-----BEGIN PUBLIC KEY-----
MF4wFwYIKoUDBwEBAQEwCwYJKoUDBwECAQEBA0MABECCV82DVW/GRNfY8dnw4S7g
+GZ27OLmQ7Ne5uapq85dTum4R5dURn63i5v57KmulJ9HzbhVEBfTbaz9DB7z0ACA
-----END PUBLIC KEY-----
Public key:
X:4E5DCEABA9E6E65EB343E6E2EC7666F8E02EE1F0D9F1D8D744C66F5583CD5782
Y:8000D0F31E0CFDAC6DD3171055B8CD479F94AEA9ECF99B8BB77E46549747B8E9
Curve: id-tc26-gost-3410-12-256-paramSetA
Generate User's Certificate Signing Request (CSR)
edgetk -pkey req -algorithm gost2012 -key User_Priv.pem -cert "User_Cert.csr" -subj "/CN=User/OU=/O=/ST=/L=/C=/emailAddress=user@test.com"
User's Certificate Signing Request (CSR) generated successfully:
Raw Content of User_Cert.csr
-----BEGIN CERTIFICATE REQUEST-----
MIIBXzCCAQwCAQAwejEJMAcGA1UEBhMAMQkwBwYDVQQIEwAxCTAHBgNVBAcTADEJ
MAcGA1UECRMAMQkwBwYDVQQREwAxCTAHBgNVBAoTADEJMAcGA1UECxMAMQ0wCwYD
VQQDEwRVc2VyMRwwGgYJKoZIhvcNAQkBDA11c2VyQHRlc3QuY29tMF4wFwYIKoUD
BwEBAQEwCwYJKoUDBwECAQEBA0MABECCV82DVW/GRNfY8dnw4S7g+GZ27OLmQ7Ne
5uapq85dTum4R5dURn63i5v57KmulJ9HzbhVEBfTbaz9DB7z0ACAoCswKQYJKoZI
hvcNAQkOMRwwGjAYBgNVHREEETAPgQ11c2VyQHRlc3QuY29tMAoGCCqFAwcBAQMC
A0EAFXe0ZZkOE1iiC+PAsdL1Qofly7mbLwOtw+JQ6tDExF8PAH+G+rPPybJDoWlD
49wbp9dlvvfTxIZiun6tCPK/LA==
-----END CERTIFICATE REQUEST-----
Certificate Content: User_Cert.csr
edgetk -pkey text -cert User_Cert.csr
Certificate:
Data:
Version: 0 (0x0)
CommonName : User
EmailAddresses: [user@test.com]
Curve : id-tc26-gost-3410-12-256-paramSetA
Subject
C=,ST=,L=,STREET=,POSTALCODE=,O=,OU=,CN=User,emailAddress=user@test.com
Pub.X
4e:5d:ce:ab:a9:e6:e6:5e:b3:43:e6:e2:ec:76:66:
f8:e0:2e:e1:f0:d9:f1:d8:d7:44:c6:6f:55:83:cd:
57:82
Pub.Y
80:00:d0:f3:1e:0c:fd:ac:6d:d3:17:10:55:b8:cd:
47:9f:94:ae:a9:ec:f9:9b:8b:b7:7e:46:54:97:47:
b8:e9
Signature Algorithm: GOST256
15:77:b4:65:99:0e:13:58:a2:0b:e3:c0:b1:d2:f5:42:87:e5:
cb:b9:9b:2f:03:ad:c3:e2:50:ea:d0:c4:c4:5f:0f:00:7f:86:
fa:b3:cf:c9:b2:43:a1:69:43:e3:dc:1b:a7:d7:65:be:f7:d3:
c4:86:62:ba:7e:ad:08:f2:bf:2cSign the User's CSR with the CA's Private Key
edgetk -pkey x509 -algorithm gost2012 -root CA_Cert.pem -key CA_Priv.pem -days 365 -cert User_Cert.csr User_Certificate.crt
User certificate successfully generated by CA:
Raw Content of User_Certificate.crt
-----BEGIN CERTIFICATE-----
MIIChDCCAfCgAwIBAgIUCOykYoUni5EslnPOowYBY+lhSoEwCgYIKoUDBwEBAwIw
WjEJMAcGA1UEBhMAMQkwBwYDVQQIEwAxCTAHBgNVBAcTADEJMAcGA1UECRMAMQkw
BwYDVQQREwAxCTAHBgNVBAoTADEJMAcGA1UECxMAMQswCQYDVQQDEwJDQTAeFw0y
NTA0MDQwNDM4NDJaFw0yNjA0MDQwNDM4NDJaMFwxCTAHBgNVBAYTADEJMAcGA1UE
CBMAMQkwBwYDVQQHEwAxCTAHBgNVBAkTADEJMAcGA1UEERMAMQkwBwYDVQQKEwAx
CTAHBgNVBAsTADENMAsGA1UEAxMEVXNlcjBeMBcGCCqFAwcBAQEBMAsGCSqFAwcB
AgEBAQNDAARAglfNg1VvxkTX2PHZ8OEu4Phmduzi5kOzXubmqavOXU7puEeXVEZ+
t4ub+eyprpSfR824VRAX022s/Qwe89AAgKOBjDCBiTAOBgNVHQ8BAf8EBAMCAf4w
HQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMB0GA1UdDgQWBBTaGOZivBsC
3KYIqmxQYHSt99buDzAfBgNVHSMEGDAWgBT6Eqwy844N/pKpNFrgNmKTccn03DAY
BgNVHREEETAPgQ11c2VyQHRlc3QuY29tMAoGCCqFAwcBAQMCA4GBACCpT5qx9gXw
FIvdT61S+xFF1WnFSymf8JIA71ykZtzXRsZQzQOnxj7yWjjNZrOoHaiC6wnRgLl/
M0tMTEmRnMgLWyVyjTUDQrjeKV4++hltJYPxo2JI5crj20gIXGy3rY+ASwF0fpFK
6WzR6xK7y7NH1Hzms1sMX6xYIXEGBKXC
-----END CERTIFICATE-----
Certificate Content: User_Certificate.crt
edgetk -pkey text -cert User_Certificate.crt
Certificate:
Data:
Version: 3 (0x2)
Serial Number : 50949221973001363961381413978198974255595604609 (8ECA46285278B912C9673CEA3060163E9614A81)
CommonName : User
EmailAddresses: [user@test.com]
IsCA : false
Curve : id-tc26-gost-3410-12-256-paramSetA
Issuer
C=,ST=,L=,STREET=,POSTALCODE=,O=,OU=,CN=CA
Subject
C=,ST=,L=,STREET=,POSTALCODE=,O=,OU=,CN=User
Validity
Not Before: Apr 4 04:38:42 2025 UTC
Not After : Apr 4 04:38:42 2026 UTC
Pub.X
4e:5d:ce:ab:a9:e6:e6:5e:b3:43:e6:e2:ec:76:66:
f8:e0:2e:e1:f0:d9:f1:d8:d7:44:c6:6f:55:83:cd:
57:82
Pub.Y
80:00:d0:f3:1e:0c:fd:ac:6d:d3:17:10:55:b8:cd:
47:9f:94:ae:a9:ec:f9:9b:8b:b7:7e:46:54:97:47:
b8:e9
SubjectKeyId : da18e662bc1b02dca608aa6c506074adf7d6ee0f
AuthorityKeyId: fa12ac32f38e0dfe92a9345ae036629371c9f4dc
Signature Algorithm: GOST256
20:a9:4f:9a:b1:f6:05:f0:14:8b:dd:4f:ad:52:fb:11:45:d5:
69:c5:4b:29:9f:f0:92:00:ef:5c:a4:66:dc:d7:46:c6:50:cd:
03:a7:c6:3e:f2:5a:38:cd:66:b3:a8:1d:a8:82:eb:09:d1:80:
b9:7f:33:4b:4c:4c:49:91:9c:c8:0b:5b:25:72:8d:35:03:42:
b8:de:29:5e:3e:fa:19:6d:25:83:f1:a3:62:48:e5:ca:e3:db:
48:08:5c:6c:b7:ad:8f:80:4b:01:74:7e:91:4a:e9:6c:d1:eb:
12:bb:cb:b3:47:d4:7c:e6:b3:5b:0c:5f:ac:58:21:71:06:04:
a5:c2
IsValid: trueVerify the Digital Signature of the Certificate
edgetk -pkey check -cert User_Certificate.crt -key CA_Public.pem
Certificate signature verification status: Valid signature
Verified: true
Digital Signature Generation
edgetk -pkey sign -algorithm gost2012 -md streebog256 -key "User_Priv.pem" "test.txt" > sign.txt
Digital signature generated successfully:
3cbee69255cdfa8eb3e9c29499e8149d834ea5fd8a0f5d5730aa91132dc5e79903f13291836426b11be688d6f94bdf08068e65a54c6af79aaf7678ce46f1345f
Digital Signature Verification
edgetk -pkey verify -algorithm gost2012 -md streebog256 -key "User_Public.pem" -signature "3cbee69255cdfa8eb3e9c29499e8149d834ea5fd8a0f5d5730aa91132dc5e79903f13291836426b11be688d6f94bdf08068e65a54c6af79aaf7678ce46f1345f" "test.txt"
Signature verified successfully:
Verified: true