PKI (Public Key Infrastructure) with GOST R 34.10-2012
Generate CA Key Pair
edgetk -pkey keygen -algorithm gost2012 -bits 512 -paramset C -prv "CA_Priv.pem" -pass nil -pub "CA_Public.pem"
CA key pair generated successfully:
Private key saved to: albanese.atwebpages.com/directrix/CA_Priv.pem
Public key saved to: albanese.atwebpages.com/directrix/CA_Public.pem
Fingerprint: tqhkkcluYHE8Ycxur7tiUF52MXWvgwobfbTic0qTvG4=
GOST2012 (512-bit)
+-----------------+
| +OO^^^^^^^^^^|
| ..o=E&/#^^^^^^|
| ...ooBO*^%^^^|
| .. B ..O=X=|
| . S B *..oo|
| . * o o...|
| |
| |
| |
+-----------------+
Generate Self-Signed CA Certificate
edgetk -pkey certgen -algorithm gost2012 -key CA_Priv.pem -cert CA_Cert.pem -subj "/CN=CA/OU=/O=/ST=/L=/C=/emailAddress=ca@test.com" -days 365
Self-signed CA certificate generated successfully:
Raw Content of CA_Cert.pem
-----BEGIN CERTIFICATE-----
MIIC2DCCAkSgAwIBAgIUcW/LEFbz/re8hOisA0j6gbBC/BAwCgYIKoUDBwEBAwMw
WjEJMAcGA1UEBhMAMQkwBwYDVQQIEwAxCTAHBgNVBAcTADEJMAcGA1UECRMAMQkw
BwYDVQQREwAxCTAHBgNVBAoTADEJMAcGA1UECxMAMQswCQYDVQQDEwJDQTAeFw0y
NTA2MjQxMzU1MzVaFw0yNjA2MjQxMzU1MzVaMFoxCTAHBgNVBAYTADEJMAcGA1UE
CBMAMQkwBwYDVQQHEwAxCTAHBgNVBAkTADEJMAcGA1UEERMAMQkwBwYDVQQKEwAx
CTAHBgNVBAsTADELMAkGA1UEAxMCQ0EwgaAwFwYIKoUDBwEBAQIwCwYJKoUDBwEC
AQIDA4GEAASBgO0ioTchNiFgKphRJ/B4W0v0Tx7tJ65m5RoL+NK52W+aLyVE6epc
XKxj/5Es9l7nU1zuXzEU6/mC1lyYTfuA3tTtTw5KCfdXWy1X180XQI2Z15qc/oZX
1A+Z7iu+FRiXzanbjEbywPROhm+cJgBvkYDJd9xx0JG2uj4N94z3Txvfo4GfMIGc
MA4GA1UdDwEB/wQEAwIB/jAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEw
DwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUFxl8E/YoNCgey1i6qhgg1Nx3uQAw
HwYDVR0jBBgwFoAUFxl8E/YoNCgey1i6qhgg1Nx3uQAwGgYDVR0RBBMwEYICQ0GB
C2NhQHRlc3QuY29tMAoGCCqFAwcBAQMDA4GBABu87pI0aHf3GriDlQ9ZCAJz5OHk
XBM8nbxLM688/byZt3MSjoOlVmadczDcBNQmrAJMWSoGl29O8Dl7m/ZEwR86YkbW
4AKrjdSWNmg8xRanxWYCTQTIj+viIQF/dSW8QQ70TlAfYrfvZeU6zSjeyZ/LcRYt
+KkgA/E3wkjV0OpY
-----END CERTIFICATE-----
Certificate Content: CA_Cert.pem
edgetk -pkey text -cert CA_Cert.pem
Certificate:
Data:
Version: 3 (0x2)
Serial Number : 647609029174273285535404057619853007645753670672 (716FCB1056F3FEB7BC84E8AC0348FA81B042FC10)
CommonName : CA
EmailAddresses: [ca@test.com]
IsCA : true
Curve : id-tc26-gost-3410-12-512-paramSetC
Issuer
C=,ST=,L=,STREET=,POSTALCODE=,O=,OU=,CN=CA
Subject
C=,ST=,L=,STREET=,POSTALCODE=,O=,OU=,CN=CA
Validity
Not Before: Jun 24 13:55:35 2025 UTC
Not After : Jun 24 13:55:35 2026 UTC
Pub.X
d4:de:80:fb:4d:98:5c:d6:82:f9:eb:14:31:5f:ee:
5c:53:e7:5e:f6:2c:91:ff:63:ac:5c:5c:ea:e9:44:
25:2f:9a:6f:d9:b9:d2:f8:0b:1a:e5:66:ae:27:ed:
1e:4f:f4:4b:5b:78:f0:27:51:98:2a:60:21:36:21:
37:a1:22:ed
Pub.Y
df:1b:4f:f7:8c:f7:0d:3e:ba:b6:91:d0:71:dc:77:
c9:80:91:6f:00:26:9c:6f:86:4e:f4:c0:f2:46:8c:
db:a9:cd:97:18:15:be:2b:ee:99:0f:d4:57:86:fe:
9c:9a:d7:99:8d:40:17:cd:d7:57:2d:5b:57:f7:09:
4a:0e:4f:ed
SubjectKeyId : 17197c13f62834281ecb58baaa1820d4dc77b900
AuthorityKeyId: 17197c13f62834281ecb58baaa1820d4dc77b900
Signature Algorithm: GOST512
1b:bc:ee:92:34:68:77:f7:1a:b8:83:95:0f:59:08:02:73:e4:
e1:e4:5c:13:3c:9d:bc:4b:33:af:3c:fd:bc:99:b7:73:12:8e:
83:a5:56:66:9d:73:30:dc:04:d4:26:ac:02:4c:59:2a:06:97:
6f:4e:f0:39:7b:9b:f6:44:c1:1f:3a:62:46:d6:e0:02:ab:8d:
d4:96:36:68:3c:c5:16:a7:c5:66:02:4d:04:c8:8f:eb:e2:21:
01:7f:75:25:bc:41:0e:f4:4e:50:1f:62:b7:ef:65:e5:3a:cd:
28:de:c9:9f:cb:71:16:2d:f8:a9:20:03:f1:37:c2:48:d5:d0:
ea:58
IsValid: trueGenerate User's Asymmetric Key Pair
edgetk -pkey keygen -algorithm gost2012 -bits 256 -paramset A -prv "User_Priv.pem" -pass nil -pub "User_Public.pem"
User's key pair generated successfully:
Private key saved to: albanese.atwebpages.com/directrix/User_Priv.pem
Public key saved to: albanese.atwebpages.com/directrix/User_Public.pem
Fingerprint: tmravjD7531TgC92fP17Kp1yWCMkeS5WNjMOS7cESOM=
GOST2012 (256-bit)
+-----------------+
| B#^^^^^^^^^^^|
| oE*+*^^^B/^^^^|
| oo.oB%@+@.^/^|
| .o / *.X+@+|
| . S B +.o .|
| . * |
| |
| |
| |
+-----------------+
Key Content: User_Priv.pem
edgetk -pkey text -key User_Priv.pem
-----BEGIN GOST PRIVATE KEY-----
MEACAQAwFwYIKoUDBwEBAQEwCwYJKoUDBwECAQEBBCIEIAS4Ns121wDDWoLSMEJ+
iCuWytHTJOjq5XdsD07yO6YD
-----END GOST PRIVATE KEY-----
Private key: 04B836CD76D700C35A82D230427E882B96CAD1D324E8EAE5776C0F4EF23BA603
Public key:
X:84C0ADBA639F209B6640727E48EA90A924551C1161CC0A2199E53B99BD5897D3
Y:4AF227957580ECDE60B06F42AF8F94DCAFDF53F24332AB6B80BDF08C5EA7F182
Curve: id-tc26-gost-3410-12-256-paramSetA
KeyID: 876fbfdec94239ea98bcfdc5eb8dcf9eb04084cc
Key Content: User_Public.pem
edgetk -pkey text -key User_Public.pem
-----BEGIN PUBLIC KEY-----
MF4wFwYIKoUDBwEBAQEwCwYJKoUDBwECAQEBA0MABEDTl1i9mTvlmSEKzGERHFUk
qZDqSH5yQGabIJ9juq3AhILxp16M8L2Aa6syQ/JT36/clI+vQm+wYN7sgHWVJ/JK
-----END PUBLIC KEY-----
Public key:
X:84C0ADBA639F209B6640727E48EA90A924551C1161CC0A2199E53B99BD5897D3
Y:4AF227957580ECDE60B06F42AF8F94DCAFDF53F24332AB6B80BDF08C5EA7F182
Curve: id-tc26-gost-3410-12-256-paramSetA
Generate User's Certificate Signing Request (CSR)
edgetk -pkey req -algorithm gost2012 -key User_Priv.pem -cert "User_Cert.csr" -subj "/CN=User/OU=/O=/ST=/L=/C=/emailAddress=user@test.com"
User's Certificate Signing Request (CSR) generated successfully:
Raw Content of User_Cert.csr
-----BEGIN CERTIFICATE REQUEST-----
MIIBXzCCAQwCAQAwejEJMAcGA1UEBhMAMQkwBwYDVQQIEwAxCTAHBgNVBAcTADEJ
MAcGA1UECRMAMQkwBwYDVQQREwAxCTAHBgNVBAoTADEJMAcGA1UECxMAMQ0wCwYD
VQQDEwRVc2VyMRwwGgYJKoZIhvcNAQkBDA11c2VyQHRlc3QuY29tMF4wFwYIKoUD
BwEBAQEwCwYJKoUDBwECAQEBA0MABEDTl1i9mTvlmSEKzGERHFUkqZDqSH5yQGab
IJ9juq3AhILxp16M8L2Aa6syQ/JT36/clI+vQm+wYN7sgHWVJ/JKoCswKQYJKoZI
hvcNAQkOMRwwGjAYBgNVHREEETAPgQ11c2VyQHRlc3QuY29tMAoGCCqFAwcBAQMC
A0EAL9anSaCS3R27TwMU20P9ZsWY+Tu4lL0kiJXeb6TgkVo6mmd5quIdlU9BabUK
YUj51BjH2K0NYIBbtiJtmNoQTw==
-----END CERTIFICATE REQUEST-----
Certificate Content: User_Cert.csr
edgetk -pkey text -cert User_Cert.csr
Certificate:
Data:
Version: 0 (0x0)
CommonName : User
EmailAddresses: [user@test.com]
Curve : id-tc26-gost-3410-12-256-paramSetA
Subject
C=,ST=,L=,STREET=,POSTALCODE=,O=,OU=,CN=User,emailAddress=user@test.com
Pub.X
84:c0:ad:ba:63:9f:20:9b:66:40:72:7e:48:ea:90:
a9:24:55:1c:11:61:cc:0a:21:99:e5:3b:99:bd:58:
97:d3
Pub.Y
4a:f2:27:95:75:80:ec:de:60:b0:6f:42:af:8f:94:
dc:af:df:53:f2:43:32:ab:6b:80:bd:f0:8c:5e:a7:
f1:82
Signature Algorithm: GOST256
2f:d6:a7:49:a0:92:dd:1d:bb:4f:03:14:db:43:fd:66:c5:98:
f9:3b:b8:94:bd:24:88:95:de:6f:a4:e0:91:5a:3a:9a:67:79:
aa:e2:1d:95:4f:41:69:b5:0a:61:48:f9:d4:18:c7:d8:ad:0d:
60:80:5b:b6:22:6d:98:da:10:4fSign the User's CSR with the CA's Private Key
edgetk -pkey x509 -algorithm gost2012 -root CA_Cert.pem -key CA_Priv.pem -days 365 -cert User_Cert.csr User_Certificate.crt
User certificate successfully generated by CA:
Raw Content of User_Certificate.crt
-----BEGIN CERTIFICATE-----
MIIChDCCAfCgAwIBAgIUXl0y7z8jX7D/3VJvqfr156JRg1gwCgYIKoUDBwEBAwIw
WjEJMAcGA1UEBhMAMQkwBwYDVQQIEwAxCTAHBgNVBAcTADEJMAcGA1UECRMAMQkw
BwYDVQQREwAxCTAHBgNVBAoTADEJMAcGA1UECxMAMQswCQYDVQQDEwJDQTAeFw0y
NTA2MjQxMzU1MzVaFw0yNjA2MjQxMzU1MzVaMFwxCTAHBgNVBAYTADEJMAcGA1UE
CBMAMQkwBwYDVQQHEwAxCTAHBgNVBAkTADEJMAcGA1UEERMAMQkwBwYDVQQKEwAx
CTAHBgNVBAsTADENMAsGA1UEAxMEVXNlcjBeMBcGCCqFAwcBAQEBMAsGCSqFAwcB
AgEBAQNDAARA05dYvZk75ZkhCsxhERxVJKmQ6kh+ckBmmyCfY7qtwISC8adejPC9
gGurMkPyU9+v3JSPr0JvsGDe7IB1lSfySqOBjDCBiTAOBgNVHQ8BAf8EBAMCAf4w
HQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMB0GA1UdDgQWBBSHb7/eyUI5
6pi8/cXrjc+esECEzDAfBgNVHSMEGDAWgBQXGXwT9ig0KB7LWLqqGCDU3He5ADAY
BgNVHREEETAPgQ11c2VyQHRlc3QuY29tMAoGCCqFAwcBAQMCA4GBAB+P5HTvQD95
qBwKAMP0bDs/IUu+5JztWbLovSFtw6Yylh2E+iCqv83fi8pbRWnlMMd6STYryv/H
zHw3RApJ2dkL8g64aQrxqxP9dK42ZOlZDzESXoyHvPViHnc+Vliui8Ne7xcsjjAt
EWCpuE2d2gaFMD8ByAxvX7FQpIashb7k
-----END CERTIFICATE-----
Certificate Content: User_Certificate.crt
edgetk -pkey text -cert User_Certificate.crt
Certificate:
Data:
Version: 3 (0x2)
Serial Number : 538723538786611580323457053037491260924363899736 (5E5D32EF3F235FB0FFDD526FA9FAF5E7A2518358)
CommonName : User
EmailAddresses: [user@test.com]
IsCA : false
Curve : id-tc26-gost-3410-12-256-paramSetA
Issuer
C=,ST=,L=,STREET=,POSTALCODE=,O=,OU=,CN=CA
Subject
C=,ST=,L=,STREET=,POSTALCODE=,O=,OU=,CN=User
Validity
Not Before: Jun 24 13:55:35 2025 UTC
Not After : Jun 24 13:55:35 2026 UTC
Pub.X
84:c0:ad:ba:63:9f:20:9b:66:40:72:7e:48:ea:90:
a9:24:55:1c:11:61:cc:0a:21:99:e5:3b:99:bd:58:
97:d3
Pub.Y
4a:f2:27:95:75:80:ec:de:60:b0:6f:42:af:8f:94:
dc:af:df:53:f2:43:32:ab:6b:80:bd:f0:8c:5e:a7:
f1:82
SubjectKeyId : 876fbfdec94239ea98bcfdc5eb8dcf9eb04084cc
AuthorityKeyId: 17197c13f62834281ecb58baaa1820d4dc77b900
Signature Algorithm: GOST256
1f:8f:e4:74:ef:40:3f:79:a8:1c:0a:00:c3:f4:6c:3b:3f:21:
4b:be:e4:9c:ed:59:b2:e8:bd:21:6d:c3:a6:32:96:1d:84:fa:
20:aa:bf:cd:df:8b:ca:5b:45:69:e5:30:c7:7a:49:36:2b:ca:
ff:c7:cc:7c:37:44:0a:49:d9:d9:0b:f2:0e:b8:69:0a:f1:ab:
13:fd:74:ae:36:64:e9:59:0f:31:12:5e:8c:87:bc:f5:62:1e:
77:3e:56:58:ae:8b:c3:5e:ef:17:2c:8e:30:2d:11:60:a9:b8:
4d:9d:da:06:85:30:3f:01:c8:0c:6f:5f:b1:50:a4:86:ac:85:
be:e4
IsValid: trueVerify the Digital Signature of the Certificate
edgetk -pkey check -cert User_Certificate.crt -key CA_Public.pem
Certificate signature verification status: Valid signature
Verified: true
Digital Signature Generation
edgetk -pkey sign -algorithm gost2012 -md streebog256 -key "User_Priv.pem" "test.txt" > sign.txt
Digital signature generated successfully:
39505ae2f3370defac2874a7710590aad1e010926aae5cdf5f797bff3402c0ff13615d98fa64cffb0bbc0807770d2c606fb87e3c6dd044021512b4c0ca331d45
Digital Signature Verification
edgetk -pkey verify -algorithm gost2012 -md streebog256 -key "User_Public.pem" -signature "39505ae2f3370defac2874a7710590aad1e010926aae5cdf5f797bff3402c0ff13615d98fa64cffb0bbc0807770d2c606fb87e3c6dd044021512b4c0ca331d45" "test.txt"
Signature verified successfully:
Verified: true