ALBANESE Research Lab 🔍

Software Engineering & Systems Integration Solutions

HOME | PROJECTS | UNIX TOOLS

GOST Toolkit v1.2.6

GOST Security Suite written in Go

Multi purpose cross-platform cryptography tool for symmetric encryption, cipher-based message authentication code (CMAC), recursive hash digest, hash-based message authentication code (HMAC), digital signature, shared key agreement (VKO), password-based key derivation function (PBKDF2) and TLS 1.2 for small or embedded systems.

---

GOST is GOvernment STandard of Russian Federation:

Rolls of Algorithms:

Old (Between 197X and 2006):
☭ GOST 28147-89 64-bit block cipher (RFC 5830)
☭ GOST R 34.11-94 hash function (RFC 5831)
☭ GOST R 50739-95 Data Sanitization Method (non-cryptographic)
☭ GOST R 34.10-2001 public key signature function (RFC 5832)
☭ GOST R 34.10-2001 VKO (выработка ключа общего) key agreement function (RFC 4357)

New (Between 2012 and 2021):
☭ GOST R 34.10-2012 public key signature function (RFC 7091)
☭ GOST R 34.10-2012 VKO (выработка ключа общего) key agreement function (RFC 7836)
☭ GOST R 34.11-2012 Стрибог (Streebog) hash function (RFC 6986)
☭ GOST R 34.12-2015 128-bit block cipher Кузнечик (Kuznechik) (RFC 7801)
☭ GOST R 34.12-2015 64-bit block cipher Магма (Magma)

Source code: https://github.com/pedroalbanese/gosttk
Download: Win32 | Linux x86 | Linux amd64 | Linux armel

---

Usage:

 -128
       Block size: 64 or 128. (for symmetric encryption only) (default 64)
 -512
       Bit length: 256 or 512. (default 256)
 -check string
       Check hashsum file. ('-' for STDIN)
 -crypt string
       Encrypt/Decrypt with symmetric ciphers.
 -digest string
       File/Wildcard to generate hashsum list. ('-' for STDIN)
 -hex string
       Encode binary string to hex format and vice-versa.
 -hkdf int
       Hash-based key derivation function with a given output bit length.
 -info string
       Associated data, additional info. (for HKDF and AEAD encryption)
 -iter int
       Iterations. (for SHRED and PBKDF2 only) (default 1)
 -iv string
       Initialization vector. (for non-AEAD symmetric encryption)
 -key string
       Private/Public key, password or HMAC key, depending on operation.
 -mac string
       Compute hash-based/cipher-based message authentication code.
 -mode string
       Mode of operation: MGM, CTR or OFB. (default "MGM")
 -old
       Use old roll of algorithms.
 -paramset string
       Elliptic curve ParamSet: A, B, C, D, XA, XB. (default "A")
 -pbkdf2
       Password-based key derivation function 2.
 -pkey string
       Generate keypair, Derive shared secret, Sign and Verify.
 -pub string
       Remote's side public key.
 -rand int
       Generate random cryptographic key with a given output bit length.
 -recursive
       Process directories recursively. (for DIGEST command only)
 -salt string
       Salt. (for PBKDF2 and HKDF commands)
 -shred string
       Files/Path/Wildcard to apply data sanitization method.
 -signature string
       Input signature. (verification only)
 -version
       Print version information.

---

Examples:

Asymmetric GOST R 34.10-2012 512-bit keypair generation (INI format):

./gosttk -pkey gen -512

Signature (ECDSA):

./gosttk -pkey sign -512 -key $prvkey < file.ext > sign.txt
sign=$(cat sign.txt)
./gosttk -pkey verify -512 -key $pubkey -signature $sign < file.ext

Shared key negociation (VKO) ECDH:

./gosttk -pkey derive -512 -key $prvkey -pub $pubkey

Encryption/decryption with Kuznyechik (GOST R 34.12-2015) symmetric cipher:

./gosttk -crypt enc -128 -key $shared < plaintext.ext > ciphertext.ext
./gosttk -crypt dec -128 -key $shared < ciphertext.ext > plaintext.ext

Encryption/decryption with Magma (GOST R 34.12-2015) symmetric cipher:

./gosttk -crypt enc -key $shared < plaintext.ext > ciphertext.ext
./gosttk -crypt dec -key $shared < ciphertext.ext > plaintext.ext

Encryption/decryption with GOST 28147-89 CryptoPro symmetric cipher:

./gosttk -crypt enc -old -key $shared < plaintext.ext > ciphertext.ext
./gosttk -crypt dec -old -key $shared < ciphertext.ext > plaintext.ext

GOST94-CryptoPro hashsum (list):

./gosttk -digest "*.*" -old

GOST94-CryptoPro hashsum (single file):

./gosttk -digest - -old < file.ext

HMAC-GOST94-CryptoPro (hash-based message authentication code):

./gosttk -mac hmac -old -key $256bitkey < file.ext

Streebog512 hashsum (single file):

./gosttk -digest - -512 < file.ext

HMAC-Streebog512:

./gosttk -mac hmac -512 -key $256bitkey < file.ext

PBKDF2 (password-based key derivation function 2):

./gosttk -pbkdf2 [-512|-old] -key "pass" -iter 10000 -salt "salt"

PBKDF2 safer method (to avoid history recording):

key=$(./gosttk -pbkdf2 -key "password") ; history -d $(history 1)

Shred (GOST R 50739-95 data sanitization method, 25 iterations):

./gosttk -shred keypair.ini -iter 25

---

LICENSE

Copyright (c) 2021 Pedro F. Albanese <pedroalbanese@hotmail.com>

Permission to use, copy, modify, and distribute this software for any purpose with or without fee is hereby granted, provided that the above copyright notice and this permission notice appear in all copies.

THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

---

Military-Grade Reliability. Copyright © 2020-2022 Pedro Albanese - ALBANESE Research Lab.

• Home
• My Projects
• Unix Tools for Windows
• EDGE Toolkit
• ElGamal Cryptosystem
• ECDSA Signature Scheme
• BN256 Cryptosystem
• ECC Encryption
• SUITE 🇧🇷
• SURF 🇧🇷
• Support Chat



Page views: 67525