Skip to content

loadtestingru/crypto

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
src
src
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
pom.xml
pom.xml
 
 

Repository files navigation

Crypto Lib for testing

Library for crypto operations testing mostly for GOST standarts. It is based on BouncyCastle library Library supports reading private key from CryptoPro pfx with PBE 1.2.840.113549.1.12.1.80, but now only for GOST R 34.10-2012 256 bit key.

Important

It is only for testing, not production ready.

Usage/Examples

Build self signed certificate and crl

  • Signature is:
    • 1.2.643.7.1.1.3.2
    • id-tc26-signwithdigest-gost3410-12-256
    • алгоритм подписи ГОСТ Р 34.10-2012 с ключом 256 с хэшированием ГОСТ Р 34.11-2012
  • GOST EC Key curve is:
    • 1.2.643.7.1.2.1.1.1
    • id-tc26-gost-3410-12-256-paramSetA
    • рабочие параметры А алгоритма подписи ГОСТ Р 34.10-2012 с ключом 256
CertificatePrivateKeyPair ca = CertificateService.generateDefaultGOSTSelfSignedCertificate("CN=TEST", 365);
X509Certificate certificate  = ca.getCertificate();
PrivateKey privateKey = ca.getPrivateKey();
X509CRL crl = CertificateService.generateCertificateRevocationList(ca.getCertificate(),ca.getPrivateKey(),null,14);

Build user certificate

  • Signature is:
    • 1.2.643.7.1.1.3.2
    • id-tc26-signwithdigest-gost3410-12-256
    • алгоритм подписи ГОСТ Р 34.10-2012 с ключом 256 с хэшированием ГОСТ Р 34.11-2012
  • GOST EC Key curve is:
    • 1.2.643.7.1.2.1.1.1
    • id-tc26-gost-3410-12-256-paramSetA
    • рабочие параметры А алгоритма подписи ГОСТ Р 34.10-2012 с ключом 256
CertificatePrivateKeyPair user = CertificateService.generateGOSTCertificate(
                "1.2.643.3.131.1.1=075305894589,CN=ФизЛицо, surname=Ivanov",
                ca.getCertificate(),
                ca.getPrivateKey(),
                null, //CryptoTools.DEFAULT_GOST_SIGNATURE
                "http://localhost:8080/cert.cer",
                "http://localhost:8080/cert/ocsp",
                "http://localhost:8080/cert.crl",
                15,
                List.of(KeyPurposeId.id_kp_clientAuth),
                365
        );

Open CryptoPro pfx container, sign document and save to file

byte[] pfx = Files.readAllBytes(Path.of("file.pfx"));
Map<String,CertificatePrivateKeyPair> pairs = ContainerService.readPfxContainer(pfx, "SomePassword");
CertificatePrivateKeyPair pair = pairs.values().iterator().next();

byte[] document = Files.readAllBytes(Path.of("doc.pdf"));
byte[] sig = SignService.signData(pair.getCertificate(),pair.getPrivateKey(),null,document,true);
Files.write(Path.of("document.sig"),sig, StandardOpenOption.CREATE)

About

Crypto tools for gost standarts

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases 1

First release Latest
Sep 21, 2023

Packages

No packages published

Languages