Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Не работает экспорт из КриптоПро Контейнера ГОСТ 2012 #14

Closed
svkreml opened this issue Jul 11, 2018 · 8 comments
Closed

Не работает экспорт из КриптоПро Контейнера ГОСТ 2012 #14

svkreml opened this issue Jul 11, 2018 · 8 comments

Comments

@svkreml
Copy link

svkreml commented Jul 11, 2018
edited
Loading

Do not work "exportPrivateKey()" on page http://gostcrypto.com/demo-cp-keys.html for ГОСТ 2012
error on line:
if (!equalBuffers(hmac, self.header.hmacKeyContainerContent))
throw new Error("Container is not valid.");
key from https://testca2012.cryptopro.ru/ui/
le-d3bb8.000.zip password qwerty
on pressing "Export Key and Certificate"
image
@garex
Copy link

garex commented Aug 28, 2018

May be issue is similar to ours: see fixes in this merge commit: https://github.com/garex/nodejs-gost-crypto/tree/561a78fb1a5a9a92f089209002692374bce48d7c

There were wrong assumptions that all keys has same length.

@state13
Copy link

state13 commented Aug 28, 2018

@garex I am still getting "Container is not valid" error. I think something is wrong with key-mac calculation. SignalCom exporting is working now though, thanx again for that.

@garex
Copy link

garex commented Aug 28, 2018

@state13 but nobody fixed those ))

I just think the issue there is similar — keys size (assumed 256, but actually has 512).

@garex
Copy link

garex commented Sep 6, 2018

@state13 fixed in garex@180341f

Added cli tool for this.

sudo npm install -g https://github.com/garex/nodejs-gost-crypto/archive/nodefy.tar.gz
cd path-to-your-keys
gost-export-cryptopro-key

See gost-export-cryptopro-key -h for other options:

Usage:
  gost-export-cryptopro-key [OPTIONS]

Options: 
  -c, --container [DIRECTORY] Path to directory with container files "header.key", "name.key", "primary.key", "masks.key", 
                              "primary2.key", "masks2.key"  (Default is .)
  -p, --password STRING       Private key`s password in case if encypted
  -f, --format [VALUE]        Export format. VALUE must be either [PEM|DER] (Default is PEM)
  -s, --secondary BOOLEAN     Extract from secondary keys
  -v, --version               Display the current version
  -h, --help                  Display help and usage details

@svkreml
Copy link
Author

svkreml commented Sep 6, 2018

Looks Like all Works. Thanks

@svkreml svkreml closed this as completed Sep 6, 2018
@state13
Copy link

state13 commented Sep 6, 2018

@garex Thanks. Actually I have found by myself that E-Z sBox has to be used with new CryptoPro container instead of default E-A. I even thinking to create pull request. But I am not sure though that E-Z could be used with all scope of tc26 algorithms.

@garex
Copy link

garex commented Sep 6, 2018

@state13 as I understand, it's a default now by standard. In decompiled cryptocom jar it called DEFAULT constant.

@Hiller
Copy link

Hiller commented May 15, 2019

@garex Seems like it's not working again. When i'm trying to export key i'm getting "Icorrect fp" error.
here's sample https://yadi.sk/d/Q4ioGumuLDXRDw key password is 123456

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@garex @Hiller @svkreml @state13