I want to sign strings using GOST 2001. Unfortunately, I found only one library which implements this old algorithm - pygost.
I want to get exactly the same result as if I had executed the command:
openssl dgst -engine gost -sign /tmp/private.pem -out /tmp/signature.sign /tmp/data.txt && base64 /tmp/signature.sign > /tmp/signature.txt
To do as follows:
#gost 34.10-2001 + gost 34.11-94
curve = gost3410.CURVES["id-GostR3410-2001-CryptoPro-A-ParamSet"]
# choose the parameters of the algorithm (in this case the eleptic curve
prv = prv_unmarshal(
bytes(private_key,'utf-8'))
# certificate preparation (convert it to bytes and then to little-endian format)
'''
1. we take digest (hash) from the message using algorithm GOST R 34.11-94
2. Private key + hash of step 1 --> GOST R 34.10-2001 = Encrypted document (EDS)
'''
dgst = GOST341194(canon_signed.encode('utf-8')).digest()[::-1]
signature = gost3410.sign(curve, prv, dgst)
signature_base64 = base64.b64encode(signature).decode('utf-8')
In the case of openssl everything works as it should. In the case of pygost the server does not accept my signature. What am I doing wrong? Help me figure out pygost proportions :'(
