Name | Modified | Size | Downloads / Week |
---|---|---|---|
gosttk_win32.zip | 2022-12-10 | 2.8 MB | |
gosttk_win64.zip | 2022-12-10 | 2.9 MB | |
gosttk_linux-x86.zip | 2022-12-10 | 2.6 MB | |
gosttk_linux-amd64.zip | 2022-12-10 | 2.8 MB | |
gosttk_linux-armel.zip | 2022-12-10 | 2.6 MB | |
README.md | 2022-12-10 | 9.1 kB | |
Totals: 6 Items | 13.7 MB | 1 |
GOST Toolkit: GOST Cipher Suite written in Go
Multi purpose cross-platform cryptography tool for encryption / decryption, hash digest, cipher-based message authentication code (CMAC), hash-based message authentication code (HMAC), digital signature, shared key agreement (VKO) and PBKDF2.
GOST is GOvernment STandard of Russian Federation (and Soviet Union):
- GOST 28147-89 64-bit block cipher (RFC 5830)
- GOST R 34.11-94 hash function 256-bit (RFC 5831)
- GOST R 50739-95 data sanitization method (non-cryptographic)
- GOST R 34.10-2001 public key signature function (RFC 5832)
- VKO GOST R 34.10-2001 key agreement function (RFC 4357)
- GOST R 34.10-2012 public key signature function (RFC 7091)
- VKO GOST R 34.10-2012 key agreement function (RFC 7836)
- GOST R 34.11-2012 Streebog hash function 256/512-bit (RFC 6986)
- GOST R 34.12-2015 128-bit block cipher Kuznechik (RFC 7801)
- GOST R 34.12-2015 64-bit block cipher Magma
Symmetric Ciphers:
- GOST 28147-89 CryptoPro
- GOST R 34.12-2015 Magma (default)
- GOST R 34.12-2015 Kuznechik (Grasshopper)
Asymmetric Ciphers:
- GOST R 34.10-2001 CryptoPro 256-bit
- GOST R 34.10-2012 256/512-bit (default)
Hash Ciphers:
- GOST R 34.11-94 CryptoPro 256-bit
- GOST R 34.11-2012 Streebog 256/512-bit (default)
Cryptographic Functions:
- Symmetric Encryption/Decryption
- Digital Signature (ECDSA equivalent)
- VKO shared key negociation (ECDH equivalent)
- Hash Digest
- CMAC (Cipher-based message authentication code)
- HMAC (Hash-based message authentication code)
- HKDF (Hash-based key derivation function)
- PBKDF2 (Password-based key derivation function 2)
- TLS 1.2 (Transport Layer Security)
Non-Cryptographic Functions:
- GOST R 50739-95 data sanitization method
- Bin to Hex/Hex to Bin string conversion
- Random Art Public key Fingerprint (ssh-keygen equivalent)
Supported ParamSets:
- GOST R 34.10-2001 256-bit: A, B, C, XA, XB
- GOST R 34.10-2012 256-bit: A, B, C, D
- GOST R 34.10-2012 512-bit: A, B, C
Usage:
-128 Block size: 64 or 128. (for symmetric encryption only) (default 64) -512 Bit length: 256 or 512. (default 256) -check string Check hashsum file. ('-' for STDIN) -crypt string Encrypt/Decrypt with symmetric ciphers. -digest string File/Wildcard to generate hashsum list. ('-' for STDIN) -hex string Encode binary string to hex format and vice-versa. -hkdf int Hash-based key derivation function with a given output bit length. -info string Associated data, additional info. (for HKDF and AEAD encryption) -iter int Iterations. (for SHRED and PBKDF2 only) (default 1) -iv string Initialization vector. (for non-AEAD symmetric encryption) -key string Private/Public key, password or HMAC key, depending on operation. -mac string Compute hash-based/cipher-based message authentication code. -mode string Mode of operation: MGM, CTR or OFB. (default "MGM") -old Use old roll of algorithms. -paramset string Elliptic curve ParamSet: A, B, C, D, XA, XB. (default "A") -pbkdf2 Password-based key derivation function 2. -pkey string Generate keypair, Derive shared secret, Sign and Verify. -pub string Remote's side public key. -rand int Generate random cryptographic key with a given output bit length. -recursive Process directories recursively. (for DIGEST command only) -salt string Salt. (for PBKDF2 and HKDF commands) -shred string Files/Path/Wildcard to apply data sanitization method. -signature string Input signature. (verification only) -version Print version information.
Examples:
Asymmetric GOST R 34.10-2001 256-bit keypair generation (INI format):
./gosttk -pkey gen -old
Asymmetric GOST R 34.10-2012 256/512-bit keypair generation (default):
./gosttk -pkey gen [-512]
Signature (ECDSA equivalent):
./gosttk -pkey sign [-512|-old] -key $prvkey < file.ext > sign.txt
sign=$(cat sign.txt)
./gosttk -pkey verify [-512|-old] -key $pubkey -signature $sign < file.ext
echo $?
VKO: Shared key negociation (ECDH equivalent):
./gosttk -pkey derive [-512|-old] -key $prvkey -pub $pubkey
Encryption/decryption with Magma (GOST R 34.12-2015) symmetric cipher (default):
./gosttk -crypt enc -key $shared < plaintext.ext > ciphertext.ext
./gosttk -crypt dec -key $shared < ciphertext.ext > plaintext.ext
Encryption/decryption with Kuznyechik (GOST R 34.12-2015) symmetric cipher:
./gosttk -crypt enc -128 -key $shared < plaintext.ext > ciphertext.ext
./gosttk -crypt dec -128 -key $shared < ciphertext.ext > plaintext.ext
Encryption/decryption with GOST 28147-89 CryptoPro symmetric cipher:
./gosttk -crypt enc -old -key $shared < plaintext.ext > ciphertext.ext
./gosttk -crypt dec -old -key $shared < ciphertext.ext > plaintext.ext
CMAC-Kuznechik (cipher-based message authentication code):
./gosttk -mac cmac -128 -key $128bitkey < file.ext
CMAC-Magma (cipher-based message authentication code):
./gosttk -mac cmac [-old] -key $128bitkey < file.ext
GOST94-CryptoPro hashsum (list):
./gosttk -digest "*.*" -old [-recursive]
GOST94-CryptoPro hashsum (single):
./gosttk -digest - -old < file.ext
HMAC-GOST94-CryptoPro (hash-based message authentication code):
./gosttk -mac hmac -old -key $256bitkey < file.ext
Streebog256/512 hashsum:
./gosttk -digest - [-512] < file.ext
HMAC-Streebog256/512:
./gosttk -mac hmac [-512] -key $256bitkey < file.ext
PBKDF2 (password-based key derivation function 2):
./gosttk -pbkdf2 [-512|-old] -key "pass" -iter 10000 -salt "salt"
Note:
The PBKDF2 function can be combined with the CRYPT and HMAC commands:
./gosttk -crypt -128 -pbkdf2 -512 -key "pass" < plaintext.ext > ciphertext.ext
./gosttk -mac hmac [-512] -pbkdf2 -key "pass" -iter 10000 -salt "salt" < file.ext
Shred (GOST R 50739-95 data sanitization method, 25 iterations):
./gosttk -shred keypair.ini -iter 25
Bin to Hex/Hex to Bin:
echo somestring|./gosttk -hex enc
echo hexstring|./gosttk -hex dec
Random Art (Public Key Fingerprint):
./gosttk -key $pubkey
GOST TLS
Cross-platform hybrid cryptography tool for shared key agreement (VKO), digital signature and TLS 1.2 for small or embedded systems.
Command-line Security Suite
- GOST R 34.10-2012 public key signature function (RFC 7091)
- VKO GOST R 34.10-2012 key agreement function (RFC 7836)
- GOST R 34.11-2012 Streebog hash function 256/512-bit (RFC 6986)
- GOST R 34.12-2015 128-bit block cipher Kuznechik (RFC 7801)
Supported ParamSets:
- GOST R 34.10-2012 256-bit: A, B, C, D
- GOST R 34.10-2012 512-bit: A, B
Features
Cryptographic Functions:
- Digital Signature (ECDSA-like)
- VKO Shared Key Agreement (ECDH)
- TLS 1.2 (Transport Layer Security)
Non-cryptographic Functions:
- Privacy-Enhanced Mail (PEM format)
- RandomArt (OpenSSH-like)
Usage
-512 Key length: 256 or 512. (default 256) -cert string Certificate name. (default "Certificate.pem") -ipport string Local Port/remote's side Public IP:Port. -key string Private/Public key, depending on operation. -paramset string Elliptic curve ParamSet: A, B, C, D. (default "A") -pkey string Generate keypair, Generate certificate. [keygen|certgen] -private string Private key path. (for keypair generation) (default "Private.pem") -public string Public key path. (for keypair generation) (default "Public.pem") -pwd string Password. (for Private key PEM encryption) -signature string Input signature. (verification only) -tcp string Encrypted TCP/IP Transfer Protocol. [server|ip|client]
Examples
Asymmetric GOST2012 keypair generation:
./gostls -pkey keygen [-512] [-paramset B] [-pwd "pass"]
Parse keys info:
./gostls -pkey [text|modulus] [-pwd "pass"] -key private.pem
./gostls -pkey [text|modulus] -key public.pem
./gostls -pkey randomart -key public.pem
Digital signature:
./gostls -pkey sign -key private.pem [-pwd "pass"] < file.ext > sign.txt
sign=$(cat sign.txt|awk '{print $2}')
./gostls -pkey verify -key public.pem -signature $sign < file.ext
echo $?
VKO Shared key agreement:
./gostls -pkey derive -key private.pem -public peerkey.pem
Generate Certificate:
./gostls -pkey certgen -key private.pem [-pwd "pass"] [-cert "output.ext"]
Parse Certificate info:
./gostls -pkey [text|modulus] -cert certificate.pem
TLS Layer (TCP/IP):
./gostls -tcp ip > PubIP.txt
./gostls -tcp server -cert certificate.pem -key private.pem [-ipport "8081"]
./gostls -tcp client -cert certificate.pem -key private.pem [-ipport "127.0.0.1:8081"]