Product SiteDocumentation Site

72.2. Создание ключей

Пример генерации закрытого ключа с алгоритмом ГОСТ-2012:
$ openssl genpkey -algorithm gost2012_256 -pkeyopt paramset:TCA -out ca.key
Пример создания сертификата на 365 дней (ca.cer):
$ openssl req -new -x509 -md_gost12_256 -days 365 -key ca.key -out ca.cer \
  -subj "/C=RU/ST=Russia/L=Moscow/O=SuperPlat/OU=SuperPlat CA/CN=SuperPlat CA Root"
Проверка сертификата (ca.cer):
$ openssl x509 -in ca.cer -text -noout
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            70:66:39:34:7b:4b:55:52:89:64:83:66:1c:63:ff:fb:90:2e:2e:3b
        Signature Algorithm: GOST R 34.10-2012 with GOST R 34.11-2012 (256 bit)
        Issuer: C = RU, ST = Russia, L = Moscow, O = SuperPlat, OU = SuperPlat CA, CN = SuperPlat CA Root
        Validity
            Not Before: Jun 15 10:08:24 2020 GMT
            Not After : Jun 15 10:08:24 2021 GMT
        Subject: C = RU, ST = Russia, L = Moscow, O = SuperPlat, OU = SuperPlat CA, CN = SuperPlat CA Root
        Subject Public Key Info:
            Public Key Algorithm: GOST R 34.10-2012 with 256 bit modulus
                Public key:
                   X:24529B83573322D0F2B5A75DD20D31DCD3B84AA7E69AF5035E228AC46705798A
                   Y:3E4F9142B640EBCAA8C76A6EE13B431E452337ADC10E52D3E4D3E8C9745AAE16
                Parameter set: GOST R 34.10-2012 (256 bit) ParamSet A
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:E6:E8:74:62:82:EE:F1:9F:FE:C1:48:73:A1:F3:0B:E0:4C:D2:0F
            X509v3 Authority Key Identifier:
                keyid:BD:E6:E8:74:62:82:EE:F1:9F:FE:C1:48:73:A1:F3:0B:E0:4C:D2:0F

            X509v3 Basic Constraints:
                CA:TRUE
    Signature Algorithm: GOST R 34.10-2012 with GOST R 34.11-2012 (256 bit)
         2d:6c:71:78:da:fe:9c:70:75:81:82:c5:4e:1e:10:19:8a:bb:
         9f:12:6a:02:6c:d5:12:43:20:3e:01:4f:b1:a2:13:ba:44:11:
         b5:e6:9d:82:49:98:f5:24:49:c4:fb:ff:a2:ea:18:0a:72:57:
         d7:7b:cc:6a:66:0b:d8:7e:2a:10