Product SiteDocumentation Site

76.2. Создание ключей

Пример генерации закрытого ключа с алгоритмом ГОСТ-2012: 
$ openssl genpkey -algorithm gost2012_256 -pkeyopt paramset:TCA -out ca.key
Пример создания сертификата на 365 дней (ca.cer): 
$ openssl req -new -x509 -md_gost12_256 -days 365 -key ca.key -out ca.cer \
  -subj "/C=RU/ST=Russia/L=Moscow/O=SuperPlat/OU=SuperPlat CA/CN=SuperPlat CA Root"
Проверка сертификата (ca.cer): 
$ openssl x509 -in ca.cer -text -noout
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            37:f7:cb:d7:3c:f5:39:db:d4:64:e0:28:b1:d0:8d:3e:b4:01:f5:55
        Signature Algorithm: GOST R 34.10-2012 with GOST R 34.11-2012 (256 bit)
        Issuer: C=RU, ST=Russia, L=Moscow, O=SuperPlat, OU=SuperPlat CA, CN=SuperPlat CA Root
        Validity
            Not Before: Mar  5 13:25:55 2025 GMT
            Not After : Mar  5 13:25:55 2026 GMT
        Subject: C=RU, ST=Russia, L=Moscow, O=SuperPlat, OU=SuperPlat CA, CN=SuperPlat CA Root
        Subject Public Key Info:
            Public Key Algorithm: GOST R 34.10-2012 with 256 bit modulus
                Public key:
                   X:F922D11D9D3BE18A9F1866AA5993C9B5C83A6EB2A8E328B3ED550D95B3E7F5F3
                   Y:3F70442C79850BA0EEF4C57337E113037085528989B4726A96D7C20B72BE08B0
                Parameter set: GOST R 34.10-2012 (256 bit) ParamSet A
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:95:F0:1C:00:CB:E8:04:92:06:48:5D:97:27:DD:8C:18:34:CC:9D
            X509v3 Authority Key Identifier:
                73:95:F0:1C:00:CB:E8:04:92:06:48:5D:97:27:DD:8C:18:34:CC:9D
            X509v3 Basic Constraints:
                CA:TRUE
    Signature Algorithm: GOST R 34.10-2012 with GOST R 34.11-2012 (256 bit)
    Signature Value:
        0d:bd:a3:8a:a1:df:c2:d6:25:e7:09:55:04:4c:0e:2a:11:01:
        fe:3d:93:4d:d0:75:72:3b:1c:cc:dc:da:3a:50:3f:6b:9d:45:
        d9:a3:b6:da:80:db:2e:b4:7d:a6:08:29:20:3c:2e:6e:2f:10:
        b0:47:9e:fb:a0:7c:6f:4c:6b:45