{"id":21710654,"url":"https://github.com/mbrav/docker-gost","last_synced_at":"2025-06-10T17:09:48.680Z","repository":{"id":187855292,"uuid":"676577417","full_name":"mbrav/docker-gost","owner":"mbrav","description":"Docker images with OpenSSL and Russian GOST crypto algorithms ","archived":false,"fork":false,"pushed_at":"2025-04-17T01:00:28.000Z","size":59,"stargazers_count":4,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-04-17T14:18:51.986Z","etag":null,"topics":["crypto","cryptography","docker","gost","kuznechik","nginx","openssl","openssl-engine","ssl","ssl-certificates","tls"],"latest_commit_sha":null,"homepage":"https://hub.docker.com/repository/docker/mbrav/docker-gost/general","language":"Dockerfile","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/mbrav.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-08-09T14:16:07.000Z","updated_at":"2025-04-17T01:00:31.000Z","dependencies_parsed_at":"2023-08-12T12:07:31.479Z","dependency_job_id":"e0ceb9c0-cba6-4932-84a3-cc1b7f4fec9f","html_url":"https://github.com/mbrav/docker-gost","commit_stats":null,"previous_names":["mbrav/docker-gost"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mbrav%2Fdocker-gost","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mbrav%2Fdocker-gost/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mbrav%2Fdocker-gost/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mbrav%2Fdocker-gost/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/mbrav","download_url":"https://codeload.github.com/mbrav/docker-gost/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mbrav%2Fdocker-gost/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":259114561,"owners_count":22807251,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["crypto","cryptography","docker","gost","kuznechik","nginx","openssl","openssl-engine","ssl","ssl-certificates","tls"],"created_at":"2024-11-25T23:16:47.354Z","updated_at":"2025-06-10T17:09:48.654Z","avatar_url":"https://github.com/mbrav.png","language":"Dockerfile","funding_links":[],"categories":[],"sub_categories":[],"readme":"# docker-gost\n\n[![ci](https://github.com/mbrav/docker-gost/actions/workflows/docker-hub.yml/badge.svg)](https://github.com/mbrav/docker-gost/actions/workflows/docker-hub.yml)\n[![Hits-of-Code](https://hitsofcode.com/github/mbrav/docker-gost?branch=main)](https://hitsofcode.com/github/mbrav/docker-gost/view?branch=main)\n\nDocker images with OpenSSL and Russian GOST crypto algorithms\n\nThis is the Git repo of the for [`docker-gost`](https://github.com/mbrav/docker-gost) Docker images. See [the Docker Hub page](https://hub.docker.com/repository/docker/mbrav/docker-gost/general) for the full readme on how to use this Docker image and for information regarding contributing and issues.\n\n## Usage\n\nTo check if GOST ciphers are present, start container:\n\n```shell\ndocker run --rm -it mbrav/docker-gost bash\n```\n\nInside the container grep the list of available OpenSSL ciphers:\n\n```shell\nopenssl ciphers | tr \":\" \"\\n\" | grep GOST\nGOST2012-MAGMA-MAGMAOMAC\nGOST2012-KUZNYECHIK-KUZNYECHIKOMAC\nLEGACY-GOST2012-GOST8912-GOST8912\nIANA-GOST2012-GOST8912-GOST8912\nGOST2001-GOST89-GOST89\n```\n\nIf you do not see this list, please file an issue.\n\n### Creating a self-signed gost2001 certificate\n\nThis is by no means a professional guide, please refer to [RFC 4357](https://datatracker.ietf.org/doc/html/rfc4357) for all technical details about GOST algorithms.\n\n1. **Generate a Private Key**: Once inside a `mbrav/docker-gost` container, create a private key:\n\n```shell\nopenssl genpkey -algorithm gost2012_256 -pkeyopt paramset:A -out cert.key\n```\n\nThe possible parameters for `-algorithm` are:\n\n- `gost2001` - To generate a GOST 2001 certificate;\n- `gost2012_256` - To generate a GOST 2012 certificate with a key length of 256;\n- `gost2012_512` - To generate a GOST 2012 certificate with a key length of 512.\n\nThe `-pkeyopt paramset:A` option specifies that you want to use parameter set A, which corresponds to a particular curve. Different parameter sets (curves) may offer different levels of security and performance.\n\nKeep in mind that GOST 2001 is a bit different from traditional key-based algorithms in this regard. You choose a parameter set (curve) based on your security requirements, and the key pair is generated accordingly. There isn't a direct control over \"key length\" as in some other algorithms.\n\nBased on [`v3.0.2` version of gost-engine](https://github.com/gost-engine/engine/tree/v3.0.2), there are three Parameter sets for the gost2001 algorithm:\n\n- [`ecp_id_GostR3410_2001_CryptoPro_A_ParamSet`](https://github.com/gost-engine/engine/blob/v3.0.2/ecp_id_GostR3410_2001_CryptoPro_A_ParamSet.c)\n- [`ecp_id_GostR3410_2001_CryptoPro_B_ParamSet`](https://github.com/gost-engine/engine/blob/v3.0.2/ecp_id_GostR3410_2001_CryptoPro_B_ParamSet.c)\n- [`ecp_id_GostR3410_2001_CryptoPro_C_ParamSet`](https://github.com/gost-engine/engine/blob/v3.0.2/ecp_id_GostR3410_2001_CryptoPro_C_ParamSet.c)\n\n2. **Create a Certificate Signing Request (CSR)**: Generate a CSR using the private key you created in the previous step:\n\n```shell\nopenssl req -new -key cert.key -out cert.csr \\\n  -subj \"/C=RU/ST=Moscow_Olast/L=Moscow/O=Big_Brother_LTD/OU=IT/CN=bigbrother.ru/emailAddress=donos@bigbrother.ru\"\n```\n\n3. **Generate a Self-Signed Certificate**: Now, use the private key and CSR to generate a self-signed certificate.\n\n```shell\nopenssl x509 -req -days 365 -in cert.csr -signkey cert.key -out cert.pem\n```\n\nThis command will create a self-signed certificate valid for 365 days.\n\n4. **Verify the Certificate** (Optional): You can verify the details of the generated certificate using the following command:\n\n```shell\nopenssl x509 -in cert.pem -text -noout\n```\n\n## Supported tags and their respective Dockerfiles\n\nThe `mbrav/docker-gost` repository is tagged with the following scheme where `x.x.x` is the OpenSSL version and `y.y.y` is the nginx version:\n\n- **Debian 12 (\"*Bookworm*\")**:\n  - Tags: `latest`, `bookworm`, `bookworm-x.x.x`\n  - Dockerfile: [debian-bookworm/Dockerfile](https://github.com/mbrav/docker-gost/blob/main/debian-bookworm/Dockerfile)\n- **Debian 12 (\"*Bookworm*\") with Nginx**:\n  - Tags: `bookworm-nginx`, `bookworm-nginx-x.x.x`, `bookworm-nginx-x.x.x-y.y.y`, `nginx`, `nginx-x.x.x`, `nginx-x.x.x-y.y.y`\n  - Dockerfile: [debian-bookworm/nginx.Dockerfile](https://github.com/mbrav/docker-gost/blob/main/debian-bookworm/nginx.Dockerfile)\n- **Alpine 3**:\n  - Tags: `alpine`, `alpine-x.x.x`\n  - Dockerfile: [alpine/Dockerfile](https://github.com/mbrav/docker-gost/blob/main/alpine/Dockerfile)\n- **Alpine 3 with Nginx**: *WIP*\n\nSee [`data.json`](https://github.com/mbrav/docker-gost/blob/main/data.json) metadata file for actual information.\n\n## About this Repo\n\n- **Maintained by**: [mbrav](https://github.com/mbrav)\n- **Where to get help**: Literally nowhere, hence the reason I created this repository.\n- **Why to use this image**: If your application needs [`openssl`](https://github.com/openssl/openssl) with GOST crypto algorithms ([`gost-engine`](https://github.com/gost-engine/engine)). Docker images are available at [`mbav/docker-gost`](https://github.com/mbrav/docker-gost) and are automatically built and uploaded to Docker Hub using [GitHub actions](https://github.com/mbrav/docker-gost/actions/workflows/docker-hub.yml).\n\n## Contributing\n\nPlease see the [contributing guide](https://github.com/mbrav/docker-gost/blob/main/CONTRIBUTING.md) for guidelines on how to best contribute to this project.\n\n## License\n\n[![License](https://img.shields.io/badge/License-BSD_3--Clause-yellow.svg)](https://opensource.org/licenses/BSD-3-Clause)\n[BSD 3-Clause LICENSE](https://github.com/mbrav/docker-gost/blob/main/LICENSE)\n\nAs for any pre-built image usage, it is the image user's responsibility to ensure that any use of this image complies with any relevant licenses for all software contained within.\n\n\u0026copy; [mbrav](https://github.com/mbrav) 2023\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmbrav%2Fdocker-gost","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmbrav%2Fdocker-gost","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmbrav%2Fdocker-gost/lists"}