{"id":37102769,"url":"https://github.com/pedroalbanese/engine","last_synced_at":"2026-01-14T12:27:00.049Z","repository":{"id":60743073,"uuid":"541817828","full_name":"pedroalbanese/engine","owner":"pedroalbanese","description":"🔒 Pure Go GOST Digital Signer/TLS/VKO","archived":true,"fork":false,"pushed_at":"2023-01-26T19:59:26.000Z","size":197,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2024-06-21T11:02:32.685Z","etag":null,"topics":["crypto","cryptography","ecdsa-cryptography","encryption","gost3410-2012","gost3411-2012","gost3412-2015","grasshopper","kuznechik","streebog","tls","tls-certificate"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"isc","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/pedroalbanese.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null}},"created_at":"2022-09-26T23:08:06.000Z","updated_at":"2023-10-31T15:05:20.000Z","dependencies_parsed_at":"2023-02-14T23:00:58.706Z","dependency_job_id":null,"html_url":"https://github.com/pedroalbanese/engine","commit_stats":null,"previous_names":[],"tags_count":6,"template":false,"template_full_name":null,"purl":"pkg:github/pedroalbanese/engine","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pedroalbanese%2Fengine","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pedroalbanese%2Fengine/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pedroalbanese%2Fengine/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pedroalbanese%2Fengine/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/pedroalbanese","download_url":"https://codeload.github.com/pedroalbanese/engine/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pedroalbanese%2Fengine/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28420760,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-14T10:47:48.104Z","status":"ssl_error","status_checked_at":"2026-01-14T10:46:19.031Z","response_time":107,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["crypto","cryptography","ecdsa-cryptography","encryption","gost3410-2012","gost3411-2012","gost3412-2015","grasshopper","kuznechik","streebog","tls","tls-certificate"],"created_at":"2026-01-14T12:26:59.462Z","updated_at":"2026-01-14T12:27:00.023Z","avatar_url":"https://github.com/pedroalbanese.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# GOST Engenhoca\n[![ISC License](http://img.shields.io/badge/license-ISC-blue.svg)](https://github.com/pedroalbanese/engine/blob/master/LICENSE.md) \n[![GoDoc](https://godoc.org/github.com/pedroalbanese/engine?status.png)](http://godoc.org/github.com/pedroalbanese/engine)\n[![GitHub downloads](https://img.shields.io/github/downloads/pedroalbanese/engine/total.svg?logo=github\u0026logoColor=white)](https://github.com/pedroalbanese/engine/releases)\n[![Go Report Card](https://goreportcard.com/badge/github.com/pedroalbanese/engine)](https://goreportcard.com/report/github.com/pedroalbanese/engine)\n[![GitHub go.mod Go version](https://img.shields.io/github/go-mod/go-version/pedroalbanese/engine)](https://golang.org)\n[![GitHub release (latest by date)](https://img.shields.io/github/v/release/pedroalbanese/engine)](https://github.com/pedroalbanese/engine/releases)\n\n### GOST Toolkit Lite (TC26 Compliant)\nCross-platform hybrid cryptography tool for symmetric encryption, cipher-based message authentication code (CMAC), recursive hash digest, hash-based message authentication code (HMAC), HMAC-based key derivation function (HKDF), password based key derivation function (PBKDF2), shared key agreement (ECDH), digital signature (ECDSA) and TLS 1.2 for small or embedded systems. \n\n**GOST refers to a set of technical standards maintained by the Euro-Asian Council for Standardization, Metrology and Certification (EASC), a regional standards organization operating under the auspices of the Commonwealth of Independent States (CIS).**\n\n## Roll of Algorithms\n#### GOST is GOvernment STandard of Russian Federation (and Soviet Union):\n  - GOST R 34.11-2012 Стрибог (Streebog) hash function 256/512-bit (RFC 6986)\n  - GOST R 34.10-2012 public key signature function (RFC 7091)\n  - VKO GOST R 34.10-2012 key agreement function (RFC 7836)\n  - GOST R 34.12-2015 128-bit block cipher Кузнечик (Kuznechik) (RFC 7801)\n  - GOST R 34.12-2015 64-bit block cipher Магма (Magma) (RFC 8891)\n  - MGM AEAD mode for 64 and 128 bit ciphers (RFC 9058)\n\n### Symmetric:\n- **Block Ciphers:**\n   - GOST R 34.12-2015 Magma (default)\n   - GOST R 34.12-2015 Kuznechik (Grasshopper)\n\n- **Modes of Operation:**\n   - MGM: Multilinear Galois Mode (AEAD)\n   - CFB: Cipher Feedback Mode\n   - CTR: Counter Mode\n   - OFB: Output Feedback Mode\n\n- **Message Digest Algorithm:**\n   - GOST R 34.11-2012 Streebog 256/512-bit \n   \n### Asymmetric:\n- **Public key Algorithm:**\n   - GOST R 34.10-2012 256/512-bit\n\n- **Supported ParamSets:**\n   - GOST R 34.10-2012 256-bit: A, B, C, D\n   - GOST R 34.10-2012 512-bit: A, B\n\n## Features\n* **Cryptographic Functions:**\n   * Symmetric Encryption + AEAD Mode\n   * Digital Signature (ECDSA-like)\n   * Recursive Hash Digest + Check \n   * CMAC (Cipher-based message authentication code)\n   * HMAC (Hash-based message authentication code)\n   * HKDF (HMAC-based key derivation function)\n   * PBKDF2 (Password-based key derivation function 2)\n   * VKO (выработка ключа общего) Shared Key Agreement (ECDH)\n   * TLS 1.2 (Transport Layer Security) (RFC 5246)\n   \n* **Non-cryptographic Functions:**\n\n   * Privacy-Enhanced Mail (PEM format)\n   * RandomArt (OpenSSH-like)\n\n## Usage\n\u003cpre\u003e -128\n       Block size: 64 or 128. (for symmetric encryption only) (default 64)\n -512\n       Key length: 256 or 512. (default 256)\n -cert string\n       Certificate path/name. (default \"Certificate.pem\")\n -check string\n       Check hashsum file. ('-' for STDIN)\n -crypt string\n       Encrypt/Decrypt with symmetric ciphers.\n -digest\n       File/Wildcard to generate hashsum list. ('-' for STDIN)\n -hex string\n       Encode binary string to hex format and vice-versa.\n -hkdf int\n       HMAC-based key derivation function with a given output bit length.\n -info string\n       Associated data, additional info. (for HKDF and AEAD encryption)\n -ipport string\n       Local Port/remote's side Public IP:Port.\n -iter int\n       Iterations. (for PBKDF2 command) (default 1)\n -iv string\n       Initialization vector. (for non-AEAD symmetric encryption)\n -key string\n       Private/Public key, depending on operation.\n -mac string\n       Compute hash-based/cipher-based message authentication code.\n -mode string\n       Mode of operation: MGM, CFB, CTR or OFB. (default \"MGM\")\n -paramset string\n       Elliptic curve ParamSet: A, B, C, D. (default \"A\")\n -pbkdf2\n       Password-based key derivation function 2.\n -pkey string\n       Generate keypair, Generate certificate. [keygen|certgen]\n -private string\n       Private key path. (for keypair generation) (default \"Private.pem\")\n -public string\n       Public key path. (for keypair generation) (default \"Public.pem\")\n -pwd string\n       Password. (for Private key PEM encryption)\n -rand int\n       Generate random cryptographic key with a given output bit length.\n -recursive\n       Process directories recursively. (for DIGEST command only)\n -salt string\n       Salt. (for PBKDF2 and HKDF commands)\n -signature string\n       Input signature. (verification only)\n -tcp string\n       Encrypted TCP/IP Transfer Protocol. [server|ip|client]\n -version\n       Print version information.\u003c/pre\u003e\n\n## Examples\n#### Asymmetric GOST2012 keypair generation:\n```sh\n./engine -pkey keygen [-512] [-paramset B] [-pwd \"pass\"]\n```\n#### Parse keys info:\n```sh\n./engine -pkey [text|modulus] [-pwd \"pass\"] -key private.pem\n./engine -pkey [text|modulus|randomart] -key public.pem\n```\n#### Digital signature:\n```sh\n./engine -pkey sign -key private.pem [-pwd \"pass\"] \u003c file.ext \u003e sign.txt\nsign=$(cat sign.txt|awk '{print $2}')\n./engine -pkey verify -key public.pem -signature $sign \u003c file.ext\necho $?\n```\n#### VKO Shared key agreement:\n```sh\n./engine -pkey derive -key private.pem -public peerkey.pem\n```\n#### Generate Certificate:\n```sh\n./engine -pkey certgen -key private.pem [-pwd \"pass\"] [-cert \"output.ext\"]\n```\n#### Parse Certificate info:\n```sh\n./engine -pkey [text|modulus] -cert certificate.pem\n```\n#### TLS Layer (TCP/IP):\n```sh\n./engine -tcp ip \u003e PubIP.txt\n./engine -tcp server -cert certificate.pem -key private.pem [-ipport \"8081\"]\n./engine -tcp client -cert certificate.pem -key private.pem [-ipport \"127.0.0.1:8081\"]\n```\n#### Encryption/decryption with Magma (GOST R 34.12-2015) block cipher (default):\n```sh\n./engine -crypt enc -key $shared \u003c plaintext.ext \u003e ciphertext.ext\n./engine -crypt dec -key $shared \u003c ciphertext.ext \u003e plaintext.ext\n```\n#### Encryption/decryption with Kuznyechik (GOST R 34.12-2015) block cipher:\n```sh\n./engine -crypt enc -128 -key $shared \u003c plaintext.ext \u003e ciphertext.ext\n./engine -crypt dec -128 -key $shared \u003c ciphertext.ext \u003e plaintext.ext\n```\n#### CMAC-Kuznechik (cipher-based message authentication code):\n```sh\n./engine -mac cmac -128 -key $128bitkey \u003c file.ext\n./engine -mac cmac -128 -key $128bitkey -signature $128bitmac \u003c file.ext\n```\n#### Streebog256/512 hashsum:\n```sh\n./engine -digest [-512] \u003c file.ext\n./engine -digest [-512] *.*\n```\n#### HMAC-Streebog256/512:\n```sh\n./engine -mac hmac [-512] -key $256bitkey \u003c file.ext\n./engine -mac hmac [-512] -key $256bitkey -signature $256bitmac \u003c file.ext\n```\n#### HKDF (HMAC-based key derivation function 256-bit output):\n```sh\n./engine -hkdf 256 [-512] -key \"IKM\" -info \"AD\" -salt \"salt\"\n```\n#### PBKDF2 (password-based key derivation function):\n```sh\n./engine -pbkdf2 [-512] -key \"pass\" -iter 10000 -salt \"salt\" -crypt enc \u003c plaintext.ext \u003e ciphertext.ext\n```\n#### Bin to Hex/Hex to Bin:\n```sh\n./engine -hex enc \u003c File.ext \u003e File.hex\n./engine -hex dec \u003c File.hex \u003e File.ext\n./engine -hex dump \u003c File.ext\n```\n\n## Contribute\n**Use issues for everything**\n- You can help and get help by:\n  - Reporting doubts and questions\n- You can contribute by:\n  - Reporting issues\n  - Suggesting new features or enhancements\n  - Improve/fix documentation\n\n## License\n\nThis project is licensed under the ISC License.\n\n#### Copyright (c) 2020-2023 Pedro F. Albanese - ALBANESE Research Lab.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpedroalbanese%2Fengine","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpedroalbanese%2Fengine","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpedroalbanese%2Fengine/lists"}