SOFTWARE FOR SIGNING/VERIFYING
the digital signature
GOST 34.310-95, DSTU 4145-2002 and GOST 34.311-95
using certificates X.509
Library of signing/verifying the digital signature based on the algorithms GOST 34.310-95, DSTU 4145-2002 and GOST 34.311 is assigned for using in software complexes, which use the basic interface of the RSAC.DLL library as the standard of NBU.
Main requirements of NBU are:
- The key identifier length - 6 symbols.
- The keys are generated:
with the help of on-line WEB-interface CA (Certification Authority);
with the help of the utility in off-line mode with the further certification request (RSA Laboratories. PKCS #10: Certification Request Syntax Standard).
- The length of the digital signature should not surpass the length of the digital signature on the 512-bit key RSA.
That's why the library is applied for GOST 34.310-95, DSTU 4145-2002 and GOST 34.311, as well as for 512-bit RSA, SHA-1 (MD5).
Distribution of the signed certificates is carried out in the format PKCS#7 (RSA Laboratories. PKCS #10: Cryptographic Message Syntax Standard).
The main functions that are essential for signing/verifying the digital signature are:
RENEW_ZAH() - updates the open keys tables, creates and expands backup copies and reviews open keys tables;
INIT_ZAH() - performs the key system initializing. This function call is obligatory on every working place (PC) before signing/verifying the digital signature;
CLOSE_ZAH() - performs the key system de-initializing. This function call is obligatory after finishing work with the software module of signing/verifying the digital signature;
RSA_ZAH() - this is the function of signing/verifying the digital signature.
Key Distribution Center (KDC) is assigned for receiving certificates and placing them into the local table of certificates both in the center and in the regions (from the point of view of their/its users):