1

Topic: ready to pay. GOST and XML encryption

It is necessary to make enciphering electronic hospital XML a file under the standard "XML Encryption Syntax and Processing (W3C)"
According to instruction  "Enciphering of a sessional key and the data happens on algorithm of GOST 28147-89"
Here a template ciphered XML a file

<xenc:EncryptedData
xmlns:xenc = "http://www.w3.org/2001/04/xmlenc#" Type = "http://www.w3.org/2001/04/xmlenc#Content"
xmlns:ds = "http://www.w3.org/2000/09/xmldsig#"
xmlns:sch = "http://gost34.ibs.ru/WrapperService/Schema"
xmlns:wsse = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:wsu = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<xenc:EncryptionMethod Algorithm = "urn:ietf:params:xml:ns:cpxmlsec:algorithms:gost28147"/>
<ds:KeyInfo>
<xenc:EncryptedKey xmlns:xenc = "http://www.w3.org/2001/04/xmlenc#">
<xenc:EncryptionMethod Algorithm = "urn:ietf:params:xml:ns:cpxmlsec:algorithms:transport-gost2001"/>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate></ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue> </xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedKey>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue> </xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>

If who knows, prompt, according to the description

xenc:EncryptionMethod Algorithm = "urn:ietf:params:xml:ns:cpxmlsec:algorithms:gost28147"

What mode gost89 should be used?

1. Simple changeover
2. 
3.  with back coupling
4. A framing mode .

In a network it is a lot of tools for enciphering, but all know that such Russian GOST
If someone already has a ready tool I am ready to buy

2

Re: ready to pay. GOST and XML encryption

At Bruce Shnajera it is possible to esteem the theory about "block chaining" modes.
The first of them is trivial - does not do any coupling. And all remaining
- Combine various variants of interblock communications.
It seems in openssl it is called CBC/ECB/OFB...
As it concerns GOST I unfortunately I do not know. Too little  about it.
But most likely block operations at it such as well as at everyones there "Exaggerated Fishes",
And other AES.
What mode to you to select - . If over you there is no supervising organization
That is not present sense something there to search.

3

Re: ready to pay. GOST and XML encryption

openssl to 1.1 included the built in support state that in modes CFB, CNT. It is possible to apply it in a mode of the static assembly not to depend on fresher delivered from OS openssl where  threw out.
If it is necessary openssl 1.1 and above that there  is implemented by means of exterior library which should be connected in the list of engines.
As this all to use it is easily googled.