Previous: , Up: Top  


Preferable way is to download tarball with the signature from website and, for example, run tests with benchmarks:

% wget
% wget
% gpg --verify gogost-1.1.tar.xz.sig gogost-1.1.tar.xz
% xz -d < gogost-1.1.tar.xz | tar xf -
% make -C gogost-1.1 all bench
% echo hello world | ./gogost-1.1/streebog256

And then you can include its source code in your project for example like this:

% mkdir -p myproj/src
% export GOPATH=$PWD/myproj
% cd myproj/src
% cat > main.go <<EOF
package main

import (


func main() {
    h := gost34112012256.New()
    h.Write([]byte("hello world"))
% cp -r ../../gogost-1.1/src/ .
% go run main.go
VersionDateSizeTarballSHA256 checksumStreebog-256 checksum
2.02016-11-2639 KiBlink sign28E8C15C 0EC5CC2A 47A8CCDA DF9EADB5 E46970AA FB7FAAF3 AA250FFC 79CE57F7e2858b9c1e7834663838c44b9b9ebbd1f37e5b85ceba5698b6fb5d180e071710
1.22016-11-1334 KiBlink signB894D0E4 923F0361 8A33A360 65AE860F FCFAF8F5 42A82D71 EA0A0BA7 7BC99093fc6d3533e28d356398877674b6ee18954581c7f46832a5cf994ae243ab00ddf5
1.12016-10-0433 KiBlink sign26D37912 6FE220C1 C0381835 DEFFDC4B BDCDC394 15D6E9C1 F8A5A302 04F9452B313fa58c2c030dd5acd20b524842bd2d4ec7403fcfca2a4a238ddc187c3ef0df

You have to verify downloaded tarballs integrity and authenticity to be sure that you retrieved trusted and untampered software. The GNU Privacy Guard is used for that purpose.

For the very first time it is necessary to get signing public key and import it. It is provided below, but you should check alternative resources.

pub   rsa2048/0x82343436696FC85A 2016-09-13 [SC]
      CEBD 1282 2C46 9C02 A81A  0467 8234 3436 696F C85A
uid   GoGOST releases <gogost at cypherpunks dot ru>

You can obtain development source code by cloning Git

Previous: , Up: Top