GOST2-128 File Encryptor/Decryptor (CBC + SHA-256 authentication)
Single-file utility: includes GOST2-128, SHA-256, CBC, IV generation, and I/O.
-
Build:
-
Unix/macOS: gcc gost2-128-cbc.c -o gost2file
-
Windows (MinGW): gcc gost2-128-cbc.c -o gost2file -lbcrypt
-
Usage:
-
gost2file c <input_file> -> produces <input_file>.gost2
-
gost2file d <input_file> -> removes .gost2 suffix if present, else appends .dec
-
File format (encrypted): [16 bytes IV (clear)] [ciphertext (PKCS#7 padded)] [32 bytes SHA-256 over ciphertext only]
-
Password: Asked interactively (not via CLI). Not echoed on screen.
-
Randomness:
- Preferred: arc4random_buf (BSD/macOS)
- Else: /dev/urandom (Unix)
- Else: BCryptGenRandom (Windows)
- Else (LAST RESORT): srand(time(NULL)) + rand()
GOST 2-128 was released in 2016. It has exactly the same design as GOST but has twice as many S-tables and uses 64-bit integers instead of 32-bit integers. It no longer works on 64-bit blocks but on 128-bit blocks like AES. The two S-tables are those of the Central Bank of Russian Federation and that of the GOST R 34.12-2015 standard. GOST had 256-bit keys that were reused as subkeys. In GOST 2-128, subkeys are generated by a one-way hash function, representing 4096 bits. Thus, no weak keys exist and attacks against GOST do not work in GOST 2-128.