Previous: , Up: Top  


Preferable way is to download tarball with the signature from website and, for example, run tests with benchmarks:

$ [fetch|wget]
$ [fetch|wget]
$ gpg --verify gogost-5.5.0.tar.xz.sig gogost-5.5.0.tar.xz
$ xz --decompress --stdout gogost-5.5.0.tar.xz | tar xf -
$ cd gogost-5.5.0
$ redo all
$ echo hello world | ./streebog256

It uses redo build system for that examples. You can use either dozen of various implementations, or at least minimalistic POSIX shell contrib/do (just replace redo with contrib/do in the example above) included in tarball.

VersionDateSizeTarballSHA256 checksumStreebog-256 checksum
5.5.02021-01-2561 KiBlink signF92084FB 2D4A7BA2 624C468E A2149C49 96C2006C 05AFE093 23C75283 EBCCD8E41b26b19a697a427257dd86f3688197921fb9028e44384192f6046c503b24ef87
5.4.02021-01-2460 KiBlink sign33EA1FEF AAD81831 27ACF816 F1621DF0 AE9F34B0 EBD3324E BDDABDE1 C3F07EA0adc275ae7db766a862ffca1680c31fcb18f5906b24164de9810d8b7a85f26d53
5.3.02021-01-2161 KiBlink signEB8F537F 04854C3D E162D38A 84DA7887 C2B5B387 DBED8D3A 55E27F59 8CD72AA1b60f03d693b7dcb82d9fb6a5936f0b34b90546a108d50e401b0c1ffef62c8f1e
5.2.02021-01-2160 KiBlink signB7329A8C FB0E330B AE43B074 0D59B1FD 483E1652 6E1233A4 4E3844E6 A1130D24f3e381e29334add141484364bfcd6834308d7f5e3c74827c2617b6f70851687b
5.1.12021-01-1660 KiBlink signF11CFDED 18327364 11BDF5EE 1236C5B6 25733220 1ECCF500 31B887A2 E9601BE62926f15d273f229a49e69c63a1ae9b94fed7e25046f7ee0d32afba08dc7ec970
5.1.02020-10-0763 KiBlink sign4AC24706 DA444606 E7E77F64 D27FE0FE 645C8389 E0B92871 563809BA 2D0194E6ee468925f1f1cf55311c62b8953150a2318c7b1d514e499eb2fa97fa93b52fb6
5.0.22020-09-0562 KiBlink sign2A62D4B8 B45CBD6D EFF8DD2A 973F16B3 463F8365 467408A0 2DD538F9 0EFD0B690dd8ed5b0cfae0b8ad30658dab3e12188c005a590db0a698731fb85dcec679c4
5.0.12020-09-0562 KiBlink sign4DAEA73C 44527737 054C659A 9B619A21 643EA3AA 66F6E092 4AC8777A 5D897C6A0bde87f569e0dbad29856610dcbd2ffbcaca4f4899046cb138d92b059856b4b2
5.0.02020-09-0462 KiBlink sign222CB86E 559E9CCF E80FFFB1 B3A7908B A978FE84 9E12B7F9 DA571512 6A24BCA72a0fc616372fe905e8677e1e82d8bd82f852e6393c03cbfb34f69f855bcbfc85
4.3.12020-09-0163 KiBlink signFEB48FAA 49F43FB4 6FF4812C ECB9BD8B 077EA3A1 693088CA 1C2F29E8 F2AFE500785b17e7f84f3b472d5bdcb710e124908da656bdec2df7f6bcf0a1b4042403ce
4.3.02020-08-0258 KiBlink signB5550996 57149869 46F01316 937CA4E2 C0786F90 F0281E59 FD3E4D0B 633785ECe5a187c1e9753b747918a13008f128efa0b9fbc8f2b26ef8af1315a53ac8b8ba
4.2.42020-06-2458 KiBlink signAB7716CB B1E67C5F 5F38B4F9 EEE2733E 931A0498 084AF7BC E816F961 16EB26AEf3c198b616de3cf15626d7741bfed1dd927a7cc85a8b24d68f48f86d64417a8c
4.2.32020-01-2258 KiBlink sign0259919D 6C5F61CC BDAD40E8 52E94EA9 29C0A2C1 7C819158 445BA28E 6BA0B105a0272ddd522ab49795b43a9efcd6e152510e4b1c3afd4feddd45e0a122643a57
4.2.22020-01-0758 KiBlink sign88735A72 1FC0D998 768EA056 F6AC018D BACD25F2 3C72458B 312D4B75 36CF39C591eea4919647876b1989313fbce6497bedebead2a4437449a16e0bea39088201
4.2.12019-12-1857 KiBlink sign00AA93C7 EE5CE982 CABC881B CC3E4C35 5900C370 B16D3629 9F97F5E4 D32778620e307c6a01f15cdd3cb5071f88bbcc419e85c0b911de1381d0d5d058a509681e
4.2.02019-10-1857 KiBlink sign07B44D64 E99924D2 612F9161 037EAFCE 191911B3 B2A9748F 6D340BB7 FBF8EF5A6fc059688e4cf121c3af4a5b3bbb13661478c5df91de5f6f2da89f64486d5977
4.1.02019-10-0355 KiBlink signF2FEF2E0 ADEB5742 FA2B3338 64E8B91B 3CCAA97D 5BA62177 21E08A11 F1FA813372e0d52aa25158ab1bb45e5498ce703b516c616b71101b74d5ee259f516c4e91
4.02019-08-1256 KiBlink sign4899B930 2110C9A9 592821D6 B206146F 2A66FC5A 3DEE9D6E 11F5EA51 72FEE6E6ad8b58d42c3829e66dd1994265478eab921393cf0f7a8b520d900e38092a2cd6
3.02019-07-1947 KiBlink sign0BC2F39C DDB66493 BDF02DA7 C0A04633 E2A33462 4E3C0C7C 567712A6 6078FC8240de433a7e37fdca1ac2a9ef6093c85314937d59fa72e8e4dc91d5bf4eb064d7
2.02016-11-2639 KiBlink sign28E8C15C 0EC5CC2A 47A8CCDA DF9EADB5 E46970AA FB7FAAF3 AA250FFC 79CE57F7e2858b9c1e7834663838c44b9b9ebbd1f37e5b85ceba5698b6fb5d180e071710
1.22016-11-1334 KiBlink signB894D0E4 923F0361 8A33A360 65AE860F FCFAF8F5 42A82D71 EA0A0BA7 7BC99093fc6d3533e28d356398877674b6ee18954581c7f46832a5cf994ae243ab00ddf5
1.12016-10-0433 KiBlink sign26D37912 6FE220C1 C0381835 DEFFDC4B BDCDC394 15D6E9C1 F8A5A302 04F9452B313fa58c2c030dd5acd20b524842bd2d4ec7403fcfca2a4a238ddc187c3ef0df

And then you can include its source code in your project for example like this:

$ mkdir -p myproj/vendor/
$ mv gogost-5.5.0 myproj/vendor/
$ cd myproj
$ cat > main.go <<EOF
package main

import (


func main() {
    h := gost34112012256.New()
    h.Write([]byte("hello world\n"))
$ go run main.go

You have to verify downloaded tarballs integrity and authenticity to be sure that you retrieved trusted and untampered software. GNU Privacy Guard is used for that purpose.

For the very first time it is necessary to get signing public key and import it. It is provided below, but you should check alternative resources.

pub   rsa2048/0x82343436696FC85A 2016-09-13 [SC]
      CEBD 1282 2C46 9C02 A81A  0467 8234 3436 696F C85A
uid   GoGOST releases <gogost at cypherpunks dot ru>

GoGOST is also go get-able. For example to use streebog256 utility:

$ go get

If you have problems with *’s inability to verify authenticity of TLS connection, then you can disable their usage by setting You can override CA certificate file path with SSL_CERT_FILE and GIT_SSL_CAINFO environment variables.

Also you can use replace feature inside your go.mod, like:

require v5.5.0
replace => /path/to/gogost-5.5.0

You can obtain development source code with git clone git:// (also you can use

Previous: , Up: Top