@node Download
@unnumbered Download

Preferable way is to download tarball with the signature from
website and, for example, run tests with benchmarks:

@example
$ [fetch|wget] http://www.gogost.cypherpunks.ru/gogost-@value{VERSION}.tar.zst
$ [fetch|wget] http://www.gogost.cypherpunks.ru/gogost-@value{VERSION}.tar.zst.sig
$ gpg --verify gogost-@value{VERSION}.tar.zst.sig gogost-@value{VERSION}.tar.zst
$ zstd --decompress --stdout gogost-@value{VERSION}.tar.zst | tar xf -
$ cd gogost-@value{VERSION}
$ redo all
$ echo hello world | ./streebog256
f72018189a5cfb803dbe1f2149cf554c40093d8e7f81c21e08ac5bcd09d9934d
@end example

It uses @url{http://cr.yp.to/redo.html, redo} build system for that
examples. You can use either dozen of various implementations, or at
least minimalistic POSIX shell @command{contrib/do} (just replace
@command{redo} with @command{contrib/do} in the example above) included
in tarball.

@include download.texi

And then you can include its source code in your project for example
like this:

@example
$ mkdir -p myproj/vendor/go.cypherpunks.ru/gogost
$ mv gogost-@value{VERSION} myproj/vendor/go.cypherpunks.ru/gogost/v5
$ cd myproj
$ cat > main.go <<EOF
package main

import (
    "encoding/hex"
    "fmt"

    "go.cypherpunks.ru/gogost/v5/gost34112012256"
)

func main() @{
    h := gost34112012256.New()
    h.Write([]byte("hello world\n"))
    fmt.Println(hex.EncodeToString(h.Sum(nil)))
@}
EOF
$ go run main.go
f72018189a5cfb803dbe1f2149cf554c40093d8e7f81c21e08ac5bcd09d9934d
@end example

You @strong{have to} verify downloaded tarballs integrity and
authenticity to be sure that you retrieved trusted and untampered
software. @url{https://www.gnupg.org/, GNU Privacy Guard} is used
for that purpose.

For the very first time it is necessary to get signing public key and
import it. It is provided below, but you should check alternative
resources.

@verbatim
pub   rsa2048/0x82343436696FC85A 2016-09-13 [SC]
      CEBD 1282 2C46 9C02 A81A  0467 8234 3436 696F C85A
uid   GoGOST releases <gogost at cypherpunks dot ru>
@end verbatim

@itemize

@item @url{http://lists.cypherpunks.ru/gost.html, gost} maillist

@item
@example
$ gpg --auto-key-locate dane --locate-keys gogost at cypherpunks dot ru
$ gpg --auto-key-locate  wkd --locate-keys gogost at cypherpunks dot ru
@end example

@item
@verbatiminclude PUBKEY.asc

@end itemize

GoGOST is also @command{go get}-able. For example to install
@command{streebog256} utility:

@example
$ go install go.cypherpunks.ru/gogost/v5/cmd/streebog256@@latest
@end example

@code{go.cypherpunks.ru} uses @code{ca.cypherpunks.ru} X.509 CA
authority, that may complicate installation:

@itemize

@item Go's default @code{proxy.golang.org} and @code{sum.golang.org}
services won't be able to verify @code{go.cypherpunks.ru}'s TLS
authenticity, because there are no common trust anchors. You can skip
their usage by setting @env{$GOPRIVATE=go.cypherpunks.ru}.

@item You can (temporarily) override CA certificate bundle during installation:

@example
$ [fetch|wget] http://www.ca.cypherpunks.ru/cert.pem
$ [fetch|wget] http://www.ca.cypherpunks.ru/cert.pem.asc
$ gpg --auto-key-locate dane --locate-keys stargrave at stargrave dot org
$ gpg --auto-key-locate  wkd --locate-keys stargrave at gnupg dot net
$ gpg --verify cert.pem.asc
$ SSL_CERT_FILE=`pwd`/cert.pem GIT_SSL_CAINFO=`pwd`/cert.pem go get \
    go.cypherpunks.ru/gogost/v5
@end example

@item You can unpack tarball somewhere and use @code{replace} command in
your local @file{go.mod}:

@example
require go.cypherpunks.ru/gogost/v5 v@value{VERSION}
replace go.cypherpunks.ru/gogost/v5 => /path/to/gogost-@value{VERSION}
@end example

@end itemize

You can obtain development source code with
@command{git clone git://git.cypherpunks.ru/gogost.git}
(also you can use @url{https://git.cypherpunks.ru/gogost.git}).