# Fork Notes — AlexMAS/GostCryptography

- Source repo: https://github.com/AlexMAS/GostCryptography (commit 31413f6621d1e77e4fe5d7bb2f95a9746d64e9e0)
- Reason for fork: Need a maintained source base for the CryptoPro plug-in that covers the full CSP surface (CMS, XML DSig, Magma/Kuznyechik, etc.) while we replace the vulnerable IT.GostCryptography dependency.
- Alternatives considered:
  - pairbit/IT.Hashing — modern .NET 8 hashing helpers, but it only ships digest algorithms and lacks CSP bindings, CMS, or signing primitives, so it cannot back our plug-in on its own.
  - NuGet GostCryptography binary — already packaged but not patchable; we need source control plus the ability to vendor patches.
- Local customizations: None yet; this directory is a vanilla mirror of upstream. All StellaOps-specific changes must be committed on top so that we can periodically rebase from upstream.
- Sync process:
  1. git clone https://github.com/AlexMAS/GostCryptography.git /tmp/gost
  2. Checkout the desired commit/tag and run: rsync -a --delete --exclude .git /tmp/gost/ third_party/forks/AlexMAS.GostCryptography/
  3. Update this file with the new commit hash and summarize notable upstream diffs.
- License: MIT (upstream LICENSE kept verbatim in this folder).

This fork lives under third_party/forks to keep upstream sources separate from StellaOps code while we integrate the replacement CryptoPro provider.