The time has come to use cryptographic 1 and on the Android platform. Some might say that there are no Android hardware tokens. But, if so, then this is only a temporary phenomenon. But already today you can put a software token or use . Since the utility is developed for the Android platform using Androwish in the Tcl/Tk scripting language, then the package is used to connect tokens .
In this case, no processing of the package was required. All that was done was to add a script to the project to build the package library written in the language , for Android and the library distribution itself. It was decided to add libraries of software ls11sw2016 and cloud ls11cloud tokens for various platforms to the same project.
Everything else is simple. We add buttons for selecting a working token to the second window and get:
- software token ls11sw2016;
- cloud token ls11cloud;
- another PKCS11#11 token.
By default, a software token is connected. If it has not been created previously, you will be prompted to initialize it. Recall that consists in assigning a label and setting a user PIN code:
Note that the software token was developed in accordance with the recommendations of PKCS#11 v.2.40 and TK-26. To obtain complete information about the token, including supported cryptographic mechanisms, just click on the βAbout the token and its cryptographyβ button in the main menu (βFunctionalβ). Today, not a single hardware token supporting Russian cryptography has this functionality:
The question arises: - how to install a personal certificate on a token. There are two options. The first option is to import the certificate itself and its key pair through the PKCS#12 container (the βWork with PKCS12/PFXβ button):
The second option involves creating a request (PKCS#10) for a certificate. This option (function ) provides for the generation of a key pair directly on the token:
Now you can save the request to flash drives and go to for a certificate. If you will use the certificate for test purposes or internally, you can also use the utility to issue a certificate . The resulting certificate is imported onto the token in the βView Request/Certificateβ tab:
You can now sign documents with certificates stored on the token using the tab .
In the next article we will tell you how to connect to a cloud token. And the question of transferring certificate generation functions to the mobile platform remains open. Is there a need for this?
An updated version of the cryptoarmpkcs-A utility for the Android platform can be downloaded here:
PS Saving the log
To build the package, use the bones utility from the . Once the package is successfully built, an βInstall & runβ button appears and when clicked, a log window opens showing the output of adb logcat (Android Debug Bridge logger). The downside to this screen is that it is difficult to find the error message, especially with the "V" (verbose) flag enabled. Therefore, a βSaveβ button was added, which saves the log in the file /tmp/logBone.txt (we are talking about Linux):
With the advent of this button, the process of debugging the application has been greatly simplified.
To add a button, just add the following code to the bones file after line 2591:
ttk::button $l.frame.clear -text "Clear" -width 6
-command [list adb_logcat_clear $l.text]
#ΠΠΎΠ±Π°Π²Π»Π΅Π½Π½ΡΠΉ ΠΊΠΎΠ΄
ttk::button $l.frame.save -text "Save" -width 6
-command [list adb_logcat_save $l.text]
ttk::button $l.frame.run -text "Run" -width 6
-command [list adb_logcat_run $l]The adb_logcat_save save command looks like this:
proc adb_logcat_save {text} {
set tt [$text get 1.0 end]
set file "/tmp/logBone.txt"
file delete -force $file
#Π‘ΠΎΠ±ΡΡΠ²Π΅Π½Π½ΠΎ Π·Π°ΠΏΠΈΡΡ Π² ΡΠ°ΠΉΠ»
set fd [open $file w]
chan configure $fd -translation binary
puts -nonewline $fd $tt
close $fd
}Source: habr.com