From the point of view of the PKCS#11 interface, using a cloud token is no different from using a hardware token. To use the token on a computer (and we will talk about the Android platform), you must have a library for working with the token and the actual connected token. For you need the same thing - a library and a connection to the cloud. A certain configuration file acts as such a connection, in which the address of the cloud is specified, in which user tokens are stored.
Checking the status of a cryptographic token
So, download the updated version of the utility . Install and run the application and go to the main menu. For further work, you need to select a token whose cryptographic mechanisms will be involved (recall that when working with no token needed):
The screenshot clearly shows what happens when you click on a particular button. If you click on the "other token" button, you will be prompted to select the PKCS # 11 library for your token. In the other two cases, information about the status of the selected token is given. How the software token is connected was discussed in the previous . Today we are interested in the cloud token.
Cloud token registration
Go to the βConnecting PKCS#11 Tokensβ tab, find the item βCreate a cloud tokenβ and download the LS11CloudToken-A application:
Install the downloaded application and run it:
After filling in the fields on the "Registration in the cloud" tab and clicking the "Register" button, the process of registering a token in the cloud begins. The registration process includes the creation of a seed random number generator (RNG). NZDCH to add "biological" randomness when generating the initial value includes the user's keyboard input. This takes into account both character input speed and input correctness:
After registering in the cloud, you can check the status of the token in the cloud:
After successful registration in the cloud, we exit the LS11CloudToken-A application and return to the cryptoarmpkcs-A application and check the status of the cloud token again:
Checking for the presence of a cloud token confirmed that we successfully registered in the cloud and we need to initialize our own cloud token in it.
Cloud token initialization
This initialization is no different from the initialization of any other token, for example, .
And then everything is as usual, we put a personal certificate, for example from a container , into a cloud token and use it to sign the document:
You can also form (Certificate Request tab):
With the created request, go to the certification center, get a certificate there and import it to the token:
Source: habr.com