A cewar и , a cikin 2019, 4,6 miliyan takardun shaida na m lantarki sa hannu (CES) za a bayar a Rasha, saduwa da bukatun 63-FZ. Ya bayyana cewa daga cikin ƴan kasuwa miliyan 8 masu rijista da LLC, kowane ɗan kasuwa na biyu yana amfani da sa hannun lantarki. Baya ga EGAIS CEPs da CEPs na tushen gajimare don bayar da rahoto daga bankuna da ayyukan lissafin kuɗi, CEPs na duniya kan amintattun alamun suna da sha'awa ta musamman. Irin waɗannan takaddun shaida suna ba ku damar shiga cikin tashoshin gwamnati da sanya hannu kan kowane takaddun, yana mai da su mahimmanci a doka.
Godiya ga takardar shaidar CEP akan alamar USB, zaku iya ƙaddamar da yarjejeniya tare da abokin aiki ko ma'aikaci mai nisa, kuma aika takardu zuwa kotu; yin rajistar rajistar tsabar kuɗi ta kan layi, daidaita basusukan haraji kuma ƙaddamar da sanarwa a cikin asusun ku na nalog.ru; gano game da basussuka da dubawa masu zuwa a Sabis na Jiha.
Littafin da ke ƙasa zai taimaka Yi aiki tare da CEP a ƙarƙashin macOS - ba tare da nazarin dandalin CryptoPro ba da shigar da injin kama-da-wane tare da Windows.
Abubuwa
Abin da kuke buƙatar aiki tare da CEP a ƙarƙashin macOS:
Shigarwa da daidaitawa CEP don macOS
- Shigar da CryptoPro CSP
- Shigar da direbobin Rutoken
- Shigar da takaddun shaida
3.1. Muna share duk tsoffin takaddun shaida na GOST
3.2. Shigar da takaddun shaida
3.3. Zazzage takaddun shaida na hukuma
3.4. Shigar da takaddun shaida tare da Rutoken - Shigar da mai bincike na musamman Chromium-GOST
- Shigar da kari na browser
5.1 CryptoPro EDS Browser
5.2. Plugin don Ayyukan Jama'a
5.3. Ƙirƙirar plugin don Sabis na Jiha
5.4. Kunna kari
5.5. Ƙaddamar da haɓaka plugin na CryptoPro EDS Browser - Dubawa cewa komai yana aiki
6.1. Jeka shafin gwajin CryptoPro
6.2. Je zuwa Keɓaɓɓen Asusun ku akan nalog.ru
6.3. Jeka Ayyukan Jiha - Me zai yi idan ya daina aiki
Canza lambar PIN ɗin akwati
- Gano sunan kwandon KEP
- Canza PIN tare da umarni daga tasha
Shigar da fayiloli akan macOS
- Nemo hash na takardar shaidar CEP
- Shiga fayil tare da umarni daga tashar tashar
- Shigar da Rubutun atomatik na Apple
Duba sa hannun kan takardar
Ana samun duk bayanan da ke ƙasa daga sanannun tushe (CryptoPro и , , , ), kuma ana ba da shawarar zazzage software daga amintattun shafuka. Marubucin mashawarci ne mai zaman kansa kuma ba shi da alaƙa da kowane kamfani da aka ambata. Ta bin waɗannan umarnin, za ku ɗauki cikakken alhakin kowane ayyuka da sakamako.
Abin da kuke buƙatar aiki tare da CEP a ƙarƙashin macOS:
- CEP Rutoken Lite ta kebul na USB ko Rutoken EDS
- kwandon crypto a cikin tsarin CryptoPro
- tare da ginannen ciki lasisi don CryptoPro CSP
eToken da JaCarta kafofin watsa labarai tare da CryptoPro ba su da tallafi a ƙarƙashin macOS. Rutoken Lite kafofin watsa labarai shine mafi kyawun zaɓi, farashin 500..1000 = rubles, yana aiki da sauri kuma yana ba ku damar adana har zuwa maɓallan 15.
Masu samar da Crypto VipNet, Signal-COM da LISSY ba su da tallafi akan macOS. Babu wata hanyar da za a canza kwantena. CryptoPro shine mafi kyawun zaɓi, farashin takardar shaidar ya zama kusan 1300 = rub. ga daidaikun 'yan kasuwa da 1600 = rub. za YUL.
Yawanci, lasisi na shekara-shekara don CryptoPro CSP an riga an haɗa shi a cikin takaddun shaida kuma yawancin CAs suna ba da shi kyauta. Idan ba haka lamarin yake ba, to kuna buƙatar siye da kunna lasisin har abada don CryptoPro CSP tsananin sigar 4 mai tsada 2700 =. Sigar CryptoPro CSP 5 don macOS baya aiki a halin yanzu.
Shigarwa da daidaitawa CEP don macOS
Abubuwan bayyane
- duk fayilolin da aka zazzage ana zazzage su zuwa tsoffin kundin adireshi: ~/Zazzagewa/;
- Ba mu canza komai a cikin duk masu shigarwa ba, mun bar komai a matsayin tsoho;
- Idan macOS ya nuna gargadin cewa software da ake ƙaddamar da ita ta fito ne daga mai haɓakawa wanda ba a bayyana ba, kuna buƙatar tabbatar da ƙaddamarwa a cikin saitunan tsarin: Zaɓuɓɓukan Tsarin -> Tsaro & Keɓantawa -> Buɗe Ko ta yaya;
- idan macOS ya nemi kalmar sirri ta mai amfani da izini don sarrafa kwamfutar, kuna buƙatar shigar da kalmar wucewa kuma ku yarda da komai.
1. Shigar da CryptoPro CSP
akan gidan yanar gizon CryptoPro and Co download kuma shigar da sigar CryptoPro CSP 4.0 R4 to macOS - .
2. Shigar da direbobin Rutoken
Gidan yanar gizon ya ce wannan na zaɓi ne, amma yana da kyau a shigar da shi. Co zazzagewa kuma shigar akan gidan yanar gizon Rutoken Tsarin tallafi na Keychain - .
Na gaba, haɗa alamar usb, ƙaddamar da tashar kuma aiwatar da umarni:
/opt/cprocsp/bin/csptest -card -enum -vAmsar yakamata ta kasance:
Aktiv Rutoken…
Katin ya halarta…
[Kuskure Code: 0x00000000]
3. Shigar da takaddun shaida
3.1. Muna share duk tsoffin takaddun shaida na GOST
Idan a baya kun yi ƙoƙarin ƙaddamar da CEP a ƙarƙashin macOS, to kuna buƙatar share duk takaddun takaddun da aka shigar a baya. Waɗannan umarni a cikin tashar za su share takaddun shaida na CryptoPro kawai kuma ba za su shafi takaddun shaida na yau da kullun daga Keychain akan macOS ba.
sudo /opt/cprocsp/bin/certmgr -delete -all -store mrootsudo /opt/cprocsp/bin/certmgr -delete -all -store uroot/opt/cprocsp/bin/certmgr -delete -allYa kamata kowane martanin umarni ya haɗa da:
Babu takaddun shaida da ya dace da ma'auni
ko
An gama sharewa
3.2. Shigar da takaddun shaida
Tushen takaddun shaida na gama gari ga duk CEPs da kowace hukuma ta ba da takaddun shaida. Sauke daga Ural Federal District na Ma'aikatar Telecom da Mass Communications:
Sanya tare da umarni a cikin tashar:
sudo /opt/cprocsp/bin/certmgr -inst -store mroot -f ~/Downloads/4BC6DC14D97010C41A26E058AD851F81C842415A.cersudo /opt/cprocsp/bin/certmgr -inst -store mroot -f ~/Downloads/8CAE88BBFD404A7A53630864F9033606E1DC45E2.cersudo /opt/cprocsp/bin/certmgr -inst -store mroot -f ~/Downloads/0408435EB90E5C8796A160E69E4BFAC453435D1D.cerKowane umarni yakamata ya dawo:
Shigarwa:
...
[Kuskure Code: 0x00000000]
3.3. Zazzage takaddun shaida na hukuma
Na gaba, kuna buƙatar shigar da takaddun shaida na ikon tabbatarwa inda kuka ba da CEP. Yawanci, tushen takaddun shaida na kowane CA suna kan gidan yanar gizon sa a cikin ɓangaren abubuwan zazzagewa.
A madadin, ana iya sauke takaddun shaida na kowace CA daga . Don yin wannan, a cikin hanyar bincike kuna buƙatar nemo CA ta suna, je zuwa shafi tare da takaddun shaida kuma zazzage komai halin yanzu takaddun shaida - wato, waɗanda suke da 'Mai inganci' kwanan wata na biyu bai riga ya iso ba. Zazzage daga mahaɗin da ke cikin filin 'Farin yatsa'.
Screenshots
Yin amfani da misalin CA Corus-Consulting: kuna buƙatar zazzage takaddun shaida 4 daga :
Muna shigar da takaddun takaddun CA da aka sauke ta amfani da umarni daga tashar tashar:
sudo /opt/cprocsp/bin/certmgr -inst -store mroot -f ~/Downloads/B9F1D3F78971D48C34AA73786CDCD138477FEE3F.cersudo /opt/cprocsp/bin/certmgr -inst -store mroot -f ~/Downloads/A0D19D700E2A5F1CAFCE82D3EFE49A0D882559DF.cersudo /opt/cprocsp/bin/certmgr -inst -store mroot -f ~/Downloads/55EC48193B6716D38E80BD9D1D2D827BC8A07DE3.cersudo /opt/cprocsp/bin/certmgr -inst -store mroot -f ~/Downloads/15EB064ABCB96C5AFCE22B9FEA52A1964637D101.cerku bayan ~/Zazzagewa/ An jera sunayen fayilolin da aka sauke; za su bambanta ga kowane CA.
Kowane umarni yakamata ya dawo:
Shigarwa:
...
[Kuskure Code: 0x00000000]
3.4. Shigar da takaddun shaida tare da Rutoken
Umurni a cikin tashar:
/opt/cprocsp/bin/csptestf -absorb -certsYa kamata umarnin ya dawo:
KO.
[Kuskure Code: 0x00000000]
4. Shigar da mai bincike na musamman Chromium-GOST
Don yin aiki tare da tashoshin gwamnati, kuna buƙatar ginawa na musamman na mai binciken Chromium - Chromium-GOST. Lambar tushen aikin a buɗe take, hanyar haɗi zuwa ana bayarwa . Daga gwaninta, sauran masu bincike CryptoFox и Yandex browser Ba su dace da aiki tare da tashoshin gwamnati a ƙarƙashin macOS ba. Yana da kyau a yi la'akari da cewa a wasu gine-gine na Chromium-GOST, asusun sirri na nalog.ru na iya daskare ko kuma gungurawa na iya daina aiki gaba ɗaya, don haka ana ba da tsohuwar tabbatarwa. Farashin 71.0.3578.98 - .
Zazzagewa kuma cire kayan tarihin, shigar da mai binciken ta yin kwafi ko ja&a jefar da shi cikin kundin aikace-aikacen. Bayan shigarwa, tilasta rufe Chromium kuma kar a buɗe shi tukuna, aiki daga Safari.
killall Chromium-Gost5. Shigar da kari na browser
5.1 CryptoPro EDS Browser
.О zazzagewa kuma shigar akan gidan yanar gizon CryptoPro CryptoPro EDS Browser sigar 2.0 don masu amfani - .
5.2. Plugin don Ayyukan Jama'a
.О zazzage kuma shigar akan tashar Sabis na Jiha Plugin don aiki tare da tashar sabis na gwamnati (sigar macOS) - .
5.3. Ƙirƙirar plugin don Sabis na Jiha
Zazzage madaidaicin fayil ɗin sanyi don tsawaita Sabis na Jiha daga gidan yanar gizon CryptoPro - .
Yi umarni a cikin tashar:
sudo rm /Library/Internet Plug-Ins/IFCPlugin.plugin/Contents/ifc.cfgsudo cp ~/Downloads/ifc.cfg /Library/Internet Plug-Ins/IFCPlugin.plugin/Contents
sudo cp /Library/Google/Chrome/NativeMessagingHosts/ru.rtlabs.ifcplugin.json /Library/Application Support/Chromium/NativeMessagingHosts5.4. Kunna kari
Kaddamar da Chromium-Gost browser kuma rubuta a cikin adireshin adireshin:
chrome://extensions/Muna ba da damar haɓakawa da aka shigar duka biyu:
- Ƙarin CryptoPro don CAdES Browser Plug-in
- Extension don plugin ɗin Sabis na Jiha
Screenshot
5.5. Ƙaddamar da haɓaka plugin na CryptoPro EDS Browser
A cikin mashin adireshin Chromium-Gost muna rubuta:
/etc/opt/cprocsp/trusted_sites.htmlA kan shafin da ya bayyana, ƙara waɗannan rukunin yanar gizon zuwa jerin amintattun shafuka ɗaya bayan ɗaya:
https://*.cryptopro.ru
https://*.nalog.ru
https://*.gosuslugi.ruDanna "Ajiye". Ya kamata koren digo ya bayyana:
An yi nasarar adana jerin amintattun nodes.
Screenshot
6. Duba cewa komai yana aiki
6.1. Jeka shafin gwajin CryptoPro
A cikin mashin adireshin Chromium-Gost muna rubuta:
https://www.cryptopro.ru/sites/default/files/products/cades/demopage/cades_bes_sample.htmlYa kamata a nuna "An ɗora Kwamfuta" kuma takardar shaidar ku ta kasance a cikin jerin da ke ƙasa.
Zaɓi takardar shaidar daga lissafin kuma danna "Sign". Za a tambaye ku PIN ɗin satifiket ɗin. A sakamakon haka, ya kamata a nuna
An samar da sa hannu cikin nasara
Screenshot
6.2. Je zuwa Keɓaɓɓen Asusun ku akan nalog.ru
Wataƙila ba za ku iya samun damar hanyoyin haɗi daga rukunin yanar gizon nalog.ru ba, saboda... cak ba zai wuce ba. Kuna buƙatar shiga ta hanyoyin haɗin kai kai tsaye:
- Hisãbina IP:
- Hisãbina ЮЛ:
Screenshot
6.3. Jeka Ayyukan Jiha
Lokacin shiga, zaɓi "Shiga ta amfani da sa hannun lantarki." A cikin jerin “Zaɓi takardar shaidar tabbatar da sa hannu ta lantarki” da ke bayyana, duk takaddun shaida, gami da tushen da CA, za a nuna su; kuna buƙatar zaɓar naku daga alamar USB kuma shigar da PIN.
Screenshot
7. Me zai yi idan ya daina aiki
-
Muna sake haɗa alamar usb kuma duba cewa yana gani ta amfani da umarni a cikin tashar:
sudo /opt/cprocsp/bin/csptest -card -enum -v -
Muna share cache na burauzar har abada, wanda muke rubutawa a mashigin Chromium-Gost:
chrome://settings/clearBrowserData -
Sake shigar da takardar shaidar CEP ta amfani da umarni a cikin tashar:
/opt/cprocsp/bin/csptestf -absorb -certs
Canza lambar PIN ɗin akwati
Lambar PIN ta al'ada don Rutoken ta tsohuwa 12345678, kuma babu yadda za a yi a bar shi haka. Abubuwan buƙatu don lambar PIN na Rutoken: haruffa 16 max., na iya ƙunsar haruffa da lambobi daga Latin.
1. Nemo sunan kwandon KEP
Ana iya samun takaddun shaida da yawa da aka adana akan alamar USB da sauran ma'ajiyar, kuma kuna buƙatar zaɓar wacce ta dace. Tare da shigar da alamar usb, muna samun jerin duk kwantena a cikin tsarin tare da umarni a cikin tashar:
/opt/cprocsp/bin/csptest -keyset -enum_cont -fqcn -verifycontextDole ne umarnin ya janye aƙalla ganga 1 kuma ya dawo
[Kuskure Code: 0x00000000]
Kwandon da muke bukata yayi kama
.Aktiv Rutoken liteXXXXXXX
Idan an nuna irin waɗannan kwantena da yawa, yana nufin cewa akwai takaddun shaida da yawa da aka rubuta akan alamar, kuma kun san wanda kuke buƙata. Ma'ana XXXXXX bayan slash kuna buƙatar kwafi da liƙa cikin umarnin da ke ƙasa.
2. Canja PIN ta amfani da umarni daga tashar
/opt/cprocsp/bin/csptest -passwd -qchange -container "XXXXXXXX"inda XXXXXX - sunan kwandon da aka samu a mataki na 1 (dole a cikin ƙididdiga).
Za a bayyana maganganu na CryptoPro yana neman tsohon lambar PIN don samun damar takardar shaidar, sannan wani magana don shigar da sabon lambar PIN. Shirya
Screenshot
Shigar da fayiloli akan macOS
A kan macOS, ana iya shigar da fayiloli a cikin software (farashin lasisi 2500 = rub.), Ko umarni mai sauƙi ta hanyar tashar - kyauta.
1. Nemo hash na takardar shaidar CEP
Ana iya samun takaddun shaida da yawa akan alamar alama da wasu shaguna. Muna buƙatar bayyana a fili wanda za mu sa hannu da takardu da shi daga yanzu. Anyi sau ɗaya.
Dole ne a saka alamar. Muna samun jerin takaddun shaida a cikin ma'ajin tare da umarni daga tashar:
/opt/cprocsp/bin/certmgr -listDole ne umarnin ya fitar da aƙalla takardar shaidar 1 na fom:
Certmgr 1.1 © "Crypto-Pro", 2007-2018.
shirin don sarrafa takaddun shaida, CRLs da kantuna
= = = = = = = = = = = = = = = = = = =
1---
Mai bayarwa: [email kariya],... CN=LLC KORUS Consulting CIS...
subject: [email kariya],... CN=Zakharov Sergey Anatolyevich...
Serial: 0x0000000000000000000000000000000000
SHA1 Hash: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
...
Kwantena: SCARDrutoken_lt_00000000 000 000
...
= = = = = = = = = = = = = = = = = = =
[Kuskure Code: 0x00000000]
Takaddun shaida da muke buƙata a cikin ma'aunin Kwantena dole ne ya kasance yana da ƙima kamar SCARDrutoken…. Idan akwai takaddun shaida da yawa tare da irin waɗannan ƙimar, to akwai takaddun shaida da yawa da aka rubuta akan alamar, kuma kun san wacce kuke buƙata. ƙimar siga Farashin SHA1 (haruffa 40) dole ne a kwafi kuma a liƙa cikin umarnin da ke ƙasa.
2. Shiga fayil tare da umarni daga tashar tashar
A cikin tashar tashar, je zuwa kundin adireshi tare da fayil don sanya hannu da aiwatar da umarni:
/opt/cprocsp/bin/cryptcp -signf -detach -cert -der -strict -thumbprint ХХХХХХХХХХХХХХХХХХХХХХХХХХХХХХХХХХХХХХХХ FILEinda XXXX… – takardar shaidar hash samu a mataki 1, kuma FILI - sunan fayil don sanya hannu (tare da duk kari, amma ba tare da hanya ba).
Ya kamata umarnin ya dawo:
An ƙirƙiri sa hannun sa hannu.
[Kuskure Code: 0x00000000]
Za a ƙirƙiri fayil ɗin sa hannu na lantarki tare da tsawo * .sgn - wannan sa hannu ne da aka keɓe a cikin tsarin CMS tare da ɓoye DER.
3. Shigar da Rubutun atomatik na Apple
Don guje wa yin aiki tare da tashar tashar kowane lokaci, zaku iya shigar da Rubutun atomatik sau ɗaya, wanda zaku iya sanya hannu akan takardu daga menu na mahallin mai nema. Don yin wannan, zazzage tarihin - .
- Ana kwance kayan tarihin 'Sa hannu tare da CryptoPro.zip'
- Kaddamarwa Mai sarrafawa
- Nemo kuma buɗe fayil ɗin da ba a tattara ba 'Sa hannu tare da CryptoPro.workflow'
- A cikin toshe Run Rubutun Shell canza rubutu XXXXXXXXXXXXXXXXXXXXXXXX zuwa ƙimar siga Farashin SHA1 Takaddun shaida na CEP da aka samu a sama.
- Ajiye rubutun: ⌘Command + S
- Gudanar da fayil ɗin 'Sa hannu tare da CryptoPro.workflow' kuma tabbatar da shigarwa.
- Mu je System Zaɓuɓɓuka -> kari -> Mai nema kuma duba wancan Shiga tare da CryptoPro m mataki lura.
- A cikin Nemo, kira menu na mahallin kowane fayil, kuma a cikin sashe Ayyuka da sauri da / ko sabis zaɓi abu Shiga tare da CryptoPro
- A cikin maganganun CryptoPro da ya bayyana, shigar da lambar PIN mai amfani daga CEP
- Fayil mai tsawo * .sgn zai bayyana a cikin kundin adireshi na yanzu - sa hannun da aka ware a tsarin CMS tare da DER codeing.
Screenshots
Apple Automator taga:
Zaɓuɓɓukan Tsari:
Menu na mahallin nemo:
Duba sa hannun kan takardar
Idan abubuwan da ke cikin takardar ba su ƙunshi sirri da sirri ba, to hanya mafi sauƙi ita ce amfani da sabis na yanar gizo akan tashar Sabis na Jiha - . Ta wannan hanyar zaku iya ɗaukar hoton allo daga ingantaccen albarkatu kuma ku tabbata cewa komai yayi daidai tare da sa hannu.
Screenshots
source: www.habr.com