PKCS#11 (Cryptoki) mizani ne wanda RSA Laboratories ya haɓaka don haɗa shirye-shirye tare da alamun sirri, katunan wayo, da sauran na'urori makamantan ta ta amfani da haɗin haɗin shirye-shirye wanda ake aiwatarwa ta hanyar ɗakunan karatu.
Ma'auni na PKCS#11 don rubutun ra'ayin Rasha yana da goyan bayan kwamitin daidaitawar fasaha "Kariyar Bayanin Cryptographic" ().
Idan muka yi magana game da alamun da ke goyan bayan cryptography na Rasha, to za mu iya magana game da alamun software, alamun software-hardware da alamun hardware.
Alamu na ɓoyewa suna ba da duka ajiyar takaddun takaddun shaida da maɓallai nau'i-nau'i (maɓallai na jama'a da masu zaman kansu) da aiwatar da ayyukan sirri daidai da ma'aunin PKCS#11. Hanya mai rauni a nan ita ce ajiyar maɓalli na sirri. Idan maɓallin jama'a ya ɓace, koyaushe kuna iya dawo da shi ta amfani da maɓalli na sirri ko ɗauka daga takaddun shaida. Asarar/lalacewar maɓalli na sirri yana da mummunan sakamako, misali, ba za ku iya warware fayilolin da aka rufaffen da maɓalli na jama'a ba, kuma ba za ku iya sanya sa hannu na lantarki (ES). Don samar da sa hannun lantarki, kuna buƙatar ƙirƙirar sabon maɓalli biyu kuma, don wasu kuɗi, sami sabon takaddun shaida daga ɗayan hukumomin takaddun shaida.
A sama mun ambaci software, firmware da alamun hardware. Amma za mu iya la'akari da wani nau'i na alamar cryptographic - girgije.
A yau ba za ku ba kowa mamaki ba . Duk Cloud flash drives kusan sun yi kama da na alamar girgije.
Babban abu anan shine tsaro na bayanan da aka adana a cikin alamar girgije, da farko maɓallan masu zaman kansu. Shin alamar girgije za ta iya samar da wannan? Mun ce - YES!
To ta yaya alamar girgije ke aiki? Mataki na farko shine yin rijistar abokin ciniki a cikin alamar girgije. Don yin wannan, dole ne a samar da kayan aiki wanda zai ba ku damar shiga gajimare da yin rajistar shiga/laƙabin ku a ciki:
Bayan yin rajista a cikin gajimare, mai amfani dole ne ya fara alamar sa, wato saita alamar alama kuma, mafi mahimmanci, saita SO-PIN da lambobin PIN mai amfani. Dole ne a gudanar da waɗannan ma'amaloli akan tashoshi mai tsaro/ rufaffen kawai. Ana amfani da kayan aikin pk11conf don fara alamar. Don rufaffen tashar, an ba da shawarar yin amfani da algorithm na ɓoyewa Magma-CTR (GOST R 34.13-2015).
Don haɓaka maɓalli da aka yarda akan abin da zirga-zirga tsakanin abokin ciniki da uwar garken za a kiyaye/rufe su, an ba da shawarar yin amfani da shawarar TK 26 yarjejeniya. - .
An ba da shawarar yin amfani da kalmar sirri ta hanyar da za a samar da maɓallin raba . Tun da muna magana ne game da cryptography na Rasha, abu ne na halitta don samar da kalmomin shiga lokaci ɗaya ta amfani da dabaru CKM_GOSTR3411_12_256_HMAC, CKM_GOSTR3411_12_512_HMAC ko CKM_GOSTR3411_HMAC.
Amfani da wannan tsarin yana tabbatar da cewa samun damar yin amfani da abubuwan alamun sirri a cikin gajimare ta hanyar SO da lambobin PIN na USER yana samuwa ga mai amfani da ya shigar da su ta amfani da mai amfani. pk11 ku.
Shi ke nan, bayan kammala waɗannan matakan, alamar girgije tana shirye don amfani. Don samun damar alamar girgije, kawai kuna buƙatar shigar da ɗakin karatu na LS11CLOUD akan PC ɗin ku. Lokacin amfani da alamar gajimare a aikace-aikace akan dandamali na Android da iOS, ana ba da SDK daidai. Wannan ɗakin karatu ne za a ƙayyade lokacin haɗa alamar girgije a cikin mai binciken Redfox ko rubuta a cikin pkcs11.txt fayil don. Hakanan ɗakin karatu na LS11CLOUD yana hulɗa tare da alamar a cikin gajimare ta hanyar kafaffen tashoshi dangane da SESPAKE, wanda aka ƙirƙira lokacin kiran aikin PKCS#11 C_Initialize!
Wannan ke nan, yanzu za ku iya yin odar takardar shaida, shigar da shi a cikin alamar girgije ku je gidan yanar gizon sabis na gwamnati.
source: www.habr.com