ProHoster > Pūnaewele > Nā Administration > ʻIke i ka hoʻohana ʻana i ka ʻenehana Rutoken no ka hoʻopaʻa inoa ʻana a me ka ʻae ʻana i nā mea hoʻohana i ka ʻōnaehana (mahele 2)

ʻIke i ka hoʻohana ʻana i ka ʻenehana Rutoken no ka hoʻopaʻa inoa ʻana a me ka ʻae ʻana i nā mea hoʻohana i ka ʻōnaehana (mahele 2)

Aloha awakea, Aloha Auinalā E hoʻomau kākou i kēia kumuhanaHiki ke loaʻa ka ʻāpana mua ma ka loulou).

I kēia lā neʻe mākou i ka ʻāpana hana. E hoʻomaka kākou ma ka hoʻonohonoho ʻana i kā mākou CA ma muli o ka open source cryptographic library openSSL. Ua hoʻāʻo ʻia kēia algorithm me ka hoʻohana ʻana i ka windows 7.

Me ka hoʻokomo ʻana o openSSL, hiki iā mākou ke hana i nā hana cryptographic like ʻole (e like me ka hana ʻana i nā kī a me nā palapala hōʻoia) ma o ka laina kauoha.

ʻO ka algorithm o nā hana penei:

  1. Hoʻoiho i ka hoʻoili hoʻonohonoho openssl-1.1.1g.
    Loaʻa nā mana like ʻole o openSSL. Ua ʻōlelo ka palapala no Rutoken e koi ʻia ka mana openSSL 1.1.0 a i ʻole ka mea hou. Ua hoʻohana au i ka mana openssl-1.1.1g. Hiki iā ʻoe ke hoʻoiho i ka openSSL mai ka pūnaewele official, akā no kahi hoʻonohonoho maʻalahi, pono ʻoe e ʻimi i ka faila hoʻonohonoho no windows ma ka ʻupena. Ua hana au i kēia no ʻoe: slproweb.com/products/Win32OpenSSL.html
    E kaomi i lalo i ka ʻaoʻao a hoʻoiho iā Win64 OpenSSL v1.1.1g EXE 63MB Installer.
  2. E hoʻouka i openssl-1.1.1g ma ke kamepiula.
    Pono e hoʻokō ʻia ka hoʻonohonoho ʻana e like me ke ala maʻamau, i hōʻike ʻia ma ka C: Program Files folder. E hoʻokomo ʻia ka polokalamu ma ka waihona OpenSSL-Win64.
  3. No ka hoʻonohonoho ʻana i ka openSSL ma ke ʻano āu e pono ai, aia ka faila openssl.cfg. Aia kēia faila ma ke ala C:\Program Files\OpenSSL-Win64bin inā hoʻokomo ʻoe i ka openSSL e like me ka wehewehe ʻana ma ka paukū mua. E hele i ka waihona kahi i mālama ʻia ai openssl.cfg a wehe i kēia faila me ka hoʻohana ʻana, no ka laʻana, Notepad++.
  4. Manaʻo paha ʻoe e hoʻonohonoho ʻia ka mana hōʻoia ma o ka hoʻololi ʻana i nā mea o ka faila openssl.cfg, a ua pololei ʻoe. Pono kēia i ka hana maʻamau o ke kauoha [ ca ]. Ma ka waihona openssl.cfg, ʻike ʻia ka hoʻomaka ʻana o ka kikokikona kahi e hoʻololi ai mākou e like me: [ ca ].
  5. I kēia manawa e hāʻawi wau i kahi laʻana o kahi hoʻonohonoho me kāna wehewehe: 
    [ ca ]
default_ca	= CA_default		

 [ CA_default ]
dir		= /Users/username/bin/openSSLca/demoCA		 
certs		= $dir/certs		
crl_dir		= $dir/crl		
database	= $dir/index.txt	
new_certs_dir	= $dir/newcerts	
certificate	= $dir/ca.crt 	
serial		= $dir/private/serial 		
crlnumber	= $dir/crlnumber	
					
crl		= $dir/crl.pem 		
private_key	= $dir/private/ca.key
x509_extensions	= usr_cert

    I kēia manawa pono mākou e hana i ka papa kuhikuhi demoCA a me nā subdirectories e like me ka mea i hōʻike ʻia ma ka laʻana ma luna. A kau i loko o kēia papa kuhikuhi ma ke ala i kuhikuhi ʻia ma dir (Aia wau / Users/username/bin/openSSLca/demoCA).

    He mea nui loa ke kalai pololei ʻana i ka dir - ʻo ia ke ala i ka papa kuhikuhi kahi e loaʻa ai kā mākou kikowaena hōʻoia. Pono e loaʻa kēia papa kuhikuhi ma /Users (ʻo ia hoʻi, ma ka moʻolelo o kekahi mea hoʻohana). Inā ʻoe e kau i kēia papa kuhikuhi, no ka laʻana, ma C: Program Files, ʻaʻole ʻike ka ʻōnaehana i ka faila me nā hoʻonohonoho openssl.cfg (ma ka liʻiliʻi loa ua like ia me aʻu).

    $dir - ua hoʻololi ʻia ke ala i kuhikuhi ʻia ma dir ma aneʻi.

    ʻO kekahi mea nui ʻo ka hana ʻana i kahi faila index.txt ʻole, me ka ʻole o kēia faila ʻaʻole e holo nā kauoha "openSSL ca ...".

    Pono ʻoe e loaʻa i kahi faila serial, kahi kī pilikino kumu (ca.key), kahi palapala kumu (ca.crt). E wehewehe ʻia ka hana o ka loaʻa ʻana o kēia mau faila ma lalo nei.

  6. Hoʻopili mākou i nā algorithm hoʻopunipuni i hāʻawi ʻia e Rutoken.
    Loaʻa kēia pilina ma ka faila openssl.cfg.

    • ʻO ka mea mua, pono ʻoe e hoʻoiho i nā algorithm Rutoken pono. ʻO kēia nā faila rtengine.dll, rtpkcs11ecp.dll.
      No ka hana ʻana i kēia, hoʻoiho i ka Rutoken SDK: www.rutoken.ru/developers/sdk.

      Aia ka Rutoken SDK no nā mea hoʻomohala makemake e hoʻāʻo iā Rutoken. Aia nā hiʻohiʻona ʻelua no ka hana ʻana me Rutoken i nā ʻōlelo hoʻonohonoho like ʻole, a hōʻike ʻia kekahi mau hale waihona puke. Aia kā mākou hale waihona puke rtengine.dll a me rtpkcs11ecp.dll ma ka Rutoken sdk, ma kahi:

      sdk/openssl/rtengine/bin/windows-x86_64/lib/rtengine.dll
      sdk/pkcs11/lib/windows-x86_64/rtpkcs11ecp.dll

      He mea nui loa. ʻAʻole hana nā hale waihona puke rtengine.dll, rtpkcs11ecp.dll me ka ʻole o ka mea hoʻokele i hoʻokomo ʻia no Rutoken. Pono pū ʻo Rutoken e pili i ke kamepiula. (no ka hoʻokomo ʻana i nā mea āpau āu e pono ai no Rutoken, e ʻike i ka ʻāpana mua o ka ʻatikala habr.com/en/post/506450)

    • Hiki ke mālama ʻia nā hale waihona puke rtengine.dll a me rtpkcs11ecp.dll ma nā wahi a pau o ka moʻokāki mea hoʻohana.
    • Kākau mākou i nā ala i kēia mau hale waihona puke ma openssl.cfg. No ka hana ʻana i kēia, wehe i ka faila openssl.cfg, e kau i ka laina ma ka hoʻomaka o kēia faila: 
      openssl_conf = openssl_def

      I ka hope o ka faila pono ʻoe e hoʻohui:

      [ openssl_def ]
engines = engine_section
[ engine_section ]
rtengine = gost_section
[ gost_section ]
dynamic_path = /Users/username/bin/sdk-rutoken/openssl/rtengine/bin/windows-x86_64/lib/rtengine.dll
MODULE_PATH = /Users/username/bin/sdk-rutoken/pkcs11/lib/windows-x86_64/rtpkcs11ecp.dll
RAND_TOKEN = pkcs11:manufacturer=Aktiv%20Co.;model=Rutoken%20ECP
default_algorithms = CIPHERS, DIGEST, PKEY, RAND

      dynamic_path - pono ʻoe e kuhikuhi i kou ala i ka waihona rtengine.dll.
      MODULE_PATH - pono ʻoe e hoʻonohonoho i kou ala i ka waihona rtpkcs11ecp.dll.

  7. Hoʻohui i nā mea hoʻololi kaiapuni.

    E ʻoluʻolu e hoʻohui i kahi hoʻololi kaiapuni e kuhikuhi ana i ke ala i ka faila hoʻonohonoho openssl.cfg. I koʻu hihia, ua hana ʻia ka mea hoʻololi OPENSSL_CONF me ke ala C: Program FilesOpenSSL-Win64binopenssl.cfg.

    Ma ke ala e hoʻololi ai, pono ʻoe e kuhikuhi i ke ala i ka waihona kahi i loaʻa ai openssl.exe, i koʻu hihia ʻo ia: C: Program FilesOpenSSL-Win64bin.

  8. I kēia manawa hiki iā ʻoe ke hoʻi i ka ʻanuʻu 5 a hana i nā faila i nalowale no ka papa kuhikuhi demoCA.
    1. ʻO ka faila koʻikoʻi mua me ka ʻole o kahi mea e hana ʻia he serial. He faila kēia me ka hoʻonui ʻole ʻia, ʻo ka waiwai o ia mea he 01. Hiki iā ʻoe ke hana i kēia faila iā ʻoe iho a kākau i ka 01 i loko. Hiki iā ʻoe ke hoʻoiho iā ia mai ka Rutoken SDK ma ke ala sdk/openssl/rtengine/samples/tool/demoCA /.
      Aia ka papa kuhikuhi demoCA i ka faila serial, ʻo ia ka mea e pono ai mākou.
    2. E hana i kahi kī pilikino kumu.
      No ka hana ʻana i kēia, e hoʻohana mākou i ke kauoha openSSL library, pono e holo pololei ma ka laina kauoha:

      openssl genpkey -algorithm gost2012_256 -pkeyopt paramset:A -out ca.key

    3. Hana mākou i kahi palapala kumu.
      No ka hana ʻana i kēia, e hoʻohana i kēia kauoha openSSL library:

      openssl req -utf8 -x509 -key ca.key -out ca.crt

      E ʻoluʻolu e hoʻomaopopo i ke kī pilikino kumu, i hana ʻia ma ka pae mua, pono e hana i ka palapala kumu. No laila, pono e hoʻokuʻu ʻia ka laina kauoha ma ka papa kuhikuhi like.

    Loaʻa i nā mea āpau i kēia manawa nā faila āpau no ka hoʻonohonoho piha o ka papa kuhikuhi demoCA. E kau i nā faila i hana ʻia ma nā papa kuhikuhi i hōʻike ʻia ma ka helu 5.

E manaʻo mākou ma hope o ka hoʻopau ʻana i nā helu 8 āpau, ua hoʻonohonoho piha ʻia kā mākou kikowaena hōʻoia.

Ma ka ʻāpana aʻe, e wehewehe wau pehea mākou e hana ai me ka mana hōʻoia i mea e hoʻokō ai i ka mea i wehewehe ʻia ka hapa mua o ka ʻatikala.

Source: www.habr.com

Pākuʻi i ka manaʻo hoʻopuka