Nyob zoo tav su Cia peb txuas ntxiv nrog lub ncauj lus no ().
Niaj hnub no cia peb mus rau qhov ua tau zoo. Cia peb pib los ntawm kev teeb tsa koj daim ntawv pov thawj txoj cai raws li lub tsev qiv ntawv cryptographic openSSL tag nrho. Cov algorithm no tau sim siv Windows 7.
Nrog openSSL ntsia, peb tuaj yeem ua ntau yam haujlwm cryptographic (xws li tsim cov yuam sij thiab daim ntawv pov thawj) ntawm kab hais kom ua.
Lub algorithm ntawm kev ua yog raws li nram no:
- Download tau lub installation faib openssl-1.1.1g.
openSSL muaj ntau yam versions. Cov ntaub ntawv rau Rutoken tau hais tias yuav tsum qhib SSL version 1.1.0 lossis tom qab ntawd. Kuv siv openssl-1.1.1g version. Koj tuaj yeem rub tawm openSSL los ntawm lub vev xaib raug cai, tab sis rau kev teeb tsa yooj yim dua koj yuav tsum nrhiav cov ntaub ntawv teeb tsa rau Windows hauv Is Taws Nem. Kuv ua qhov no rau koj:
Koj yuav tsum mus rau hauv qab ntawm nplooj ntawv thiab download Win64 OpenSSL v1.1.1g EXE 63MB Installer. - Nruab openssl-1.1.1g ntawm koj lub computer.
Lub installation yuav tsum tau nqa tawm siv tus txheej txheem txoj kev, uas yog cia li teev nyob rau hauv lub C: Program Files folder. Qhov kev pab cuam yuav raug ntsia rau hauv OpenSSL-Win64 nplaub tshev. - Txhawm rau teeb tsa openSSL raws li koj xav tau, muaj cov ntaub ntawv openssl.cfg. Cov ntaub ntawv no nyob rau hauv txoj kev C:Program FilesOpenSSL-Win64bin yog tias koj tau nruab openSSL raws li tau piav qhia hauv kab lus dhau los. Mus rau lub nplaub tshev uas openssl.cfg khaws cia thiab qhib cov ntaub ntawv no siv, piv txwv li, Notepad ++.
- Tej zaum koj yuav twv tau tias qhov kev teeb tsa ntawm lub chaw pov thawj yuav ua tiav los ntawm kev hloov pauv cov ntsiab lus ntawm cov ntaub ntawv openssl.cfg, thiab koj yog lawm. Txhawm rau ua qhov no, koj yuav tsum teeb tsa [ca] hais kom ua. Hauv cov ntaub ntawv openssl.cfg, qhov pib ntawm cov ntawv nyeem uas peb yuav hloov pauv tuaj yeem pom raws li: [ca].
- Tam sim no kuv yuav muab ib qho piv txwv ntawm kev teeb tsa nrog nws cov lus piav qhia:
[ ca ] default_ca = CA_default [ CA_default ] dir = /Users/username/bin/openSSLca/demoCA certs = $dir/certs crl_dir = $dir/crl database = $dir/index.txt new_certs_dir = $dir/newcerts certificate = $dir/ca.crt serial = $dir/private/serial crlnumber = $dir/crlnumber crl = $dir/crl.pem private_key = $dir/private/ca.key x509_extensions = usr_certTam sim no koj yuav tsum tsim cov demoCA directory thiab subdirectories, raws li qhia hauv qhov piv txwv saum toj no. Thiab muab tso rau hauv phau ntawv qhia no raws txoj hauv kev teev tseg hauv dir (Kuv muaj /Users/username/bin/openSSLca/demoCA).
Nws yog ib qho tseem ceeb heev uas yuav tsum nkag mus rau dir kom raug - qhov no yog txoj hauv kev mus rau cov npe uas peb cov ntawv pov thawj yuav nyob. Daim ntawv teev npe no yuav tsum nyob hauv / Cov Neeg Siv (uas yog, hauv tus neeg siv nyiaj). Yog tias koj tso cov ntawv teev npe no, piv txwv li, hauv C: Cov Ntaub Ntawv Cov Ntaub Ntawv, lub kaw lus yuav tsis pom cov ntaub ntawv qhib openssl.cfg (tsawg kawg yog qhov nws zoo li cas rau kuv).
$dir - txoj kev teev tseg hauv dir yog hloov ntawm no.
Lwm qhov tseem ceeb yog los tsim cov ntaub ntawv khoob index.txt; tsis muaj cov ntaub ntawv no, cov lus txib "openSSL ca ..." yuav tsis ua haujlwm.
Koj kuj yuav tsum muaj cov ntaub ntawv serial, lub hauv paus ntiag tug tseem ceeb (ca.key), thiab daim ntawv pov thawj hauv paus (ca.crt). Cov txheej txheem tau txais cov ntaub ntawv no yuav piav qhia hauv qab no.
- Peb pab kom encryption algorithms muab los ntawm Rutoken.
Qhov kev sib txuas no tshwm sim hauv cov ntaub ntawv openssl.cfg.- Ua ntej tshaj plaws, koj yuav tsum rub tawm qhov tsim nyog Rutoken algorithms. Cov no yog cov ntaub ntawv rtengine.dll, rtpkcs11ecp.dll.
Txhawm rau ua qhov no, rub tawm Rutoken SDK: .Rutoken SDK yog txhua yam muaj rau cov neeg tsim khoom uas xav sim Rutoken. Muaj cov piv txwv ntawm tus kheej rau kev ua haujlwm nrog Rutoken hauv cov lus programming sib txawv, thiab qee lub tsev qiv ntawv tau nthuav tawm. Peb cov tsev qiv ntawv rtengine.dll thiab rtpkcs11ecp.dll nyob hauv Rutoken sdk, raws li qhov chaw:
sdk/openssl/rtengine/bin/windows-x86_64/lib/rtengine.dll
sdk/pkcs11/lib/windows-x86_64/rtpkcs11ecp.dllIb qho tseem ceeb heev. Cov tsev qiv ntawv rtengine.dll, rtpkcs11ecp.dll tsis ua haujlwm yam tsis muaj tus tsav tsheb ntsia rau Rutoken. Tsis tas li ntawd, Rutoken yuav tsum txuas nrog lub computer. (rau kev teeb tsa txhua yam tsim nyog rau Rutoken, saib ntu dhau los ntawm tsab xov xwm )
- Cov tsev qiv ntawv rtengine.dll thiab rtpkcs11ecp.dll tuaj yeem khaws cia nyob qhov twg hauv tus neeg siv nyiaj.
- Peb tso npe rau txoj hauv kev rau cov tsev qiv ntawv no hauv openssl.cfg. Txhawm rau ua qhov no, qhib cov ntaub ntawv openssl.cfg, thaum pib ntawm cov ntaub ntawv no koj yuav tsum tso kab:
openssl_conf = openssl_defThaum kawg ntawm cov ntaub ntawv koj yuav tsum tau ntxiv:
[ openssl_def ] engines = engine_section [ engine_section ] rtengine = gost_section [ gost_section ] dynamic_path = /Users/username/bin/sdk-rutoken/openssl/rtengine/bin/windows-x86_64/lib/rtengine.dll MODULE_PATH = /Users/username/bin/sdk-rutoken/pkcs11/lib/windows-x86_64/rtpkcs11ecp.dll RAND_TOKEN = pkcs11:manufacturer=Aktiv%20Co.;model=Rutoken%20ECP default_algorithms = CIPHERS, DIGEST, PKEY, RANDdynamic_path - koj yuav tsum qhia koj txoj hauv kev mus rau lub tsev qiv ntawv rtengine.dll.
MODULE_PATH - koj yuav tsum qhia koj txoj hauv kev mus rau lub tsev qiv ntawv rtpkcs11ecp.dll.
- Ua ntej tshaj plaws, koj yuav tsum rub tawm qhov tsim nyog Rutoken algorithms. Cov no yog cov ntaub ntawv rtengine.dll, rtpkcs11ecp.dll.
- Ntxiv ib puag ncig variables.
Koj yuav tsum ntxiv ib qho kev hloov pauv ib puag ncig uas qhia txog txoj hauv kev mus rau openssl.cfg configuration file. Hauv kuv qhov xwm txheej, OPENSSL_CONF hloov pauv tau tsim nrog txoj hauv kev C:Program FilesOpenSSL-Win64binopenssl.cfg.
Txoj kev sib txawv yuav tsum muaj txoj hauv kev mus rau lub nplaub tshev qhov twg openssl.exe nyob, hauv kuv rooj plaub nws yog: C: Program FilesOpenSSL-Win64bin.
- Tam sim no koj tuaj yeem rov qab mus rau qib 5 thiab tsim cov ntaub ntawv uas ploj lawm rau demoCA directory.
- Thawj cov ntaub ntawv tseem ceeb uas tsis muaj dab tsi yuav ua haujlwm yog serial. Qhov no yog cov ntaub ntawv tsis muaj kev txuas ntxiv, tus nqi uas yuav tsum yog 01. Koj tuaj yeem tsim cov ntaub ntawv no koj tus kheej thiab sau 01 sab hauv. Koj tuaj yeem rub tawm los ntawm Rutoken SDK raws txoj kev sdk/openssl/rtengine/samples/tool/demoCA /.
Hauv daim ntawv teev npe demoCA muaj cov ntaub ntawv serial, uas yog qhov peb xav tau. - Tsim tus yuam sij hauv paus.
Txhawm rau ua qhov no, peb yuav siv lub tsev qiv ntawv openSSL hais kom ua, uas yuav tsum tau khiav ncaj qha ntawm kab hais kom ua:openssl genpkey -algorithm gost2012_256 -pkeyopt paramset:A -out ca.key - Tsim ib daim ntawv pov thawj hauv paus.
Txhawm rau ua qhov no, peb yuav siv cov lus txib hauv qab no los ntawm lub tsev qiv ntawv openSSL:openssl req -utf8 -x509 -key ca.key -out ca.crtThov nco ntsoov tias txhawm rau tsim daim ntawv pov thawj hauv paus, koj xav tau lub hauv paus ntiag tug tus yuam sij, uas tau tsim nyob rau hauv cov kauj ruam dhau los. Yog li ntawd, cov kab hais kom ua yuav tsum tau muab tso rau hauv tib lub npe.
Tag nrho cov ntaub ntawv uas ploj lawm rau kev teeb tsa tiav ntawm demoCA directory yog tam sim no muaj. Muab cov ntaub ntawv tsim nyob rau hauv cov npe teev tseg hauv kauj ruam 5.
- Thawj cov ntaub ntawv tseem ceeb uas tsis muaj dab tsi yuav ua haujlwm yog serial. Qhov no yog cov ntaub ntawv tsis muaj kev txuas ntxiv, tus nqi uas yuav tsum yog 01. Koj tuaj yeem tsim cov ntaub ntawv no koj tus kheej thiab sau 01 sab hauv. Koj tuaj yeem rub tawm los ntawm Rutoken SDK raws txoj kev sdk/openssl/rtengine/samples/tool/demoCA /.
Peb yuav xav tias tom qab ua tiav tag nrho 8 cov ntsiab lus, peb qhov chaw pov thawj tau teeb tsa tag nrho.
Hauv ntu tom ntej no kuv yuav qhia koj li cas peb yuav ua haujlwm nrog cov ntawv pov thawj txoj cai kom ua tiav qhov tau piav qhia hauv .
Tau qhov twg los: www.hab.com