PKCS#11 (Cryptoki) bụ ọkọlọtọ RSA Laboratories mepụtara maka imekọrịta mmemme na akara cryptographic, kaadị smart na ngwaọrụ ndị ọzọ yiri ya site na iji ngwa mmemme jikọtara ọnụ nke a na-eme site na ụlọ akwụkwọ.
Ụkpụrụ PKCS # 11 maka cryptography nke Rọshịa bụ nke kọmitii nhazi nhazi teknụzụ "Nchekwa Ozi Crypto" ().
Ọ bụrụ na anyị na-ekwu maka tokens na-akwado cryptography nke Russia, mgbe ahụ, anyị nwere ike ikwu maka ihe nrịbama ngwanrọ, ngwanrọ-hardware tokens na ngwaike token.
Ihe nrịbama nzuzo na-enye ma nchekwa nke asambodo na isi ụzọ abụọ (igodo ọha na nke nzuzo) yana arụmọrụ nke ọrụ nzuzo dị ka ọkọlọtọ PKCS#11 siri dị. Njikọ adịghị ike ebe a bụ nchekwa nke igodo nzuzo. Ọ bụrụ na igodo ọha furu efu, ị nwere ike nwetaghachi ya mgbe ọ bụla site na iji igodo nzuzo ma ọ bụ were ya na asambodo ahụ. Ọnwụ / mbibi nke igodo nzuzo nwere nsonaazụ jọgburu onwe ya, dịka ọmụmaatụ, ị gaghị enwe ike iji igodo ọha gị decrypt faịlụ ezoro ezo, ị gaghị enwe ike itinye mbinye aka electronic (ES). Iji wepụta mbinye aka eletrọnịkị, ị ga-achọ iwepụta ụzọ igodo ọhụrụ yana, maka ego ụfọdụ, nweta asambodo ọhụrụ n'aka otu ndị nwe asambodo.
N'elu anyị kwuru gbasara sọftụwia, firmware na ngwaike token. Ma anyị nwere ike ịtụle ụdị ọzọ nke cryptographic token - ígwé ojii.
Taa ị gaghị eju onye ọ bụla anya . Niile draịvụ igwe ojii fọrọ nke nta ka ọ yie nke akara igwe ojii.
Isi ihe ebe a bụ nchekwa nke data echekwara na akara igwe ojii, nke bụ isi igodo nzuzo. Ihe akara igwe ojii nwere ike inye nke a? Anyị na-ekwu - EE!
Yabụ kedu ka akara igwe ojii si arụ ọrụ? Nzọụkwụ mbụ bụ ịdebanye aha onye ahịa n'ime igwe ojii token. Iji mee nke a, a ga-enyerịrị ngwa ga-enye gị ohere ịnweta igwe ojii wee debanye aha nbanye / aha njirimara gị na ya:
Mgbe ị debanyere aha na igwe ojii, onye ọrụ ga-amalite ịmalite akara ngosi ya, ya bụ ịtọ akara akara na, nke kachasị mkpa, tọọ SO-PIN na koodu PIN onye ọrụ. A ga-emerịrị azụmahịa ndị a naanị ọwa echedoro/ezoro ezo. A na-eji ike pk11conf malite akara ngosi. Iji zoo ọwa ahụ, a na-atụ aro ka iji ezoro ezo algọridim Magma-CTR (GOST R 34.13-2015).
Iji mepụta igodo ekwenyero na ndabere nke okporo ụzọ dị n'etiti onye ahịa na ihe nkesa ga-echekwa/zobe ya, a na-atụ aro ka iji usoro TK 26 akwadoro. - .
A na-atụ aro ka iji dị ka paswọọdụ dabere na igodo nkekọrịta ga-ewepụta . Ebe anyị na-ekwu maka cryptography nke Rọshịa, ọ bụ ihe okike ịmepụta okwuntughe otu oge site na iji usoro CKM_GOSTR3411_12_256_HMAC, CKM_GOSTR3411_12_512_HMAC ma ọ bụ CKM_GOSTR3411_HMAC.
Iji usoro a na-achọpụta na ịnweta ihe nrịbama nkeonwe na igwe ojii site na koodu SO na USER PIN dị naanị onye ọrụ tinyegoro ya site na iji akụrụngwa. pk11conf.
Nke ahụ bụ ya, mgbe ịmechara usoro ndị a, akara igwe ojii dị njikere maka ojiji. Iji nweta akara ngosi igwe ojii, naanị ị ga-etinyerịrị ọba akwụkwọ LS11CLOUD na PC gị. Mgbe ị na-eji akara igwe ojii na ngwa dị na nyiwe gam akporo na iOS, a na-enye SDK kwekọrọ. Ọ bụ ọba akwụkwọ a ka a ga-akọwapụta mgbe ị na-ejikọ akara igwe ojii na ihe nchọgharị Redfox ma ọ bụ dee ya na pkcs11.txt faịlụ maka. Ọbá akwụkwọ LS11CLOUD na-ejikwa akara ngosi na igwe ojii na-emekọrịta ihe site na ọwa echekwara dabere na SESPAKE, emebere mgbe ị na-akpọ ọrụ PKCS#11 C_Initialize!
Nke ahụ bụ naanị, ugbu a ị nwere ike ịtụ akwụkwọ, tinye ya na akara igwe ojii gị wee gaa na webụsaịtị ọrụ gọọmentị.
isi: www.habr.com