ProHoster > Блог > Whakahaerenga > He wheako ki te whakamahi hangarau Rutoken mo te rehita me te whakamana i nga kaiwhakamahi ki te punaha (waahanga 2)

He wheako ki te whakamahi hangarau Rutoken mo te rehita me te whakamana i nga kaiwhakamahi ki te punaha (waahanga 2)

Kia pai te ahiahi Me haere tonu tenei kaupapaKo te waahanga o mua ka kitea i te hono).

I tenei ra ka neke atu ki te waahanga mahi. Me timata ma te whakarite i to taatau CA i runga i te puna tuwhera puna tuwhera puna tuwhera openSSL. Kua whakamatauria tenei algorithm ma te whakamahi windows 7.

I te whakaurunga o te openSSL, ka taea e taatau te whakahaere i nga momo mahi cryptographic (penei i te hanga ki nga ki me nga tiwhikete) ma te raina whakahau.

Ko te algorithm o nga mahi e whai ake nei:

  1. Tikiake i te tohatoha whakaurunga openssl-1.1.1g.
    He rereke nga putanga o openSSL. Ko nga tuhinga mo Rutoken i kii ko te putanga OpenSSL 1.1.0 me te mea hou ake ranei e hiahiatia ana. I whakamahia e ahau te putanga openssl-1.1.1g. Ka taea e koe te tango i te openSSL mai i te paetukutuku mana, engari mo te whakaurunga ngawari ake, me rapu koe i te konae whakaurunga mo nga matapihi i runga i te kupenga. I mahia e ahau tenei mo koe: slproweb.com/products/Win32OpenSSL.html
    Panuku ki raro te wharangi ka tango Win64 OpenSSL v1.1.1g EXE 63MB Kaihanga.
  2. Tāuta openssl-1.1.1g i runga i te rorohiko.
    Me whakahaere te whakaurunga kia rite ki te ara paerewa, e tohuhia ana i roto i te C: kōpaki Kōnae Papatono. Ka whakauruhia te papatono ki te kōpaki OpenSSL-Win64.
  3. Hei whakarite i te openSSL kia rite ki taau e hiahia ana, kei reira te konae openssl.cfg. Ko tenei konae kei roto i te C:\Program Files\OpenSSL-Win64bin ara mena ka whakauruhia e koe te openSSL pera i te korero i te waahanga o mua. Haere ki te kōpaki kei te penapena openssl.cfg ka whakatuwhera i tenei konae ma te whakamahi, hei tauira, Notepad++.
  4. I pohehe pea koe ka whirihorahia te mana tiwhikete ma te whakarereke i nga ihirangi o te konae openssl.cfg, a he tino tika koe. Me whakarite te whakahau [ ca ] tenei. I roto i te konae openssl.cfg, ka kitea te timatanga o te tuhinga e huri ai tatou hei: [ ca ].
  5. Inaianei ka hoatu e ahau he tauira o te whakatakotoranga me tona whakaahuatanga: 
    [ ca ]
default_ca	= CA_default		

 [ CA_default ]
dir		= /Users/username/bin/openSSLca/demoCA		 
certs		= $dir/certs		
crl_dir		= $dir/crl		
database	= $dir/index.txt	
new_certs_dir	= $dir/newcerts	
certificate	= $dir/ca.crt 	
serial		= $dir/private/serial 		
crlnumber	= $dir/crlnumber	
					
crl		= $dir/crl.pem 		
private_key	= $dir/private/ca.key
x509_extensions	= usr_cert

    Inaianei me hanga e matou te riipene demoCA me nga raarangi iti e whakaatuhia ana i te tauira i runga ake nei. A tuu i roto i tenei raarangi i te huarahi kua tohua ki te dir (Kei a au / Kaiwhakamahi / ingoa kaiwhakamahi / bin / openSSLca / demoCA).

    He mea nui kia tika te tuhi i te dir - koinei te huarahi ki te raarangi ka tu to tatou pokapū tohu. Me noho tenei whaiaronga ki / Kaiwhakamahi (ara, ki te kaute a etahi kaiwhakamahi). Mena ka waiho e koe tenei whaiaronga, hei tauira, i roto i te C: Program Files, kaore te punaha e kite i te konae me nga tautuhinga openssl.cfg (i te iti rawa he penei ki ahau).

    $dir - ko te ara kua tohua ki te dir ka whakakapihia ki konei.

    Ko tetahi atu mea nui ko te hanga i tetahi konae index.txt kau, me te kore tenei konae ka kore e mahi nga whakahau "openSSL ca ...".

    Me whai ano koe i tetahi konae rangatū, he kī tūmataiti pakiaka (ca.key), he tiwhikete pakiaka (ca.crt). Ko te tukanga mo te whiwhi i enei konae ka korerohia i raro nei.

  6. Ka honoa e matou nga huringa whakamunatanga e whakaratohia ana e Rutoken.
    Ka puta tenei hononga ki te konae openssl.cfg.

    • Tuatahi, me tango e koe nga algorithms Rutoken e tika ana. Koinei nga kōnae rtengine.dll, rtpkcs11ecp.dll.
      Hei mahi i tenei, tango i te Rutoken SDK: www.rutoken.ru/developers/sdk.

      Ko te Rutoken SDK he mea katoa mo nga kaihanga e hiahia ana ki te whakamatau i a Rutoken. He tauira motuhake e rua mo te mahi tahi me Rutoken i roto i nga reo hotaka rereke, ka whakaatuhia etahi whare pukapuka. Ko o maatau whare pukapuka rtengine.dll me rtpkcs11ecp.dll kei roto i te Rutoken sdk, kei te waahi:

      sdk/openssl/rtengine/bin/windows-x86_64/lib/rtengine.dll
      sdk/pkcs11/lib/windows-x86_64/rtpkcs11ecp.dll

      He kaupapa tino nui. Ko nga whare pukapuka rtengine.dll, rtpkcs11ecp.dll e kore e mahi me te kore te atekōkiri whakauru mo Rutoken. Me hono ano a Rutoken ki te rorohiko. (mo te whakauru i nga mea katoa e hiahia ana koe mo Rutoken, tirohia te waahanga o mua o te tuhinga habr.com/en/post/506450)

    • Ka taea te pupuri i nga whare pukapuka rtengine.dll me rtpkcs11ecp.dll ki hea i roto i te kaute kaiwhakamahi.
    • Ka tuhia e matou nga huarahi ki enei whare pukapuka ki openssl.cfg. Hei mahi i tenei, whakatuwheratia te konae openssl.cfg, tuhia te raina ki te timatanga o tenei konae: 
      openssl_conf = openssl_def

      I te mutunga o te konae me taapiri koe:

      [ openssl_def ]
engines = engine_section
[ engine_section ]
rtengine = gost_section
[ gost_section ]
dynamic_path = /Users/username/bin/sdk-rutoken/openssl/rtengine/bin/windows-x86_64/lib/rtengine.dll
MODULE_PATH = /Users/username/bin/sdk-rutoken/pkcs11/lib/windows-x86_64/rtpkcs11ecp.dll
RAND_TOKEN = pkcs11:manufacturer=Aktiv%20Co.;model=Rutoken%20ECP
default_algorithms = CIPHERS, DIGEST, PKEY, RAND

      dynamic_path - me tohu e koe to ara ki te whare pukapuka rtengine.dll.
      MODULE_PATH - me tuhi koe i to ara ki te whare pukapuka rtpkcs11ecp.dll.

  7. Te taapiri i nga taurangi taiao.

    Me tino taapiri he taurangi taiao e tohu ana i te ara ki te konae whirihoranga openssl.cfg. I taku keehi, i hangaia te taurangi OPENSSL_CONF me te ara C:Program FilesOpenSSL-Win64binopenssl.cfg.

    I roto i te taurangi ara, me tohu e koe te ara ki te kōpaki kei reira openssl.exe, i roto i taku take ko: C: Program FilesOpenSSL-Win64bin.

  8. Ka taea e koe te hoki ki te taahiraa 5 me te hanga i nga konae ngaro mo te raarangi demoCA.
    1. Ko te kōnae nui tuatahi me te kore e mahi he rangatū. He konae tenei kaore he toronga, me 01 te uara. Ka taea e koe te hanga i tenei konae me te tuhi i te 01 ki roto. Ka taea hoki e koe te tango mai i te Rutoken SDK i te taha o te ara sdk/openssl/rtengine/samples/tool/demoCA /.
      Kei roto i te whaiaronga demoCA te konae rangatū, koinei te mea e hiahiatia ana e matou.
    2. Waihangahia he kī tūmataiti pakiaka.
      Hei mahi i tenei, ka whakamahia e matou te whakahau whare pukapuka openSSL, me whakahaere tika i runga i te raina whakahau:

      openssl genpkey -algorithm gost2012_256 -pkeyopt paramset:A -out ca.key

    3. Ka hangaia e matou he tiwhikete pakiaka.
      Hei mahi i tenei, whakamahia te whakahau puna openSSL e whai ake nei:

      openssl req -utf8 -x509 -key ca.key -out ca.crt

      Kia mahara ko te matua matua matua, i hangaia i te taahiraa o mua, e hiahiatia ana hei whakaputa i te tiwhikete pakiaka. Na reira, me whakarewahia te rarangi whakahau ki te raarangi kotahi.

    Kei nga mea katoa inaianei nga konae ngaro katoa mo te whirihoranga katoa o te raarangi demoCA. Tuhia nga konae i hangaia ki nga raarangi kua tohua ki te tohu 5.

Ka whakaaro matou i muri i te whakaoti i nga tohu 8 katoa, kua tino whirihorahia to maatau pokapū tohu.

I te waahanga e whai ake nei, ka whakaahuahia e au me pehea te mahi tahi me te mana tiwhikete kia tutuki ai nga korero i whakaahuahia i roto te wahanga o mua o te tuhinga.

Source: will.com

Tāpiri i te kōrero