🥇Siginecha yoyenerera yamagetsi ya macOS

Malingana ndi RBC и Wopusa, mu 2019, ziphaso zokwana 4,6 miliyoni za siginecha zoyenerera zamagetsi (CES) zidzaperekedwa ku Russia, kukwaniritsa zofunikira za 63-FZ. Zikuoneka kuti mwa 8 miliyoni olembetsa mabizinesi ndi ma LLC, wabizinesi wachiwiri aliyense amagwiritsa ntchito siginecha yamagetsi. Kuphatikiza pa ma EGAIS CEPs ndi ma CEP okhazikitsidwa pamtambo popereka malipoti operekedwa ndi mabanki ndi ntchito zowerengera ndalama, ma CEP apadziko lonse lapansi pama tokeni otetezedwa ndiosangalatsa kwambiri. Zikalata zotere zimakulolani kuti mulowe ku zipata za boma ndikusaina zikalata zilizonse, kuzipangitsa kukhala zofunika mwalamulo.

Chifukwa cha satifiketi ya CEP pa chizindikiro cha USB, mutha kumaliza mgwirizano ndi mnzanu kapena wogwira ntchito kutali, ndikutumiza zikalata kukhothi; lembani kaundula wa ndalama pa intaneti, konzani ngongole zamisonkho ndikupereka chilengezo mu akaunti yanu pa nalog.ru; Dziwani zangongole ndi kuyendera komwe kukubwera ku State Services.

Buku ili pansipa likuthandizani gwiritsani ntchito CEP pansi pa macOS - popanda kuphunzira mabwalo a CryptoPro ndikuyika makina enieni okhala ndi Windows.

Zamkatimu

Zomwe muyenera kuchita ndi CEP pansi pa macOS:

Kukhazikitsa ndikusintha CEP ya macOS

Kukhazikitsa CryptoPro CSP
Kukhazikitsa madalaivala a Rutoken
Kuyika masatifiketi
3.1. Timachotsa ziphaso zonse zakale za GOST
3.2. Kukhazikitsa ma root certificate
3.3. Tsitsani ziphaso za satifiketi
3.4. Kuyika satifiketi ndi Rutoken
Ikani msakatuli wapadera Chromium-GOST
Kukhazikitsa zowonjezera msakatuli
5.1 CryptoPro EDS Browser plug-in
5.2. Pulagi ya Public Services
5.3. Kukhazikitsa pulogalamu yowonjezera ya State Services
5.4. Kuyambitsa zowonjezera
5.5. Kukhazikitsa pulogalamu yowonjezera ya CryptoPro EDS Browser
Kuwona kuti zonse zikuyenda
6.1. Pitani ku tsamba loyesa la CryptoPro
6.2. Pitani ku Akaunti Yanu pa Nalog.ru
6.3. Pitani ku State Services
Zoyenera kuchita ngati itasiya kugwira ntchito

Kusintha PIN code ya chidebe

Kupeza dzina la chidebe cha KEP
Kusintha PIN ndi lamulo lochokera ku terminal

Kusaina mafayilo pa macOS

Kupeza hashi ya satifiketi ya CEP
Kusaina fayilo ndi lamulo lochokera ku terminal
Kukhazikitsa Apple Automator Script

Chongani siginecha pa chikalata

Zambiri zomwe zili pansipa zimachokera kuzinthu zodziwika bwino (CryptoPro #1 и #2, Rutoken, Corus-Consulting, Ural Federal District wa Unduna wa Telecom ndi Mass Communications), ndipo akulangizidwa kutsitsa mapulogalamu kuchokera kumasamba odalirika. Wolembayo ndi mlangizi wodziimira payekha ndipo sakugwirizana ndi makampani omwe atchulidwa. Potsatira malangizowa, mumakhala ndi udindo pazochitika zilizonse ndi zotsatira zake.

Zomwe muyenera kuchita ndi CEP pansi pa macOS:

CEP pa USB chizindikiro Rutoken Lite kapena Rutoken EDS
chotengera cha crypto mu mtundu wa CryptoPro
ndi zomangidwa chilolezo cha CryptoPro CSP

eToken ndi JaCarta media molumikizana ndi CryptoPro sizimathandizidwa ndi macOS. The Rutoken Lite media ndiyo yabwino kwambiri, imawononga 500..1000= rubles, imagwira ntchito mofulumira ndikukulolani kusunga mpaka makiyi a 15.

Othandizira a Crypto VipNet, Signal-COM ndi LISSY sathandizidwa pa macOS. Palibe njira yosinthira zotengera. CryptoPro ndiye chisankho chabwino kwambiri, mtengo wa satifiketi uyenera kukhala pafupifupi 1300 = rub. kwa amalonda payekha ndi 1600 = rub. za YUL.

Nthawi zambiri, chilolezo chapachaka cha CryptoPro CSP chaphatikizidwa kale mu satifiketi ndipo chimaperekedwa kwaulere ndi ma CA ambiri. Ngati sizili choncho, ndiye kuti muyenera kugula ndi kuyambitsa chilolezo chosatha cha CryptoPro CSP mosamalitsa mtundu 4 wodula 2700=. Mtundu 5 wa CryptoPro CSP wa macOS sukugwira ntchito pano.

Kukhazikitsa ndikusintha CEP ya macOS

Zinthu zoonekeratu

mafayilo onse otsitsidwa amatsitsidwa kumalo osasintha: ~/Downloads/;
Sitisintha chilichonse mu oyika onse, timasiya zonse ngati zosasintha;
Ngati macOS akuwonetsa chenjezo kuti pulogalamu yomwe ikukhazikitsidwayo ikuchokera kwa wopanga osadziwika, muyenera kutsimikizira kukhazikitsidwa kwadongosolo: Zokonda Zadongosolo -> Chitetezo & Zazinsinsi -> Tsegulani Komabe;
ngati macOS ikufunsani mawu achinsinsi ndi chilolezo chowongolera kompyuta, muyenera kulowa mawu achinsinsi ndikuvomereza chilichonse.

1. Ikani CryptoPro CSP

Register patsamba la CryptoPro ndi co tsitsani masamba koperani ndi kukhazikitsa Baibulo CryptoPro CSP 4.0 R4 chifukwa macOS - скачать.

2. Ikani madalaivala a Rutoken

Webusaitiyi imati izi ndizosankha, koma ndi bwino kuziyika. Co tsitsani masamba tsitsani ndikuyika patsamba la Rutoken Keychain thandizo module - скачать.

Kenako, gwirizanitsani chizindikiro cha usb, yambitsani terminal ndikuchita lamulo:

/opt/cprocsp/bin/csptest -card -enum -v

Yankho liyenera kukhala:

Aktiv Rutoken…
Khadi ilipo…
[Khodi Yolakwika: 0x00000000]

3. Ikani ziphaso

3.1. Timachotsa ziphaso zonse zakale za GOST

Ngati mudayesapo kale kukhazikitsa CEP pansi pa macOS, ndiye kuti muyenera kuchotsa ziphaso zonse zomwe zidayikidwapo kale. Malamulo awa mu terminal amangochotsa ziphaso za CryptoPro ndipo sizikhudza ziphaso zokhazikika kuchokera ku Keychain pa macOS.

sudo /opt/cprocsp/bin/certmgr -delete -all -store mroot

sudo /opt/cprocsp/bin/certmgr -delete -all -store uroot

/opt/cprocsp/bin/certmgr -delete -all

Yankho la lamulo lililonse liyenera kukhala:

Palibe satifiketi yofananira ndi zofunikira

kapena

Kuchotsa kwatha

3.2. Kukhazikitsa ma root certificate

Zikalata zoyambira ndizodziwika kwa ma CEP onse operekedwa ndi oyang'anira certification. Koperani kuchokera tsitsani masamba Chigawo cha Ural Federal cha Unduna wa Telecom ndi Mass Communications:

Ikani ndi malamulo mu terminal:

sudo /opt/cprocsp/bin/certmgr -inst -store mroot -f ~/Downloads/4BC6DC14D97010C41A26E058AD851F81C842415A.cer

sudo /opt/cprocsp/bin/certmgr -inst -store mroot -f ~/Downloads/8CAE88BBFD404A7A53630864F9033606E1DC45E2.cer

sudo /opt/cprocsp/bin/certmgr -inst -store mroot -f ~/Downloads/0408435EB90E5C8796A160E69E4BFAC453435D1D.cer

Lamulo lililonse libwerere:

Kuika:
...
[Khodi Yolakwika: 0x00000000]

3.3. Tsitsani ziphaso za satifiketi

Kenako, muyenera kukhazikitsa ziphaso za oyang'anira certification pomwe mudapereka CEP. Nthawi zambiri, satifiketi ya mizu ya CA iliyonse imakhala patsamba lake mugawo lotsitsa.

Kapenanso, satifiketi za CA iliyonse zitha kutsitsidwa kuchokera Tsamba la Ural Federal District la Unduna wa Telecom ndi Mass Communications. Kuti muchite izi, mu fomu yofufuzira muyenera kupeza CA ndi dzina, pitani patsamba ndi satifiketi ndikutsitsa chilichonse akuchita satifiketi - ndiye kuti, omwe ali nawo 'Zovomerezeka' tsiku lachiwiri silinafike. Koperani kuchokera ulalo m'munda 'Zidindo'.

Zithunzi

Pogwiritsa ntchito chitsanzo cha CA Corus-Consulting: muyenera kutsitsa satifiketi 4 kuchokera tsitsani masamba:

Timayika ziphaso za CA zomwe zidatsitsidwa pogwiritsa ntchito malamulo kuchokera ku terminal:

sudo /opt/cprocsp/bin/certmgr -inst -store mroot -f ~/Downloads/B9F1D3F78971D48C34AA73786CDCD138477FEE3F.cer

sudo /opt/cprocsp/bin/certmgr -inst -store mroot -f ~/Downloads/A0D19D700E2A5F1CAFCE82D3EFE49A0D882559DF.cer

sudo /opt/cprocsp/bin/certmgr -inst -store mroot -f ~/Downloads/55EC48193B6716D38E80BD9D1D2D827BC8A07DE3.cer

sudo /opt/cprocsp/bin/certmgr -inst -store mroot -f ~/Downloads/15EB064ABCB96C5AFCE22B9FEA52A1964637D101.cer

pambuyo pake ~/Zotsitsa/ Mayina a mafayilo otsitsidwa alembedwa; adzakhala osiyana pa CA iliyonse.

Lamulo lililonse libwerere:

Kuika:
...
[Khodi Yolakwika: 0x00000000]

3.4. Kuyika satifiketi ndi Rutoken

Lamulo mu terminal:

/opt/cprocsp/bin/csptestf -absorb -certs

Lamulo liyenera kubwerera:

CHABWINO.
[Khodi Yolakwika: 0x00000000]

4. Ikani msakatuli wapadera Chromium-GOST

Kuti mugwire ntchito ndi ma portal aboma, mufunika kumanga kwapadera kwa msakatuli wa Chromium - Chromium-GOST. Khodi yoyambira polojekitiyi ndi yotseguka, ulalo ku posungira pa GitHub amapatsidwa Webusaiti ya CryptoPro. Kuchokera pazidziwitso, asakatuli ena CryptoFox и Yandex msakatuli Sali oyenera kugwira ntchito ndi zipata zaboma pansi pa macOS. Ndikoyenera kulingalira kuti muzomanga zina za Chromium-GOST, akaunti yaumwini pa nalog.ru ikhoza kuzizira kapena kupukusa kungasiya kugwira ntchito palimodzi, kotero kutsimikiziridwa kwachikale kumaperekedwa. kumanga 71.0.3578.98 - скачать.

 Tsitsani ndi kumasula zomwe zasungidwa, ikani msakatuli pokopera kapena kuukoka ndikuchiyika muzolemba za Mapulogalamu. Pambuyo kukhazikitsa, Limbikitsani kutseka Chromium ndipo musatsegule, gwiritsani ntchito Safari.

killall Chromium-Gost

5. Ikani zowonjezera msakatuli

5.1 CryptoPro EDS Browser plug-in

Ndi tsitsani masamba tsitsani ndikuyika patsamba la CryptoPro CryptoPro EDS Browser plug-in version 2.0 ya ogwiritsa ntchito - скачать.

5.2. Pulagi ya Public Services

Ndi tsitsani masamba koperani ndi kukhazikitsa pa State Services portal Pulagi yogwira ntchito ndi portal service portal (mtundu wa macOS) - скачать.

5.3. Kukhazikitsa pulogalamu yowonjezera ya State Services

Tsitsani fayilo yolondola yosinthira pakukulitsa kwa State Services kuchokera patsamba la CryptoPro - скачать.

Pangani malamulo mu terminal:

sudo rm /Library/Internet Plug-Ins/IFCPlugin.plugin/Contents/ifc.cfg

sudo cp ~/Downloads/ifc.cfg /Library/Internet Plug-Ins/IFCPlugin.plugin/Contents

sudo cp /Library/Google/Chrome/NativeMessagingHosts/ru.rtlabs.ifcplugin.json /Library/Application Support/Chromium/NativeMessagingHosts

5.4. Kuyambitsa zowonjezera

Yambitsani msakatuli wa Chromium-Gost ndikulemba pa adilesi:

chrome://extensions/

Timayatsa zowonjezera zonse ziwiri:

CryptoPro Extension ya CAdES Browser Plug-in
Kuwonjezera kwa pulogalamu yowonjezera ya State Services

MALANGI

5.5. Kukhazikitsa pulogalamu yowonjezera ya CryptoPro EDS Browser

Mu adilesi ya Chromium-Gost timalemba:

/etc/opt/cprocsp/trusted_sites.html

Patsamba lomwe likuwoneka, onjezani masamba otsatirawa pamndandanda wamasamba odalirika limodzi ndi limodzi:

https://*.cryptopro.ru
https://*.nalog.ru
https://*.gosuslugi.ru

Dinani "Save". Dothi lobiriwira liyenera kuwoneka:

Mndandanda wa ma node odalirika wasungidwa bwino.

MALANGI

6. Onetsetsani kuti zonse zikuyenda

6.1. Pitani ku tsamba loyesa la CryptoPro

Mu adilesi ya Chromium-Gost timalemba:

https://www.cryptopro.ru/sites/default/files/products/cades/demopage/cades_bes_sample.html

"Pulogalamu yodzaza" iyenera kuwonetsedwa, ndipo satifiketi yanu iyenera kupezeka pamndandanda womwe uli pansipa.
Sankhani satifiketi pamndandanda ndikudina "Lowani". Mudzafunsidwa PIN ya satifiketi. Chifukwa chake, iyenera kuwonetsedwa

Siginecha idapangidwa bwino

MALANGI

6.2. Pitani ku Akaunti Yanu pa Nalog.ru

Simungathe kupeza maulalo kuchokera patsamba la nalog.ru, chifukwa... macheke sadzatha. Muyenera kudutsa maulalo mwachindunji:

ofesi payekha SP: https://lkipgost.nalog.ru/lk
ofesi payekha Bungwe lovomerezeka: https://lkul.nalog.ru

MALANGI

6.3. Pitani ku State Services

Mukalowa, sankhani "Lowani pogwiritsa ntchito siginecha yamagetsi." Pamndandanda wa "Sankhani makiyi otsimikizira siginecha yamagetsi" yomwe ikuwonekera, ziphaso zonse, kuphatikiza mizu ndi CA, ziwonetsedwa; muyenera kusankha yanu kuchokera pa chizindikiro cha USB ndikulowetsa PIN.

MALANGI

7. Zoyenera kuchita ikasiya kugwira ntchito

Timalumikizanso chizindikiro cha usb ndikuwonetsetsa kuti chikuwoneka pogwiritsa ntchito lamulo mu terminal:
```
sudo /opt/cprocsp/bin/csptest -card -enum -v 
```
Timachotsa cache ya msakatuli nthawi zonse, zomwe timalemba mu adilesi ya Chromium-Gost:
```
 chrome://settings/clearBrowserData 
```
Ikaninso satifiketi ya CEP pogwiritsa ntchito lamulo mu terminal:
```
/opt/cprocsp/bin/csptestf -absorb -certs
```

Kusintha PIN code ya chidebe

Nambala ya PIN yokhazikika ya Rutoken mwachisawawa 12345678, ndipo palibe njira yozisiyira chonchi. Zofunikira pa PIN code ya Rutoken: zilembo za 16 max., Zitha kukhala ndi zilembo za Chilatini ndi manambala.

1. Dziwani dzina la chidebe cha KEP

Pakhoza kukhala masatifiketi angapo osungidwa pa chizindikiro cha USB ndi zosungira zina, ndipo muyenera kusankha yoyenera. Ndi chizindikiro cha usb choyikidwa, timapeza mndandanda wazinthu zonse mu dongosolo ndi lamulo mu terminal:

/opt/cprocsp/bin/csptest -keyset -enum_cont -fqcn -verifycontext

Lamulo liyenera kutulutsa chidebe chimodzi ndi kubwerera

[Khodi Yolakwika: 0x00000000]

Chidebe chomwe tikufuna chikuwoneka ngati

.Aktiv Rutoken liteXXXXXXXX

Ngati zotengera zingapo zotere zikuwonetsedwa, zikutanthauza kuti pali ziphaso zingapo zolembedwa pa chizindikirocho, ndipo mukudziwa chomwe mukufuna. Tanthauzo Kutali pambuyo slash muyenera kukopera ndi kumata mu lamulo pansipa.

2. Sinthani PIN pogwiritsa ntchito lamulo lochokera ku terminal

/opt/cprocsp/bin/csptest -passwd -qchange -container "XXXXXXXX"

kumene Kutali - dzina la chidebe chomwe chapezedwa mu gawo 1 (loyenera muzolemba).

Nkhani ya CryptoPro idzawoneka ikufunsa PIN code yakale kuti ipeze satifiketi, kenako kukambirana kwina kuti mulowetse PIN code yatsopano. Okonzeka.

MALANGI

Kusaina mafayilo pa macOS

Pa macOS, mafayilo amatha kusaina mu pulogalamu CryptoArm (chilolezo mtengo 2500 = rub.), Kapena lamulo losavuta kudzera pa terminal - yaulere.

1. Pezani hashi ya satifiketi ya CEP

Pakhoza kukhala masatifiketi angapo pa tokeni ndi m'masitolo ena. Tiyenera kuzindikira bwino lomwe lomwe tidzasaina nalo zikalata kuyambira pano. Zachitika kamodzi.
Chizindikirocho chiyenera kuikidwa. Timapeza mndandanda wa satifiketi m'malo osungirako ndi lamulo lochokera ku terminal:

/opt/cprocsp/bin/certmgr -list

Lamulo liyenera kutulutsa chiphaso cha 1 cha fomu:

Certmgr 1.1 © "Crypto-Pro", 2007-2018.
pulogalamu yoyang'anira ziphaso, ma CRL ndi masitolo
=======================
1---
Wopereka: [imelo ndiotetezedwa],... CN=LLC KORUS Consulting CIS...
phunziro; [imelo ndiotetezedwa],... CN=Zakharov SERGEY Anatolyevich...
Zirizonse: 0x0000000000000000000000000000000000
SHA1 Hash: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
...
Chidebe: SCARDrutoken_lt_00000000 000 000
...
=======================
[Khodi Yolakwika: 0x00000000]

Satifiketi yomwe tikufuna mu Container parameter iyenera kukhala ndi mtengo ngati SCARDrutoken…. Ngati pali ziphaso zingapo zokhala ndi zikhalidwe zotere, ndiye kuti pali ziphaso zingapo zolembedwa pa chizindikirocho, ndipo mukudziwa chomwe mukufuna. Mtengo wa parameter SHA1 Hash (Zilembo za 40) ziyenera kukopera ndikuziyika mu lamulo ili pansipa.

2. Kusaina fayilo ndi lamulo lochokera ku terminal

Mu terminal, pitani ku chikwatu ndi fayilo kuti musayine ndikuchita lamulo:

/opt/cprocsp/bin/cryptcp -signf -detach -cert -der -strict -thumbprint ХХХХХХХХХХХХХХХХХХХХХХХХХХХХХХХХХХХХХХХХ FILE

kumene XXXX… – satifiketi hashi analandira mu sitepe 1, ndi FILE - dzina lafayilo kuti musayine (ndi zowonjezera zonse, koma popanda njira).

Lamulo liyenera kubwerera:

Uthenga wosaina wapangidwa.
[Khodi Yolakwika: 0x00000000]

Fayilo ya siginecha yamagetsi idzapangidwa ndi kuwonjezera *.sgn - ichi ndi siginecha yochotsedwa mumtundu wa CMS wokhala ndi encoding ya DER.

3. Ikani Apple Automator Script

Kuti mupewe kugwira ntchito ndi terminal nthawi iliyonse, mutha kukhazikitsa Automator Script kamodzi, komwe mutha kusaina zikalata kuchokera pamenyu ya Finder. Kuti muchite izi, koperani archive - скачать.

Kutsegula archive 'Lowani ndi CryptoPro.zip'
Yambitsani Choyimira
Pezani ndikutsegula fayilo yosapakidwa 'Lowani ndi CryptoPro.workflow'
M'mbali Kuthamanga Shell Script sinthani malemba XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX ku mtengo wa parameter SHA1 Hash Satifiketi ya CEP yopezeka pamwambapa.
Sungani zolemba: ⌘Command + S
Tsegulani fayilo 'Lowani ndi CryptoPro.workflow' ndi kutsimikizira kukhazikitsa.
Tiyeni tipite ku System Zokonda -> Zowonjezera -> Wopeza ndipo fufuzani izo Lowani ndi CryptoPro zachitika mwachangu.
Mu Finder, imbani mndandanda wazotsatira za fayilo iliyonse, ndi gawolo Zotsatira Mwamsanga ndi / kapena Services sankhani chinthu Lowani ndi CryptoPro
Pankhani ya CryptoPro yomwe ikuwonekera, lowetsani PIN code yochokera ku CEP
Fayilo yokhala ndi chowonjezera *.sgn idzawonekera m'ndandanda wamakono - siginecha yochotsedwa mumtundu wa CMS ndi DER encoding.

Zithunzi

Apple Automator zenera:

Zokonda Padongosolo:

Mndandanda wa mndandanda wa opeza:

Chongani siginecha pa chikalata

Ngati zomwe zili m'chikalatacho mulibe zinsinsi ndi zinsinsi, ndiye kuti njira yosavuta ndiyo kugwiritsa ntchito intaneti pa portal ya State Services - https://www.gosuslugi.ru/pgu/eds. Mwanjira iyi mutha kujambula chithunzi kuchokera kuzinthu zodziwika bwino ndikuwonetsetsa kuti zonse zili bwino ndi siginecha.

Zithunzi

Source: www.habr.com

Siginecha yoyenerera yamagetsi ya macOS

Zomwe muyenera kuchita ndi CEP pansi pa macOS:

Kukhazikitsa ndikusintha CEP ya macOS

1. Ikani CryptoPro CSP

2. Ikani madalaivala a Rutoken

3. Ikani ziphaso

3.1. Timachotsa ziphaso zonse zakale za GOST

3.2. Kukhazikitsa ma root certificate

3.3. Tsitsani ziphaso za satifiketi

3.4. Kuyika satifiketi ndi Rutoken

4. Ikani msakatuli wapadera Chromium-GOST

5. Ikani zowonjezera msakatuli

5.1 CryptoPro EDS Browser plug-in

5.2. Pulagi ya Public Services

5.3. Kukhazikitsa pulogalamu yowonjezera ya State Services

5.4. Kuyambitsa zowonjezera

5.5. Kukhazikitsa pulogalamu yowonjezera ya CryptoPro EDS Browser

6. Onetsetsani kuti zonse zikuyenda

6.1. Pitani ku tsamba loyesa la CryptoPro

6.2. Pitani ku Akaunti Yanu pa Nalog.ru

6.3. Pitani ku State Services

7. Zoyenera kuchita ikasiya kugwira ntchito

Kusintha PIN code ya chidebe

1. Dziwani dzina la chidebe cha KEP

2. Sinthani PIN pogwiritsa ntchito lamulo lochokera ku terminal

Kusaina mafayilo pa macOS

1. Pezani hashi ya satifiketi ya CEP

2. Kusaina fayilo ndi lamulo lochokera ku terminal

3. Ikani Apple Automator Script

Chongani siginecha pa chikalata

Kuwonjezera ndemanga kuletsa reply