PKCS#11 (Cryptoki) ndi mulingo wopangidwa ndi RSA Laboratories wogwiritsa ntchito ma tokeni obisika, makadi anzeru, ndi zida zina zofananira pogwiritsa ntchito pulogalamu yolumikizana yomwe imayendetsedwa kudzera m'malaibulale.
Muyezo wa PKCS#11 wa Russian cryptography umathandizidwa ndi komiti yokhazikika yaukadaulo "Cryptographic Information Protection" ().
Ngati tilankhula za zizindikiro zomwe zimathandizira cryptography ya ku Russia, ndiye kuti tikhoza kulankhula za zizindikiro za mapulogalamu, zizindikiro za pulogalamu ya hardware ndi zizindikiro za hardware.
Zizindikiro za Cryptographic zimapereka zonse zosungirako ziphaso ndi makiyi awiri (makiyi agulu ndi achinsinsi) komanso magwiridwe antchito achinsinsi molingana ndi muyezo wa PKCS#11. Ulalo wofooka pano ndikusungirako kiyi yachinsinsi. Ngati kiyi yapagulu yatayika, mutha kuyipeza nthawi zonse pogwiritsa ntchito kiyi yachinsinsi kapena kuichotsa pa satifiketi. Kutayika / kuwonongeka kwa kiyi yachinsinsi kumakhala ndi zotsatira zoyipa, mwachitsanzo, simungathe kumasulira mafayilo osungidwa ndi kiyi yanu yapagulu, ndipo simungathe kuyika siginecha yamagetsi (ES). Kuti mupange siginecha yamagetsi, muyenera kupanga makiyi atsopano ndipo, pandalama zina, pezani satifiketi yatsopano kuchokera kwa m'modzi mwa akuluakulu a ziphaso.
Pamwambapa tatchulapo mapulogalamu, firmware ndi hardware tokeni. Koma tikhoza kulingalira mtundu wina wa chizindikiro cha cryptographic - mtambo.
Lero simudzadabwitsa aliyense . Zonse ma drive amtambo amtambo ali pafupifupi ofanana ndi a chizindikiro chamtambo.
Chinthu chachikulu apa ndi chitetezo cha deta yosungidwa mumtambo wamtambo, makamaka makiyi apadera. Kodi chizindikiro chamtambo chingapereke izi? Timati - INDE!
Ndiye chizindikiro chamtambo chimagwira ntchito bwanji? Chinthu choyamba ndikulembetsa kasitomala mumtambo wa chizindikiro. Kuti muchite izi, chothandizira chiyenera kuperekedwa chomwe chimakulolani kuti mulowe mumtambo ndikulembetsa dzina lanu / dzina lakutchulidwa mmenemo:
Pambuyo polembetsa mumtambo, wogwiritsa ntchitoyo ayenera kuyambitsa chizindikiro chake, ndikuyika chizindikiro cha chizindikiro ndipo, chofunika kwambiri, akhazikitse SO-PIN ndi ma PIN code. Izi ziyenera kuchitidwa panjira yotetezedwa / yobisidwa kokha. Pulogalamu ya pk11conf imagwiritsidwa ntchito poyambitsa chizindikiro. Kuti mubisire tchanelo, akufunsidwa kuti agwiritse ntchito encryption algorithm Magma-CTR (GOST R 34.13-2015).
Kuti mupange kiyi yogwirizana pamaziko omwe magalimoto pakati pa kasitomala ndi seva adzatetezedwa / kubisidwa, akufunsidwa kugwiritsa ntchito protocol yovomerezeka ya TK 26. - .
Ikukonzedwa kuti igwiritsidwe ntchito ngati mawu achinsinsi pamaziko omwe fungulo logawana lidzapangidwira . Popeza tikukamba za Russian cryptography, ndizochibadwa kupanga mawu achinsinsi a nthawi imodzi pogwiritsa ntchito makina CKM_GOSTR3411_12_256_HMAC, CKM_GOSTR3411_12_512_HMAC kapena CKM_GOSTR3411_HMAC.
Kugwiritsa ntchito makinawa kumatsimikizira kuti mwayi wopeza zinthu zamtundu wamtambo kudzera pa SO ndi USER PIN khodi umapezeka kwa wogwiritsa ntchito yemwe adaziyika pogwiritsa ntchito zida. pk11conf.
Ndizomwezo, mukamaliza masitepe awa, chizindikiro chamtambo chakonzeka kugwiritsidwa ntchito. Kuti mupeze chizindikiro chamtambo, muyenera kungoyika laibulale ya LS11CLOUD pa PC yanu. Mukamagwiritsa ntchito chizindikiro chamtambo pamapulogalamu apulogalamu ya Android ndi iOS, SDK yofananira imaperekedwa. Ndi laibulale iyi yomwe idzafotokozedwe polumikiza chizindikiro cha mtambo mu msakatuli wa Redfox kapena kulembedwa mu fayilo ya pkcs11.txt ya. Laibulale ya LS11CLOUD imalumikizananso ndi chizindikiro cha mumtambo kudzera pa njira yotetezedwa yozikidwa pa SESPAKE, yopangidwa poyitana PKCS#11 C_Initialize!
Ndizo zonse, tsopano mutha kuyitanitsa satifiketi, kuyiyika mu chizindikiro chanu chamtambo ndikupita patsamba lantchito za boma.
Source: www.habr.com