Manuia le aoauli Sei o tatou faaauau i lenei autu).
O le asō ua tatou agai atu i le vaega faatino. Tatou amata i le fa'atulagaina o la tatou CA fa'avae i luga ole faletusi fa'ata'ita'i fa'apogai matala atoa openSSL. O lenei algorithm ua faʻataʻitaʻiina e faʻaaoga ai windows 7.
Faatasi ai ma le faʻapipiʻiina o le openSSL, e mafai ona matou faʻatinoina galuega faʻapitoa (e pei o le fatuina o ki ma tusi faamaonia) e ala i le laina o le poloaiga.
O le algorithm o gaioiga e faapea:
- Faʻapipiʻi le tufatufaina faʻapipiʻi openssl-1.1.1g.
openSSL e eseese fa'aliliuga. O faʻamaumauga mo Rutoken fai mai o le openSSL version 1.1.0 poʻo le fou e manaʻomia. Na ou faʻaaogaina openssl-1.1.1g version. E mafai ona e siiina le openSSL mai le nofoaga aloaia, ae mo se faʻapipiʻi faigofie, e te manaʻomia le suʻeina o le faila faʻapipiʻi mo windows i luga ole upega. Na ou faia lenei mea mo oe:
Fa'asolo i lalo le itulau ma download le Win64 OpenSSL v1.1.1g EXE 63MB Installer. - Faʻapipiʻi openssl-1.1.1g i luga o le komepiuta.
O le faʻapipiʻiina e tatau ona faʻatinoina e tusa ai ma le ala masani, lea e otometi lava ona faʻaalia i le C: Polokalama Faila faila. O le polokalame o le a faʻapipiʻiina i le OpenSSL-Win64 folder. - Ina ia faʻatutuina le openSSL i le auala e te manaʻomia ai, o loʻo i ai le faila openssl.cfg. O lenei faila o loʻo i totonu o le C:\Program Files\OpenSSL-Win64bin ala pe afai e te faʻapipiʻiina le openSSL e pei ona faʻamatalaina i le parakalafa muamua. Alu i le faila o loʻo teuina ai openssl.cfg ma tatala le faila lea e faʻaaoga ai, mo se faʻataʻitaʻiga, Notepad++.
- Atonu na e mateina o le a faʻatulagaina le pule faʻamaonia e ala i le suia o mea o loʻo i totonu o le faila openssl.cfg, ma e saʻo atoatoa oe. O lenei mea e manaʻomia ai le faʻatulagaina o le [ca] poloaiga. I le faila openssl.cfg, o le amataga o le tusitusiga o le a tatou faia ai suiga e mafai ona maua e pei o: [ ca ].
- O lenei o le a ou tuʻuina atu se faʻataʻitaʻiga o se faʻatulagaga ma lona faʻamatalaga:
[ ca ] default_ca = CA_default [ CA_default ] dir = /Users/username/bin/openSSLca/demoCA certs = $dir/certs crl_dir = $dir/crl database = $dir/index.txt new_certs_dir = $dir/newcerts certificate = $dir/ca.crt serial = $dir/private/serial crlnumber = $dir/crlnumber crl = $dir/crl.pem private_key = $dir/private/ca.key x509_extensions = usr_certOle taimi nei e tatau ona tatou fatuina le demoCA directory ma subdirectories e pei ona faʻaalia i le faʻataʻitaʻiga i luga. Ma tuu i totonu o lenei lisi i luga o le ala o loʻo faʻamaonia i le dir (O loʻo ia te aʻu /Users/username/bin/openSSLca/demoCA).
E taua tele le sipelaina sa'o o le dir - o le ala lea i le lisi o le a tu'u ai le matou tusipasi. O lenei lisi e tatau ona i ai i totonu /Users (o lona uiga, i le tala a nisi tagata faʻaoga). Afai e te tuʻuina lenei lisi, mo se faʻataʻitaʻiga, i le C: Program Files, o le a le vaʻaia e le polokalama le faila o loʻo i ai faʻasalalauga openssl.cfg (a itiiti ifo e pei o aʻu).
$dir - o le ala o loʻo faʻamaonia i le dir ua suia iinei.
O le isi itu taua o le fatuina lea o se faila index.txt gaogao, e aunoa ma lenei faila o le a le aoga poloaiga "openSSL ca ...".
E mana'omia fo'i le iai o sau faila fa'asologa, se ki patino a'a (ca.key), se tusi fa'amaonia (ca.crt). O le faagasologa o le mauaina o nei faila o le a faamatalaina i lalo.
- Matou te faʻafesoʻotaʻi faʻamatalaga algorithms na saunia e Rutoken.
O lenei feso'ota'iga e faia i le faila openssl.cfg.- Muamua lava, e tatau ona e siiina le algorithms Rutoken talafeagai. O faila ia rtengine.dll, rtpkcs11ecp.dll.
Ina ia faia lenei mea, download le Rutoken SDK: .O le Rutoken SDK o loʻo i ai uma mo tagata atiaʻe e manaʻo e faʻataʻitaʻi Rutoken. E iai uma faʻataʻitaʻiga eseese mo le galulue faatasi ma Rutoken i gagana eseese polokalame, ma o nisi faletusi o loʻo tuʻuina atu. O matou faletusi rtengine.dll ma rtpkcs11ecp.dll o loʻo i totonu o le Rutoken sdk, i le faasologa, i le nofoaga:
sdk/openssl/rtengine/bin/windows-x86_64/lib/rtengine.dll
sdk/pkcs11/lib/windows-x86_64/rtpkcs11ecp.dllO se itu taua tele. Libraries rtengine.dll, rtpkcs11ecp.dll e le galue e aunoa ma le avetaʻavale faʻapipiʻi mo Rutoken. E tatau foi ona fesoʻotaʻi Rutoken i le komepiuta. (mo le faʻapipiʻiina o mea uma e te manaʻomia mo Rutoken, vaʻai i le vaega muamua o le tusiga )
- O faletusi rtengine.dll ma rtpkcs11ecp.dll e mafai ona teuina i soʻo se mea i totonu o le faʻamatalaga faʻaoga.
- Matou te tusia auala i nei faletusi i openssl.cfg. Ina ia faia lenei mea, tatala le openssl.cfg faila, tuu le laina i le amataga o lenei faila:
openssl_conf = openssl_defI le faaiuga o le faila e te manaʻomia e faʻaopoopo:
[ openssl_def ] engines = engine_section [ engine_section ] rtengine = gost_section [ gost_section ] dynamic_path = /Users/username/bin/sdk-rutoken/openssl/rtengine/bin/windows-x86_64/lib/rtengine.dll MODULE_PATH = /Users/username/bin/sdk-rutoken/pkcs11/lib/windows-x86_64/rtpkcs11ecp.dll RAND_TOKEN = pkcs11:manufacturer=Aktiv%20Co.;model=Rutoken%20ECP default_algorithms = CIPHERS, DIGEST, PKEY, RANDdynamic_path - e tatau ona e faamaoti lou ala i le faletusi rtengine.dll.
MODULE_PATH - e tatau ona e setiina lou ala ile faletusi rtpkcs11ecp.dll.
- Muamua lava, e tatau ona e siiina le algorithms Rutoken talafeagai. O faila ia rtengine.dll, rtpkcs11ecp.dll.
- Fa'aopoopo si'osi'omaga fesuiaiga.
Ia mautinoa e faʻaopoopo se fesuiaiga o le siosiomaga e faʻamaonia ai le ala i le openssl.cfg file configuration. I loʻu tulaga, o le suiga OPENSSL_CONF na faia ma le ala C: Polokalama FilesOpenSSL-Win64binopenssl.cfg.
I le fesuiaiga o le ala, e tatau ona e faʻamaoti le ala i le faila o loʻo i ai openssl.exe, i loʻu tulaga o le: C: Program FilesOpenSSL-Win64bin.
- O lea e mafai ona e toe foʻi i le Laasaga 5 ma fatuina faila o loʻo misi mo le demoCA directory.
- O le faila taua muamua e aunoa ma se mea e leai se mea e aoga o le serial. O se faila lea e aunoa ma se faʻaopoopoga, o lona tau e tatau ona 01. E mafai ona e fatuina lenei faila oe lava ma tusi 01 i totonu. E mafai foi ona e sii maia mai le Rutoken SDK i luga o le ala sdk/openssl/rtengine/samples/tool/demoCA /.
O le demoCA directory o loʻo i ai le faila faila, o le mea tonu lava lea matou te manaʻomia. - Fausia se ki patino a'a.
Ina ia faia lenei mea, o le a matou faʻaogaina le openSSL library command, lea e tatau ona faʻatautaia saʻo i luga o le laina o le poloaiga:openssl genpkey -algorithm gost2012_256 -pkeyopt paramset:A -out ca.key - Matou te fatuina se tusi faamaonia aʻa.
Ina ia faia lenei mea, faʻaaoga le faʻatonuga o le faletusi openSSL:openssl req -utf8 -x509 -key ca.key -out ca.crtFaamolemole ia matau o le root private key, lea na gaosia i le laasaga muamua, e manaomia e gaosia ai le root certificate. O le mea lea, o le laina o le poloaiga e tatau ona faʻalauiloa i le lisi lava e tasi.
O mea uma i le taimi nei o loʻo i ai faila uma o loʻo misi mo le faʻatulagaina atoatoa o le demoCA directory. Tuu faila na faia i totonu o lisi o loʻo faʻaalia i le vaega 5.
- O le faila taua muamua e aunoa ma se mea e leai se mea e aoga o le serial. O se faila lea e aunoa ma se faʻaopoopoga, o lona tau e tatau ona 01. E mafai ona e fatuina lenei faila oe lava ma tusi 01 i totonu. E mafai foi ona e sii maia mai le Rutoken SDK i luga o le ala sdk/openssl/rtengine/samples/tool/demoCA /.
O le a matou manatu pe a uma ona faʻamaeʻaina uma 8 points, o loʻo faʻatulagaina atoa le matou nofoaga autu o tusipasi.
I le isi vaega, o le a ou faʻamatalaina pe faʻapefea ona matou galulue faʻatasi ma le pule faʻamaonia ina ia mafai ai ona faʻataunuʻuina mea na faʻamatalaina i totonu .
puna: www.habr.com