Izvozvo zvakatanga sei
Pakutanga chaiko kwenguva yekuzviparadzanisa nevamwe, ndakagamuchira tsamba mutsamba:
Maitiro ekutanga aive echisikigo: iwe unofanirwa kuenda kunotora zviratidzo, kana ivo vanofanirwa kuunzwa, asi kubva Muvhuro isu tese takagara pamba, pane zvirambidzo pakufamba, uye gehena ndiani? Naizvozvo, mhinduro yacho yaive yakajairika:
Uye sezvatinoziva tese, kubva Muvhuro, Kubvumbi 1, nguva yekuzviparadzanisa nevamwe yakatanga. Isu tese takachinjira kubasa kure uye isu taidawo VPN. VPN yedu yakavakirwa paOpenVPN, asi yakagadziridzwa kuti itsigire Russian cryptography uye kugona kushanda nePKCS#11 tokens uye PKCS#12 midziyo. Sezvingatarisirwa, zvakazoitika kuti isu pachedu takanga tisina kunyatsogadzirira kushanda kuburikidza neVPN: vazhinji vanga vasina zvitupa, uye vamwe vaive vapera.
Zvakafamba sei?
Uye apa ndipo apo zvinoshandiswa zvinouya kuzonunura uye kushandisa (Verification Center).
Iyo cryptoarmpkcs utility inobvumira vashandi vari kuzviparadzanisa nevamwe uye vane zviratidzo pamakomputa avo epamba kugadzira zvikumbiro zvetifiketi:
Vashandi vakatumira zvikumbiro zvakachengetwa kuburikidza neemail kwandiri. Mumwe munhu angabvunza: - Zvakadini nezve data rako pachako, asi kana iwe ukatarisa zvakanyanya, haisi mukukumbira. Uye chikumbiro pachacho chinodzivirirwa nesaini yayo.
Paunenge wagamuchira, chikumbiro chetifiketi chinopinzwa kunze kweiyo CAFL63 CA dhatabhesi:
Mushure meizvozvo chikumbiro chinofanira kurambwa kana kubvumidzwa. Kuti utarise chikumbiro, unofanirwa kuchisarudza, tinya-kurudyi uye sarudza "Ita sarudzo" kubva pane yekudonha-pasi menyu:
Maitiro ekuita sarudzo pachawo ari pachena:
Chitupa chinopihwa nenzira imwechete, chete chinhu chemenu chinodaidzwa kuti "Chitupa cheChinyorwa":
Kuti utarise chitupa chakapihwa, unogona kushandisa menyu yemukati kana kungodzvanya kaviri pamutsetse unoenderana:
Iye zvino zvirimo zvinogona kutariswa zvese kuburikidza openssl (OpenSSL Text tab) uye yakavakirwa-mukati muoni weCAFL63 application (Chitupa Chinyorwa tab). Muchiitiko chekupedzisira, unogona kushandisa menyu yemukati kukopa chitupa muchimiro chemavara, kutanga kune clipboard, uyezve kufaira.
Pano panofanira kucherechedzwa kuti chii chachinja muCAFL63 zvichienzaniswa neshanduro yekutanga? Kana zviri zvekuona zvitupa, takatozviona izvi. Izvo zvakare zvave kugona kusarudza boka rezvinhu (zvitupa, zvikumbiro, maCRL) uye wozviona mu paging mode (iyo "Ona yakasarudzwa ..." bhatani).
Zvichida chinhu chinonyanya kukosha ndechekuti purojekiti inowanikwa pachena . Pamusoro pekugovera kweLinux, kugoverwa kweWindows uye OS X kwakagadzirwa.
Kuenzaniswa neyakapfuura vhezheni yeCAFL63 application, kwete chete iyo interface pachayo yakachinja, asiwo, sezvatocherechedzwa, zvitsva zvakawedzerwa. Semuenzaniso, iyo peji ine tsananguro yekushandisa yakagadziridzwa uye yakananga malink ekudhawunirodha kugovera akawedzerwa:
Vazhinji vakabvunza uye vachiri kubvunza kuti vangawanepi GOST openssl. Pachivanhu ndinopa , zvakapiwa nomutsa . Maitiro ekushandisa iyi openssl yakanyorwa .
Asi ikozvino makiti ekugovera anosanganisira test version ye openssl neRussia cryptography.
Naizvozvo, pakumisikidza iyo CA, unogona kutsanangura kana /tmp/lirssl_static yeLinux kana $::env(TEMP)/lirssl_static.exe yeWindows seyo openssl yakashandiswa:
Muchiitiko ichi, iwe unozofanirwa kugadzira isina chinhu lirssl.cnf faira uye tsanangura nzira yefaira iri munzvimbo inoshanduka LIRSSL_CONF:
Iyo "Extensions" tebhu muzvirongwa zvechitupa yakawedzerwa ne "Authority Info Access" munda, kwaunogona kuseta mapoinzi ekuwana kune CA midzi chitupa uye kune OCSP server:
Tinowanzonzwa kuti maCA haagamuchire zvikumbiro zvinogadzirwa navo (PKCS#10) kubva kune vanonyorera kana, zvakatoipisisa, kumanikidza kuumbwa kwezvikumbiro nechizvarwa chekiyi peya pamutakuri kuburikidza neimwe CSP. Uye vanoramba kugadzira zvikumbiro pamatokeni nekiyi isingadzokerike (paiyo imwechete RuToken EDS-2.0) kuburikidza nePKCS#11 interface. Naizvozvo, zvakasarudzwa kuwedzera chizvarwa chekukumbira kune kushanda kweCAFL63 application uchishandisa nzira dzekriptographic dzePKCS#11 tokens. Kugonesa nzira dzechiratidzo, pasuru yakashandiswa . Paunenge uchigadzira chikumbiro kuCA (peji "Zvikumbiro zvezvitupa", shanda "Gadzira chikumbiro / CSR") iwe unogona ikozvino kusarudza kuti iyo kiyi mbiri ichagadzirwa sei (uchishandisa openssl kana pachiratidzo) uye chikumbiro pachacho chichasainwa:
Raibhurari inodiwa kushanda nechiratidzo inotsanangurwa muzvirongwa zvechitupa:
Asi isu takatsauka kubva pabasa guru rekupa vashandi zvitupa kuti vashande mune yekambani VPN network mune yekuzviparadzanisa nevamwe. Zvakazoitika kuti vamwe vashandi havana tokeni. Zvakasarudzwa kuvapa PKCS#12 midziyo yakachengetedzwa, sezvo iyo CAFL63 application inobvumira izvi. Chekutanga, kuvashandi vakadai tinoita zvikumbiro zvePKCS#10 zvichiratidza mhando yeCIPF βOpenSSLβ, tobva tapa chitupa tochiisa muPKCS12. Kuti uite izvi, pane peji re "Zvitupa", sarudza chitupa chaunoda, tinya-kurudyi uye sarudza "Export to PKCS#12":
Kuti uve nechokwadi chekuti zvese zvakarongeka nemudziyo, ngatishandisei cryptoarmpkcs utility:
Iwe zvino unogona kutumira zvitupa zvakapihwa kune vashandi. Vamwe vanhu vanongotumirwa mafaera ane zvitupa (ava ndivo varidzi vezviratidzo, vaya vakatumira zvikumbiro), kana midziyo yePKCS#12. Muchiitiko chechipiri, mushandi wega wega anopihwa password kune mudziyo parunhare. Vashandi ava vanongoda kugadzirisa iyo VPN yekumisikidza faira nekutsanangura nenzira kwayo nzira yemudziyo.
Kana vari vevaridzi vematokeni, vaifanirawo kupinza chitupa chechiratidzo chavo. Kuti vaite izvi, vakashandisa zvakafanana cryptoarmpkcs utility:
Ikozvino pane shanduko shoma kuVPN config (chitupa label pachiratidzo chingave chachinja) uye ndizvozvo, iyo kambani VPN network iri kushanda.
Kupera kunofadza
Zvino zvakabva zvaita kwandiri, sei vanhu vachindiunzira zviratidzo kana kuti nditumire nhume kwavari. Uye ndinotumira tsamba ine zvinotevera zvirimo:
Mhinduro inouya zuva rinotevera:
Ini pakarepo ndinotumira chinongedzo kune cryptoarmpkcs utility:
Ndisati ndagadzira zvikumbiro zvetifiketi, ndakakurudzira kuti vabvise ma tokeni:
Zvino zvikumbiro zvezvitupa muPKCS#10 fomati zvakatumirwa neemail uye ini ndakaburitsa zvitupa, zvandakatumira ku:
Uye yakauya nguva inofadza:
Paivawo netsamba iyi.
Uye mushure meizvozvo chinyorwa ichi chakazvarwa.
Kugoverwa kweCAFL63 application yeLinux uye MS Windows mapuratifomu anogona kuwanikwa
pano
Kugoverwa kweiyo cryptoarmpkcs utility, kusanganisira iyo Android chikuva, inowanikwa
pano
Source: www.habr.com