Inokodzera zvemagetsi siginecha ye macOS

Maererano ne RBC и Tensor, muna 2019, 4,6 miriyoni zvitupa zveanokwanisa emagetsi siginecha (CES) achapihwa muRussia, achizadzisa zvinodiwa zve63-FZ. Zvinoitika kuti kubva pamamirioni masere akanyoreswa mabhizinesi ega ega uye LLCs, wechipiri muzvinabhizimusi anoshandisa siginecha yemagetsi. Pamusoro peEGAIS CEPs uye Cloud-based CEPs yekushuma yakapihwa nemabhangi uye accounting masevhisi, maCEP epasi rose pamatokeni akachengeteka anonyanya kufarira. Zvitupa zvakadaro zvinokutendera kuti upinde mukati mehurumende portals uye kusaina chero magwaro, zvichiita kuti zvive zvakakosha zviri pamutemo.

Nekuda kwechitupa cheCEP pane USB tokeni, unogona kugumisa kure kure chibvumirano nemumwe wako kana mushandi ari kure, uye kutumira magwaro kudare; nyoresa online mari regisheni, gadzirisa zvikwereti zvemutero uye upe chiziviso muakaundi yako wega pa nalog.ru; tsvaga nezvezvikwereti uye kuongororwa kuri kuuya kuHurumende Services.

Bhuku riri pasi apa richabatsira shanda neCEP pasi pemacOS - pasina kudzidza maforamu eCryptoPro uye nekuisa muchina chaiwo neWindows.

Zviri mukati

Zvaunoda kushanda neCEP pasi pemacOS:

Kuisa uye kugadzirisa CEP ye macOS

1. Kuisa CryptoPro CSP
2. Kuisa madhiraivha eRutoken
3. Kuisa zvitupa
   3.1. Isu tinodzima zvese zvekare GOST zvitupa
   3.2. Kuisa zvitupa zvemidzi
   3.3. Dhaunirodha zvitupa zvechiremera zvitupa
   3.4. Kuisa chitupa neRutoken
4. Isa yakakosha browser Chromium-GOST
5. Kuisa mabrowser ekuwedzera
   5.1 CryptoPro EDS Browser plug-in
   5.2. Plugin yePublic Services
   5.3. Kumisikidza plugin yeHurumende Services
   5.4. Activating extensions
   5.5. Kumisikidza iyo CryptoPro EDS Browser plug-in yekuwedzera
6. Kuongorora kuti zvese zviri kushanda
   6.1. Enda kune CryptoPro test peji
   6.2. Enda kuAkaunti Yako Yega pa nalog.ru
   6.3. Enda kune State Services
7. Zvekuita kana ikamira kushanda

Kuchinja mudziyo PIN kodhi

1. Kutsvaga zita re KEP mudziyo
2. Kuchinja PIN nemurairo kubva kune terminal

Kusaina mafaera pane macOS

1. Kutsvaga hashi yechitupa cheCEP
2. Kusaina faira rine rairo kubva kune terminal
3. Kuisa Apple Automator Script

Tarisa siginicha pane gwaro

Ruzivo rwese pazasi rwunotorwa kubva kune ane mukurumbira masosi (CryptoPro #1 и #2, Rutoken, Corus-Consulting, Ural Federal District yeBazi reTelecom uye Mass Communications), uye zvinokurudzirwa kurodha software kubva kumasaiti akavimbika. Munyori inyanzvi akazvimirira uye haana hukama nechero yemakambani ataurwa. Nekutevera mirairo iyi, iwe unotora mutoro wakakwana kune chero zviito nemhedzisiro.

Zvaunoda kushanda neCEP pasi pemacOS:

1. CEP pane USB chiratidzo Rutoken Lite kana Rutoken EDS
2. crypto container mune CryptoPro format
3. ine yakavakwa-mukati rezinesi reCryptoPro CSP

eToken uye JaCarta midhiya yakabatana neCryptoPro haitsigirwe pasi peMacOS. Iyo Rutoken Lite media ndiyo yakanakisa sarudzo, inodhura 500..1000= rubles, inoshanda nekukurumidza uye inobvumidza iwe kuchengetedza makiyi gumi nemashanu.

Crypto vanopa VipNet, Signal-COM uye LISSY haitsigirwe pane macOS. Iko hakuna nzira yekushandura midziyo. CryptoPro ndiyo yakanakisa sarudzo, mutengo wechitupa unofanirwa kunge uri 1300 = rub. kune vatengesi vega uye 1600 = rub. zveYUL.

Kazhinji, rezinesi repagore reCryptoPro CSP rakatoverengerwa muchitupa uye rinopihwa mahara nemaCA akawanda. Kana zvisiri izvo, saka iwe unofanirwa kutenga uye kumisa rezinesi risingaperi reCryptoPro CSP rakanyatso vhezheni 4 inodhura 2700=. CryptoPro CSP shanduro 5 ye macOS haishande parizvino.

Kuisa uye kugadzirisa CEP ye macOS

Zvinhu zviri pachena

• mafaera ese akadhawunirodherwa anotorwa kune iyo default dhairekitori: ~/Kudhawunirodha/;
• Isu hatishandure chero chinhu mune vese vanoisa, isu tinosiya zvese sekumisikidza;
• kana macOS ichiratidza yambiro yekuti software iri kuvhurwa ichibva kune isingazivikanwe mugadziri, iwe unofanirwa kusimbisa kuvhurwa mumagadzirirwo ehurongwa: Zvido zveSistimu -> Chengetedzo & Yakavanzika -> Vhura Zvakadaro;
• kana macOS ichikumbira password yemushandisi uye mvumo yekudzora komputa, unofanirwa kuisa password uye kubvumirana nezvose.

1. Isa CryptoPro CSP

Register pawebhusaiti CryptoPro uye co download mapeji dhawunirodha uye isa iyo vhezheni CryptoPro CSP 4.0 R4 nokuti macOS - скачать.

2. Isa vatyairi veRutoken

Iyo webhusaiti inotaura kuti izvi ndezvekusarudza, asi zviri nani kuimisa. Co download mapeji dhawunirodha uye isa pane iyo Rutoken webhusaiti Keychain inotsigira module - скачать.

Tevere, batanidza iyo usb tokeni, tanga iyo terminal uye ita murairo:

/opt/cprocsp/bin/csptest -card -enum -v

Mhinduro inofanira kuva:

Aktiv Rutoken…
Kadhi riripo...
[ErrorCode: 0x00000000]

3. Isa zvitupa

3.1. Isu tinodzima zvese zvekare GOST zvitupa

Kana iwe wakamboedza kuvhura CEP pasi peMacOS, saka unofanirwa kudzima zvese zvakamboiswa zvitupa. Iyi mirairo mune terminal inongodzima zvitupa zveCryptoPro uye hazvizokanganisa zvitupa zvenguva dzose kubva Keychain paMacOS.

sudo /opt/cprocsp/bin/certmgr -delete -all -store mroot

sudo /opt/cprocsp/bin/certmgr -delete -all -store uroot

/opt/cprocsp/bin/certmgr -delete -all

Mhinduro yemurairo wega wega inofanira kusanganisira:

Hapana chitupa chinoenderana nezvinodiwa

kana

Kudzima kwapera

3.2. Kuisa zvitupa zvemidzi

Zvitupa zvemidzi zvakajairwa kune ese maCEP akapihwa nechero chiremera chetifiketi. Dhawunirodha kubva download mapeji Ural Federal District yeBazi reTelecom uye Mass Communications:

• https://e-trust.gosuslugi.ru/Shared/DownloadCert?thumbprint=4BC6DC14D97010C41A26E058AD851F81C842415A
• https://e-trust.gosuslugi.ru/Shared/DownloadCert?thumbprint=8CAE88BBFD404A7A53630864F9033606E1DC45E2
• https://e-trust.gosuslugi.ru/Shared/DownloadCert?thumbprint=0408435EB90E5C8796A160E69E4BFAC453435D1D

Isa nemirairo mune terminal:

sudo /opt/cprocsp/bin/certmgr -inst -store mroot -f ~/Downloads/4BC6DC14D97010C41A26E058AD851F81C842415A.cer

sudo /opt/cprocsp/bin/certmgr -inst -store mroot -f ~/Downloads/8CAE88BBFD404A7A53630864F9033606E1DC45E2.cer

sudo /opt/cprocsp/bin/certmgr -inst -store mroot -f ~/Downloads/0408435EB90E5C8796A160E69E4BFAC453435D1D.cer

Murairo wega wega unofanirwa kudzoka:

Kuisa:
...
[ErrorCode: 0x00000000]

3.3. Dhaunirodha zvitupa zvechiremera zvitupa

Tevere, iwe unofanirwa kuisa zvitupa zvechiremera chetifiketi kwawakaburitsa CEP. Kazhinji, zvitupa zvemidzi yeCA yega yega inowanikwa pawebhusaiti yayo muchikamu chekurodha.

Neimwe nzira, zvitupa zvechero CA zvinogona kutorwa kubva webhusaiti yeUral Federal District yeBazi reTelecom uye Mass Communications. Kuti uite izvi, mune fomu yekutsvaga iwe unofanirwa kuwana CA nezita, enda kune peji ine zvitupa uye tora zvese acting zvitupa - kureva, avo vane 'Inoshanda' zuva rechipiri harisati rasvika. Dhawunirodha kubva pane chinongedzo mumunda 'Fingerprint'.

Screenshots

Uchishandisa muenzaniso weCA Corus-Consulting: unofanirwa kudhawunirodha zvitupa zvina kubva download mapeji:

• https://e-trust.gosuslugi.ru/Shared/DownloadCert?thumbprint=15EB064ABCB96C5AFCE22B9FEA52A1964637D101
• https://e-trust.gosuslugi.ru/Shared/DownloadCert?thumbprint=B9F1D3F78971D48C34AA73786CDCD138477FEE3F
• https://e-trust.gosuslugi.ru/Shared/DownloadCert?thumbprint=55EC48193B6716D38E80BD9D1D2D827BC8A07DE3
• https://e-trust.gosuslugi.ru/Shared/DownloadCert?thumbprint=A0D19D700E2A5F1CAFCE82D3EFE49A0D882559DF

Isu tinoisa zvitupa zveCA zvakatorwa tichishandisa mirairo kubva kune terminal:

sudo /opt/cprocsp/bin/certmgr -inst -store mroot -f ~/Downloads/B9F1D3F78971D48C34AA73786CDCD138477FEE3F.cer

sudo /opt/cprocsp/bin/certmgr -inst -store mroot -f ~/Downloads/A0D19D700E2A5F1CAFCE82D3EFE49A0D882559DF.cer

sudo /opt/cprocsp/bin/certmgr -inst -store mroot -f ~/Downloads/55EC48193B6716D38E80BD9D1D2D827BC8A07DE3.cer

sudo /opt/cprocsp/bin/certmgr -inst -store mroot -f ~/Downloads/15EB064ABCB96C5AFCE22B9FEA52A1964637D101.cer

apo pashure ~/Kudhawunirodherwa/ Mazita emafaira akatorwa akanyorwa; iwo achave akasiyana kune yega yega CA.

Murairo wega wega unofanirwa kudzoka:

Kuisa:
...
[ErrorCode: 0x00000000]

3.4. Kuisa chitupa neRutoken

Raira mune terminal:

/opt/cprocsp/bin/csptestf -absorb -certs

Murairo unofanira kudzoka:

OK.
[ErrorCode: 0x00000000]

4. Isa bhurawuza yakakosha Chromium-GOST

Kuti ushande nema portals ehurumende, iwe uchada yakakosha kuvaka yechromium browser - Chromium-GOST. Iyo kodhi kodhi yeprojekiti yakavhurika, link kune repository paGitHub inopihwa pa CryptoPro webhusaiti. Kubva pane zvakaitika, mamwe mabhurawuza CryptoFox и Yandex browser Izvo hazvina kukodzera kushanda nehurumende portals pasi pe macOS. Zvakakodzera kufunga kuti mune zvimwe zvinovaka zveChromium-GOST, iyo account account panalog.ru inogona kuomesa kana kupuruzira inogona kumira kushanda zvachose, saka yekare inopupurirwa inopiwa. kuvaka 71.0.3578.98 - скачать.


Dhawunirodha uye unpack dura, isa bhurawuza nekukopa kana kudhonza nekuikanda muApplications dhairekitori. Mushure mekuisa, Simba kuvhara Chromium uye usazoivhura, shanda kubva kuSafari.

killall Chromium-Gost

5. Isa mabrowser ekuwedzera

5.1 CryptoPro EDS Browser plug-in

Na download mapeji dhawunirodha uye isa pane CryptoPro webhusaiti CryptoPro EDS Browser plug-in vhezheni 2.0 yevashandisi - скачать.

5.2. Plugin yePublic Services

Na download mapeji dhawunirodha uye isa paState Services portal Plugin yekushanda nehurumende masevhisi portal (shanduro ye macOS) - скачать.

5.3. Kumisikidza plugin yeHurumende Services

Dhawunirodha iyo chaiyo yekumisikidza faira yeState Services yekuwedzera kubva kune CryptoPro webhusaiti - скачать.

Ita mirairo mune terminal:

sudo rm /Library/Internet Plug-Ins/IFCPlugin.plugin/Contents/ifc.cfg

sudo cp ~/Downloads/ifc.cfg /Library/Internet Plug-Ins/IFCPlugin.plugin/Contents


sudo cp /Library/Google/Chrome/NativeMessagingHosts/ru.rtlabs.ifcplugin.json /Library/Application Support/Chromium/NativeMessagingHosts

5.4. Activating extensions

Tangisa Chromium-Gost bhurawuza uye nyora mubhadha rekero:

chrome://extensions/

Isu tinogonesa ese akaiswa ekuwedzera:

• CryptoPro Extension yeCADES Browser Plug-in
• Kuwedzerwa kwePublic Services plugin

Screenshot

5.5. Kumisikidza iyo CryptoPro EDS Browser plug-in yekuwedzera

MuChromium-Gost kero bar tinonyora:

/etc/opt/cprocsp/trusted_sites.html

Pa peji rinoonekwa, wedzera mawebhusaiti anotevera kune rondedzero yemasaiti akavimbika rimwe nerimwe:

https://*.cryptopro.ru
https://*.nalog.ru
https://*.gosuslugi.ru

Dzvanya "Save". Dot regirini rinofanira kuoneka:

Rondedzero yemanodhi akavimbika akachengetedzwa zvakabudirira.

Screenshot

6. Tarisa kuti zvese zvinoshanda

6.1. Enda kune CryptoPro test peji

MuChromium-Gost kero bar tinonyora:

https://www.cryptopro.ru/sites/default/files/products/cades/demopage/cades_bes_sample.html

"Plugin yakarodha" inofanirwa kuratidzwa, uye chitupa chako chinofanira kunge chiripo mune runyorwa pazasi.
Sarudza chitupa kubva pane rondedzero uye tinya "Saina". Iwe unozobvunzwa PIN yechitupa. Nekuda kweizvozvo, inofanirwa kuratidza

Siginicha yagadzirwa zvinobudirira

Screenshot

6.2. Enda kuAkaunti Yako Yega pa nalog.ru

Iwe unogona kusakwanisa kuwana zvinongedzo kubva kune saiti nalog.ru, nekuti... cheki haizopfuuri. Iwe unofanirwa kuenda kuburikidza ne-direct links:

• private hofisi IP: https://lkipgost.nalog.ru/lk
• private hofisi ЮЛ: https://lkul.nalog.ru

Screenshot

6.3. Enda kune State Services

Paunenge uchipinda, sarudza "Pinda uchishandisa siginecha yemagetsi." Mune iyo "Sarudza yemagetsi siginecha yekusimbisa kiyi chitupa" rondedzero inoonekwa, zvese zvitupa, kusanganisira mudzi uye CA, zvicharatidzwa; iwe unofanirwa kusarudza chako kubva pa USB tokeni uye isa PIN.

Screenshot

7. Chii chekuita kana ikamira kushanda

1. Isu tinobatanidza zvakare usb tokeni uye tarisa kuti inoonekwa uchishandisa rairo mune terminal:

   sudo /opt/cprocsp/bin/csptest -card -enum -v


2. Isu tinobvisa bhurawuza cache kwenguva yese, yatinonyora muChromium-Gost kero bar:

   
chrome://settings/clearBrowserData


3. Dzorera chitupa cheCEP uchishandisa rairo mune terminal:

   /opt/cprocsp/bin/csptestf -absorb -certs

Kuchinja mudziyo PIN kodhi

Tsika PIN kodhi yeRutoken nekusarudzika 12345678, uye hapana nzira yekuisiya yakadai. Zvinodiwa zveRutoken PIN kodhi: 16 mavara max., Inogona kuve nemavara echiLatin nenhamba.

1. Ziva zita remudziyo weKEP

Panogona kunge paine akati wandei zvitupa zvakachengetwa pa USB tokeni uye kumwe kuchengetwa, uye iwe unofanirwa kusarudza iyo chaiyo. Iine usb tokeni yakaiswa, tinowana rondedzero yemidziyo yese musystem ine rairo mune terminal:

/opt/cprocsp/bin/csptest -keyset -enum_cont -fqcn -verifycontext

Murairo unofanirwa kubvisa kanenge 1 mudziyo uye kudzoka

[ErrorCode: 0x00000000]

Chigaba chatinoda chinotaridzika

.Aktiv Rutoken liteXXXXXXXX

Kana akati wandei midziyo yakadaro ichiratidzwa, zvinoreva kuti pane akati wandei zvitupa zvakanyorwa pachiratidzo, uye unoziva kuti ndeipi yaunoda. Meaning XNUMX mushure meiyo slash iwe unofanirwa kutevedzera uye kuisa mukuraira pazasi.

2. Shandura PIN uchishandisa murairo kubva kune terminal

/opt/cprocsp/bin/csptest -passwd -qchange -container "XXXXXXXX"

apo XNUMX - zita remudziyo wakawanikwa munhanho 1 (chaizvo mumakotesheni).

A CryptoPro dialog ichaonekwa ichikumbira yekare PIN kodhi kuti iwane chitupa, uye imwe dialog yekuisa iyo PIN kodhi nyowani. Ready.

Screenshot

Kusaina mafaera pane macOS

Pane macOS, mafaera anogona kusainwa mune software CryptoArm (rezinesi mutengo 2500 = rub.), Kana murairo wakapusa kuburikidza neiyo terminal - yemahara.

1. Tsvaga hashi yechitupa cheCEP

Panogona kuve nezvitupa zvakawanda pane tokeni uye mune zvimwe zvitoro. Tinofanira kunyatso ratidza kuti tichasaina magwaro kubva zvino zvichienda mberi. Zvaitwa kamwe.
Chiratidzo chinofanira kuiswa. Isu tinowana runyorwa rwezvitupa mune repositori nemurairo kubva kune terminal:

/opt/cprocsp/bin/certmgr -list

Iwo murairo unofanirwa kuburitsa kanenge 1 chitupa chefomu:

Certmgr 1.1 © "Crypto-Pro", 2007-2018.
chirongwa chekutonga zvitupa, CRLs uye zvitoro
= = = = = = = = = = = = = = = = = = = =
1---
Mubudisi: [email inodzivirirwa],... CN=LLC KORUS Consulting CIS...
Subject: [email inodzivirirwa],... CN=Zakharov Sergey Anatolyevich...
Seri: 0x0000000000000000000000000000000000
SHA1 Hash: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
...
Mundiro: SCARDrutoken_lt_00000000 000 000
...
= = = = = = = = = = = = = = = = = = = =
[ErrorCode: 0x00000000]

Chitupa chatinoda muContainer parameter chinofanira kunge chine kukosha senge SCARDrutoken…. Kana paine zvitupa zvakati wandei zvine maitiro akadaro, saka pane akati wandei zvitupa zvakanyorwa pachiratidzo, uye iwe unoziva kuti ndeipi yaunoda. Parameter value SHA1 Hash (40 mavara) anofanira kukopwa uye kunamirwa mumurairo uri pazasi.

2. Kusaina faira rine murairo kubva kune terminal

Mune iyo terminal, enda kune dhairekitori ine faira yekusaina uye kuita murairo:

/opt/cprocsp/bin/cryptcp -signf -detach -cert -der -strict -thumbprint ХХХХХХХХХХХХХХХХХХХХХХХХХХХХХХХХХХХХХХХХ FILE

apo XXXX... - chitupa hashi yakawanikwa mudanho 1, uye file -zita refaira rekusaina (nezvese zviwedzere, asi pasina nzira).

Murairo unofanira kudzoka:

Meseji yakasainwa inogadzirwa.
[ErrorCode: 0x00000000]

Yemagetsi siginicha faira ichagadzirwa pamwe nekuwedzera *.sgn - iyi siginicha yakavharirwa muCMS fomati ine DER encoding.

3. Isa Apple Automator Script

Kuti udzivise kushanda neiyo terminal nguva dzese, unogona kuisa Automator Script kamwe, iyo yaunogona kusaina magwaro kubva kuFinder mamiriro menyu. Kuti uite izvi, dhawunirodha iyo archive - скачать.

1. Kuburitsa mudura 'Saina neCryptoPro.zip'
2. Kutanga Automator
3. Tsvaga uye vhura iyo isina kurongedzerwa faira 'Saina neCryptoPro.workflow'
4. Muchivako Mhanya Shell Chinyorwa shandura zvinyorwa XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX kune iyo parameter kukosha SHA1 Hash CEP chitupa chakawanikwa pamusoro.
5. Sevha chinyorwa: ⌘Command + S
6. Mhanya faira 'Saina neCryptoPro.workflow' uye simbisa kuiswa.
7. Handei kuSystem Zvaunoda -> Extensions -> Finder uye tarisa izvozvo Saina neCryptoPro kukurumidza kuita kwakaonekwa.
8. MuFinder, fonera menyu yemukati chero faira, uye muchikamu Kurumidza Zviito uye / kana Services sarudza chinhu Saina neCryptoPro
9. Mune iyo CryptoPro dialog inoonekwa, isa mushandisi PIN kodhi kubva kuCEP
10. Faera rine chiwedzerwa *.sgn richaonekwa mudhairekitori razvino - siginicha yakavharirwa muCMS fomati ine DER encoding.

Screenshots

Apple Automator hwindo:

Zvido zveSistimu:

Tsvaga mamiriro ezvinhu:

Tarisa siginicha pane gwaro

Kana zviri mukati megwaro zvisina zvakavanzika uye zvakavanzika, saka nzira iri nyore ndeye kushandisa iyo webhu sevhisi pane State Services portal - https://www.gosuslugi.ru/pgu/eds. Nenzira iyi iwe unogona kutora skrini kubva kune ine mukurumbira sosi uye uve nechokwadi chekuti zvese zvakanaka nesaina.

Screenshots

Source: www.habr.com