PKCS#11 (Cryptoki) chiyero chakagadzirwa neRSA Laboratories yekudyidzana zvirongwa zvine cryptographic tokens, smart cards, uye zvimwe midziyo yakafanana uchishandisa yakabatana programming interface iyo inoshandiswa kuburikidza nemaraibhurari.
Iyo PKCS#11 yakajairwa yeRussia cryptography inotsigirwa nehunyanzvi hwekumisikidza komiti "Cryptographic Information Protection" ().
Kana tikataura nezve zviratidzo zvinotsigira Russian cryptography, saka tinogona kutaura nezve software tokens, software-hardware tokens uye hardware tokens.
Cryptographic tokens inopa kuchengetwa kwezvitupa uye makiyi maviri (makiyi eruzhinji neakavanzika) uye kuita kwecryptographic mashandiro zvinoenderana nePKCS#11 standard. Iyo isina simba link pano ndiko kuchengetwa kwekiyi yakavanzika. Kana kiyi yeruzhinji rarasika, unogona kugara uchiitora uchishandisa kiyi yakavanzika kana kuitora kubva pachitupa. Kurasikirwa / kuparadzwa kwekiyi yakavanzika kune mhedzisiro inotyisa, semuenzaniso, haugone kudzima mafaira akavharidzirwa nekiyi yako yeruzhinji, uye haugone kuisa siginecha yemagetsi (ES). Kuti ugadzire siginecha yemagetsi, iwe unozofanirwa kugadzira nyowani kiyi mbiri uye, neimwe mari, tora chitupa chitsva kubva kune imwe yezviremera zvitupa.
Pamusoro takataura software, firmware uye hardware tokens. Asi isu tinogona kufunga imwe mhando yekriptographic token - gore.
Nhasi haungashamisi chero munhu ... Zvese cloud flash drives anenge akafanana neaya echiratidzo chegore.
Chinhu chikuru apa ndechekuchengetedza data yakachengetwa muchiratidzo chegore, kunyanya makiyi ega. Ko chiratidzo chegore chinogona kupa izvi here? Tinoti - YES!
Saka chiratidzo chegore chinoshanda sei? Danho rekutanga nderekunyoresa mutengi mugore rechiratidzo. Kuti uite izvi, zvinoshandiswa zvinofanirwa kupihwa izvo zvinokutendera iwe kuti uwane iyo gore uye kunyoresa yako yekupinda / zita remadunhurirwa mairi:
Mushure mekunyoresa mugore, mushandisi anofanira kutanga chiratidzo chake, kureva kuisa chiratidzo chechiratidzo uye, zvinonyanya kukosha, kuseta iyo SO-PIN uye mushandisi PIN kodhi. Izvi kutengeserana zvinofanirwa kuitwa pamusoro peyakachengeteka / yakavharidzirwa chiteshi chete. Iyo pk11conf utility inoshandiswa kutanga chiratidzo. Kuti encrypt chiteshi, zvinokurudzirwa kushandisa encryption algorithm Magma-CTR (GOST R 34.13-2015).
Kugadzira kiyi yakabvumiranwa pahwaro hwekuti traffic pakati pemutengi uye server ichachengetedzwa / yakavharidzirwa, zvinokurudzirwa kushandisa yakakurudzirwa TK 26 protocol. - .
Inokurudzirwa kushandisa sepassword pahwaro hwekuti kiyi yakagovaniswa ichagadzirwa . Sezvo isu tiri kutaura nezveRussia cryptography, ndezvemuzvarirwo kugadzira mapassword enguva imwe uchishandisa michina CKM_GOSTR3411_12_256_HMAC, CKM_GOSTR3411_12_512_HMAC kana CKM_GOSTR3411_HMAC.
Iko kushandiswa kweiyi michina inovimbisa kuti kuwana kune yemunhu tokeni zvinhu zviri mugore kuburikidza neSO uye USER PIN macode anowanikwa chete kumushandisi akaaisa achishandisa utility. pk11conf.
Ndizvozvo, mushure mekupedza matanho aya, chiratidzo chegore chagadzirira kushandiswa. Kuti uwane chiratidzo chegore, iwe unongoda kuisa raibhurari yeLS11CLOUD paPC yako. Paunenge uchishandisa chiratidzo chegore muzvishandiso pane Android uye iOS mapuratifomu, inoenderana SDK inopihwa. Ndiyo raibhurari iyi ichatsanangurwa paunenge uchibatanidza chiratidzo chegore muRedfox browser kana kunyorwa mu pkcs11.txt file ye. Raibhurari yeLS11CLOUD inodyidzana nechiratidzo chiri mugore kuburikidza nechiteshi chakachengeteka chakavakirwa paSESPAKE, yakagadzirwa pakudaidza PKCS#11 C_Initialize basa!
Ndizvo chete, ikozvino iwe unogona kuodha chitupa, chiise muchiratidzo chako chegore uye enda kune webhusaiti masevhisi ehurumende.
Source: www.habr.com