PKCS#11 (Cryptoki) ke tekanyetso e ntlafalitsoeng ke RSA Laboratories bakeng sa mananeo a sebelisanang le li-cryptographic tokens, likarete tse bohlale, le lisebelisoa tse ling tse ts'oanang tse sebelisang sebopeho se kopaneng sa mananeo se kengoang ts'ebetsong ka lilaeborari.
Tekanyetso ea PKCS#11 bakeng sa cryptography ea Serussia e tšehetsoa ke komiti ea maemo a tekheniki "Cryptographic Information Protection" ().
Haeba re bua ka li-tokens tse tšehetsang li-cryptography tsa Serussia, joale re ka bua ka li-tokens tsa software, li-tokens tsa software-hardware le li-tokens tsa hardware.
Li-tokens tsa Cryptographic li fana ka polokelo ea litifikeiti le lipara tsa bohlokoa (linotlolo tsa sechaba le tsa poraefete) le ts'ebetso ea ts'ebetso ea "cryptographic" ho latela maemo a PKCS#11. Sehokelo se fokolang mona ke polokelo ea senotlolo sa lekunutu. Haeba senotlolo sa sechaba se lahlehile, u ka lula u se khutlisa u sebelisa senotlolo sa poraefete kapa ua se nka setifikeiting. Tahlehelo / ho senngoa ha senotlolo sa poraefete ho na le litlamorao tse mpe, mohlala, u ke ke ua khona ho hlakola lifaele tse patiloeng ka senotlolo sa hau sa sechaba, 'me u ke ke ua khona ho beha signature ea elektroniki (ES). Ho etsa signature ea elektroniki, o tla hloka ho hlahisa para e ncha ea linotlolo, 'me bakeng sa chelete e itseng, fumana setifikeiti se secha ho e mong oa balaoli ba setifikeiti.
Ka holimo re boletse li-tokens tsa software, firmware le hardware. Empa re ka nahana ka mofuta o mong oa token cryptographic - leru.
Kajeno u ke ke ua makatsa mang kapa mang ... Kaofela li-flash drive tsa leru li batla li tšoana le tsa tokene ea maru.
Ntho e ka sehloohong mona ke ts'ireletso ea data e bolokiloeng letšoao la leru, haholo-holo linotlolo tsa poraefete. Na letšoao la leru le ka fana ka see? Re re - EE!
Joale letšoao la leru le sebetsa joang? Mohato oa pele ke ho ngolisa moreki ka leru la token. Ho etsa sena, ho tlameha ho fanoe ka sesebelisoa se u lumellang ho fihlella leru le ho ngolisa lebitso la hau la bosoasoi ho lona:
Kamora ho ingolisa lerung, mosebelisi o tlameha ho qala lets'oao la hae, e leng ho beha letšoao la letšoao mme, ho bohlokoa ka ho fetisisa, ho beha SO-PIN le li-PIN tsa mosebelisi. Litšebelisano tsena li tlameha ho etsoa ka mocha o sireletsehileng / o patiloeng feela. Sesebelisoa sa pk11conf se sebelisetsoa ho qala lets'oao. Ho patala mocha, ho khothaletsoa ho sebelisa algorithm ea encryption Magma-CTR (GOST R 34.13-2015).
Ho hlahisa senotlolo seo ho lumellanoeng ka sona motheong oa hore na sephethephethe pakeng tsa mofani le seva se tla sireletsoa / se patiloe, ho etsoa tlhahiso ea ho sebelisa protocol e khothalletsoang ea TK 26. - .
Ho khothaletsoa ho sebelisoa e le senotlolo motheong oa hore senotlolo se arolelanoang se tla hlahisoa . Kaha re bua ka li-cryptography tsa Serussia, ke tlhaho ho hlahisa li-passwords tsa nako e le 'ngoe ho sebelisa mekhoa CKM_GOSTR3411_12_256_HMAC, CKM_GOSTR3411_12_512_HMAC kapa CKM_GOSTR3411_HMAC.
Ts'ebeliso ea mochini ona e netefatsa hore phihlello ea lintho tsa token tsa maru ka SO le USER PIN codes e fumaneha feela ho mosebelisi ea li kentseng a sebelisa ts'ebeliso. pk11conf.
Ke eona, ka mor'a ho qeta mehato ena, letšoao la leru le se le loketse ho sebelisoa. Ho fihlella letšoao la leru, o hloka feela ho kenya laeborari ea LS11CLOUD ho PC ea hau. Ha u sebelisa letšoao la leru lits'ebetsong ho li-platform tsa Android le iOS, ho fanoa ka SDK e lumellanang. Ke laebrari ena e tla hlalosoa ha u kopanya letšoao la leru ho sebatli sa Redfox kapa ho ngoloa faeleng ea pkcs11.txt bakeng sa. Laeborari ea LS11CLOUD e boetse e sebelisana le letšoao lerung ka mocha o sireletsehileng o thehiloeng ho SESPAKE, o entsoeng ha o letsetsa PKCS#11 C_Initialize!
Ke tsohle, joale o ka laela setifikeiti, kenya letšoao la hau la leru 'me u ee webosaeteng ea litšebeletso tsa mmuso.
Source: www.habr.com