Ngokutsho и , kwi-2019, izatifikethi ze-4,6 yezigidi zeesignesha ze-elektroniki ezifanelekileyo (CES) ziya kukhutshwa eRashiya, ukuhlangabezana neemfuno ze-63-FZ. Kuyavela ukuba kwi-8 yezigidi ezibhalisiweyo koosomashishini kunye ne-LLC, usomashishini ngamnye wesibini usebenzisa utyikityo lwe-elektroniki. Ukongeza kwi-EGAIS CEPs kunye neeCEP ezisekelwe kwifu zokunika ingxelo ezikhutshwe ziibhanki kunye neenkonzo ze-accounting, i-CEPs jikelele kwiitokeni ezikhuselekileyo zinomdla okhethekileyo. Izatifikethi ezinjalo zikuvumela ukuba ungene kwii-portals zikarhulumente kwaye usayine nawaphi na amaxwebhu, okwenza ukuba abaluleke ngokusemthethweni.
Ndiyabulela kwisatifikethi se-CEP kwithokheni ye-USB, unokugqiba ukude isivumelwano kunye nomlingane okanye umqeshwa okude, kwaye uthumele amaxwebhu enkundleni; bhalisa irejista yemali ye-intanethi, uhlawule amatyala erhafu kwaye ungenise isibhengezo kwi-akhawunti yakho yobuqu kwi-nalog.ru; Fumana malunga namatyala kunye nokuhlolwa okuzayo kwiiNkonzo zikaRhulumente.
Le ncwadana ingezantsi iya kunceda sebenza kunye ne-CEP phantsi kwe-macOS - ngaphandle kokufunda iiforamu ze-CryptoPro kunye nokufaka umatshini obonakalayo kunye neWindows.
Iziqulatho
Yintoni oyifunayo ukusebenza ngeCEP phantsi kwe-macOS:
Ukufaka kunye nokuqwalasela i-CEP ye-macOS
- Ukufakela iCryptoPro CSP
- Ukufakela abaqhubi beRutoken
- Ukuhlohla izatifikethi
3.1. Sicima zonke izatifikethi zeGOST ezindala
3.2. Ukufakela izatifikethi zengcambu
3.3. Khuphela izatifikethi zegunya lezatifiketi
3.4. Ukufakela isatifikethi ngeRutoken - Faka isikhangeli esikhethekileyo seChromium-GOST
- Kuhlohlwa izongezo zebhrawuza
5.1 I-plug-in ye-CryptoPro EDS Browser
5.2. Iplagi yeeNkonzo zoLuntu
5.3. Ukumisela i-plugin yeeNkonzo zikaRhulumente
5.4. Ivula izandiso
5.5. Ukumisela i-plug-in ye-CryptoPro EDS Browser plug-in - Ukujonga ukuba yonke into iyasebenza
6.1. Yiya kwiphepha lovavanyo lwe-CryptoPro
6.2. Yiya kwiAkhawunti yakho yoBuqu kwi-nalog.ru
6.3. Yiya kwiiNkonzo zikaRhulumente - Yintoni enokuyenza xa iyeka ukusebenza
Ukutshintsha ikhowudi ye-PIN yesikhongozeli
- Ukufumana igama lesikhongozeli se-KEP
- Ukutshintsha i-PIN ngomyalelo osuka kwi-terminal
Ukusayina iifayile kwi-macOS
- Ukufumana i-hash yesatifikethi se-CEP
- Ukusayina ifayile ngomyalelo ovela kwi-terminal
- Ukufakela i-Apple Automator Script
Jonga utyikityo kuxwebhu
Lonke ulwazi olungezantsi lufunyenwe kwimithombo ethembekileyo (CryptoPro и , , , ), kwaye kuyacetyiswa ukuba ukhuphele isoftware kwiindawo ezithembekileyo. Umbhali ungumcebisi ozimeleyo kwaye akahambelani nayo nayiphi na inkampani ekhankanywe. Ngokulandela le miyalelo, uthatha uxanduva olupheleleyo lwazo naziphi na izenzo kunye neziphumo.
Yintoni oyifunayo ukusebenza ngeCEP phantsi kwe-macOS:
- CEP kwithokheni ye-USB Rutoken Lite okanye Rutoken EDS
- isikhongozeli se-crypto ngefomathi ye-CryptoPro
- nge eyakhelwe-ngaphakathi ilayisenisi yeCryptoPro CSP
Imidiya ye-eToken kunye neJaCarta ngokubambisana ne-CryptoPro ayixhaswanga phantsi kwe-macOS. I-media ye-Rutoken Lite iyona nto ikhethekileyo, ixabisa i-500..1000= ruble, isebenza ngokukhawuleza kwaye ikuvumela ukuba ugcine izitshixo ze-15.
Ababoneleli beCrypto VipNet, Signal-COM kunye neLISSY abaxhaswanga kwi-macOS. Akukho ndlela yokuguqula izikhongozeli. I-CryptoPro iyona nto ikhethekileyo, ixabiso lesatifikethi kufuneka libe malunga ne-1300 = rub. kubarhwebi ngabanye kunye ne-1600 = rub. yeYUL.
Ngokuqhelekileyo, ilayisenisi yonyaka ye-CryptoPro CSP sele ifakiwe kwisatifikethi kwaye inikezelwa simahla ngama-CA amaninzi. Ukuba oku akunjalo, ngoko kufuneka uthenge kwaye uvule ilayisenisi engapheliyo ye-CryptoPro CSP ngokungqongqo inguqulo ye-4 ebiza i-2700=. I-CryptoPro CSP version 5 ye-macOS ayisebenzi okwangoku.
Ukufaka kunye nokuqwalasela i-CEP ye-macOS
Izinto ezicacileyo
- zonke iifayile ezikhutshelweyo zikhutshelwa kulawulo olungagqibekanga: ~/Ukhutshelweyo/;
- Asitshintshi nto kubo bonke abafakeli, sishiya yonke into njengento engagqibekanga;
- ukuba iMacOS ibonisa isilumkiso sokuba isoftware iqaliswayo ivela kumphuhlisi ongaziwayo, kuya kufuneka uqinisekise ukuqaliswa kuseto lwenkqubo: Izikhethwa Zesixokelelwano —> Ukhuseleko & Nobungasese —> Vula Nokuba Kunjani;
- ukuba iMacOS icela igama eliyimfihlo lomsebenzisi kunye nemvume yokulawula ikhompyuter, kufuneka ufake igama eligqithisiweyo kwaye uvumelane nayo yonke into.
1. Faka i-CryptoPro CSP
kwiwebhusayithi CryptoPro kunye co khuphela kwaye ufake inguqulelo CryptoPro CSP 4.0 iR4 kuba Mac - .
2. Faka abaqhubi beRutoken
Iwebhusayithi ithi oku kuyakhethwa, kodwa kungcono ukuyifaka. Co khuphela kwaye ufake kwiwebhusayithi yeRutoken Imodyuli yenkxaso yesitshixo - .
Okulandelayo, qhagamshela ithokheni ye-usb, vula i-terminal kwaye uphumeze umyalelo:
/opt/cprocsp/bin/csptest -card -enum -vImpendulo kufuneka ibe:
Aktiv Rutoken...
Ikhadi likhona...
[Ikhowudi yemposiso: 0x00000000]
3. Faka izatifikethi
3.1. Sicima zonke izatifikethi zeGOST ezindala
Ukuba ubukhe wazama ukusungula i-CEP phantsi kwe-macOS, kuya kufuneka ucime zonke izatifikethi ezifakwe ngaphambili. Le miyalelo kwi-terminal iya kucima kuphela izatifikethi ze-CryptoPro kwaye aziyi kuchaphazela izatifikethi eziqhelekileyo ezivela kwi-Keychain kwi-macOS.
sudo /opt/cprocsp/bin/certmgr -delete -all -store mrootsudo /opt/cprocsp/bin/certmgr -delete -all -store uroot/opt/cprocsp/bin/certmgr -delete -allImpendulo yomyalelo ngamnye kufuneka ibandakanye:
Akukho satifikethi sihambelana neenqobo zokugweba
okanye
Ukucinywa kugqityiwe
3.2. Ukufakela izatifikethi zengcambu
Izatifikethi zengcambu zixhaphakile kuzo zonke ii-CEP ezikhutshwa ngulo naliphi na igunya lezatifiketi. Khuphela kwi ISithili esiManyeneyo sase-Ural seSebe lezonxibelelwano kunye noNxibelelwano lweSininzi:
Faka ngemiyalelo kwitheminali:
sudo /opt/cprocsp/bin/certmgr -inst -store mroot -f ~/Downloads/4BC6DC14D97010C41A26E058AD851F81C842415A.cersudo /opt/cprocsp/bin/certmgr -inst -store mroot -f ~/Downloads/8CAE88BBFD404A7A53630864F9033606E1DC45E2.cersudo /opt/cprocsp/bin/certmgr -inst -store mroot -f ~/Downloads/0408435EB90E5C8796A160E69E4BFAC453435D1D.cerUmyalelo ngamnye kufuneka ubuye:
Ukufaka:
...
[Ikhowudi yemposiso: 0x00000000]
3.3. Khuphela izatifikethi zegunya lezatifiketi
Okulandelayo, kufuneka ufakele izatifikethi zogunyaziwe wesatifikethi apho ukhuphe khona i-CEP. Ngokuqhelekileyo, izatifikethi zeengcambu ze-CA nganye zifumaneka kwiwebhusayithi yayo kwicandelo lokukhuphela.
Kungenjalo, izatifikethi zayo nayiphi na i-CA zinokukhutshelwa kuyo . Ukwenza oku, kwifom yokukhangela kufuneka ufumane i-CA ngegama, uye kwiphepha elinezatifikethi kwaye ukhuphe yonke into ukudlala izatifikethi - oko kukuthi, abo banazo 'Iyasebenza' umhla wesibini awukafiki. Khuphela kwikhonkco ebaleni 'Umnwe'.
Izikrini
Ukusebenzisa umzekelo we-CA Corus-Consulting: kufuneka ukhuphe izatifikethi ezi-4 ukusuka :
Sifaka izatifikethi ze-CA ezikhutshelweyo sisebenzisa imiyalelo evela kwi-terminal:
sudo /opt/cprocsp/bin/certmgr -inst -store mroot -f ~/Downloads/B9F1D3F78971D48C34AA73786CDCD138477FEE3F.cersudo /opt/cprocsp/bin/certmgr -inst -store mroot -f ~/Downloads/A0D19D700E2A5F1CAFCE82D3EFE49A0D882559DF.cersudo /opt/cprocsp/bin/certmgr -inst -store mroot -f ~/Downloads/55EC48193B6716D38E80BD9D1D2D827BC8A07DE3.cersudo /opt/cprocsp/bin/certmgr -inst -store mroot -f ~/Downloads/15EB064ABCB96C5AFCE22B9FEA52A1964637D101.cerapho emva ~/Ukukhutshelwa/ Amagama eefayili ezikhutshelweyo adwelisiwe, ziya kwahluka kwi-CA nganye.
Umyalelo ngamnye kufuneka ubuye:
Ukufaka:
...
[Ikhowudi yemposiso: 0x00000000]
3.4. Ukufakela isatifikethi ngeRutoken
Umyalelo kwitheminali:
/opt/cprocsp/bin/csptestf -absorb -certsUmyalelo kufuneka ubuye:
Kulungile.
[Ikhowudi yemposiso: 0x00000000]
4. Faka i-browser ekhethekileyo yeChromium-GOST
Ukuze usebenze ngeengosi zikarhulumente, uya kufuna ulwakhiwo olukhethekileyo lwesikhangeli sechromium - I-Chromium-GOST. Ikhowudi yomthombo weprojekthi ivuliwe, ikhonkco ku inikwa . Ukusuka kumava, ezinye iibhrawuza I-CryptoFox и Isikhangeli seYandex Abafanelekanga ukusebenza kunye nee-portals zikarhulumente phantsi kwe-macOS. Kuyafaneleka ukuqwalasela ukuba kwezinye izakhiwo zeChromium-GOST, i-akhawunti yobuqu kwi-nalog.ru inokukhenkceka okanye ukuskrola kunokuyeka ukusebenza ngokupheleleyo, ngoko ke endala eqinisekisiweyo inikezelwa. ukwakha 71.0.3578.98 - .
Khuphela kwaye ukhuphe ugcino, faka isikhangeli ngokukopa okanye ukutsala&ukubeka kulawulo lwee-Aplikheyishini. Emva kofakelo, Nyanzelisa uvale iChromium kwaye ungayivuli okwangoku, sebenza kwiSafari.
killall Chromium-Gost5. Faka izandiso zebhrawuza
5.1 I-plug-in ye-CryptoPro EDS Browser
Nge khuphela kwaye ufake kwiwebhusayithi ye-CryptoPro CryptoPro EDS Browser plug-in version 2.0 kubasebenzisi - .
5.2. Iplagi yeeNkonzo zoLuntu
Nge khuphela kwaye ufake kwi-portal yeeNkonzo zikaRhulumente Iplagi yokusebenza kunye ne-portal yeenkonzo zikarhulumente (uguqulelo lwe-macOS) - .
5.3. Ukumisela i-plugin yeeNkonzo zikaRhulumente
Khuphela ifayile yoqwalaselo echanekileyo yolwandiso lweeNkonzo zikaRhulumente kwiwebhusayithi yeCryptoPro - .
Yenza imiyalelo kwi-terminal:
sudo rm /Library/Internet Plug-Ins/IFCPlugin.plugin/Contents/ifc.cfgsudo cp ~/Downloads/ifc.cfg /Library/Internet Plug-Ins/IFCPlugin.plugin/Contents
sudo cp /Library/Google/Chrome/NativeMessagingHosts/ru.rtlabs.ifcplugin.json /Library/Application Support/Chromium/NativeMessagingHosts5.4. Ivula izandiso
Qalisa isikhangeli seChromium-Gost kwaye uchwetheze kwibar yedilesi:
chrome://extensions/Sivumela izongezo ezifakelweyo zombini:
- I-CryptoPro Extension ye-CADES Browser Plug-in
- Ukwandiswa kweplugin yeeNkonzo zoLuntu
С
5.5. Ukumisela i-plug-in ye-CryptoPro EDS Browser plug-in
Kwibar yedilesi yeChromium-Gost sichwetheza:
/etc/opt/cprocsp/trusted_sites.htmlKwiphepha elivelayo, yongeza ezi sayithi zilandelayo kuluhlu lweesayithi ezithembekileyo nganye nganye:
https://*.cryptopro.ru
https://*.nalog.ru
https://*.gosuslugi.ruCofa "Gcina". Ichaphaza eliluhlaza kufuneka livele:
Uluhlu lweendawo ezithenjiweyo lugcinwe ngempumelelo.
С
6. Khangela ukuba yonke into iyasebenza
6.1. Yiya kwiphepha lovavanyo lwe-CryptoPro
Kwibar yedilesi yeChromium-Gost sichwetheza:
https://www.cryptopro.ru/sites/default/files/products/cades/demopage/cades_bes_sample.html"Iplagi ilayishiwe" kufuneka iboniswe, kwaye isatifikethi sakho kufuneka sibekho kuluhlu olungezantsi.
Khetha isatifikethi kuluhlu kwaye ucofe u-“Sign”. Uya kucelwa i-PIN yesatifikethi. Ngenxa yoko, kufuneka ibonise
Utyikityo lwenziwe ngempumelelo
С
6.2. Yiya kwiAkhawunti yakho yoBuqu kwi-nalog.ru
Awunakukwazi ukufikelela kwiikhonkco kwi-site nalog.ru, kuba... iitshekhi aziyi kudlula. Kufuneka ugqithele kwiilinki ezithe ngqo:
- Akhawunti yakho SP:
- Akhawunti yakho ЮЛ:
С
6.3. Yiya kwiiNkonzo zikaRhulumente
Xa ungena, khetha "Ngena usebenzisa isiginitsha ye-elektroniki." Kuluhlu oluthi "Khetha isitshixo sokuqinisekisa utyikityo lwe-elektroniki" oluvelayo, zonke izatifikethi, kubandakanya ingcambu kunye ne-CA, ziya kuboniswa; kufuneka ukhethe eyakho kwithokheni ye-USB kwaye ufake iPIN.
С
7. Yintoni omawuyenze xa iyeka ukusebenza
-
Siphinda siqhagamshele ithokheni ye-usb kwaye sijonge ukuba iyabonakala kusetyenziswa umyalelo kwi-terminal:
sudo /opt/cprocsp/bin/csptest -card -enum -v -
Sicoca i-cache yesikhangeli ngalo lonke ixesha, esithi siyichwetheze kwibar yedilesi yeChromium-Gost:
chrome://settings/clearBrowserData -
Phinda ufake isatifikethi se-CEP usebenzisa umyalelo kwi-terminal:
/opt/cprocsp/bin/csptestf -absorb -certs
Ukutshintsha ikhowudi ye-PIN yesikhongozeli
Ikhowudi yePIN yesiko yeRutoken ngokungagqibekanga 12345678, kwaye akukho ndlela yokuyishiya inje. Iimfuno zekhowudi ye-PIN ye-Rutoken: Iimpawu ze-16 max., Inokuthi iqulethe iileta zesiLatini kunye namanani.
1. Fumana igama lesikhongozeli se-KEP
Kusenokubakho izatifikethi ezininzi ezigcinwe kwithokheni ye-USB kunye nezinye iindawo zokugcina, kwaye kufuneka ukhethe echanekileyo. Ngophawu lwe-usb olufakiweyo, sifumana uluhlu lwazo zonke izikhongozeli kwinkqubo enomyalelo kwi-terminal:
/opt/cprocsp/bin/csptest -keyset -enum_cont -fqcn -verifycontextUmyalelo kufuneka uhoxise ubuncinane i-container e-1 kwaye ubuyisele
[Ikhowudi yemposiso: 0x00000000]
Isikhongozeli esisidingayo sijongeka ngathi
.Aktiv Rutoken liteXXXXXXXX
Ukuba kukho izikhongozeli ezininzi ezinje ziboniswa, oko kuthetha ukuba kukho izatifikethi ezininzi ezibhalwe kwithokheni, kwaye uyazi ukuba yeyiphi oyifunayo. Intsingiselo I-XXXXXXXX emva kwesilayidi kufuneka ukope kwaye uncamathisele kumyalelo ongezantsi.
2. Guqula i-PIN usebenzisa umyalelo osuka kwi-terminal
/opt/cprocsp/bin/csptest -passwd -qchange -container "XXXXXXXX"apho I-XXXXXXXX – igama lesikhongozeli esifunyenwe kwinqanaba loku-1 (ngokuyimfuneko kwiingcaphuno).
Ingxoxo ye-CryptoPro iya kuvela icela ikhowudi ye-PIN endala ukufikelela kwisatifikethi, emva koko enye ingxoxo yokufaka ikhowudi entsha ye-PIN. Ulungile.
С
Ukusayina iifayile kwi-macOS
Kwi-macOS, iifayile zinokusayinwa kwisoftware (ixabiso lelayisensi 2500 = rub.), Okanye umyalelo olula nge-terminal - free.
1. Fumana i-hash yesatifikethi se-CEP
Kunokubakho izatifikethi ezininzi kwithokheni nakwezinye iivenkile. Kufuneka siyichaze ngokucacileyo le siza kutyikitya ngayo amaxwebhu ukusukela ngoku ukuya phambili. Kwenziwe kanye.
Ithokheni kufuneka ifakwe. Sifumana uluhlu lwezatifikethi kwiindawo zokugcina kunye nomyalelo ovela kwi-terminal:
/opt/cprocsp/bin/certmgr -listUmyalelo kufuneka ukhuphe isatifiketi esinye sefom ubuncinane:
Certmgr 1.1 © "Crypto-Pro", 2007-2018.
inkqubo yokulawula izatifikethi, iiCRL kunye neevenkile
= = = = = = = = = = = = = = = = = = = = =
1---
Umkhuphi: [imeyile ikhuselwe],... CN=LLC KORUS Consulting CIS...
Isihloko: [imeyile ikhuselwe],... CN=Zakharov Sergey Anatolyevich...
Uthotho: 0x0000000000000000000000000000000000
SHA1 Hash: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
...
Isikhongozeli: SCARDrutoken_lt_00000000 000 000
...
= = = = = = = = = = = = = = = = = = = = =
[Ikhowudi yemposiso: 0x00000000]
Isatifikethi esisidingayo kwiparameter yoMgqomo kufuneka sibe nexabiso elifana nelo SCARDrutoken.... Ukuba kukho izatifikethi ezininzi ezinamaxabiso anjalo, ngoko kukho izatifikethi ezininzi ezirekhodwe kwithokheni, kwaye uyazi ukuba yeyiphi oyifunayo. Ixabiso leParameter SHA1 Hash (Amagama angama-40) kufuneka akhutshelwe kwaye ancamathiselwe kumyalelo ongezantsi.
2. Ukusayina ifayile ngomyalelo ovela kwi-terminal
Kwi-terminal, yiya kuluhlu olunefayile yokusayina kwaye wenze umyalelo:
/opt/cprocsp/bin/cryptcp -signf -detach -cert -der -strict -thumbprint ХХХХХХХХХХХХХХХХХХХХХХХХХХХХХХХХХХХХХХХХ FILEapho XXXX... – isatifikethi hash efunyenwe kwinyathelo 1, kwaye IFAYILE -Igama lefayile ukusayina (nazo zonke izandiso, kodwa ngaphandle kwendlela).
Umyalelo kufuneka ubuye:
Umyalezo osayiniweyo uyadalwa.
[Ikhowudi yemposiso: 0x00000000]
Ifayile yomsayino we-elektroniki iyakwenziwa kunye nolwandiso *.sgn - olu lutyikityo oluvaliweyo kwifomati yeCMS ene-DER encoding.
3. Faka i-Apple Automator Script
Ukunqanda ukusebenza kunye ne-terminal ngalo lonke ixesha, ungafaka i-Automator Script kube kanye, apho unokusayina amaxwebhu ukusuka kwimenyu yoMfumani. Ukwenza oku, khuphela indawo yokugcina - .
- Ukukhupha indawo yokugcina 'Sayina nge-CryptoPro.zip'
- Qalisa Automator
- Fumana kwaye uvule ifayile engapakishwanga 'Sayina nge-CryptoPro.workflow'
- Kwibloko Sebenzisa iSkripthi seShell tshintsha okubhaliweyo XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX kwixabiso leparameter SHA1 Hash Isatifikethi se-CEP sifunyenwe ngasentla.
- Gcina iscript: ⌘Yala + S
- Qhuba ifayile 'Sayina nge-CryptoPro.workflow' kwaye uqinisekise ukufakela.
- Makhe siye kwiNkqubo Ezikhethwayo -> Izandiso -> Umfumani kwaye khangela ukuba Sayina ngeCryptoPro intshukumo ekhawulezayo iphawulwe.
- Kwi-Finder, biza imenyu yomxholo wayo nayiphi na ifayile, nakwicandelo Izenzo ezikhawulezayo kunye / okanye iinkonzo khetha into Sayina ngeCryptoPro
- Kwingxoxo ye-CryptoPro evelayo, faka ikhowudi ye-PIN yomsebenzisi esuka kwi-CEP
- Ifayile enolwandiso * .sgn izakuvela kulawulo lwangoku - umsayino okhutshiweyo kwifomati yeCMS ene-DER encoding.
Izikrini
Apple Automator window:
Izikhethwa zeNkqubo:
Umfumani wemenyu yomxholo:
Jonga utyikityo kuxwebhu
Ukuba imixholo yoxwebhu ayinazimfihlo kunye neemfihlo, ke eyona ndlela ilula kukusebenzisa inkonzo yewebhu kwi-portal yeeNkonzo zikaRhulumente - . Ngale ndlela unokuthatha umfanekiso weskrini kwisixhobo esithembekileyo kwaye uqiniseke ukuba yonke into ilungile ngokutyikitya.
Izikrini
umthombo: www.habr.com