Ngokutsho
Ndiyabulela kwisatifikethi se-CEP kwithokheni ye-USB, unokugqiba ukude isivumelwano kunye nomlingane okanye umqeshwa okude, kwaye uthumele amaxwebhu enkundleni; bhalisa irejista yemali ye-intanethi, uhlawule amatyala erhafu kwaye ungenise isibhengezo kwi-akhawunti yakho yobuqu kwi-nalog.ru; Fumana malunga namatyala kunye nokuhlolwa okuzayo kwiiNkonzo zikaRhulumente.
Le ncwadana ingezantsi iya kunceda sebenza kunye ne-CEP phantsi kwe-macOS - ngaphandle kokufunda iiforamu ze-CryptoPro kunye nokufaka umatshini obonakalayo kunye neWindows.
Yintoni oyifunayo ukusebenza ngeCEP phantsi kwe-macOS:
Ukufaka kunye nokuqwalasela i-CEP ye-macOS
- Ukufakela iCryptoPro CSP
- Ukufakela abaqhubi beRutoken
- Ukuhlohla izatifikethi
3.1. Sicima zonke izatifikethi zeGOST ezindala
3.2. Ukufakela izatifikethi zengcambu
3.3. Khuphela izatifikethi zegunya lezatifiketi
3.4. Ukufakela isatifikethi ngeRutoken - Faka isikhangeli esikhethekileyo seChromium-GOST
- Kuhlohlwa izongezo zebhrawuza
5.1 I-plug-in ye-CryptoPro EDS Browser
5.2. Iplagi yeeNkonzo zoLuntu
5.3. Ukumisela i-plugin yeeNkonzo zikaRhulumente
5.4. Ivula izandiso
5.5. Ukumisela i-plug-in ye-CryptoPro EDS Browser plug-in - Ukujonga ukuba yonke into iyasebenza
6.1. Yiya kwiphepha lovavanyo lwe-CryptoPro
6.2. Yiya kwiAkhawunti yakho yoBuqu kwi-nalog.ru
6.3. Yiya kwiiNkonzo zikaRhulumente - Yintoni enokuyenza xa iyeka ukusebenza
Ukutshintsha ikhowudi ye-PIN yesikhongozeli
- Ukufumana igama lesikhongozeli se-KEP
- Ukutshintsha i-PIN ngomyalelo osuka kwi-terminal
Ukusayina iifayile kwi-macOS
- Ukufumana i-hash yesatifikethi se-CEP
- Ukusayina ifayile ngomyalelo ovela kwi-terminal
- Ukufakela i-Apple Automator Script
Jonga utyikityo kuxwebhu
Lonke ulwazi olungezantsi lufunyenwe kwimithombo ethembekileyo (CryptoPro
Yintoni oyifunayo ukusebenza ngeCEP phantsi kwe-macOS:
- CEP kwithokheni ye-USB Rutoken Lite okanye Rutoken EDS
- isikhongozeli se-crypto ngefomathi ye-CryptoPro
- nge eyakhelwe-ngaphakathi ilayisenisi yeCryptoPro CSP
Imidiya ye-eToken kunye neJaCarta ngokubambisana ne-CryptoPro ayixhaswanga phantsi kwe-macOS. I-media ye-Rutoken Lite iyona nto ikhethekileyo, ixabisa i-500..1000= ruble, isebenza ngokukhawuleza kwaye ikuvumela ukuba ugcine izitshixo ze-15.
Ababoneleli beCrypto VipNet, Signal-COM kunye neLISSY abaxhaswanga kwi-macOS. Akukho ndlela yokuguqula izikhongozeli. I-CryptoPro iyona nto ikhethekileyo, ixabiso lesatifikethi kufuneka libe malunga ne-1300 = rub. kubarhwebi ngabanye kunye ne-1600 = rub. yeYUL.
Ngokuqhelekileyo, ilayisenisi yonyaka ye-CryptoPro CSP sele ifakiwe kwisatifikethi kwaye inikezelwa simahla ngama-CA amaninzi. Ukuba oku akunjalo, ngoko kufuneka uthenge kwaye uvule ilayisenisi engapheliyo ye-CryptoPro CSP ngokungqongqo inguqulo ye-4 ebiza i-2700=. I-CryptoPro CSP version 5 ye-macOS ayisebenzi okwangoku.
Ukufaka kunye nokuqwalasela i-CEP ye-macOS
Izinto ezicacileyo
- zonke iifayile ezikhutshelweyo zikhutshelwa kulawulo olungagqibekanga: ~/Ukhutshelweyo/;
- Asitshintshi nto kubo bonke abafakeli, sishiya yonke into njengento engagqibekanga;
- ukuba iMacOS ibonisa isilumkiso sokuba isoftware iqaliswayo ivela kumphuhlisi ongaziwayo, kuya kufuneka uqinisekise ukuqaliswa kuseto lwenkqubo: Izikhethwa Zesixokelelwano —> Ukhuseleko & Nobungasese —> Vula Nokuba Kunjani;
- ukuba iMacOS icela igama eliyimfihlo lomsebenzisi kunye nemvume yokulawula ikhompyuter, kufuneka ufake igama eligqithisiweyo kwaye uvumelane nayo yonke into.
1. Faka i-CryptoPro CSP
2. Faka abaqhubi beRutoken
Iwebhusayithi ithi oku kuyakhethwa, kodwa kungcono ukuyifaka. Co
Okulandelayo, qhagamshela ithokheni ye-usb, vula i-terminal kwaye uphumeze umyalelo:
/opt/cprocsp/bin/csptest -card -enum -v
Impendulo kufuneka ibe:
Aktiv Rutoken...
Ikhadi likhona...
[Ikhowudi yemposiso: 0x00000000]
3. Faka izatifikethi
3.1. Sicima zonke izatifikethi zeGOST ezindala
Ukuba ubukhe wazama ukusungula i-CEP phantsi kwe-macOS, kuya kufuneka ucime zonke izatifikethi ezifakwe ngaphambili. Le miyalelo kwi-terminal iya kucima kuphela izatifikethi ze-CryptoPro kwaye aziyi kuchaphazela izatifikethi eziqhelekileyo ezivela kwi-Keychain kwi-macOS.
sudo /opt/cprocsp/bin/certmgr -delete -all -store mroot
sudo /opt/cprocsp/bin/certmgr -delete -all -store uroot
/opt/cprocsp/bin/certmgr -delete -all
Impendulo yomyalelo ngamnye kufuneka ibandakanye:
Akukho satifikethi sihambelana neenqobo zokugweba
okanye
Ukucinywa kugqityiwe
3.2. Ukufakela izatifikethi zengcambu
Izatifikethi zengcambu zixhaphakile kuzo zonke ii-CEP ezikhutshwa ngulo naliphi na igunya lezatifiketi. Khuphela kwi
https://e-trust.gosuslugi.ru/Shared/DownloadCert?thumbprint=4BC6DC14D97010C41A26E058AD851F81C842415A https://e-trust.gosuslugi.ru/Shared/DownloadCert?thumbprint=8CAE88BBFD404A7A53630864F9033606E1DC45E2 https://e-trust.gosuslugi.ru/Shared/DownloadCert?thumbprint=0408435EB90E5C8796A160E69E4BFAC453435D1D
Faka ngemiyalelo kwitheminali:
sudo /opt/cprocsp/bin/certmgr -inst -store mroot -f ~/Downloads/4BC6DC14D97010C41A26E058AD851F81C842415A.cer
sudo /opt/cprocsp/bin/certmgr -inst -store mroot -f ~/Downloads/8CAE88BBFD404A7A53630864F9033606E1DC45E2.cer
sudo /opt/cprocsp/bin/certmgr -inst -store mroot -f ~/Downloads/0408435EB90E5C8796A160E69E4BFAC453435D1D.cer
Umyalelo ngamnye kufuneka ubuye:
Ukufaka:
...
[Ikhowudi yemposiso: 0x00000000]
3.3. Khuphela izatifikethi zegunya lezatifiketi
Okulandelayo, kufuneka ufakele izatifikethi zogunyaziwe wesatifikethi apho ukhuphe khona i-CEP. Ngokuqhelekileyo, izatifikethi zeengcambu ze-CA nganye zifumaneka kwiwebhusayithi yayo kwicandelo lokukhuphela.
Kungenjalo, izatifikethi zayo nayiphi na i-CA zinokukhutshelwa kuyo
Izikrini
Ukusebenzisa umzekelo we-CA Corus-Consulting: kufuneka ukhuphe izatifikethi ezi-4 ukusuka
https://e-trust.gosuslugi.ru/Shared/DownloadCert?thumbprint=15EB064ABCB96C5AFCE22B9FEA52A1964637D101 https://e-trust.gosuslugi.ru/Shared/DownloadCert?thumbprint=B9F1D3F78971D48C34AA73786CDCD138477FEE3F https://e-trust.gosuslugi.ru/Shared/DownloadCert?thumbprint=55EC48193B6716D38E80BD9D1D2D827BC8A07DE3 https://e-trust.gosuslugi.ru/Shared/DownloadCert?thumbprint=A0D19D700E2A5F1CAFCE82D3EFE49A0D882559DF
Sifaka izatifikethi ze-CA ezikhutshelweyo sisebenzisa imiyalelo evela kwi-terminal:
sudo /opt/cprocsp/bin/certmgr -inst -store mroot -f ~/Downloads/B9F1D3F78971D48C34AA73786CDCD138477FEE3F.cer
sudo /opt/cprocsp/bin/certmgr -inst -store mroot -f ~/Downloads/A0D19D700E2A5F1CAFCE82D3EFE49A0D882559DF.cer
sudo /opt/cprocsp/bin/certmgr -inst -store mroot -f ~/Downloads/55EC48193B6716D38E80BD9D1D2D827BC8A07DE3.cer
sudo /opt/cprocsp/bin/certmgr -inst -store mroot -f ~/Downloads/15EB064ABCB96C5AFCE22B9FEA52A1964637D101.cer
apho emva ~/Ukukhutshelwa/ Amagama eefayili ezikhutshelweyo adwelisiwe, ziya kwahluka kwi-CA nganye.
Umyalelo ngamnye kufuneka ubuye:
Ukufaka:
...
[Ikhowudi yemposiso: 0x00000000]
3.4. Ukufakela isatifikethi ngeRutoken
Umyalelo kwitheminali:
/opt/cprocsp/bin/csptestf -absorb -certs
Umyalelo kufuneka ubuye:
Kulungile.
[Ikhowudi yemposiso: 0x00000000]
4. Faka i-browser ekhethekileyo yeChromium-GOST
Ukuze usebenze ngeengosi zikarhulumente, uya kufuna ulwakhiwo olukhethekileyo lwesikhangeli sechromium - I-Chromium-GOST. Ikhowudi yomthombo weprojekthi ivuliwe, ikhonkco ku
Khuphela kwaye ukhuphe ugcino, faka isikhangeli ngokukopa okanye ukutsala&ukubeka kulawulo lwee-Aplikheyishini. Emva kofakelo, Nyanzelisa uvale iChromium kwaye ungayivuli okwangoku, sebenza kwiSafari.
killall Chromium-Gost
5. Faka izandiso zebhrawuza
5.1 I-plug-in ye-CryptoPro EDS Browser
Nge
5.2. Iplagi yeeNkonzo zoLuntu
Nge
5.3. Ukumisela i-plugin yeeNkonzo zikaRhulumente
Khuphela ifayile yoqwalaselo echanekileyo yolwandiso lweeNkonzo zikaRhulumente kwiwebhusayithi yeCryptoPro -
Yenza imiyalelo kwi-terminal:
sudo rm /Library/Internet Plug-Ins/IFCPlugin.plugin/Contents/ifc.cfg
sudo cp ~/Downloads/ifc.cfg /Library/Internet Plug-Ins/IFCPlugin.plugin/Contents
sudo cp /Library/Google/Chrome/NativeMessagingHosts/ru.rtlabs.ifcplugin.json /Library/Application Support/Chromium/NativeMessagingHosts
5.4. Ivula izandiso
Qalisa isikhangeli seChromium-Gost kwaye uchwetheze kwibar yedilesi:
chrome://extensions/
Sivumela izongezo ezifakelweyo zombini:
- I-CryptoPro Extension ye-CADES Browser Plug-in
- Ukwandiswa kweplugin yeeNkonzo zoLuntu
С
5.5. Ukumisela i-plug-in ye-CryptoPro EDS Browser plug-in
Kwibar yedilesi yeChromium-Gost sichwetheza:
/etc/opt/cprocsp/trusted_sites.html
Kwiphepha elivelayo, yongeza ezi sayithi zilandelayo kuluhlu lweesayithi ezithembekileyo nganye nganye:
https://*.cryptopro.ru
https://*.nalog.ru
https://*.gosuslugi.ru
Cofa "Gcina". Ichaphaza eliluhlaza kufuneka livele:
Uluhlu lweendawo ezithenjiweyo lugcinwe ngempumelelo.
С
6. Khangela ukuba yonke into iyasebenza
6.1. Yiya kwiphepha lovavanyo lwe-CryptoPro
Kwibar yedilesi yeChromium-Gost sichwetheza:
https://www.cryptopro.ru/sites/default/files/products/cades/demopage/cades_bes_sample.html
"Iplagi ilayishiwe" kufuneka iboniswe, kwaye isatifikethi sakho kufuneka sibekho kuluhlu olungezantsi.
Khetha isatifikethi kuluhlu kwaye ucofe u-“Sign”. Uya kucelwa i-PIN yesatifikethi. Ngenxa yoko, kufuneka ibonise
Utyikityo lwenziwe ngempumelelo
С
6.2. Yiya kwiAkhawunti yakho yoBuqu kwi-nalog.ru
Awunakukwazi ukufikelela kwiikhonkco kwi-site nalog.ru, kuba... iitshekhi aziyi kudlula. Kufuneka ugqithele kwiilinki ezithe ngqo:
- Akhawunti yakho SP:
https://lkipgost.nalog.ru/lk - Akhawunti yakho ЮЛ:
https://lkul.nalog.ru
С
6.3. Yiya kwiiNkonzo zikaRhulumente
Xa ungena, khetha "Ngena usebenzisa isiginitsha ye-elektroniki." Kuluhlu oluthi "Khetha isitshixo sokuqinisekisa utyikityo lwe-elektroniki" oluvelayo, zonke izatifikethi, kubandakanya ingcambu kunye ne-CA, ziya kuboniswa; kufuneka ukhethe eyakho kwithokheni ye-USB kwaye ufake iPIN.
С
7. Yintoni omawuyenze xa iyeka ukusebenza
-
Siphinda siqhagamshele ithokheni ye-usb kwaye sijonge ukuba iyabonakala kusetyenziswa umyalelo kwi-terminal:
sudo /opt/cprocsp/bin/csptest -card -enum -v
-
Sicoca i-cache yesikhangeli ngalo lonke ixesha, esithi siyichwetheze kwibar yedilesi yeChromium-Gost:
chrome://settings/clearBrowserData
-
Phinda ufake isatifikethi se-CEP usebenzisa umyalelo kwi-terminal:
/opt/cprocsp/bin/csptestf -absorb -certs
Ukutshintsha ikhowudi ye-PIN yesikhongozeli
Ikhowudi yePIN yesiko yeRutoken ngokungagqibekanga 12345678, kwaye akukho ndlela yokuyishiya inje. Iimfuno zekhowudi ye-PIN ye-Rutoken: Iimpawu ze-16 max., Inokuthi iqulethe iileta zesiLatini kunye namanani.
1. Fumana igama lesikhongozeli se-KEP
Kusenokubakho izatifikethi ezininzi ezigcinwe kwithokheni ye-USB kunye nezinye iindawo zokugcina, kwaye kufuneka ukhethe echanekileyo. Ngophawu lwe-usb olufakiweyo, sifumana uluhlu lwazo zonke izikhongozeli kwinkqubo enomyalelo kwi-terminal:
/opt/cprocsp/bin/csptest -keyset -enum_cont -fqcn -verifycontext
Umyalelo kufuneka uhoxise ubuncinane i-container e-1 kwaye ubuyisele
[Ikhowudi yemposiso: 0x00000000]
Isikhongozeli esisidingayo sijongeka ngathi
.Aktiv Rutoken liteXXXXXXXX
Ukuba kukho izikhongozeli ezininzi ezinje ziboniswa, oko kuthetha ukuba kukho izatifikethi ezininzi ezibhalwe kwithokheni, kwaye uyazi ukuba yeyiphi oyifunayo. Intsingiselo I-XXXXXXXX emva kwesilayidi kufuneka ukope kwaye uncamathisele kumyalelo ongezantsi.
2. Guqula i-PIN usebenzisa umyalelo osuka kwi-terminal
/opt/cprocsp/bin/csptest -passwd -qchange -container "XXXXXXXX"
apho I-XXXXXXXX – igama lesikhongozeli esifunyenwe kwinqanaba loku-1 (ngokuyimfuneko kwiingcaphuno).
Ingxoxo ye-CryptoPro iya kuvela icela ikhowudi ye-PIN endala ukufikelela kwisatifikethi, emva koko enye ingxoxo yokufaka ikhowudi entsha ye-PIN. Ulungile.
С
Ukusayina iifayile kwi-macOS
Kwi-macOS, iifayile zinokusayinwa kwisoftware
1. Fumana i-hash yesatifikethi se-CEP
Kunokubakho izatifikethi ezininzi kwithokheni nakwezinye iivenkile. Kufuneka siyichaze ngokucacileyo le siza kutyikitya ngayo amaxwebhu ukusukela ngoku ukuya phambili. Kwenziwe kanye.
Ithokheni kufuneka ifakwe. Sifumana uluhlu lwezatifikethi kwiindawo zokugcina kunye nomyalelo ovela kwi-terminal:
/opt/cprocsp/bin/certmgr -list
Umyalelo kufuneka ukhuphe isatifiketi esinye sefom ubuncinane:
Certmgr 1.1 © "Crypto-Pro", 2007-2018.
inkqubo yokulawula izatifikethi, iiCRL kunye neevenkile
= = = = = = = = = = = = = = = = = = = = =
1---
Umkhuphi: [imeyile ikhuselwe],... CN=LLC KORUS Consulting CIS...
Isihloko: [imeyile ikhuselwe],... CN=Zakharov Sergey Anatolyevich...
Uthotho: 0x0000000000000000000000000000000000
SHA1 Hash: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
...
Isikhongozeli: SCARDrutoken_lt_00000000 000 000
...
= = = = = = = = = = = = = = = = = = = = =
[Ikhowudi yemposiso: 0x00000000]
Isatifikethi esisidingayo kwiparameter yoMgqomo kufuneka sibe nexabiso elifana nelo SCARDrutoken.... Ukuba kukho izatifikethi ezininzi ezinamaxabiso anjalo, ngoko kukho izatifikethi ezininzi ezirekhodwe kwithokheni, kwaye uyazi ukuba yeyiphi oyifunayo. Ixabiso leParameter SHA1 Hash (Amagama angama-40) kufuneka akhutshelwe kwaye ancamathiselwe kumyalelo ongezantsi.
2. Ukusayina ifayile ngomyalelo ovela kwi-terminal
Kwi-terminal, yiya kuluhlu olunefayile yokusayina kwaye wenze umyalelo:
/opt/cprocsp/bin/cryptcp -signf -detach -cert -der -strict -thumbprint ХХХХХХХХХХХХХХХХХХХХХХХХХХХХХХХХХХХХХХХХ FILE
apho XXXX... – isatifikethi hash efunyenwe kwinyathelo 1, kwaye IFAYILE -Igama lefayile ukusayina (nazo zonke izandiso, kodwa ngaphandle kwendlela).
Umyalelo kufuneka ubuye:
Umyalezo osayiniweyo uyadalwa.
[Ikhowudi yemposiso: 0x00000000]
Ifayile yomsayino we-elektroniki iyakwenziwa kunye nolwandiso *.sgn - olu lutyikityo oluvaliweyo kwifomati yeCMS ene-DER encoding.
3. Faka i-Apple Automator Script
Ukunqanda ukusebenza kunye ne-terminal ngalo lonke ixesha, ungafaka i-Automator Script kube kanye, apho unokusayina amaxwebhu ukusuka kwimenyu yoMfumani. Ukwenza oku, khuphela indawo yokugcina -
- Ukukhupha indawo yokugcina 'Sayina nge-CryptoPro.zip'
- Qalisa Automator
- Fumana kwaye uvule ifayile engapakishwanga 'Sayina nge-CryptoPro.workflow'
- Kwibloko Sebenzisa iSkripthi seShell tshintsha okubhaliweyo XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX kwixabiso leparameter SHA1 Hash Isatifikethi se-CEP sifunyenwe ngasentla.
- Gcina iscript: ⌘Yala + S
- Qhuba ifayile 'Sayina nge-CryptoPro.workflow' kwaye uqinisekise ukufakela.
- Makhe siye kwiNkqubo Ezikhethwayo -> Izandiso -> Umfumani kwaye khangela ukuba Sayina ngeCryptoPro intshukumo ekhawulezayo iphawulwe.
- Kwi-Finder, biza imenyu yomxholo wayo nayiphi na ifayile, nakwicandelo Izenzo ezikhawulezayo kunye / okanye iinkonzo khetha into Sayina ngeCryptoPro
- Kwingxoxo ye-CryptoPro evelayo, faka ikhowudi ye-PIN yomsebenzisi esuka kwi-CEP
- Ifayile enolwandiso * .sgn izakuvela kulawulo lwangoku - umsayino okhutshiweyo kwifomati yeCMS ene-DER encoding.
Izikrini
Apple Automator window:
Izikhethwa zeNkqubo:
Umfumani wemenyu yomxholo:
Jonga utyikityo kuxwebhu
Ukuba imixholo yoxwebhu ayinazimfihlo kunye neemfihlo, ke eyona ndlela ilula kukusebenzisa inkonzo yewebhu kwi-portal yeeNkonzo zikaRhulumente -
Izikrini
umthombo: www.habr.com