Ngokusho и , ngo-2019, izitifiketi eziyizigidi ezingu-4,6 zamasiginesha e-elekthronikhi afanelekayo (CES) zizokhishwa eRussia, ezihlangabezana nezidingo ze-63-FZ. Kuvele ukuthi kosomabhizinisi ababhalisiwe abayizigidi eziyisi-8 nama-LLC, usomabhizinisi ngamunye wesibili usebenzisa isiginesha ye-elekthronikhi. Ngokungeziwe kuma-EGAIS CEPs nama-CEP asekelwe efwini okubika akhishwe amabhange nezinsizakalo zokubala, ama-CEP jikelele kumathokheni avikelekile anentshisekelo ethile. Izitifiketi ezinjalo zikuvumela ukuthi ungene kumaphothali kahulumeni futhi usayine noma imaphi amadokhumenti, okuwenza abaluleke ngokomthetho.
Ngenxa yesitifiketi se-CEP kuthokheni ye-USB, ungakwazi ukuphetha isivumelwano ukude nozakwabo noma isisebenzi esikude, futhi uthumele imibhalo enkantolo; bhalisa irejista yemali eku-inthanethi, ukhokhe izikweletu zentela bese uhambisa isimemezelo ku-akhawunti yakho yomuntu siqu ku-nalog.ru; thola mayelana nezikweletu kanye nokuhlolwa okuzayo kwamasevisi kahulumeni.
Imanuwali engezansi izosiza sebenza ne-CEP ngaphansi kwe-macOS - ngaphandle kokufunda izinkundla ze-CryptoPro nokufaka umshini obonakalayo oneWindows.
Okuqukethwe
Okudingayo ukusebenza ne-CEP ngaphansi kwe-macOS:
Ukufaka nokumisa i-CEP ye-macOS
- Ifaka i-CryptoPro CSP
- Ukufaka abashayeli be-Rutoken
- Ifaka izitifiketi
3.1. Sisusa zonke izitifiketi ze-GOST ezindala
3.2. Ifaka izitifiketi zezimpande
3.3. Landa izitifiketi zesiphathimandla sokunikeza izitifiketi
3.4. Ukufaka isitifiketi nge-Rutoken - Faka isiphequluli esikhethekile se-Chromium-GOST
- Ifaka izandiso zesiphequluli
5.1 I-plug-in Yesiphequluli se-CryptoPro EDS
5.2. I-Plugin Yezinsizakalo Zomphakathi
5.3. Isetha i-plugin Yamasevisi Wesifunda
5.4. Ivula izandiso
5.5. Isetha isandiso se-CryptoPro EDS Browser - Ukuhlola ukuthi konke kuyasebenza
6.1. Iya ekhasini lokuhlola le-CryptoPro
6.2. Iya ku-akhawunti yakho yomuntu siqu ku-nalog.ru
6.3. Iya kokuthi Izinkonzo Zezwe - Okufanele ukwenze uma iyeka ukusebenza
Ukushintsha i-PIN khodi yesiqukathi
- Ukuthola igama lesiqukathi se-KEP
- Ukushintsha iphinikhodi ngomyalo ovela kutheminali
Ukusayina amafayela ku-macOS
- Ukuthola i-hash yesitifiketi se-CEP
- Ukusayina ifayela ngomyalo ovela kutheminali
- Ifaka i-Apple Automator Script
Hlola isiginesha kudokhumenti
Yonke imininingwane engezansi itholakala emithonjeni ethembekile (CryptoPro и , , , ), futhi kuphakanyiswa ukulanda isofthiwe kumasayithi athembekile. Umbhali ungumxhumanisi ozimele futhi akahlangene nanoma yiziphi izinkampani ezishiwo. Ngokulandela le miyalo, uzibophezela ngokugcwele kunoma yiziphi izenzo nemiphumela.
Okudingayo ukusebenza ne-CEP ngaphansi kwe-macOS:
- CEP kuthokheni ye-USB i-Rutoken Lite noma URutoken EDS
- isitsha se-crypto ngefomethi ye-CryptoPro
- nge eyakhelwe ngaphakathi ilayisensi ye-CryptoPro CSP
Imidiya ye-eToken ne-JaCarta ngokuhlangana ne-CryptoPro ayisekelwa ngaphansi kwe-macOS. Imidiya ye-Rutoken Lite iyona engcono kakhulu, ibiza ama-ruble angu-500..1000=, isebenza ngokushesha futhi ikuvumela ukuthi ugcine okhiye abangu-15.
Abahlinzeki be-Crypto VipNet, Signal-COM kanye ne-LISSY abasekelwa ku-macOS. Ayikho indlela yokuguqula iziqukathi. I-CryptoPro iyisinqumo esingcono kakhulu, izindleko zesitifiketi kufanele zibe mayelana ne-1300 = rub. osomabhizinisi ngabanye kanye ne-1600 = rub. kwe-YUL.
Ngokuvamile, ilayisense yonyaka ye-CryptoPro CSP isivele ifakiwe kusitifiketi futhi inikezwa mahhala ama-CA amaningi. Uma kungenjalo, kuzomele uthenge futhi wenze kusebenze ilayisense engapheli ye-CryptoPro CSP eqinile inguqulo 4 ebiza 2700=. Inguqulo 5 ye-CryptoPro CSP ye-macOS ayisebenzi okwamanje.
Ukufaka nokumisa i-CEP ye-macOS
Izinto ezisobala
- wonke amafayela alandiwe alandwa kuhla lwemibhalo oluzenzakalelayo: ~/Okulandiwe/;
- Asishintshi lutho kuzo zonke izifaki, sishiya konke njengokuzenzakalelayo;
- uma i-macOS ibonisa isexwayiso sokuthi isofthiwe yethulwa ivela kunjiniyela ongaziwa, udinga ukuqinisekisa ukwethulwa kuzilungiselelo zohlelo: Okuthandwayo Kwesistimu —> Ezokuphepha Nobumfihlo —> Vula Noma Kunjalo;
- uma i-macOS icela iphasiwedi yomsebenzisi nemvume yokulawula ikhompyutha, udinga ukufaka iphasiwedi futhi uvumelane nakho konke.
1. Faka i-CryptoPro CSP
kuwebhusayithi CryptoPro and co landa futhi ufake inguqulo I-CryptoPro CSP 4.0 R4 ngoba macOS - .
2. Faka abashayeli be-Rutoken
Iwebhusayithi ithi lokhu kuyakhethwa, kodwa kungcono ukukufaka. Co landa futhi ufake kuwebhusayithi ye-Rutoken Imojula yokusekela i-Keychain - .
Okulandelayo, xhuma ithokheni ye-usb, vula itheminali bese ukhipha umyalo:
/opt/cprocsp/bin/csptest -card -enum -vImpendulo kufanele ibe:
I-Aktiv Rutoken…
Ikhadi likhona...
[Ikhodi Yephutha: 0x00000000]
3. Faka izitifiketi
3.1. Sisusa zonke izitifiketi ze-GOST ezindala
Uma ngaphambilini uke wazama ukwethula i-CEP ngaphansi kwe-macOS, kuzomele usule zonke izitifiketi ezifakwe ngaphambilini. Le miyalo kutheminali izosusa kuphela izitifiketi ze-CryptoPro futhi ngeke ithinte izitifiketi ezijwayelekile ezivela ku-Keychain ku-macOS.
sudo /opt/cprocsp/bin/certmgr -delete -all -store mrootsudo /opt/cprocsp/bin/certmgr -delete -all -store uroot/opt/cprocsp/bin/certmgr -delete -allImpendulo yomyalo ngamunye kufanele ifake:
Asikho isitifiketi esifana nemibandela
noma
Ukususa kuqedile
3.2. Ifaka izitifiketi zezimpande
Izitifiketi zezimpande zijwayelekile kuwo wonke ama-CEP akhishwa yinoma yisiphi isiphathimandla sokunikeza izitifiketi. Landa kusuka Isifunda sase-Ural Federal soMnyango Wezocingo Nokuxhumana Kwabantu abaningi:
Faka ngemiyalo kutheminali:
sudo /opt/cprocsp/bin/certmgr -inst -store mroot -f ~/Downloads/4BC6DC14D97010C41A26E058AD851F81C842415A.cersudo /opt/cprocsp/bin/certmgr -inst -store mroot -f ~/Downloads/8CAE88BBFD404A7A53630864F9033606E1DC45E2.cersudo /opt/cprocsp/bin/certmgr -inst -store mroot -f ~/Downloads/0408435EB90E5C8796A160E69E4BFAC453435D1D.cerUmyalo ngamunye kufanele ubuyele:
Ukufaka:
...
[Ikhodi Yephutha: 0x00000000]
3.3. Landa izitifiketi zesiphathimandla sokunikeza izitifiketi
Okulandelayo, udinga ukufaka izitifiketi zesiphathimandla sokunikeza izitifiketi lapho ukhiphe khona i-CEP. Ngokuvamile, izitifiketi zezimpande ze-CA ngayinye zitholakala kuwebhusayithi yayo esigabeni sokulanda.
Kungenjalo, izitifiketi zanoma iyiphi i-CA zingalandwa kusuka . Ukuze wenze lokhu, udinga ukuthola i-CA ngegama efomini lokusesha, hamba ekhasini elinezitifiketi bese ulanda yonke into ukudlala izitifiketi - okungukuthi, labo abane 'Kuyasebenza' usuku lwesibili alukafiki. Landa kusuka kusixhumanisi esisenkambu 'Izigxivizo zeminwe'.
Izithombe-skrini
Usebenzisa isibonelo se-CA Corus-Consulting: udinga ukulanda izitifiketi ezi-4 kusuka :
Sifaka izitifiketi ze-CA ezilandiwe sisebenzisa imiyalo evela kutheminali:
sudo /opt/cprocsp/bin/certmgr -inst -store mroot -f ~/Downloads/B9F1D3F78971D48C34AA73786CDCD138477FEE3F.cersudo /opt/cprocsp/bin/certmgr -inst -store mroot -f ~/Downloads/A0D19D700E2A5F1CAFCE82D3EFE49A0D882559DF.cersudo /opt/cprocsp/bin/certmgr -inst -store mroot -f ~/Downloads/55EC48193B6716D38E80BD9D1D2D827BC8A07DE3.cersudo /opt/cprocsp/bin/certmgr -inst -store mroot -f ~/Downloads/15EB064ABCB96C5AFCE22B9FEA52A1964637D101.cerlapho ngemva ~/Okulandiwe/ Amagama wamafayela alandiwe asohlwini; azohluka ku-CA ngayinye.
Umyalo ngamunye kufanele ubuyele:
Ukufaka:
...
[Ikhodi Yephutha: 0x00000000]
3.4. Ukufaka isitifiketi nge-Rutoken
Umyalo kutheminali:
/opt/cprocsp/bin/csptestf -absorb -certsUmyalo kufanele ubuye:
KULUNGILE.
[Ikhodi Yephutha: 0x00000000]
4. Faka isiphequluli esikhethekile se-Chromium-GOST
Ukuze usebenze nezingosi zikahulumeni, uzodinga ukwakhiwa okukhethekile kwesiphequluli seChromium - I-Chromium-GOST. Ikhodi yomthombo wephrojekthi ivuliwe, xhuma ku inikezwa . Kusukela kokuhlangenwe nakho, ezinye iziphequluli I-CryptoFox и Isiphequluli se-Yandex Azifanelekile ukusebenza nezingosi zikahulumeni ngaphansi kwe-macOS. Kuyafaneleka ukucabangela ukuthi kwezinye izakhiwo ze-Chromium-GOST, i-akhawunti yomuntu siqu ku-nalog.ru ingase ibe yiqhwa noma ukuskrola kungase kumise ukusebenza ngokuphelele, ngakho-ke kunikezwa endala efakazelwe. ukwakha 71.0.3578.98 - .
Landa futhi ukhiphe ingobo yomlando, faka isiphequluli ngokukopisha noma usihudule usibeke ohlwini lwemibhalo Lwezinhlelo. Ngemva kokufaka, Phoqa ukuvala i-Chromium futhi ungayivuli okwamanje, sebenza ku-Safari.
killall Chromium-Gost5. Faka izandiso zesiphequluli
5.1 I-plug-in Yesiphequluli se-CryptoPro EDS
Nge landa futhi ufake kuwebhusayithi ye-CryptoPro I-CryptoPro EDS plug-in version 2.0 yabasebenzisi - .
5.2. I-Plugin Yezinsizakalo Zomphakathi
Nge landa futhi ufake kuphothali Yezinsizakalo Zombuso I-plugin yokusebenza nengosi yezinsizakalo zikahulumeni (inguqulo ye-macOS) - .
5.3. Isetha i-plugin Yamasevisi Wesifunda
Dawuniloda ifayela elilungile lokumisa lesandiso Sezinsizakalo Zombuso kusuka kuwebhusayithi ye-CryptoPro - .
Faka imiyalo kutheminali:
sudo rm /Library/Internet Plug-Ins/IFCPlugin.plugin/Contents/ifc.cfgsudo cp ~/Downloads/ifc.cfg /Library/Internet Plug-Ins/IFCPlugin.plugin/Contents
sudo cp /Library/Google/Chrome/NativeMessagingHosts/ru.rtlabs.ifcplugin.json /Library/Application Support/Chromium/NativeMessagingHosts5.4. Ivula izandiso
Yethula isiphequluli se-Chromium-Gost bese uthayipha ibha yekheli:
chrome://extensions/Sivumela izandiso ezifakiwe zombili:
- Isandiso se-CryptoPro se-CADES Browser Plug-in
- Isandiso se-plugin Yezinkonzo Zikahulumeni
Isithombe-skrini
5.5. Isetha isandiso se-CryptoPro EDS Browser
Kubha yekheli le-Chromium-Gost sithayipha:
/etc/opt/cprocsp/trusted_sites.htmlEkhasini elivelayo, engeza amasayithi alandelayo ohlwini lwamasayithi athenjiwe ngayinye ngayinye:
https://*.cryptopro.ru
https://*.nalog.ru
https://*.gosuslugi.ruChofoza okuthi “Londoloza”. Kufanele kuvele ichashazi eliluhlaza:
Uhlu lwamanodi athenjwayo lulondolozwe ngempumelelo.
Isithombe-skrini
6. Hlola ukuthi konke kuyasebenza
6.1. Iya ekhasini lokuhlola le-CryptoPro
Kubha yekheli le-Chromium-Gost sithayipha:
https://www.cryptopro.ru/sites/default/files/products/cades/demopage/cades_bes_sample.html"I-plugin ilayishiwe" kufanele iboniswe, futhi isitifiketi sakho kufanele sibe khona ohlwini olungezansi.
Khetha isitifiketi ohlwini bese uchofoza "Sayina". Uzocelwa i-PIN yesitifiketi. Ngenxa yalokho, kufanele ibonise
Isiginesha yenziwe ngempumelelo
Isithombe-skrini
6.2. Iya ku-akhawunti yakho yomuntu siqu ku-nalog.ru
Ungase ungakwazi ukufinyelela izixhumanisi kusayithi elithi nalog.ru, ngoba... amasheke ngeke adlule. Udinga ukudlula izixhumanisi eziqondile:
- Akhawunti yami IP:
- Akhawunti yami Ibhizinisi elisemthethweni:
Isithombe-skrini
6.3. Iya kokuthi Izinkonzo Zezwe
Lapho ungena, khetha okuthi “Ngena ngemvume usebenzisa isiginesha ye-elekthronikhi.” Ohlwini oluthi “Khetha ukhiye wokuqinisekisa isiginesha ye-elekthronikhi” ohlwini oluvelayo, zonke izitifiketi, okuhlanganisa impande kanye ne-CA, zizoboniswa; udinga ukukhetha eyakho kuthokheni ye-USB bese ufaka i-PIN.
Isithombe-skrini
7. Okufanele ukwenze uma iyeka ukusebenza
-
Sixhuma kabusha ithokheni ye-usb futhi sihlole ukuthi iyabonakala sisebenzisa umyalo kutheminali:
sudo /opt/cprocsp/bin/csptest -card -enum -v -
Sisula inqolobane yesiphequluli ngaso sonke isikhathi, esiyibhalayo kubha yekheli le-Chromium-Gost:
chrome://settings/clearBrowserData -
Faka kabusha isitifiketi se-CEP usebenzisa umyalo kutheminali:
/opt/cprocsp/bin/csptestf -absorb -certs
Ukushintsha i-PIN khodi yesiqukathi
Ikhodi yephinikhodi yangokwezifiso ye-Rutoken ngokuzenzakalelayo 12345678, futhi ayikho indlela yokuyishiya kanje. Izimfuneko zekhodi ye-PIN ye-Rutoken: izinhlamvu ezingu-16 ubuningi., zingaqukatha izinhlamvu zesiLatini nezinombolo.
1. Thola igama lesiqukathi se-KEP
Kungase kube nezitifiketi ezimbalwa ezigcinwe kuthokheni ye-USB nezinye izinto zokulondoloza, futhi udinga ukukhetha esifanele. Njengoba ithokheni ye-usb ifakiwe, sithola uhlu lwazo zonke iziqukathi ohlelweni olunomyalo kutheminali:
/opt/cprocsp/bin/csptest -keyset -enum_cont -fqcn -verifycontextUmyalo kufanele ukhiphe okungenani isiqukathi esingu-1 bese ubuya
[Ikhodi Yephutha: 0x00000000]
Isitsha esisidingayo sibukeka
.Aktiv Rutoken liteXXXXXXXX
Uma iziqukathi eziningana ezinjalo ziboniswa, kusho ukuthi kunezitifiketi eziningana ezibhalwe kuthokheni, futhi uyazi ukuthi iyiphi oyidingayo. Incazelo UXXXXXX ngemuva kwe-slash udinga ukukopisha futhi unamathisele kumyalo ongezansi.
2. Shintsha i-PIN usebenzisa umyalo ovela kutheminali
/opt/cprocsp/bin/csptest -passwd -qchange -container "XXXXXXXX"kuphi UXXXXXX - igama lesiqukathi esitholwe esinyathelweni 1 (kudingeka kube izingcaphuno).
Ingxoxo ye-CryptoPro izovela icela i-PIN khodi endala ukuze ifinyelele isitifiketi, bese kuba enye ingxoxo ukuze ufake i-PIN khodi entsha. Ilungile.
Isithombe-skrini
Ukusayina amafayela ku-macOS
Kuma-macOS, amafayela angasayinwa ngesoftware (izindleko zelayisensi 2500 = rub.), noma umyalo olula nge-terminal - mahhala.
1. Thola i-hash yesitifiketi se-CEP
Kungaba nezitifiketi eziningi kuthokheni nakwezinye izitolo. Sidinga ukukhomba ngokucacile esizosayina ngayo amaphepha kusukela manje kuya phambili. Kwenziwe kanye.
Ithokheni kufanele ifakwe. Sithola uhlu lwezitifiketi kumakhosombe ngomyalo ovela kutheminali:
/opt/cprocsp/bin/certmgr -listUmyalo kufanele ukhiphe okungenani isitifiketi esingu-1 sefomu:
Certmgr 1.1 © "Crypto-Pro", 2007-2018.
uhlelo lokuphatha izitifiketi, ama-CRL nezitolo
= = = = = = = = = = = = = = = = = = =
1---
Umkhiphi: [i-imeyili ivikelwe],... CN=LLC KORUS Consulting CIS...
Isihloko: [i-imeyili ivikelwe],... CN=Zakharov Sergey Anatolyevich...
I-serial: 0x0000000000000000000000000000000000
I-SHA1 Hash: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
...
Isiqukathi: SCARDrutoken_lt_00000000 000 000
...
= = = = = = = = = = = = = = = = = = =
[Ikhodi Yephutha: 0x00000000]
Isitifiketi esisidingayo kupharamitha Yesitsha kufanele sibe nenani elifana nalokhu I-SCARDrutoken.... Uma kunezitifiketi eziningana ezinamanani anjalo, khona-ke kunezitifiketi eziningana ezirekhodiwe kuthokheni, futhi uyazi ukuthi iyiphi oyidingayo. Inani lepharamitha I-SHA1 Hash (izinhlamvu ezingu-40) kufanele zikopishwe futhi zinamathiselwe emyalweni ongezansi.
2. Ukusayina ifayela ngomyalo ovela kutheminali
Kutheminali, yiya kusiqondisi ngefayela ukuze usayine futhi ukhiphe umyalo:
/opt/cprocsp/bin/cryptcp -signf -detach -cert -der -strict -thumbprint ХХХХХХХХХХХХХХХХХХХХХХХХХХХХХХХХХХХХХХХХ FILEkuphi XXXX... – isitifiketi hashi etholwe isinyathelo 1, futhi FILE - Igama lefayela okufanele lisayinwe (nazo zonke izandiso, kodwa ngaphandle kwendlela).
Umyalo kufanele ubuye:
Umlayezo osayiniwe uyakhiwa.
[Ikhodi Yephutha: 0x00000000]
Ifayela lesiginesha ye-elekthronikhi lizokwakhiwa ngesandiso *.sgn - lesi isiginesha ehlukanisiwe ngefomethi ye-CMS enombhalo wekhodi we-DER.
3. Faka i-Apple Automator Script
Ukuze ugweme ukusebenza netheminali ngaso sonke isikhathi, ungafaka i-Automator Script kanye, ongasayina ngayo amadokhumenti usuka kumenyu yokuqukethwe ye-Finder. Ukuze wenze lokhu, landa ingobo yomlando - .
- Ikhipha ingobo yomlando 'Sayina nge-CryptoPro.zip'
- Yethula I-Automator
- Thola futhi uvule ifayela elingapakishiwe 'Sayina nge-CryptoPro.workflow'
- Kubhulokhi Qalisa iskripthi seShell shintsha umbhalo XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX kunani lepharamitha I-SHA1 Hash Isitifiketi se-CEP esitholwe ngenhla.
- Londoloza umbhalo: ⌘Command + S
- Qalisa ifayela 'Sayina nge-CryptoPro.workflow' futhi uqinisekise ukufakwa.
- Asingene kuSistimu Okuthandwayo -> Izandiso -> Isitholi futhi uhlole lokho Sayina nge-CryptoPro isenzo esisheshayo siphawuliwe.
- Ku-Finder, shayela imenyu yokuqukethwe yanoma yiliphi ifayela, futhi esigabeni Izenzo Ezisheshayo futhi / noma Imisebenzi khetha into Sayina nge-CryptoPro
- Engxoxweni ye-CryptoPro evelayo, faka i-PIN khodi yomsebenzisi evela ku-CEP
- Ifayela elinesandiso *.sgn lizovela kuhla lwemibhalo lwamanje - isiginesha ehlukanisiwe ngefomethi ye-CMS enombhalo wekhodi we-DER.
Izithombe-skrini
Iwindi le-Apple Automator:
Okuthandwayo Kwesistimu:
Thola imenyu yokuqukethwe:
Hlola isiginesha kudokhumenti
Uma okuqukethwe kwedokhumenti kungenayo izimfihlo nezimfihlo, khona-ke indlela elula ukusebenzisa isevisi yewebhu kuphothali Yezinsizakalo Zombuso - . Ngale ndlela ungathatha isithombe-skrini kusisetshenziswa esinegama elihle futhi uqiniseke ukuthi yonke into ilungile ngesiginesha.
Izithombe-skrini
Source: www.habr.com