Rutoken EDS and Open Source
I like the modern open source. I like it not as an idea, but from a quite pragmatic point of view. It is a fact that a company of any scale can use Open Source applications in its information system and, as a result, get cross-platform, convenient and free solutions to almost any problems.
We make a lot of effort to “make friends” with Rutoken EDS and various Open Source applications. For this purpose, we added support for Russian cryptoalgorithms (GOST 28147-89, GOST R 34-11.94 and GOST R 34-10.2001) and devices Rutoken and Rutoken EDS to the OpenSC project, and also developed our own cross-platform library PKCS # 11 operating on Microsoft Windows systems, GNU / Linux, Mac OS X, FreeBSD, etc.
')
The PKCS # 11 standard is supported by most open source applications for connecting to cryptographic USB tokens. The main problem we faced is that popular Open Source applications work perfectly with the hardware implementation of the RSA algorithm “on board” Rutoken EDS and do not know how to use GOSTs, also implemented “on board” Rutoken EDS. I had to "teach" them to this. Today it was possible to solve this problem for OpenSC, OpenSSL and sTunnel, which, if you look, is not so little :-).
At the output, we obtained the integration of Rutoken EDS with various Open Source applications through the PKCS # 11 library and through other mechanisms. Below is a summary table where you can find links to detailed integration instructions. The list of applications presented in the table will be constantly expanded.
I would also like to note that the Rutoken Project Forum is probably one of the most informative places on the Russian-language Internet, where you can get answers to questions related to the use of cryptographic tokens in Linux and Open Source applications.
| OpenSC | Open implementation of standards to support cryptographic tokens in various applications | Integration with Rutoken EDS according to GOST and RSA algorithms: http://www.opensc-project.org/opensc/wiki/AktivRutokenECP |
|---|---|---|
| Openssl | Cryptographic library, command-line utility | Integration with Rutoken EDS according to GOST algorithms: http://forum.rutoken.ru/topic/1639/ Integration with Rutoken EDS using RSA algorithms: http://www.opensc-project.org/engine_pkcs11 |
| sTunnel | SSL / TLS proxy | Integration with Rutoken EDS according to GOST algorithms: http://habrahabr.ru/blogs/infosecurity/135369/ Integration with Rutoken EDS using RSA algorithms: http://www.stunnel.org/static/stunnel.html (engine option) |
| Openvpn | Creating a VPN based on Internet infrastructure | Integration with Rutoken EDS using RSA algorithms: http://habrahabr.ru/blogs/infosecurity/137306 |
| Putty | SSH client for Windows | Integration with Rutoken EDS using RSA algorithms: http://forum.rutoken.ru/topic/1673/ |
| Xca | Software for managing keys, certificates and tokens | Integration with Rutoken EDS using RSA algorithms: http://habrahabr.ru/blogs/infosecurity/137306 |
| rdesktop | RDP client for Linux | Integration with Rutoken EDS using RSA algorithms: http://forum.rutoken.ru/topic/1666/ |
| Mozilla FireFox and Mozilla Thunderbird | Browser and email client | Integration with Rutoken EDS using RSA algorithms: http://www.rutoken.ru/products/rt4osx/example-of-using/ |
| Pam | Linux Authentication | Integration with Rutoken EDS using RSA algorithms: http://forum.rutoken.ru/post/4546/#p4546 |
| Cryptonit | GUI application for signing and encrypting files | Integration with Rutoken EDS using RSA algorithms http://www.opensc-project.org/opensc/wiki/ApplicationSupport (section Cryptonit) |
Source: https://habr.com/ru/post/139183/
All Articles