YotaPhone, Android and a bit of cryptography
Hi, Habr!
According to the YotaDevices campaign, the same Yataphone for experiments came to our company.
There were quite a lot of reviews on design / performance / camera quality / why_ in general_this_and, and we, in fact, did not set out to write another one.
It was interesting to show the possibility of integrating a modern Android-based smartphone with modern means of cryptographic information protection.
')
Details under the cut
In general, for mobile devices, we still have two solutions: an SD card and a Bluetooth token .
But since there is no SD card slot in YotaPhone, only Bluetooth remains:
We connect the device, install and run our Control Panel . In it, you can change the device name and set a PIN code to access key information and certificates:
We also have a test application where you can select, for example, a picture of the Moscow State University building from the gallery, take a hash from it and sign it. All operations are performed on a token:
Applications will be published on Google Play in the near future.
We also reviewed this case:
Using the solution of our partners, S-Terra CSPI, we built a VPN tunnel between the S-Terra Gate security gateway and the S-Terra Client M mobile client. In this scenario, the certificates used for authentication are stored on the Rutoken EDS Bluetooth.
The scenario illustrates the construction of a connection protected by the S-Terra Gate security gateway and the S-Terra Client M mobile client. The address of the mobile client is not known in advance — the client is behind a dynamic NAT.
Some screenshots of the client and certificate registration:
After setting up the devices, we create a secure connection.
On the mobile client, we launch the browser and go to the address located in the protected network. After downloading the site between the GW1 gateway and the client Client M, a VPN tunnel will be established.
You can verify this by running the command on the Security Gateway:
On the device you can see information about connections (Menu, item “Show information about connections”):
Other partner solutions:
At the moment, there are other solutions for mobile platforms on the market, for example, our partners from LISSI-Soft have released an application for administering and configuring tokens and smart cards and an electronic signature generation and document encryption application
Additional functionality provided by YotaPhone features:
Since the device is multi-screen, I would like to use the second screen to display the necessary information.
For example, in the case of our control panel, you can display a list of connected tokens and their charge level.
When establishing a VPN connection - its status and speed.
What is all this for?
For those who need an alienable key carrier and electronic signature tool in Russian PKI systems, legally significant electronic document management systems, Internet banking and other information systems using electronic signature technologies. The Bluetooth token performs all cryptographic operations so that the key information never leaves the carrier. The possibility of key compromise is eliminated and the overall security of the information system increases. A Bluetooth connection allows you to work with devices on Android and iOS platforms.
According to the YotaDevices campaign, the same Yataphone for experiments came to our company.
There were quite a lot of reviews on design / performance / camera quality / why_ in general_this_and, and we, in fact, did not set out to write another one.
It was interesting to show the possibility of integrating a modern Android-based smartphone with modern means of cryptographic information protection.
')
Details under the cut
In general, for mobile devices, we still have two solutions: an SD card and a Bluetooth token .
But since there is no SD card slot in YotaPhone, only Bluetooth remains:
We connect the device, install and run our Control Panel . In it, you can change the device name and set a PIN code to access key information and certificates:
We also have a test application where you can select, for example, a picture of the Moscow State University building from the gallery, take a hash from it and sign it. All operations are performed on a token:
Applications will be published on Google Play in the near future.
We also reviewed this case:
Using the solution of our partners, S-Terra CSPI, we built a VPN tunnel between the S-Terra Gate security gateway and the S-Terra Client M mobile client. In this scenario, the certificates used for authentication are stored on the Rutoken EDS Bluetooth.
The scenario illustrates the construction of a connection protected by the S-Terra Gate security gateway and the S-Terra Client M mobile client. The address of the mobile client is not known in advance — the client is behind a dynamic NAT.
Some screenshots of the client and certificate registration:
After setting up the devices, we create a secure connection.
On the mobile client, we launch the browser and go to the address located in the protected network. After downloading the site between the GW1 gateway and the client Client M, a VPN tunnel will be established.
You can verify this by running the command on the Security Gateway:
On the device you can see information about connections (Menu, item “Show information about connections”):
Other partner solutions:
At the moment, there are other solutions for mobile platforms on the market, for example, our partners from LISSI-Soft have released an application for administering and configuring tokens and smart cards and an electronic signature generation and document encryption application
Additional functionality provided by YotaPhone features:
Since the device is multi-screen, I would like to use the second screen to display the necessary information.
For example, in the case of our control panel, you can display a list of connected tokens and their charge level.
When establishing a VPN connection - its status and speed.
What is all this for?
For those who need an alienable key carrier and electronic signature tool in Russian PKI systems, legally significant electronic document management systems, Internet banking and other information systems using electronic signature technologies. The Bluetooth token performs all cryptographic operations so that the key information never leaves the carrier. The possibility of key compromise is eliminated and the overall security of the information system increases. A Bluetooth connection allows you to work with devices on Android and iOS platforms.
Source: https://habr.com/ru/post/220889/
All Articles