ยซ PKCS#11: ยป
x x , / PKCS#11 v.2.40. . , ,
ยซ 34.10-2012 . . ยป.
, ?
:
- / /Private key โ , . / ;
- / / Public key โ , , .
, ( 34.10-2001 512 ), (. 5.2
34.10-2012). () .
, , .
34.10-2001 34.10-2012 256 (, โ 512 ) :
- id-GostR3410-2001-CryptoPro-A-ParamSet;
- id-GostR3410-2001-CryptoPro-B-ParamSet;
- id-GostR3410-2001-CryptoPro-C-ParamSet;
- id-GostR3410-2001-CryptoPro-XchA-ParamSet;
- id-GostR3410-2001-CryptoPro-XchB-ParamSet.
34.10-2012 512 (, โ 1024 ) (ยซ . . ยป):
- id-tc26-gost-3410-2012-512-paramSetA;
- id-tc26-gost-3410-2012-512-paramSetB.
.5.2 34.10-2012.
q โ :
Dan itu menentukan panjang kunci privat / publik dan kebenaran kunci privat:
- panjang kunci privat adalah 256 bit;
- Panjang kunci pribadi adalah 512 bit.Jadi, kunci publik diperoleh dari kunci pribadi.Dan dari mana kunci pribadi itu berasal?
(256 512 ), . .
d ( d). :
0 < d < q,
q โ .
, ?
d == 0, .
d,
q,
q (d % q). .
( ) .
:
:
, / PKCS#11 , / , . .
C_GenerateKeyPair. , ( 256 512 ) , :
- CKM_GOSTR3410_KEY_PAIR_GEN 256 ;
- CKM_GOSTR3410_512_KEY_PAIR_GEN 512 .
, , :
.
CKA_SENSITIVE, . CKA_SENSITIVE CK_TRUE, . CKA_EXTRACTABLE . CK_TRUE.
CKA_SENSITIVE CK_TRUE, CKA_EXTRACTABLE CK_FALSE . Redfox:
- , โ . , , ยซ ยป. ( / ). ( )
CKO_PRIVATE_KEY CKA_SENSITIVE=CK_TRUE,
CKA_EXTRACTABLE=CK_FALSE.
( ) , , (,
PKCS#12), , - .
, ,
. โ . , .
, / PKCS#11 (CKO_PRIVATE_KEY, CKO_PUBLIC_KEY, CKO_CERTIFICATE), p11conf:
$ /usr/local/bin64/p11conf -h
usage: /usr/local/bin64/p11conf [-hitsmIupPred] -A APIpath [-c slotID -U userPin -S SOPin -n newPin -L label]
-h display usage
-i display PKCS
-s display slot(s) info (-c slotID is optional)
-t display token(s) info (-c slotID is optional)
Others must use -c slotID
-m display mechanism list
-I initialize token
-u initialize user PIN
-p set the user PIN
-P set the SO PIN
-r remove all objects
-e enumerate objects
-d dump all object attributes
Copyright(C) 2011-2016
$
, :
bash-4.3$ /usr/local/bin64/p11conf -A /usr/local/lib64/libls11sw2016.so -c 0 -e
Enter user PIN: ********
Token objects:
1: CKO_PRIVATE_KEY
label: 'LS11SW2016:; ..;0x23855(145493)'
2: CKO_PUBLIC_KEY
label: 'LS11SW2016:; ..;0x23855(145493)'
3: CKO_CERTIFICATE
label: 'LS11SW2016:; ..;0x23855(145493)'
โฆ
OK
bash-4.3$
, , PKCS#11 , . PIN-,
CKO_DATA.
, , ,
โd:
bash-4.3$ /usr/local/bin64/p11conf -A /usr/local/lib64/libls11sw2016.so -c 0 โe -d
Enter user PIN: ********
Token objects:
1: CKO_PRIVATE_KEY
label: 'LS11SW2016:; ..;0x23855(145493)'
==================================
Object handle: 0x1
----------------------------------
CKA_CLASS
0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
CKA_TOKEN
0x01,
CKA_PRIVATE
0x01,
CKA_LABEL
0x4c, 0x53, 0x31, 0x31, 0x53, 0x57, 0x32, 0x30,
0x31, 0x36, 0x3a, 0xd0, 0x9e, 0xd0, 0x9e, 0xd0,
0x9e, 0x20, 0xd0, 0x9b, 0xd0, 0x98, 0xd0, 0xa1,
0xd0, 0xa1, 0xd0, 0x98, 0x2d, 0xd0, 0xa1, 0xd0,
0xbe, 0xd1, 0x84, 0xd1, 0x82, 0x3b, 0xd0, 0x9c,
0xd0, 0xb0, 0xd1, 0x81, 0xd0, 0xbb, 0xd0, 0xbe,
0x20, 0xd0, 0x90, 0x2e, 0xd0, 0x90, 0x2e, 0x3b,
0x30, 0x78, 0x32, 0x33, 0x38, 0x35, 0x35, 0x28,
0x31, 0x34, 0x35, 0x34, 0x39, 0x33, 0x29,
CKA_VALUE: attribute sensitive
CKA_KEY_TYPE
0x03, 0x10, 0x32, 0xd4, 0x00, 0x00, 0x00, 0x00,
CKA_SUBJECT
0x30, 0x81, 0x9b, 0x31, 0x0b, 0x30, 0x09, 0x06,
0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x52, 0x55,
0x31, 0x1a, 0x30, 0x18, 0x06, 0x03, 0x55, 0x04,
0x03, 0x0c, 0x11, 0xd0, 0x9c, 0xd0, 0xb0, 0xd1,
0x81, 0xd0, 0xbb, 0xd0, 0xbe, 0x20, 0xd0, 0x90,
0x2e, 0xd0, 0x90, 0x2e, 0x31, 0x1c, 0x30, 0x1a,
0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x13, 0xd0,
0x9b, 0xd0, 0x98, 0xd0, 0xa1, 0xd0, 0xa1, 0xd0,
0x98, 0x2d, 0xd0, 0xa1, 0xd0, 0xbe, 0xd1, 0x84,
0xd1, 0x82, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09,
0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09,
0x01, 0x16, 0x10, 0x61, 0x6d, 0x61, 0x73, 0x6c,
0x6f, 0x76, 0x40, 0x6c, 0x69, 0x73, 0x73, 0x69,
0x2e, 0x72, 0x75, 0x31, 0x31, 0x30, 0x2f, 0x06,
0x03, 0x55, 0x04, 0x08, 0x0c, 0x28, 0x35, 0x30,
0x20, 0x20, 0xd0, 0x9c, 0xd0, 0xbe, 0xd1, 0x81,
0xd0, 0xba, 0xd0, 0xbe, 0xd0, 0xb2, 0xd1, 0x81,
0xd0, 0xba, 0xd0, 0xb0, 0xd1, 0x8f, 0x20, 0xd0,
0xbe, 0xd0, 0xb1, 0xd0, 0xbb, 0xd0, 0xb0, 0xd1,
0x81, 0xd1, 0x82, 0xd1, 0x8c, 0x20,
CKA_ID
0x97, 0x46, 0x4e, 0xcc, 0x7c, 0xa9, 0xea, 0xb1,
0x0a, 0xda, 0xec, 0x10, 0xf4, 0x49, 0x7e, 0x7f,
0x2d, 0x71, 0x4b, 0xa7,
CKA_SENSITIVE
0x01,
. . .
CKA_GOSTR3410_PARAMS
0x06, 0x09, 0x2a, 0x85, 0x03, 0x07, 0x01, 0x02,
0x01, 0x02, 0x01,
CKA_GOSTR3411_PARAMS
0x06, 0x08, 0x2a, 0x85, 0x03, 0x07, 0x01, 0x01,
0x02, 0x03,
CKA_GOST28147_PARAMS
0x06, 0x07, 0x2a, 0x85, 0x03, 0x02, 0x02, 0x1f,
0x01,
โฆ
OK
bash-4.3$
/ PKCS#11, .
, / PKCS#11 Mozilla (, ), Chrome Google . , / PKCS#11 .