RSS
Логотип
Баннер в шапке 1
Баннер в шапке 2

LirCryptoki

Product
Developers: LISSI (Laboratory of tests of means and systems of informatization)
Date of the premiere of the system: October, 2010
Technology: Cybersecurity - Means of enciphering

The most critical element in these systems is the private key which discredit can lead to sad consequences. Hardware tokens which should not only store reliably private keys are designed to avoid such effects, but also execute all transactions with private key in themselves. When today speak "we store private key on a token", it means – we store, and no more than that, private key on a token as on an ordinary flash card. Any transaction requiring private key leads to extraction of private key in RAM with all effects.

Fortunately, today in the market hardware tokens with support of the Russian cryptography (first of all with implementation of an algorithm of GOST P 34.10 - 2001) which not only store already appeared or prepare for emergence, but the most important - is executed by all cryptographic transactions with private key in themselves. Such tokens are, for example, eTokenGOST, FoxToken, ruTokenECP, Shipka. All of them support the PKCS#11 protocol and, as a rule, have support for the MS Windows and Linux operating systems.

At the same time, the interface of the PKCS#11 protocol is an interface of rather low level. During the work with cryptography the high-level cross-platform OpenSSL or NSS interfaces, and on the MS Windows platform – MS CryptoApi where as a cryptocore MS CSP is used are widely used today. And, of course, - interfaces of Java cryptoproviders.

For the benefit of support of developers of the application software, LISSI LLC completed project development of LirCryptoki including:

  • program token of LirCryptoki, the supporting expanded version of the PKCS#11 v.2.30 standard, including TLS protocol mechanisms with the Russian cryptography;
  • the lissi-nss library providing application of tokens with the Russian cryptography in the projects using the NSS interface;
  • the interface unit of lissi-engine providing application of tokens with the Russian cryptography in the projects using OpenSSL (LirSSL);
  • the Java LirPKCS11 cryptoprovider providing application of tokens with the Russian cryptography in the projects using Java;
  • the LISSI-CSP library providing application of tokens with the Russian cryptography in the projects using MS Windows CryptoAPI;
  • the CertManager utility for management of certificates on tokens.

The program token of LirCryptoki plays an essential role in this project. As the feature set of hardware tokens is limited, the program token effectively supplements a set of hardware mechanisms to more full support of the PKCS#11 v.2.30 standard, including also TLS mechanisms.

At autonomous use of a program token of LirCryptoki it, in addition to storage of program tokens in the file system, supports also storage of key objects on, so-called, "old" tokens of eToken and ruToken.

Thus, the LirCryptoki project is designed to provide comprehensively developers with high-level means for work with the Russian cryptography using hardware tokens.