Вы находитесь на странице: 1из 60

127 018, , , .

16/5
: (495) 780 4820
: (495) 780 4820
http://www.CryptoPro.ru
E-mail: info@CryptoPro.ru

CSP

3.6.1


.00050-03 90 02
61

2012

.00050-03 90 02. CSP. .


OOO "-", 2000-2012. .



CSP


().

CSP

3.6.1;

.
OOO "-"

.

.00050-03 90 02. CSP. .


...................................................................................................................... 5
...................................................................................................... 6

1. .................................................................................15
1.1. .................................................................................... 15
1.2. ......................................................................................... 16

2. ..........................................................17
3. - .......................18
4. .................................................................................18
5. ..........................................19
6. ......................................................................20
6.1. ................................................................................................................... 20
6.2. ............................................................................. 20
6.3. ............................................................................. 21

7. ................................................21
7.1. ............................................................................................................... 21
7.1.1. ....................................................................................................21
7.1.2. .......................................................................................22

7.2. ........................................................................................................... 22
7.3. ............................................................................................ 22
7.4. ......................................................................................................... 23
7.5. ............................................................................................................. 23
7.6. .................................................................................................................. 24
7.7. ............................................................................................ 24
7.8. .......................................................................... 24
7.9. ..................................................................... 24
7.10.

............................................................................ 25

8. TLS .................................25
8.1. TLS.................................................................... 28

9. ...................................................................29
9.1. ........................................................................................................ 30
9.2. ..................................................................... 31
9.3. ................................................................. 31
9.4. ........................................................................ 31
9.4.1. ..................................................................................31
9.4.2. ....................................................................31

9.5. ................................................................................... 32
9.5.1. ............................................................................................32
9.5.2. .................................................................33
9.5.3. ............................................................33

9.6. .................................................................................. 34
9.7. ...................................................................................................... 34
9.7.1. ............................................................................34
9.7.2. ...............................................................................34
9.7.3. .........................................................................................34

9.8. ....................................................................................................... 34

.00050-03 90 02. CSP. .



9.8.1. ..............................................................34
9.8.2. ..................................................................35
9.8.3. ...........................................................................35
9.8.4. ..................................................35

9.9. ....................................................................................... 35
9.10.

........................................................................................... 35

9.11.

........................................................................................................... 36

10. , .............36
10.1.

......................................................................... 37

10.2.

................................................................ 37

11. .....................................38
12. .00050-03 .....................................................39
13. ...........39
14.
- .................................................................................40
15. ...........................................................................40
15.1.

........................................... 40

15.2.

. ..................... 41

15.3.

, ............... 41

15.4.

............................................................................ 42

15.5.

......................................................................... 44
15.6. -
..................................................................................................................................... 44
15.6.1. - "-" ........................................................45
15.6.2. "" ........................................................................................45

16. .........................................46
17. ......................47
, ,
,
. ....................................................................................................................... 47

..............................................................................................49
1. ....................................................50
2.
..................................................................................51
3. ................................................51
4. ............................52
...................................................................................................60



CSP v. 3.6.1 (.00050-03)
. (
CSP 3.6 R3).
-
[9] - [19].

, CSP,


CRL

(Certificate Revocation List)

IETF

Internet Engineering Task Force

HDD

(, ,
..)

,

.

(Certificate Revocation List)


. .

.00050-03 90 02. CSP. .




, , ,
.

,
.


/ (),
.
,
( ).

() ()
.

,
, .
- ,
.
:
- ;
- : , ,
, ,
;
- ,
, ,
, .

,
.

,
.


,
( ) ,
() .

.

,
.
, .
( )
, ,
() , , ,
, , (), ,
...
,
, .

.

.

.


,
, / .

.00050-03 90 02. CSP. .



, ,
.

,
, ,
.

, , ,
,

-
,
.

,
, .

, , ,
/ .

, .
,
.
()
,
.
.
, ,
.
( )
( ) - ,
.
( ).
,

.
,
.

.
.

,
.
, , , ,
.

, ,
,
.
()

, , , .

,
.
, , , ,
, , (), -
, .

.

,
. , ()
,

.00050-03 90 02. CSP. .



: ; ; ;
.
( )
( ),
.
IA32, IA64, 64, SPARC, Power PC
,

()
.

,
.

,

, .
( )

,
[3].

,
.

, .

, .
, , , ,
:
1. .
2. .
3. , .
4. ( )
.
5.
.

6. .
7. , , (
,
, ,
)
: .
.
.

() (),
, ,
()
, .

,
. , .

( )
.

.

.00050-03 90 02. CSP. .


, , ,
, .
(, / ),
, ,
. ,
, .

, .
(, /
), , ,
.
.

, ,
.

.

, . ,
, ,
. .
RP .

.

.

,
.

/
.

/
.

, ,
.

, ,
.

, .

, ,
, , ,
( , ()
, ).

,
,
, ,
, , , ,
, , .

/
, , ,
, , .
()
1.
,
.

.00050-03 90 02. CSP. .



2. , ,
, .
,
().

, ,
, , , ,
.


1. , ,
.
2. ,
.


, , , .

.

,
.
,
, .
, ()
.

1. , () .
2. , ,
.

, .

1. ,
, ,
.
2. , , ,

.

,

.

, , ,


. ..
()
1. ,
.

2. , , ,

.


, .

,
.

10

.00050-03 90 02. CSP. .



()
, .
;
,
, .

, - ,
.
, , , , .
,
.

.

,
,
. ,
, , ,
, .

, .

,


/ ].

,

.


ASN.1, :

, ;
;
, ;
( ), .
ITU-T .509 IETF RFC 2459.
3,
(extensions),
.

,
.
()
, .
.

/ , ,
, ,
, -
.

- ( )
.

1. ,

, ,

11

.00050-03 90 02. CSP. .



. ,
, .
2. , , ,
. ,
, ,
. ,
, ,
, - .

1.

,
. ,
,
. , , -
, .. ,
, .
2. , ,
.
3. ,
.

.

1. ()
. :
(, ).
(, ) (, );
;
;
;
();
(, );
;
;
;
;
, .
2. :
;
,
;
3. , ;
4. ,
.

,
.

, ,
.

, - ,
.


, .

12

.00050-03 90 02. CSP. .




,
.
, , .

,
,
, .


, ,
.


X.509 .

,
.

() , , , (),
.

1. ,
.
2. ,
.


,
.

.

1.
/ ().
2. , (
).

.
1. , ,

/
.
2. : , , , ,
;

,
,
;
, , ,
,

,
;
,

;
,
, .


,
.

13

.00050-03 90 02. CSP. .


ABC

ABC

. 1.
() ,
( ),
, ,
, .
: .
,
,
.
() ,
.
()
() ,
, .

:
5. ,
- , ,
(
), , ,
, ;
6. ,
- ,
, " ";
7. , - , ,
,
, .
8. , .

, ()

:

,
, ,
,
.

( ),
( ), .

14

.00050-03 90 02. CSP. .


ABC

ABC

ABC

. 2.
(),

, (,

.

, .

.
,
.

1.
, ,
:
;

TLS IPSec;
- .

1.1.
.00050-03
:



( .509 )
(RFC 4357):
34.10-2001. " .
. ".
34-11-94.
"
. ".


, :
28147-89 " . ";


;
;
,
.509;

15

.00050-03 90 02. CSP. .


TLS;

IP- IKE,
ESP, AH;

;
, Windows.
, ,
, , RFC 4357,
RFC 4490, RFC 4491.
.

,

. , ,

, ,
.

, ;

,
, ;
, ;
:
, ;

;

,
.

1.2.
( , )
.
. (
)

(,

.509).

.
,
.

(
) .

, .

( )
.
.
( ),

.

16

.00050-03 90 02. CSP. .



.
,
( )

( ).
.
,

).

.
, ,

.

2.
.00050-03
(/ )
, ,
, (/ ,
/ , -, /
).
.00050-03
, .

.00050-03
.

CSP
1
:
1. (CD, DVD - );
2. .
CSP

.
.

CSP
.
CSP
,
CSP, .

.
34.11-94 RFC 4357. ,
CSP
. cpverify.exe,
CSP,
() , 34.11-94.
CSP

CSP .

1 CSP, ()

17

.00050-03 90 02. CSP. .


3. -
.00050-03 - :

Windows 2000 (ia32);


Windows XP/2003/Vista/2008/7/2008R2 (ia32, ia64, x64).
Linux Standard Base ISO/IEC 23360 (ia32, x64), - ,
LSB 4.:
CentOS 5/6 (ia32, x64)
Fedora 16/17 (ia32, x64)
Linpus Lite 1.3 (ia32)
Mandriva Server 5 (ia32, x64)
Oracle Enterprise Linux 5/6 (ia32, x64)
pen SUSE 12 (ia32, x64)
Red Hat Enterprise Linux 5/6 (ia32, x64)
SUSE Linux Enterprise 11 (ia32, x64)
Ubuntu 8.04/10.04/11.04/11.10/12.04 (ia32, x64)
ALT Linux 5/6 (ia32, x64);
Red Hat Enterprise Linux Version 3 Update 3 (ia32, x64);
Debian 6 (ia32, 64);
FreeBSD 7/8/9 (ia32, x64);
Solaris 10/11 (sparc, ia32, x64);
AIX 5/6/7 (Power PC);
Apple iOS 4.2.1-4.2.10/4.3.1-4.3.5/5.0.1/5.1/5.1.1/6.0/6.0.1 (ARM);
Mac OS X 10.6/10.7/10.8 (x64).

4.
.00050-03 1, 2 3
.
1 - , .
2 3 , .
1 1 :
;
;
(TLS);
Windows;
IKE, ESP, AH;
EFS ( Windows);
;
Microsoft CNG;
Mozilla NSS;
(cpverify, wipefile, stunnel)
- .3.
2 2 1
.3 Apple iOS (ARM) Mac OS X
(x64).

3 3 :
;
;

18

.00050-03 90 02. CSP. .



(TLS);
EFS ( Windows);
;
;

-
Windows XP/2003 ( ia32, 64) Secure Pack Rus
3.0.
4 3 :
;
;
(TLS);
Windows;
IKE, ESP, AH;
EFS ( Windows);
;
;

Windows
XP/2003/7/2012 Server ( ia32, 64) Secure Pack Rus
3.0.
5 3 :
;
;
(TLS);
EFS ( Windows);
;

Windows
2000/XP/2003 ( ia32), Windows XP/2003 ( x64)
Secret Net 6.


/
28147-89 " .
".

34.10-2001 " . .
".

34.11-94 " . .
".
S-, ,
RFC 4357.
CSP -

-.

19

.00050-03 90 02. CSP. .


6.
6.1.
.00050-03 . 1.

6.2.
.00050-03 :
- ;
- .
.00050-03 :
dll, , CSP.
TLS.
IKE, ESP IPSec.
Winlogon.
CSP.

20

.00050-03 90 02. CSP. .



()
() - ()
, , .
( 2 - 5).
.
- .
( ).

6.3.
:
( , ).
SSPI (
Secure Support Provider Interface (SSPI, CryptoAPI v. 2.0)
TLS v. 1.0 (
Windows2000/XP/2003/Vista/2008/7/2008R2).
Windows .
CryptoAPI 2.0.
Crypt32(Win32,64)
CryptoAPI 2.0
CSP Windows2000/XP/2003/Vista/2008/7/2008R2.
CapiLite -
CryptoAPI 2.0 CSP
UNIX (Linux , FreeBSD, Solaris, AIX).
CSP.
.
ASN.1 - / ASN.1.
-
.00050-03 90 02-01, .00050-03 90 02-02,
.00050-03 90 02-03, .00050-03 90 02-04, .00050-03 90 02-05, .00050-03
90 02-06, .00050-03 90 02-07 .

7.


7.1.

CSP

.
, / ,
(
) ( ) (
). ( )
( ).

7.1.1.

A ,
( )
. ,

.
, :
;
.

21

.00050-03 90 02. CSP. .



. - ,
.
, ,
IKE.

7.1.2.

,
.
( )
, .
, ,
.
, .
, , :
;
(
) .


.

, .

7.2.
CSP .
:
;
;
.
( )
. , - -
, - .
,
, . .
( ),
,
( ) .
.

7.3.
:
, , ,
(), .
, ,
.

( ) ,
( ).
,
-
( ,
).

22

.00050-03 90 02. CSP. .


7.4.

CPGenKey (. .00050-03 90 05 " CSP. ")

:
AT_KEYEXCHANGE.
AT_SIGNATURE,
AT_UECSYMMETRICKEY.
, :
1.

CSP CPAcquireContext
CRYPT_NEWKEYSET ,
pszContainer;

2.

CSP CPAcquireContext

pszContainer.

.
1. 1

; 2 -
.
2 Solaris 9/10 ( sparc)
, 2 Windows XP,
ia32, .
2. -
Touch-Memory DALLAS
BIOS .
3. ""
- (
)
4.
.

7.5.
:
3,5;
USB
USB (e-Token);
, ,
Touch-Memory DS1995 DS1996 (-,
");
Rutoken;
HDD ( Windows ).

-
. ".00050-03 30 01. " CSP". , .. 3.8, 3.9.
1. .00050-03
, .

.

2. Windows
HDD ( ) HDD c HDD
,
.
3.
"-".

23

.00050-03 90 02. CSP. .


7.6.
:

256 ;

512 .

, :

256 ;

512 ;

256 .

7.7.

.
.

;
, ,
,
.
Windows HDD
(HDD ) (
, HDD).

.
HDD .
:
1.
" ",
2.
CSP "
" ,
, .

/ ,
/.
.

7.8.
.00050-03
:

( ) - 1 3 ;
( ) - 15 ;
1 3 .

7.9.
( Touch Memory -),
,
,
.
"
" (. ).

24

.00050-03 90 02. CSP. .


7.10.

, ,
.00050-03 90 03. CSP. .

8. TLS
TLS (Transport Layer Security, IETF - RFC2246)
Microsoft Internet Explorer, Internet Information Services
(IIS), Microsoft SQL Server 2000 +.
, .
.509 (
), ,
- (Message Authenticity Code,
MAC).
TLS https,
Web- TCP 443 TCP
80. TLS, .
SSL/TLS (SSL - ) - (
1).
1.

HTTPS
SMTPS
NNTPS
LDAPS
POP3S
IRCS
IMAPS
FTPS

443
465
563
636
995
994
993
990

HTTP no SSL/TLS
SMTP ( ) SSL/TLS
NNTP () SSL/TLS
LDAP ( ) SSL/TLS
POP ( ) SSLLS
IRC SSL/TLS
IM ( ) SSL/TLS
FTP ( ) SSL/TLS

SSL/TLS , Web- (
) . ,
, .
, .
:
,
, ;
;
, ;
, ; Internet Explorer
IIS.
,
(
).
, ,
.


TLS
:

;

() TLS. 214 ;
();
( MAC);
25

.00050-03 90 02. CSP. .


);
();

(, TCP).
.


:
( , 32 ,
);
;
();
();
( MAC,
);
master secret ( , MAC,
);
, / .
X509. v3.
.


:
client_random 32 , ;
server_random 32 , ;
client write MAC secret ( );
server write MAC secret ( );
client write key (,
);
server write key (,
);
client write IV, server write IV ( ,
);
(
).
;

.

. ,
0; : 0 264-1.
.


TLS :
Hello message (ClientHello, ServerHello);
Change cipher specs message (
);

26

.00050-03 90 02. CSP. .



Key exchange message (
, );
Alert message (, );
Application_data message ( );
Finished message ( ).


:
();
, ,
, , ;

);

, ( ),
TLS ( ), .

TLS
Application Data

Fragment

Compress

Add MAC

Encrypt

Append
Header

TLS

Record

TLS Handshake Protocol


TLS Handshake Protocol :
ClientHello

ServerHello
Certificate
Certificate Request
Server Key Exchange
ServerHelloDone

,
,
,

()


() ,
server-random

27

.00050-03 90 02. CSP. .


(
)
, Certificate Verify

Certificate
Client Key Exchange
Certificate Verify
Change Cipher Spec
Finished
Change Cipher Spec
Finished

Client

Handshake
()

Server

TLS Handshake Protocol ()


:

, client_random, server_random,
, ;
(
);
pre_master secret,
.
pre_master secret, client_random server_random
master secret ( ) .

TLS
TLS .
TLS Handshake Protocol, TLS Change Cipher Spec, TLS Alert Protocol.
TLS Record Protocol.
...
TLS
Handshake
Protocol

TLS Change
Cipher Spec

TLS Alert
Protocol

(HTTP
..)

TLS Record Protocol


(TCP/IP ..)

...

8.1.

TLS

TLS TLS v.1.0


( 28147-89,
34.10-2001,
34.11-94). -
34.10-2001.
(IIS, ISA)
TLS.

.00050-03

- .
,
:
;
.
""
"" .
,

28

.00050-03 90 02. CSP. .



.

,
TLS-
Web-,
.
, .
CSP .
:

Web

;
;
HTML, .
Web . ,
,
, , .

.
,
ISA , ,
. , CSP
TLS.

ISA ,
TLS.
:
(Common name)
Web- . : pif.nikoil.ru
:
ISA
( ).
.

. .

9.
PKI X509

().
, Microsoft
(Microsoft Certification Authority), ,
.

, :
1. ()
2. ()
3.

4.

5.

4.

29

.00050-03 90 02. CSP. .


.
.00050-03
,
.


ASN.1, :
,
;
;

( ), .
ITU-T 1997 X.509
IETF 1999 RFC 2459.
3, (extensions),
.

, .
,
. ,
.

9.1.
:
() ;
,
;

()

()
;
, ,
;
;

;
;
;
,
( ,
, , . .);
;
;
;
,
.
:
- ;
- (
);
- ;
,
.

30

.00050-03 90 02. CSP. .


9.2.

1. "
" (. 9.11 " ").
( ).
2.
. ,
. "
" .
3.
.
, ().
4. ,
.
. ,
().

.
,

(issuingDistributionPoint) ,

(. [22]).


(, )
3 . 1 3

.
1 3

.

9.3.

.
(, ),
, " ".
,
, .

9.4.

,
.

9.4.1.

,
" ".

9.4.2.

1. .
.
2.
, .
, .
" ".
3.
.
4. ().

31

.00050-03 90 02. CSP. .



5. ,
,
. .
, - .
6. .
,
.
7.
.
8. , , .

.

9.5.

, ,
:
1. ;
2. ( );
3. ;
4. ;
5. ;
6. .
-

( () :
1. ;
2. ( ) ;
3.
(), ;
4.
().
.

9.5.1.

1.
, .
2.
.

3.
.
, .
4. ,
(. . 3.
).
: , ( )
, ( ), .

.

.
.

32

.00050-03 90 02. CSP. .



()

. 3.
5.
, ,
.
6.
".

9.5.2.

"

.
()
, ().

,
,
.
1. () .


.
2. ,
.
3.
, ( )
(, ).
4. ,
() .
5. ,
.
. ,
.
6. , (
) ()
.
7. , (
) ,
(, ).
8.
.

( ).
9.
" ".

9.5.3.

:
( ) ;

.
,
.

.
().

33

.00050-03 90 02. CSP. .


9.6.


.

9.7.
9.7.1.
( )
(. 9.2 "
").
()
.
, ,
.
,
, ,
.

9.7.2.
( )
.

(. 9.7.3 " ").
,
, .

9.7.3.

, ,
( )
, .
, ,
, 9.5 "
".
, ,
(), " ".

9.8.
, ,
, .
.

, "
".

9.8.1.


.
,
.

:

1. ;
2. , ;
3. ;
4. ,
;
5. .

34

.00050-03 90 02. CSP. .


9.8.2.

.

.

:
1. , ;
2. , .

:

1. ;
2. (
).

9.8.3.


.
( )
() .

, " ".

.
,
( )
.

9.8.4.

,
,
/ . ,
, .
, ,
, .
,
.
,
(. 9.5.1 " "), .
/
() (
) , .

9.9.


, .

. ,
9.8.4 " ".

9.10.

.

( ).

,
,
(. 9.5.1 " ").

35

.00050-03 90 02. CSP. .



,
.

9.11.
:
" " ,
" ",
" ".
" "
(), ,
.
" "
, , ,
, ,
, ,
.
" " :
, ;
;
,
;

;

,
,

,
, ;
, ( )
, ;
, ,
;

.
(. 2 3).

10. ,


, ( )
/ , .

,
.

.

,
34.10-2001 34.11-94,
,
.
,
.

.

36

.00050-03 90 02. CSP. .



,
, . , ,
,
(), .


.

10.1.

1. ;
2. ;
3. ;
4. .

CSP ,
.

:

1. ,
;
2. ;
3. ;
4. ,
;
5. ;
6. ;
7. .
, ,
, .

.
/
.

() ,
.

10.2.
( )
, , . ,

.

37

.00050-03 90 02. CSP. .


11.

.
2.

,
, ..,
,


.

.
, ,

.

,
,
,
.


.


.
,
,

, .


9.8.3 " ".



.
.



( ,

).

,
, (
).


,

,
, .

,
,
.
- .


.

9.8.3 " ".

,
,

38

.00050-03 90 02. CSP. .


,

,
.

9.

,
, ,

,


.

10.

,
, ,

.



.

" " (. 9.11).

12. .00050-03
CSP.
1. CSP
Microsoft ,
Microsoft.
2. CSP
.

13.

.00050-03
X.509
Microsoft:
- Microsoft Certification Authority, Windows
2000 Server, Advanced Server, Windows 2003 Server, Windows 2008 Server, Windows 2008R2.
- MS Outlook (Office 2010, Office 2007, Office 2003, Office XP, Office
2000).
- Microsoft Outlook Express Internet Explorer,
Windows Mail, Live Mail.
Microsoft Word, Excel, InfoPath Microsoft Office 2003, 2007, 2010 (c
Office Signature).

Authenticode.

Microsoft

Windows 2003 Server, Windows 2008 Server, Windows 2008R2


Server ( ).
TCP/IP - TLS/SSL
Internet Explorer web- IIS, TLS-, TLS- (IE).
SQL-.

39

.00050-03 90 02. CSP. .



ISA .
TMG
UAG.
(RDP).
UNIX-
:

.00050-03

CSP

Certmgr ( Certmgr).
CryptCP.
Apache Trusted TLS (Digt).
Trusted TLS (Digt).

14.
-
.00050-03
-:
6.
7.
8.
9.
10.
11.

;
OCSP;
TSP;
;
CryptCP;
HSM.

15.
15.1.


, .

-

,
,
.

,
.

.
.
, ,
, ,
,
.

.

.
, ,
, ,
.

40

.00050-03 90 02. CSP. .


15.2.
.
:

, ,
, ,
.

, ,
.
,
,
, .
.00050-03 ,
, , , .

15.3. ,

1. ,
,

, ,
(, -), ,
.00050-03.
2. .00050-03
, .
3. ,
, ,
.
:
, ,
- .

.
.
,
.
,
, ,
, ,
/ .


,
(, ).
,

, .
,
, :
- ;
- ;
- , ;
-
;

41

.00050-03 90 02. CSP. .



- ,
;
- ;
- ;
- - .

15.4.

:
(
, BIOS, ..),
:
6 ;

, (@, #, $, &, *, % . .);
(,
. .), (USER, ADMIN, ALEX . .);

4-x ;
;
,
6 .
, .
BIOS ,
.
:
, ,
;
- ;


, , ,
.. ;

;
,
,
:
, .
,
.
,
.
.

.
(,
..).
,
.

42

.00050-03 90 02. CSP. .



, ,
.
,
(
):
- ;
- ;
- ;
- ;
- ;
- ( ..);
- .
, ( )
,
. , ,
.
, ,
, .
(Service
Packs, Hot fix ..), ,

.

,
(, JavaScript, VBScript, ActiveX),
,
, .
, ,

, ,
, ,
(:
, VPN ..).
, .

.
.

.
, ,
.
:
1. .
2.
, ,
( , ).
3.
.

4. ,
.
5. ,
, .
6. - .

43

.00050-03 90 02. CSP. .



7.
.

8. , .
9.

, , ,
.

10.
CSP.
11. .
12. , ,
(
).

15.5.

1.
. , ,
, .
2.
. :
.
, .
, :
- .
- ,
.
- .
- ( ).
- .
3. ,
.
:
, .
.
.
.
4. -
TLS ,
c (,
Client_Id ..).

5. ,


, .

15.6.
-
-

"-"

.
.00050-03 30
01. CSP. , .3, 2.

44

.00050-03 90 02. CSP. .


15.6.1.

- "-"

- () "-"
.
"-"
Windows ( IA32);
Linux ( IA32);
FreeBSD 6/7 ( IA32);
Solaris 10/11 ( IA32).
"-" :
, ,
();
() ( ),
() , ,
;
.
"-"
DS 199x ( Touch-Memory).

"-"
"-".

. "-" ,
,
.

"-"

"-"

.

.

15.6.2.

""


. ,
.

Windows ( IA32);
Linux ( IA32);
FreeBSD 6/7 ( IA32);
Solaris 10/11 ( IA32).
:

;
, ,
;
( Windows);
( Windows);

CD-ROM .

.
(

45

.00050-03 90 02. CSP. .



.00300-04 )
.

.

.

16.
:
1. .
2. , :
.00050-03 90 02-01, .00050-03 90 02-02, .00050-03 90 02-03,
.00050-03 90 02-04, .00050-03 90 02-05, .00050-03 90 02-06,
.00050-03 90 02-07.
3. -
.
4.
.
5. .
.
6. .
7. , ,
.
8. , ,
6 10.
3 .
9. - 10 .
10. .
11.
- 1 .
12. 28147-89
, .
13. ,
CRYPT_SIMPLEMIX_MODE , ,
4 .
14.
.
15.
.
16.
.
17. 2 -
Windows XP/2003 (ia64), Solaris 9/10 (sparc, ia32, x64)
.
18. 2 - Windows
(x64, ia64), Solaris 9/10 (sparc, x64),
, - ,

, .
19. ,
.00050-03 90 02-01, . 0005003 90 02-02, .00050-03 90 02-03, .00050-03 90 02-04, .00050-03 90 02-05,
.00050-03 90 02-06, .00050-03 90 02-07.

20. .

46

.00050-03 90 02. CSP. .


17.

-2005. ,
.


, ,
,
.

.
-
, .

:
1. CryptoAPI 2.0,

Microsoft.

, MSDN (Microsoft
Developer Network), ; Unix-
(Linux, FreeBSD 5, Solaris 10) capilite.dll,
CryptoAPI 2.0.
.00050-03 90 05 " CSP.
".
2.
LoadLibrary. .0005003 90 05 " CSP. ",
.
, ,
, .

CSP

:
1.
, , .
:

(, );

.
2. ,
,
,
.
3. ,
, ,
, .
4. ( )
, (
,
).

47

.00050-03 90 02. CSP. .



5.
.

17.1. IPSec
IPSec
,
-2005.
CSP 3.6.1 IPSec
, GSS_API libike_gost
(cpike_api) IKE esp_gost (cpesp_drv) AH.
.

48

.00050-03 90 02. CSP. .


1. "O ", 06 2011 . 63-.


2. "O , ", 27
2006 149-.
3. 28147-89. .
. . .
4. 34.10-2001. .
. .
.
5. 34.11-94. .
. . .
6. , ,
() ( -2005).

7. .00050-03 30 01. CSP. .


8. .00050-03 90 01. CSP. .
9. .00050-03 90 02-01. CSP. .
Windows.
10. .00050-03 90 02-02. CSP. .
Linux.
11. .00050-03 90 02-03. CSP. .
FreeBSD.
12. .00050-03 90 02-04. CSP. .
Solaris.
13. .00050-03 90 02-05. CSP. .
AIX.
14. .00050-03 90 02-06. CSP. .
Mac OS X.
15. .00050-03 90 02-07. CSP. .
iOS.
16. .00050-03 90 03. " CSP". .
17. .00050-03 90 04. " CSP". .
18. .00050-03 90 05. CSP. .
19. .00035-01 30 01. " ". .
20. OSI NETWORKING AND SYSTEM ASPECTS. Abstract Syntax Notation One (ASN.1)
21. ITU-T Recommendation X.509 (1997 E): Information Technology
Interconnection The Directory: Authentication Framework, June 1997.

Open

Systems

22. RFC 3280, R. Housley, W. Polk, W. Ford, D. Solo, "Internet X.509 Public Key Infrastructure
Certificate and Certificate Revocation List (CRL) Profile", RFC 3280, April 2002.
23. RFC 3369, "Cryptographic Message Syntax", August 2002.
24. RFC 4357, "Additional Cryptographic Algorithms for Use with GOST 28147-89, GOST R 34.10-94,
GOST R 34.10-2001, and GOST R 34.11-94 Algorithms".
25. RFC 4490, "Using the GOST 28147-89, GOST R 34.11-94, GOST R 34.10-94, and GOST R 34.102001 Algorithms with Cryptographic Message Syntax (CMS)".
26. RFC 4491, "Using the GOST R 34.10-94, GOST R 34.10-2001, and GOST R 34.11-94 Algorithms
with the Internet X.509 Public Key Infrastructure Certificate and CRL Profile".

49

.00050-03 90 02. CSP. .


1.

_______________________________
()
_______________________________
( )
______________________________
() (...)

_______________________________ _____________________________
( ) ( )
"_____" _______________ 201___.
______________________
______________________________
()
(...)
_______ ,
___________________, ___________________________,

,
________________________________________________________________________________
_______

:
________________________________________________________________________________
______
(, , , ..)
,
_____________________________________________________________________
___________________

: , ________________________

_____________________________________________________________________
___________________

_________________
.
:
____________________________
()

__________________________________________
(..)


____________________________
()

__________________________________________
(..)

____________________________
()

__________________________________________
(..)

____________________________
()

__________________________________________
(..)

..

50

.00050-03 90 02. CSP. .


2.

/

...

. .

. .

01.02.2010

:
a.sidorov@acme.ru
:

21.01.2010

(,
)

3.
/

...

51

.00050-03 90 02. CSP. .


4.

-

:
,
;
;

;

;


;

.

:

, :
- ;
- () .
,

, ,


-
;
-
;
-
;
-
;

-
;
-
;
-
;
-
;


-
;
-
;
-
;

52

.00050-03 90 02. CSP. .



,

-
;
-
.509 3 RFC
2459, ()
;
-
;
-
;
()

/

-
;
-
;
-
/
;

/
;
-
;

;

-
.

- ;
-
.



:
()
()



-
- ;
- .
( )

53

.00050-03 90 02. CSP. .



,

, ,
.
() Microsoft Windows 2000/2003 Server SQL
2000 Server Desktop Edition. SQL 2000 Server Desktop Edition
.


.


,
,
,
. () Microsoft Windows
2000/2003 Server Microsoft SQL 2000 Server (Desktop Edition, Standard
Edition Enterprise Edition). Microsoft SQL 2000 Server Desktop Edition
.

.

( ,

54

.00050-03 90 02. CSP. .



, ),
.
()
.
.


, ,
.
Microsoft Windows 2000/XP/2003.

.

(,
..).


, :

;

.
Microsoft Windows
2000/XP/2003.
,
(
, , ..).



- ,
.
Microsoft Windows 98 (
MS IE 5.0 ).
HTTP(S) .
:
.

,
, TLS .


- ,
,
.

, :
(ID);
.

55

.00050-03 90 02. CSP. .



.

6.
, ,
( () )
.

,
;
( )

.

Microsoft Windows 98 ( MS IE 5.0 ).

HTTP(S) () .


- ,
,
, ,
,
.

Microsoft Windows 98 ( MS IE 5.0 ).

HTTP(S) .


-. -:
SOAP (Simple Object Access Protocol)
HTTP(HTTPS) Internet-;
WSDL (Web Services Description Language)
-;
UDDI (Universal Description, Discovery and Integration)
-.
,
SOAP , WSDL
- RA.wsdl.
()
.
, ,
.
SOAP
ASP RA.asp SOAP-.
SOAP , HTTP HTTPS,
XML. WSDL WSML -,
COM+ . ,

56

.00050-03 90 02. CSP. .



, SOAP
.
, ,
, , ,
WSDL , SOAP , -, ,
, .
HTTP HTTPS URL RA.asp.
SOAP ,
.

,
,
.


.


( ,
) .

,
, .

.



.



() .

.
,
.


.


.

.

.

(/ )
.

57

.00050-03 90 02. CSP. .




.

(
, , ..).


,
.

TLS
,

.
,

, .

-

.
, ,

, .

HTTP(S)

.

.

58

.00050-03 90 02. CSP. .


" ", "-" (http://www.cryptopro.ru)


" " (http://www.nwudc.ru/) ,
" "
" ".
"-" " "
,
" ", .
.

59

.00050-03 90 02. CSP. .




()

()
.

60