Get best of the week

Using a cloud token with support for Russian cryptography on the Android platform

From the point of view of the PKCS # 11 interface, using a cloud token is no different than using a hardware token. To use the token on the computer (and we will talk about the Android platform), you need to have a library for working with the token and an actually connected token. For a cloud token, you need the same thing - a library and a connection to the cloud. Such a connection is a configuration file in which the address of the cloud is written in which user tokens are stored.

Checking the status of a cryptographic token


So, download the updated version of the cryptoarmpkcs-A utility . Install and run the application and go to the main menu. For further work, it is necessary to select a token whose cryptographic mechanisms will be involved (recall that when working with PKCS12, a token is not needed): The



screenshot clearly shows what happens when you click on a button. If you click on the “other token” button, you will be prompted to select the PKCS # 11 library for your token. In two other cases, information is provided on the status of the selected token. How to connect a software token was mentioned in a previous article . Today we are interested in a cloud token.

Cloud Token Registration


Go to the “Connect PKCS # 11 Tokens” tab, find the “Create Cloud Token” item and download the LS11CloudToken-A application:



Install the downloaded application and launch it:



After filling in the fields on the "Register in the cloud" tab and clicking the "Register" button, the process of registering the token in the cloud begins. The registration process includes the creation of an initial filling of a random number sensor (NZDSCH). NZDSCH to add a "biological" randomness when generating the initial value includes the keyboard input of the user. This takes into account both the symbol input speed and the correct input:



After registering in the cloud, you can check the status of the token in the cloud:



After successful registration in the cloud, exit the LS11CloudToken-A application, return to the cryptoarmpkcs-A application and check the status of the cloud token again:



Checking for a cloud token confirmed that we successfully registered in the cloud and we need to initialize our own cloud token in it.

Cloud Token Initialization


This initialization is no different from the initialization of any other token, for example, a software token .



And then everything is as usual, we put the personal certificate, for example from the PKCS12 container , into the cloud token and use it to sign the document:



You can also generate a certificate request (tab "Certificate Request"):



With the created request, go to the certification center, get there certificate and import it token:

More articles:


All Articles