Date: Thu, 28 Mar 2024 20:41:00 +0300 (MSK) Message-ID: <1926036979.11885.1711647660966@dev.rutoken.ru> Subject: Exported From Confluence MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_Part_11884_1829284102.1711647660965" ------=_Part_11884_1829284102.1711647660965 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Content-Location: file:///C:/exported.html
=D0=92 =D0=B4=D0=B0=D0=BD=D0= =BD=D0=BE=D0=B9 =D1=81=D1=82=D0=B0=D1=82=D1=8C=D0=B5 =D0=BE=D0=BF=D0=B8=D1= =81=D0=B0=D0=BD=D0=BE, =D0=BA=D0=B0=D0=BA =D0=BF=D0=BE=D0=B4=D0=B3=D0=BE=D1= =82=D0=BE=D0=B2=D0=B8=D1=82=D1=8C =D0=A0=D1=83=D1=82=D0=BE=D0=BA=D0=B5=D0= =BD =D0=AD=D0=A6=D0=9F =D0=B4=D0=BB=D1=8F =D1=80=D0=B0=D0=B1=D0=BE=D1=82=D1= =8B =D0=B2 =D0=BA=D0=B0=D1=87=D0=B5=D1=81=D1=82=D0=B2=D0=B5 =D0=BD=D0=BE=D1= =81=D0=B8=D1=82=D0=B5=D0=BB=D1=8F =D0=BA=D0=BB=D1=8E=D1=87=D0=B5=D0=B9 =D0= =BF=D1=80=D0=B8 =D1=88=D0=B8=D1=84=D1=80=D0=BE=D0=B2=D0=B0=D0=BD=D0=B8=D0= =B8 =D1=80=D0=B0=D0=B7=D0=B4=D0=B5=D0=BB=D0=BE=D0=B2 =D0=B2 Linux =D1=81 = =D0=BF=D0=BE=D0=BC=D0=BE=D1=89=D1=8C=D1=8E Luks.
=D0=98=D1=81=D0=BF=D0=BE=D0=BB=D1=8C= =D0=B7=D0=BE=D0=B2=D0=B0=D0=BD=D0=B8=D0=B5 =D1=81=D0=BC=D0=B0=D1=80=D1=82-= =D0=BA=D0=B0=D1=80=D1=82 =D0=BE=D0=BF=D0=B8=D1=81=D0=B0=D0=BD=D0=BE =D0=BF= =D0=BE =D1=81=D1=81=D1=8B=D0=BB=D0=BA=D0=B5: https://github.com/swoopla/smartcard-luks= p>
=D0=94=D0=BB=D1=8F =D0=A0=D1=83=D1=82= =D0=BE=D0=BA=D0=B5=D0=BD =D0=AD=D0=A6=D0=9F =D0=BF=D1=80=D0=BE=D1=86=D0=B5= =D1=81=D1=81 =D0=BF=D0=BE=D0=B4=D0=B3=D0=BE=D1=82=D0=BE=D0=B2=D0=BA=D0=B8 = =D0=B2=D1=8B=D0=B3=D0=BB=D1=8F=D0=B4=D0=B8=D1=82 =D1=81=D0=BB=D0=B5=D0=B4= =D1=83=D1=8E=D1=89=D0=B8=D0=BC =D0=BE=D0=B1=D1=80=D0=B0=D0=B7=D0=BE=D0=BC:<= /span>
=D0=A3=D1=81=D1=82=D0=B0=D0=BD=D0= =BE=D0=B2=D0=BA=D0=B0 =D0=BF=D0=B0=D0=BA=D0=B5=D1=82=D0=BE=D0=B2 =D0=B4=D0= =BB=D1=8F =D1=80=D0=B0=D0=B1=D0=BE=D1=82=D1=8B =D1=81=D0=BE =D1=81=D0=BC=D0= =B0=D1=80=D1=82-=D0=BA=D0=B0=D1=80=D1=82=D0=B0=D0=BC=D0=B8
=D0=A4=D0=BE=D1=80=D0=BC=D0=B0=D1= =82=D0=B8=D1=80=D1=83=D0=B5=D0=BC =D0=A0=D1=83=D1=82=D0=BE=D0=BA=D0=B5=D0= =BD =D0=AD=D0=A6=D0=9F 2.0
= $ pkcs15-init --erase-card -p rutoken_ecp
=D0=98=D0=BD=D0=B8=D1=86=D0=B8=D0= =B0=D0=BB=D0=B8=D0=B7=D0=B8=D1=80=D1=83=D0=B5=D0=BC =D0=A0=D1=83=D1=82=D0= =BE=D0=BA=D0=B5=D0=BD =D0=AD=D0=A6=D0=9F
$ pkcs15-init --create-pkcs15 --so-pin "87654321" --so-pu=
k ""
$ pkcs15-init --store-pin --label "User PIN" --auth-=
id 02 --pin "12345678" --puk "" --so-pin "87654321" --finalize<=
/span>
=D0=A1=D0=BE=D0=B7=D0=B4=D0=B0=D0= =B5=D0=BC =D0=BA=D0=BB=D1=8E=D1=87=D0=B5=D0=B2=D1=83=D1=8E =D0=BF=D0=B0=D1= =80=D1=83 =D0=BD=D0=B0 =D0=A0=D1=83=D1=82=D0=BE=D0=BA=D0=B5=D0=BD =D0= =AD=D0=A6=D0=9F 2.0
$ p= kcs15-init -G rsa/2048 --auth-id 02 -u decrypt --id 01
=D0=A1=D0=BE=D0=B7=D0=B4=D0=B0=D0= =B5=D0=BC =D1=81=D0=BB=D1=83=D1=87=D0=B0=D0=B9=D0=BD=D1=8B=D0=B9 =D1=84=D0= =B0=D0=B9=D0=BB =D0=B8 =D0=BF=D1=80=D0=B8=D0=B2=D1=8F=D0=B7=D1=8B=D0=B2=D0= =B0=D0=B5=D0=BC =D0=B5=D0=B3=D0=BE =D0=B2 =D0=BA=D0=B0=D1=87=D0=B5=D1=81=D1= =82=D0=B2=D0=B5 =D0=BA=D0=BB=D1=8E=D1=87=D0=B5=D0=B2=D0=BE=D0=B3=D0=BE =D0= =BA Luks
$ sudo touch /= boot/rootkey
$ sud= o chmod 600 /boot/rootkey
$ sudo dd if=3D/dev/random of=3D/boot/rootkey bs=3D1 count=3D245 #c= hange to urandom if you can't wait
$ sudo cryptsetup luksAddKey /dev/sda2 /boot/rootkey<= /span>
=D0=AD=D0=BA=D1=81=D0=BF=D0=BE=D1= =80=D1=82=D0=B8=D1=80=D1=83=D0=B5=D0=BC =D0=BE=D1=82=D0=BA=D1=80=D1=8B=D1= =82=D1=8B=D0=B9 =D0=BA=D0=BB=D1=8E=D1=87 =D0=B8=D0=B7 =D0=A0=D1=83=D1=82=D0= =BE=D0=BA=D0=B5=D0=BD =D0=AD=D0=A6=D0=9F
$ pkcs15-tool --read-public-key 01 -o public_key_rsa2048.= pem
=D0=92 =D0=B2=D0=B5=D1=80=D1=81=D0=B8= =D0=B8 openssl 3.0 =D0=B8 =D0=B2=D1=8B=D1=88=D0=B5, =D0=BD=D0=B5=D0=BE=D0= =B1=D1=85=D0=BE=D0=B4=D0=B8=D0=BC=D0=BE =D0=B8=D1=81=D0=BF=D0=BE=D0=BB=D1= =8C=D0=B7=D0=BE=D0=B2=D0=B0=D1=82=D1=8C =D0=BA=D0=BE=D0=BC=D0=B0=D0=BD=D0= =B4=D1=83:
sudo openssl pkeyutl -encrypt -pu= bin -inkey public_key_rsa2048.pem -in /boot/rootkey -out /boot/rootkey.enc<= /span>
=D0=94=D0=B0=D0=BB=D0=B5=D0=B5 =
=D0=BF=D1=80=D0=BE=D0=B4=D0=BE=D0=BB=D0=B6=D0=B8=D1=82=D1=8C =D0=BD=D0=B0=
=D1=81=D1=82=D1=80=D0=BE=D0=B9=D0=BA=D1=83 =D0=BF=D0=BE =D0=B8=D0=BD=D1=81=D1=82=D1=80=D1=83=
=D0=BA=D1=86=D0=B8=D0=B8:
1) =D0=92=D1=8B=D0=BF=D0=BE=D0=BB=D0=BD=D0=B8=D1=82=D1=8C =D0=BF=D1=83=D0=
=BD=D0=BA=D1=82 8. =D0=97=D0=B0=D1=88=D0=B8=D1=84=D1=80=D0=BE=D0=B2=
=D0=B0=D0=BD=D0=BD=D1=8B=D0=B9 =D0=BA=D0=BB=D1=8E=D1=87 =D0=BC=D0=BE=D0=B6=
=D0=B5=D1=82 =D0=BB=D0=B5=D0=B6=D0=B0=D1=82=D1=8C =D0=B8=D0=BB=D0=B8 =D0=B2=
/boot, =D0=B8=D0=BB=D0=B8 =D0=B2 initramfs =D0=B8=D0=BB=D0=B8 =D0=B2 =D0=
=BB=D1=8E=D0=B1=D0=BE=D0=BC =D0=B4=D1=80=D1=83=D0=B3=D0=BE=D0=BC =D0=BC=D0=
=B5=D1=81=D1=82=D0=B5. =D0=95=D0=B3=D0=BE =D0=BC=D0=B5=D1=81=D1=82=D0=BE=D0=
=BD=D0=B0=D1=85=D0=BE=D0=B6=D0=B4=D0=B5=D0=BD=D0=B8=D0=B5 =D0=BD=D1=83=D0=
=B6=D0=BD=D0=BE =D0=BE=D0=BF=D0=B8=D1=81=D0=B0=D1=82=D1=8C =D0=B2 crypttab.=
2) =D0=97=D0=B0=D1=82=D0=B5=D0=BC =D1=88=D0=B0=D0=
=B3 13 (=D0=B1=D0=B5=D0=B7 =D0=BF=D0=B0=D1=82=D1=87=D0=B0 decrypt_opensc).&=
nbsp; =D0=A3=D0=B1=D0=B5=D0=B4=D0=B8=D1=82=D1=8C=D1=81=D1=8F, =D1=87=D1=82=
=D0=BE =D0=B2 initramfs =D0=BF=
=D0=BE=D0=BF=D0=B0=D0=BB /root/luks-secret.key (=D0=BF=D0=BE=D1=81=D0=BC=D0=
=BE=D1=82=D1=80=D0=B5=D1=82=D1=8C =D1=81=D0=BE=D0=B4=D0=B5=D1=80=D0=B6=D0=
=B8=D0=BC=D0=BE=D0=B5 initramfs =D0=BC=D0=BE=D0=B6=D0=BD=D0=BE =D1=81 =D0=
=BF=D0=BE=D0=BC=D0=BE=D1=89=D1=8C=D1=8E =D1=83=D1=82=D0=B8=D0=BB=D0=B8=D1=
=82=D1=8B lsinitramfs)