Hello, this is IT Center Blog.
Company news from the first hand: everything that happened in IT Center yesterday, the day before yesterday and last Thursday. All publications are cleaned from white noise and synchronized with RSS feed.
Tags
All images © 2009–2023 www.svetlanalarina.com
Unauthorized use and/or duplication of text, photo and video material without express and written permission from IT Center Blog’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to IT Center Blog with appropriate and specific direction to the original content.
The Key For The Correct Interacting With EGAIS
In 2016, the engineers of IT Center set up the workplace of the operator of EGAIS system in a new online format at the time. The work was carried out within the framework of the project of our Client, the main specialization of which is the sale of alcohol products.
There are servers within the structure of Rosalkogolregulirovaniya to account for the movement of alcohol products on the territory of Russia. These servers maintain the accountign database EGAIS. The operator of the Client connects to this system and enters there all the necessary information.
In 2016, to connect to the EGAIS, there was only one possibility — through the keys of Aladdin JaCarta. We will not discuss the functional of the system in this article, let's say just a few words about the key features.
UTM EGAIS failures and CKR_FUNCTION_FAILED error
Approximately six months after the work of the ‘JaCarta-EGAIS’ bundle, IT Center Cloud monitoring system began to record incomprehensible failures. The UTM server, one of the main nodes on the client side, which encrypts and decrypts calls to the EGAIS server, began to issue a CKR_FUNCTION_FAILED error.
Shutting down the UTM server for 5-10 minutes gave only a few hours of operation without failures, and then it all started again. Continue to work in this mode became impossible.
Rutoken 2.0 as a solution to the problem
We tried everything, up to the replacement of the server. But it turned out that the annoying mistake was connected with the constructive defect of JaCarta's keys. The key area where the transport crypto pair is stored was designed, apparently, without taking into account a large number of read cycles.
The manufacturer, to our great regret, did not withdraw this lot of keys and change it to new ones, which, we hope, are deprived of these constructive features. Therefore, we have transferred the Client's project to a new key, which became Rutoken EDS 2.0, a USB token supporting new Russian cryptographic standards GOST R 34.10-2012, GOST R 34.11-2012, VKO GOST R 34.10-2012 (RFC 7836) with a key length of 256 and 512 bits. After that, the engineers of IT Center generated a new basic electronic-digital signature, a new transport EDS, and re-configured the UTM server.
The updated configuration works for two months. Two months — and not a single failure in the work of the UTM EGAIS server.
