IT Center Blog: Security Key For EGAIS Connection
IT-Center Logo
IT Center site title

Hello, this is IT Center Blog.

Company news from the first hand: everything that happened in IT Center yesterday, the day before yesterday and last Thursday. All publications are cleaned from white noise and synchronized with RSS feed.

Useful Mailing

IT tips and cases for your business, every 10 days, without water, without spam.



Recent

Tags

The Key For The Correct Interacting With EGAIS

25.09.2017
infographic about EGAIS connection

In 2016, the engineers of IT Center set up the workplace of the operator of EGAIS system in a new online format at the time. The work was carried out within the framework of the project of our Client, the main specialization of which is the sale of alcohol products.

There are servers within the structure of Rosalkogolregulirovaniya to account for the movement of alcohol products on the territory of Russia. These servers maintain the accountign database EGAIS. The operator of the Client connects to this system and enters there all the necessary information.

In 2016, to connect to the EGAIS, there was only one possibility — through the keys of Aladdin JaCarta. We will not discuss the functional of the system in this article, let's say just a few words about the key features.

UTM EGAIS failures and CKR_FUNCTION_FAILED error

Approximately six months after the work of the ‘JaCarta-EGAIS’ bundle, IT Center Cloud monitoring system began to record incomprehensible failures. The UTM server, one of the main nodes on the client side, which encrypts and decrypts calls to the EGAIS server, began to  issue a CKR_FUNCTION_FAILED error.

Shutting down the UTM server for 5-10 minutes gave only a few hours of operation without failures, and then it all started again. Continue to work in this mode became impossible.

Rutoken 2.0 as a solution to the problem

We tried everything, up to the replacement of the server. But it turned out that the annoying mistake was connected with the constructive defect of JaCarta's keys. The key area where the transport crypto pair is stored was designed, apparently, without taking into account a large number of read cycles.

The manufacturer, to our great regret, did not withdraw this lot of keys and change it to new ones, which, we hope, are deprived of these constructive features. Therefore, we have transferred the Client's project to a new key, which became Rutoken EDS 2.0, a USB token supporting new Russian cryptographic standards GOST R 34.10-2012, GOST R 34.11-2012, VKO GOST R 34.10-2012 (RFC 7836) with a key length of 256 and 512 bits. After that, the engineers of IT Center generated a new basic electronic-digital signature, a new transport EDS, and re-configured the UTM server.

The updated configuration works for two months. Two months — and not a single failure in the work of the UTM EGAIS server.

© 2009–2017 IT Center

129347, Moscow,
Prokhodchikov street 16, build 1,
Wesendorf Business Centre

tel.: +7 (495) 120-0-129
e-mail: info@it-cntr.com