UTM + Rutoken + Debian 11

**Артемий** · 2021-12-04 12:07:08

Артемий
Посетитель
Неактивен

UTM + Rutoken + Debian 11

Доброго дня!

В организации установлены 4 УТМ, работающие с USB-токенами Рутокен (Рутокен ЭЦП 2.0 (2000), версия 20.05.23.02 (03)).
Переносим УТМ с Windows-станций на Linux (Debian 11 | Linux utm-2 5.10.0-9-amd64 x86_64 GNU/Linux).
Три УТМ перенесли без проблем, с одним есть проблема.

На Windows 10 1903 x64 установлен УТМ 4.2.0, работает без проблем. При подключении токена с этого УТМ к Linux и попытке запустить УТМ возникают ошибки, связанные с библиотекой librtpkcs11ecp.so.
Данный токен подключал к трём другим компьютерам с Linux, чтобы исключить аппаратные проблемы с USB-портом, - картина такая же. Подключал токен строго в USB2.0
Все три других токена работают на всех 4-х компьютерах с Linux без проблем.
Привожу выводы файлов журналов.

**Артемий** · 2021-12-04 12:12:56

Артемий
Посетитель
Неактивен

Re: UTM + Rutoken + Debian 11

- /var/log/utm-trans.out.log:

Information for provider SunPKCS11-TransportTerminal
Library info:
  cryptokiVersion: 2.20
  manufacturerID: Aktiv Co.                       
  flags: 0
  libraryDescription: Rutoken ECP PKCS #11 library    
  libraryVersion: 1.08
All slots: 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14
Slots with tokens: 0
Slot info for slot 0:
  slotDescription: Aktiv Rutoken ECP 00 00                                         
  manufacturerID:                                 
  flags: CKF_TOKEN_PRESENT | CKF_REMOVABLE_DEVICE | CKF_HW_SLOT
  hardwareVersion: 0.00
  firmwareVersion: 0.00
Token info for token in slot 0:
  label: Rutoken ECP <no label>          
  manufacturerID: Aktiv Co.                       
  model: Rutoken ECP     
  serialNumber: 38e9840a        
  flags: CKF_RNG | CKF_LOGIN_REQUIRED | CKF_USER_PIN_INITIALIZED | CKF_TOKEN_INITIALIZED | CKF_USER_PIN_TO_BE_CHANGED | CKF_SO_PIN_TO_BE_CHANGED
  ulMaxSessionCount: CK_EFFECTIVELY_INFINITE
  ulSessionCount: 0
  ulMaxRwSessionCount: CK_EFFECTIVELY_INFINITE
  ulRwSessionCount: 0
  ulMaxPinLen: 32
  ulMinPinLen: 6
  ulTotalPublicMemory: 65536
  ulFreePublicMemory: 47648
  ulTotalPrivateMemory: 65536
  ulFreePrivateMemory: 47648
  hardwareVersion: 20.05
  firmwareVersion: 23.02
  utcTime:  java/lang/Obj
Mechanism CKM_RSA_PKCS_KEY_PAIR_GEN:
  ulMinKeySize: 512
  ulMaxKeySize: 2048
  flags: 65537 = CKF_HW | CKF_GENERATE_KEY_PAIR
Mechanism CKM_RSA_PKCS:
  ulMinKeySize: 512
  ulMaxKeySize: 2048
  flags: 11009 = CKF_HW | CKF_ENCRYPT | CKF_DECRYPT | CKF_SIGN | CKF_VERIFY
Mechanism CKM_RSA_PKCS_OAEP:
  ulMinKeySize: 512
  ulMaxKeySize: 2048
  flags: 769 = CKF_HW | CKF_ENCRYPT | CKF_DECRYPT
Mechanism CKM_MD5:
  ulMinKeySize: 0
  ulMaxKeySize: 0
  flags: 1024 = CKF_DIGEST
Mechanism CKM_SHA_1:
  ulMinKeySize: 0
  ulMaxKeySize: 0
  flags: 1024 = CKF_DIGEST
Mechanism Unknown 0x0000000000001200:
  ulMinKeySize: 0
  ulMaxKeySize: 0
  flags: 65537 = CKF_HW | CKF_GENERATE_KEY_PAIR
Mechanism Unknown 0x0000000000001201:
  ulMinKeySize: 0
  ulMaxKeySize: 0
  flags: 10241 = CKF_HW | CKF_SIGN | CKF_VERIFY
Mechanism Unknown 0x0000000000001204:
  ulMinKeySize: 0
  ulMaxKeySize: 0
  flags: 524289 = CKF_HW | CKF_DERIVE
Mechanism Unknown 0x00000000D4321005:
  ulMinKeySize: 0
  ulMaxKeySize: 0
  flags: 65537 = CKF_HW | CKF_GENERATE_KEY_PAIR
Mechanism Unknown 0x00000000D4321006:
  ulMinKeySize: 0
  ulMaxKeySize: 0
  flags: 10241 = CKF_HW | CKF_SIGN | CKF_VERIFY
Mechanism Unknown 0x00000000D4321007:
  ulMinKeySize: 0
  ulMaxKeySize: 0
  flags: 524289 = CKF_HW | CKF_DERIVE
Mechanism Unknown 0x0000000000001210:
  ulMinKeySize: 0
  ulMaxKeySize: 0
  flags: 1025 = CKF_HW | CKF_DIGEST
Mechanism Unknown 0x00000000D4321012:
  ulMinKeySize: 0
  ulMaxKeySize: 0
  flags: 1025 = CKF_HW | CKF_DIGEST
Mechanism Unknown 0x00000000D4321013:
  ulMinKeySize: 0
  ulMaxKeySize: 0
  flags: 1025 = CKF_HW | CKF_DIGEST
Mechanism Unknown 0x0000000000001202:
  ulMinKeySize: 0
  ulMaxKeySize: 0
  flags: 3073 = CKF_HW | CKF_DIGEST | CKF_SIGN
Mechanism Unknown 0x00000000D4321008:
  ulMinKeySize: 0
  ulMaxKeySize: 0
  flags: 3073 = CKF_HW | CKF_DIGEST | CKF_SIGN
Mechanism Unknown 0x00000000D4321009:
  ulMinKeySize: 0
  ulMaxKeySize: 0
  flags: 3073 = CKF_HW | CKF_DIGEST | CKF_SIGN
Mechanism Unknown 0x0000000000001224:
  ulMinKeySize: 0
  ulMaxKeySize: 0
  flags: 393217 = CKF_HW | CKF_WRAP | CKF_UNWRAP
Mechanism Unknown 0x0000000000001221:
  ulMinKeySize: 0
  ulMaxKeySize: 0
  flags: 769 = CKF_HW | CKF_ENCRYPT | CKF_DECRYPT
Mechanism Unknown 0x0000000000001222:
  ulMinKeySize: 0
  ulMaxKeySize: 0
  flags: 769 = CKF_HW | CKF_ENCRYPT | CKF_DECRYPT
Mechanism Unknown 0x0000000000001220:
  ulMinKeySize: 0
  ulMaxKeySize: 0
  flags: 32769 = CKF_HW | CKF_GENERATE
Mechanism Unknown 0x0000000000001223:
  ulMinKeySize: 0
  ulMaxKeySize: 0
  flags: 10241 = CKF_HW | CKF_SIGN | CKF_VERIFY
Mechanism Unknown 0x00000000D4321014:
  ulMinKeySize: 0
  ulMaxKeySize: 0
  flags: 10240 = CKF_SIGN | CKF_VERIFY
Mechanism Unknown 0x00000000D4321015:
  ulMinKeySize: 0
  ulMaxKeySize: 0
  flags: 10240 = CKF_SIGN | CKF_VERIFY
Mechanism Unknown 0x0000000000001211:
  ulMinKeySize: 0
  ulMaxKeySize: 0
  flags: 10240 = CKF_SIGN | CKF_VERIFY
#
# A fatal error has been detected by the Java Runtime Environment:
#
#  SIGSEGV (0xb) at pc=0xf7e419eb, pid=12863, tid=0xf6dbfb40
#
# JRE version: Java(TM) SE Runtime Environment (8.0_181-b13) (build 1.8.0_181-b13)
# Java VM: Java HotSpot(TM) Server VM (25.181-b13 mixed mode linux-x86 )
# Problematic frame:
# C  [libc.so.6+0x14d9eb]
#
# Failed to write core dump. Core dumps have been disabled. To enable core dumping, try "ulimit -c unlimited" before starting Java again
#
# An error report file with more information is saved as:
# //hs_err_pid12863.log
#
# If you would like to submit a bug report, please visit:
#   http://bugreport.java.com/bugreport/crash.jsp
# The crash happened outside the Java Virtual Machine in native code.
# See problematic frame for where to report the bug.
#
Information for provider SunPKCS11-TransportTerminal
Library info:
  cryptokiVersion: 2.20
  manufacturerID: Aktiv Co.                       
  flags: 0
  libraryDescription: Rutoken ECP PKCS #11 library    
  libraryVersion: 1.08
All slots: 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14
Slots with tokens: 0
Slot info for slot 0:
  slotDescription: Aktiv Rutoken ECP 00 00                                         
  manufacturerID:                                 
  flags: CKF_TOKEN_PRESENT | CKF_REMOVABLE_DEVICE | CKF_HW_SLOT
  hardwareVersion: 0.00
  firmwareVersion: 0.00
Token info for token in slot 0:
  label: Rutoken ECP <no label>          
  manufacturerID: Aktiv Co.                       
  model: Rutoken ECP     
  serialNumber: 38e9840a        
  flags: CKF_RNG | CKF_LOGIN_REQUIRED | CKF_USER_PIN_INITIALIZED | CKF_TOKEN_INITIALIZED | CKF_USER_PIN_TO_BE_CHANGED | CKF_SO_PIN_TO_BE_CHANGED
  ulMaxSessionCount: CK_EFFECTIVELY_INFINITE
  ulSessionCount: 0
  ulMaxRwSessionCount: CK_EFFECTIVELY_INFINITE
  ulRwSessionCount: 0
  ulMaxPinLen: 32
  ulMinPinLen: 6
  ulTotalPublicMemory: 65536
  ulFreePublicMemory: 47648
  ulTotalPrivateMemory: 65536
  ulFreePrivateMemory: 47648
  hardwareVersion: 20.05
  firmwareVersion: 23.02
  utcTime:  java/lang/Obj
Mechanism CKM_RSA_PKCS_KEY_PAIR_GEN:
  ulMinKeySize: 512
  ulMaxKeySize: 2048
  flags: 65537 = CKF_HW | CKF_GENERATE_KEY_PAIR
Mechanism CKM_RSA_PKCS:
  ulMinKeySize: 512
  ulMaxKeySize: 2048
  flags: 11009 = CKF_HW | CKF_ENCRYPT | CKF_DECRYPT | CKF_SIGN | CKF_VERIFY
Mechanism CKM_RSA_PKCS_OAEP:
  ulMinKeySize: 512
  ulMaxKeySize: 2048
  flags: 769 = CKF_HW | CKF_ENCRYPT | CKF_DECRYPT
Mechanism CKM_MD5:
  ulMinKeySize: 0
  ulMaxKeySize: 0
  flags: 1024 = CKF_DIGEST
Mechanism CKM_SHA_1:
  ulMinKeySize: 0
  ulMaxKeySize: 0
  flags: 1024 = CKF_DIGEST
Mechanism Unknown 0x0000000000001200:
  ulMinKeySize: 0
  ulMaxKeySize: 0
  flags: 65537 = CKF_HW | CKF_GENERATE_KEY_PAIR
Mechanism Unknown 0x0000000000001201:
  ulMinKeySize: 0
  ulMaxKeySize: 0
  flags: 10241 = CKF_HW | CKF_SIGN | CKF_VERIFY
Mechanism Unknown 0x0000000000001204:
  ulMinKeySize: 0
  ulMaxKeySize: 0
  flags: 524289 = CKF_HW | CKF_DERIVE
Mechanism Unknown 0x00000000D4321005:
  ulMinKeySize: 0
  ulMaxKeySize: 0
  flags: 65537 = CKF_HW | CKF_GENERATE_KEY_PAIR
Mechanism Unknown 0x00000000D4321006:
  ulMinKeySize: 0
  ulMaxKeySize: 0
  flags: 10241 = CKF_HW | CKF_SIGN | CKF_VERIFY
Mechanism Unknown 0x00000000D4321007:
  ulMinKeySize: 0
  ulMaxKeySize: 0
  flags: 524289 = CKF_HW | CKF_DERIVE
Mechanism Unknown 0x0000000000001210:
  ulMinKeySize: 0
  ulMaxKeySize: 0
  flags: 1025 = CKF_HW | CKF_DIGEST
Mechanism Unknown 0x00000000D4321012:
  ulMinKeySize: 0
  ulMaxKeySize: 0
  flags: 1025 = CKF_HW | CKF_DIGEST
Mechanism Unknown 0x00000000D4321013:
  ulMinKeySize: 0
  ulMaxKeySize: 0
  flags: 1025 = CKF_HW | CKF_DIGEST
Mechanism Unknown 0x0000000000001202:
  ulMinKeySize: 0
  ulMaxKeySize: 0
  flags: 3073 = CKF_HW | CKF_DIGEST | CKF_SIGN
Mechanism Unknown 0x00000000D4321008:
  ulMinKeySize: 0
  ulMaxKeySize: 0
  flags: 3073 = CKF_HW | CKF_DIGEST | CKF_SIGN
Mechanism Unknown 0x00000000D4321009:
  ulMinKeySize: 0
  ulMaxKeySize: 0
  flags: 3073 = CKF_HW | CKF_DIGEST | CKF_SIGN
Mechanism Unknown 0x0000000000001224:
  ulMinKeySize: 0
  ulMaxKeySize: 0
  flags: 393217 = CKF_HW | CKF_WRAP | CKF_UNWRAP
Mechanism Unknown 0x0000000000001221:
  ulMinKeySize: 0
  ulMaxKeySize: 0
  flags: 769 = CKF_HW | CKF_ENCRYPT | CKF_DECRYPT
Mechanism Unknown 0x0000000000001222:
  ulMinKeySize: 0
  ulMaxKeySize: 0
  flags: 769 = CKF_HW | CKF_ENCRYPT | CKF_DECRYPT
Mechanism Unknown 0x0000000000001220:
  ulMinKeySize: 0
  ulMaxKeySize: 0
  flags: 32769 = CKF_HW | CKF_GENERATE
Mechanism Unknown 0x0000000000001223:
  ulMinKeySize: 0
  ulMaxKeySize: 0
  flags: 10241 = CKF_HW | CKF_SIGN | CKF_VERIFY
Mechanism Unknown 0x00000000D4321014:
  ulMinKeySize: 0
  ulMaxKeySize: 0
  flags: 10240 = CKF_SIGN | CKF_VERIFY
Mechanism Unknown 0x00000000D4321015:
  ulMinKeySize: 0
  ulMaxKeySize: 0
  flags: 10240 = CKF_SIGN | CKF_VERIFY
Mechanism Unknown 0x0000000000001211:
  ulMinKeySize: 0
  ulMaxKeySize: 0
  flags: 10240 = CKF_SIGN | CKF_VERIFY
#
# A fatal error has been detected by the Java Runtime Environment:
#
#  SIGSEGV (0xb) at pc=0xa1ead0e1, pid=12886, tid=0xf6db8b40
#
# JRE version: Java(TM) SE Runtime Environment (8.0_181-b13) (build 1.8.0_181-b13)
# Java VM: Java HotSpot(TM) Server VM (25.181-b13 mixed mode linux-x86 )
# Problematic frame:
# C  [librtpkcs11ecp.so+0x4f0e1]
#
# Failed to write core dump. Core dumps have been disabled. To enable core dumping, try "ulimit -c unlimited" before starting Java again
#
# An error report file with more information is saved as:
# //hs_err_pid12886.log
#
# If you would like to submit a bug report, please visit:
#   http://bugreport.java.com/bugreport/crash.jsp
# The crash happened outside the Java Virtual Machine in native code.
# See problematic frame for where to report the bug.
#

**Артемий** · 2021-12-04 12:16:39

Артемий
Посетитель
Неактивен

Re: UTM + Rutoken + Debian 11

- /opt/utm/transport/l/transport_info.log:

$$\   $$\  $$$$$$$$\  $$\      $$\ 
 $$ |  $$ | \__$$  __| $$$\    $$$ |
 $$ |  $$ |    $$ |    $$$$\  $$$$ |
 $$ |  $$ |    $$ |    $$\$$\$$ $$ |
 $$ |  $$ |    $$ |    $$ \$$$  $$ |
 $$ |  $$ |    $$ |    $$ |\$  /$$ |
 \$$$$$$  |    $$ |    $$ | \_/ $$ |
  \______/     \__|    \__|     \__|
 
                    4.2.0b002463 


 Java HotSpot(TM) Server VM Oracle Corporation 1.8.0_181 x32        
 Linux i386 v5.10.0-9-amd64    



2021-12-03 13:15:47,950 INFO  org.hibernate.validator.internal.util.Version - HV000001: Hibernate Validator 6.1.6.Final
2021-12-03 13:15:48,497 INFO  ru.centerinform.transport.backbone.Transport - Starting Transport using Java 1.8.0_181 on utm-2 with PID 12886 (/opt/utm/transport/lib/terminal-backbone-4.2.0.jar started by root in /)
2021-12-03 13:15:48,497 INFO  ru.centerinform.transport.backbone.Transport - The following profiles are active: prod
2021-12-03 13:15:49,507 INFO  org.springframework.data.repository.config.RepositoryConfigurationDelegate - Bootstrapping Spring Data JPA repositories in DEFAULT mode.
2021-12-03 13:15:49,608 INFO  org.springframework.data.repository.config.RepositoryConfigurationDelegate - Finished Spring Data repository scanning in 89 ms. Found 11 JPA repository interfaces.
2021-12-03 13:15:50,713 INFO  org.springframework.boot.web.embedded.tomcat.TomcatWebServer - Tomcat initialized with port(s): 8080 (http)
2021-12-03 13:15:50,727 INFO  org.apache.coyote.http11.Http11NioProtocol - Initializing ProtocolHandler ["http-nio-8080"]
2021-12-03 13:15:50,727 INFO  org.apache.catalina.core.StandardService - Starting service [Tomcat]
2021-12-03 13:15:50,727 INFO  org.apache.catalina.core.StandardEngine - Starting Servlet engine: [Apache Tomcat/9.0.41]
2021-12-03 13:15:50,810 INFO  org.apache.catalina.core.ContainerBase.[Tomcat].[localhost].[/] - Initializing Spring embedded WebApplicationContext
2021-12-03 13:15:50,811 INFO  org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext - Root WebApplicationContext: initialization completed in 2271 ms
2021-12-03 13:15:51,288 INFO  ru.centerinform.transport.pki.key.KeyMaster - Найден слот смарт-карты [0:Rutoken ECP     ]

**Артемий** · 2021-12-04 12:26:42

Артемий
Посетитель
Неактивен

Re: UTM + Rutoken + Debian 11

Насколько понимаю, дело в токене или сертификате.
Подскажите, пожалуйста, в чём может быть проблема?

**Николай Киблицкий** · 2021-12-06 12:34:52

Николай Киблицкий
Техническая поддержка
Неактивен

Re: UTM + Rutoken + Debian 11

Здравствуйте, Артемий.
Можем ли мы подключиться к ПК с Windows удаленно? Если это возможно запустите AnyDesk и сообщите данные для подключения ответным письмом или по телефону +7 (495) 925-77-90.

**Артемий** · 2021-12-07 10:34:14

Артемий
Посетитель
Неактивен

Re: UTM + Rutoken + Debian 11

Николай Киблицкий, доброго дня!
AnyDesk ID: 419 571 911.

**Артемий** · 2021-12-10 15:15:18

Артемий
Посетитель
Неактивен

Re: UTM + Rutoken + Debian 11

Техподдержка АО "Центр Информ" оказывает услуги на платной основе, поэтому помогать нам не стали.
Заказали новые токены в связи со сменой руководства, вчера установил - заработали все 4 УТМ на Linux с новыми токенами без проблем.
В чём дело с одним токеном или сертификатами на нём - большая загадка.

**Николай Киблицкий** · 2021-12-10 18:30:20

Николай Киблицкий
Техническая поддержка
Неактивен

Re: UTM + Rutoken + Debian 11

Артемий, вы можете прислать проблемный токен нам на экспертизу через компанию в которой приобретали токен?
Попробуем по тестировать носитель и более точно диагностировать проблему.

**Артемий** · 2021-12-11 13:59:37

Артемий
Посетитель
Неактивен

Re: UTM + Rutoken + Debian 11

Николай Киблицкий, да, на следующей неделе данным вопросом займусь. Благодарю за помощь!

UTM + Rutoken + Debian 11

Сообщений 9

#1 Тема от Артемий 2021-12-04 12:07:08 (2021-12-04 15:54:51 отредактировано Артемий)

UTM + Rutoken + Debian 11

#2 Ответ от Артемий 2021-12-04 12:12:56

Re: UTM + Rutoken + Debian 11

#3 Ответ от Артемий 2021-12-04 12:16:39

Re: UTM + Rutoken + Debian 11

#4 Ответ от Артемий 2021-12-04 12:26:42 (2021-12-04 15:55:39 отредактировано Артемий)

Re: UTM + Rutoken + Debian 11

#5 Ответ от Николай Киблицкий 2021-12-06 12:34:52 (2021-12-06 13:09:47 отредактировано Николай Киблицкий)

Re: UTM + Rutoken + Debian 11

#6 Ответ от Артемий 2021-12-07 10:34:14 (2021-12-07 12:01:13 отредактировано Артемий)

Re: UTM + Rutoken + Debian 11

#7 Ответ от Артемий 2021-12-10 15:15:18

Re: UTM + Rutoken + Debian 11

#8 Ответ от Николай Киблицкий 2021-12-10 18:30:20

Re: UTM + Rutoken + Debian 11

#9 Ответ от Артемий 2021-12-11 13:59:37

Re: UTM + Rutoken + Debian 11

Сообщений 9