Answer the question
In order to leave comments, you need to log in
E
E
EVOSandru62017-04-12 09:45:19
EVOSandru6, 2017-04-12 09:45:19
Is it possible to authorize on the site using the digital signature?
Good afternoon,
Is there an API for developers so that visitors to their site can log in using an EDS? For example, when authorizing, a user loads his private/public key during registration/authorization. Next comes a certain request to the state portal and, based on the results of the response, I let the user into the system or not. Is it possible? Is it legal? Kazakhstan - egov.kz
4 answer(s)
@webirus
@Rema1ns
@Mi7teR
in no way possible.
you can check the validity of the signature with the nunc root certificate www.pki.gov.kz/index.php/ru , the
key file itself cannot be uploaded anywhere. On the user side, you can sign a file, a string, anything, and then check the signature through a cryptographic provider that works with NCA RK certificates.
You need to either write a crypto provider yourself in accordance with ST RK 1073-2007, or use an existing one, for example gamma.kz/product/3
@CityCat4
This is something you should never do! The private key should not be uploaded anywhere at all - leaking the private key means that whoever got it will be able to act as the one whose key he got and there will be no way to recognize them (from each other) . Key authentication is based on the fact that the entity being authenticated uniquely owns the key.
S
Sergey Goryachev, 2017-04-12 @webirus
On account of legality.
Well, you're not making a site for the schoolboy Petya, who doesn't know the laws. And for the public services portal.
What, lawyers capable of answering this question were not found?
You should not pour such questions on the Toaster, there are few professional lawyers here.
And even fewer of those who really want to fully substantiate their answer with excerpts from the laws.
And about the EDS, again.
It is more logical to ask on a more thematic forum, and even better in the support service of a certification center.
Perhaps this will give you ideas.
https://habrahabr.ru/post/123372/
N
Nikita, 2017-04-12 @Rema1ns
I can't speak for legality.
About the implementation, crypto pro has a plugin for working with encryption in the browser, it supports digital signature, the client must have a key with a container. read here
M
Mi7teR, 2017-04-12 @Mi7teR
user loads when logging in
in no way possible.
you can check the validity of the signature with the nunc root certificate www.pki.gov.kz/index.php/ru , the
key file itself cannot be uploaded anywhere. On the user side, you can sign a file, a string, anything, and then check the signature through a cryptographic provider that works with NCA RK certificates.
You need to either write a crypto provider yourself in accordance with ST RK 1073-2007, or use an existing one, for example gamma.kz/product/3
C
CityCat4, 2017-04-12 @CityCat4
when logging in, the user loads his private /
This is something you should never do! The private key should not be uploaded anywhere at all - leaking the private key means that whoever got it will be able to act as the one whose key he got and there will be no way to recognize them (from each other) . Key authentication is based on the fact that the entity being authenticated uniquely owns the key.
Similar questions
S
I
N
M
S
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question