Main Features |
Hardware | protected microcontroller with integrated non-volatile memory |
Interface | USB 1.1 interface+ |
EEPROM memory | From 32 to 128 Kbytes |
Overall dimensions | 58x16x8 mm |
Weight | 6.3 g |
Serial number | 32-bit serial number, unique |
Supported Operating | - Systems Microsoft Windows 10/2019/2016/8. 1/8/2012/7/2008 / Vista / 2003/XP,
- GNU / Linux,
- Apple macOS / OS X
|
Supported interfaces and standards |
PKCS#11 version 2.20, including the Russian profile (2.30 draft) | + |
Microsoft Crypto API | + |
PC/SC | + |
Microsoft Smartcard API | + |
USB CCID (work without installing drivers) | + |
ISO/IEC 7816 | ISO/IEC 7816-4, 7816-8, 7816-12 |
Cryptoprovider | Own Crypto Service Provider |
X. Certificates509 version 3 at the software level | + |
Cryptographic features |
Support for the GOST 28147-89 algorithm | + |
Support for the GOST R 34.10-2012 algorithm | + |
Support for the GOST R 34.10-2001 algorithm | + |
Support for GOST 34.11-2012 algorithm (256 and 512 bits) | + |
Support for the GOST 34.11-94 algorithm | + |
Generation of session keys (paired communication keys) | + |
Decoding - according to the EC El-Gamal scheme.
|
+ | algorithm support+ | Support algorithms DES (3DES), AES, RC2, RC4, MD4, MD5, SHA-1, SHA-256 | storing the exported keys in EF,
SHA-1, SHA-256, MD5 PKCS#11, RC4, MD4, MD5, SHA-1, SHA-256, 3DES, AES minidriver |
File system |
File structure is | built in the ISO/IEC 7816-4 |
Type of placement of file objects in memory (file system architecture) | using File Allocation Table (FAT) |
The number of folders and their nesting | level is limited by memory |
Number of file objects within the folder | to 255 inclusive |
Storing key information | file usage Rutoken Special File (RSF) files for the storage of encryption keys, certificates;
- : support 1024, 2048, 4096 bit keys, generate key pairs with custom quality control, import key pairs, form electronic signature.
- ECDSA with curves secp256k1 and secp256r1: generate key pairs with custom quality control, import key pairs, form electronic signature.
- Generating a sequence of random numbers of the needed length.
|
Owner authentication capabilities | - Two-factor authentification: when presenting the indetificator itself and when presenting a unique PIN.
- Support 3 categories of owners: Administrator, User, Guest.
- Support 2 global PIN-codes: Administrator PIN and User PIN.
- Support local PINs for certain subjects protection (such as certificate containers) in device's memory.
- Custom hardware quality policies for PINs are processed by the firmware. They are set during formatting and optionally can be changed by Administrator's PIN.
- PIN-quality policies:
- Limitation of a minimum PIN lenght;
- Restriction of a default PIN usage;
- Restriction of using a PIN which contains one repeated number;
- Independent requirements for the presence of a variety of numbers, lowercase and uppercase Cyrrilic or Latin letters or special symbols in a PIN;
- Memorizing up to 10 PIN's values and also an opportunity to prohibit using the PIN which has been once set before.
- Support combined authentification: authentification according to the "Administrator or User" scheme and authentification with global PINs in conjunction with authentification with local PINs.
- Create local PINs for extra protection of key information on the device memory. Possible to work with several local PINs at the same time (up to 7 PINs).
- Limit a number of PIN entry attempts.
- Indicate a fact of global PIN's change from default ones to original ones.
|
File system | - Built-in ISO/IEC 7816-4 file structure.
- A number of file subjects inside the folder is up to 255.
- Use File Allocation Table (FAT) for optimal placement of file objects incise the memory.
- A level of nested folders is limited by the amount of free storage for the file system.
- Storage of private and symmetric keys without an opportunity to export them.
- Use Security Environment for easy configure settings of cryptographic operation.
- Use the Rutoken Special Files (RSF) for storage the key information: encryption keys, certificates etc.
- Use predetermined folders for storage
|
the use of pre-defined folders for storing - different types of key information with automatic selection of
|
the desired when a file, the export Ban is private, and symmetric keys | + |
file system Encryption | is transparent, the algorithm GOST 28147-89, a unique encryption key for each device instance |
Additionally | use the Security Environment to easily configure the parameters of cryptographic operations |
Authentication and Privacy |
Two-factor authentication | Yes, token presentation + PIN entry |
Access levels | |
Delimiting access to file objects according to the access level | + |
Limit the number of PIN code entry attempts | Yes, configurable |
PIN support | - global PIN codes: Administrator and User,
- local PIN codes (for protecting specific objects in the device's memory, such as certificate containers)
|
Minimum PIN size limit | Yes, configurable independently for any PIN code |
Optional | - support for combined authentication:
o global PIN authentication, o global PIN authentication global PIN authentication combined with local PIN authentication, - the ability to simultaneously control access rights set from 1 to 7 local PIN codes,
- indication of the fact that the default PIN codes have been changed.
|
Flash memory |
Aboutbyem | From 0 to 64 GB (depending on the model) |
Average write speed, MB/s | 6.9 |
Average read speed, MB/s | 29.3 |
RFID tags |
Ability to embed RFIDtags | + |
Supported | - EM tag types are Marine,
- Mifare,
- ProxCard II and ISOProx II,
- Indala
|
Integrated monitoring and display |
Firmware integrity monitoring | + |
Monitoring the integrity of system memory areas | + |
Checking the integrity of RSF files before use | + |
Counter types | - file system change,
- counter PIN code change,
- counter consecutive failed PIN entry attempts PIN code entry attempts cods,
- counter for successful electronic signature operations
|
Verification of the correct functioning of cryptographic algorithms | + |
Presence of an LED indicator | + |
Modes of operation of the LED indicator | - ready for operation,
- performing an operation,
- violation in the system memory area
|
- .
- An opportunity to change the User PIN-policy. PIN change is available for User, Administrator or for both roles at the same time.
|
Interfaces | - Standart exchange protocols:
- ISO/IEC 7816-12;
- ISO 14443 (NFC) for non-contact chip,
- Support USB CCID: works without drivers installation in modern OS versions.
- Support PC/SC.
- Microsoft Crypto API.
- Microsoft SmartCard API.
- PKCS#11 (includuing a Russian profile).
|
Built-in control and idication | - Control of the firmware integrity of Rutoken ECP.
- Control of the system memory areas integrity.
- Check the integrity of RSF before any usage of them.
- Counters of changes in the file system and changes of any PINs to control any unauthorized changes.
- Check the correct functioning of cryptographic algorithms.
|
General characteristics | - Modern secure microcontroller.
- Identification with the 32-bit unique serial number.
- Support operating systems:
- Microsoft Windows 2022/11/
|
Main Features |
Hardware | protected microcontroller with integrated non-volatile memory |
Interface | Smart card ID-1 |
EEPROM memory | From 64 KB to 128 KB |
Overall dimensions | 85.6 x 53.98 x 0.76 mm |
Weight | 5.5 g |
Serial number | 32-bit serial number, unique |
Supported Operating | Systems Microsoft Windows - 10/8.1/2019/2016/2012R2/8/2012/7/2008R2/Vista/2008
|
, (- , including russian domestic ones
|
)15/10.14/10.13/10.12/10.11/10.10/10.9- 9 and newer,
- Android 5 and
|
later and later- and newer (iPhone XR, XS, XS Max and newer)
Only for models with NFC, - iOS\iPadOS 16.2 and newer
For contact connection. - Aurora 4+
- 128 KB EEPROM memory.
- USB 1.1 interface and others.
- Size: 58х16х8 mm for USB-A and 52х16х8mm for USB-C.
- Weight: 6,3 g.
|
Special capabilities | - An opportunity to create a special non-removable device's key pair.
- Maintenance of an electronic signature transaction counter.
- Trusted reading of the value of the non-renewable counter, confirmed by electronic signature.
- Journaling the electronic signature operations, fixing the critical parameters of electronic signature.
- Trusted obtain of logs, which is verified through the electronic signature.
|
Additional capabilities | - Work with CIFP "CryptoPro ECP 5.0 R2" and newer according to the secure protocol SESPAKE (Functional Key Carrier 2) for contact and non-contact connection via NFC.
- Our own CSP with a standard interface kit and API functions.
- An opportunity to integrate into the smartcard-oriented software products.
- The Minidriver to integrate with Microsoft Base Smart Card Cryptographic Service Provider.
|
Smart cards |
|---|
Hardware cryptographic capabilities | - GOST R 34.10-2001: generate key pairs with quality control, form and check electronic signatures, private keys are valid for 3 years.
- GOST R 34.10-2012/GOST 34.10-2018 (256 and 512 bit): generate key pairs with quality control, form and check electronic signatures, private keys are valid for 3 years.
- GOST R 34.11-94: compute hash value of the data, including the possibility of subsequent electronic signature formation.
- GOST R 34.11-2012/GOST 34.11-2018 (256 and 512 bit): compute hash value of the data, including the possibility of subsequent electronic signature formation.
- GOST 28147-89: generate encryption key, encrypt data in overwrite mode, encrypt data in CTR cipher mode and in CFB cipher mode, compute and check the cryptographic checksum.
- GOST R 34.12-2015/GOST 34.12-2018, GOST R 34.13-2015/GOST34.13.2018 (Kuznechik): generate and import encryption keys, encrypt data in overwrite mode, encrypt data in CTR cipher mode and in CFB cipher mode, compute and check the cryptographic checksum.
- GOST R 34.12-2015/GOST 34.12-2018, GOST R 34.13-2015/GOST34.13.2018 (Magma): generate and import encryption keys, encrypt data in overwrite mode, encrypt data in CTR cipher mode and in CFB cipher mode, compute and check the cryptographic checksum.
- Session key generation:
|
Supported interfaces and standards |
PKCS#11 version 2.20, including the Russian profile (2.30 draft) | + |
Microsoft Crypto API | + |
PC/SC | + |
Microsoft Smartcard API | + |
USB CCID (work without installing drivers) | + |
ISO / IEC 7816 | - ISO / IEC 7816-3, T=0 and T=1 protocol for contact chip,
- ISO 14443 (NFC) for contactless chip
|
Cryptoprovider | Own Crypto Service Provider |
X. Certificates509 version 3 at the software level | + |
Cryptographic features |
Support for the GOST 28147-89 algorithm | + |
Algorithm Support GOST R 34.12-2015 (Magma) | + |
Algorithm Support GOST R 34.12-2015 (Grasshopper) | + |
Support for the GOST R 34.10-2012 algorithm | + |
Support for GOST 34.11-2012 algorithm (256 and 512 bits) | + |
Support for the GOST 34.11-94 algorithm | + |
Generation of session keys (paired communication keys) | according to the scheme according to ,- ) scheme;
- according to the
|
scheme according to for version 2.0Decoding - according to the EC El-Gamal scheme
|
+ algorithm support+ | ECDSA algorithm support | + |
Support algorithms DES (3DES), AES, RC2, RC4, MD4, MD5, SHA-1, SHA-256 | storing the exported keys in EF,
SHA-1, SHA-256, MD5 PKCS#11, RC4, MD4, MD5, SHA-1, SHA-256, 3DES, AES minidriver |
File system |
File structure is | built in the ISO/IEC 7816-4 |
Type of placement of file objects in memory (file system architecture) | using the File Allocation Table (FAT) |
Number of folders and their nesting | level the level is limited by the amount of free memory |
Number of file objects inside the folder | up to 255 inclusive |
Storing key information | using Rutoken Special File (RSF-files)for storing encryption keys, certificates,- : support 1024, 2048, 4096 bit keys, generate key pairs with custom quality control, import key pairs, form electronic signature.
- ECDSA with curves secp256k1 and secp256r1: generate key pairs with custom quality control, import key pairs, form electronic signature.
- Generating a sequence of random numbers of the needed length.
|
| - GOST 34.10-2012 (256) electronic signature: from 0.1 sec for NFC anD from 0.1 sec for ISO
- GOST 34.10-2012 (512) electronic signature: from 0.25 sec for NFC anD from 0.27 sec for ISO
- GOST 34.10-2001 electronic signature: from 0.1 sec for NFC anD from 0.1 sec for ISO
- RSA-1024 electronic signature: from 0.05 sec for NFC anD from 0.04 sec for ISO
- RSA-2048 electronic signature: from 0.21 sec for NFC anD from 0.19 sec for ISO
- RSA-4096 electronic signature: from 1.12 sec for NFC anD from 1.08 sec for ISO
- ECDSA-256 ( secp256k1) electronic signature: from 0.14 sec for NFC and from 0.13 sec for ISO
- ECDSA-256 ( secp256r1) electronic signature: from 0.10 sec for NFC and from 0.08 sec for ISO
- GOST R 34.11-2012 (256 и 512) hash rate: from 7.7 Kbps for NFC, up to 9.4 Kbps for ISO
- GOST R 34.11-94 hash rate: from 16.6 Kbps for NFC, up to 28.9 Kbps for ISO
- GOST 28147-89 hash rate: up to 18 Kbps for NFC, up to 35.3 Kbps for ISO
- GOST R 34.12-2015 (Magma) hash rate: up to 16.7 Kbps for NFC, up to 30.8 Kbps for ISO
- GOST R 34.12-2015 (Kuznechik) hash rate: up to 10 Kbps for NFC, up to 13.6 Kbps for ISO
|
Owner authentication capabilities | - Two-factor authentification: when presenting the indetificator itself and when presenting a unique PIN.
- Support 3 categories of owners: Administrator, User, Guest.
- Support 2 global PIN-codes: Administrator PIN and User PIN.
- Support local PINs for certain subjects protection (such as certificate containers) in device's memory.
- Custom hardware quality policies for PINs are processed by the firmware. They are set during formatting and optionally can be changed by Administrator's PIN.
- PIN-quality policies:
- Limitation of a minimum PIN lenght;
- Restriction of a default PIN usage;
- Restriction of using a PIN which contains one repeated number;
- Independent requirements for the presence of a variety of numbers, lowercase and uppercase Cyrrilic or Latin letters or special symbols in a PIN;
- Memorizing up to 10 PIN's values and also an opportunity to prohibit using the PIN which has been once set before.
- Support combined authentification: authentification according to the "Administrator or User" scheme and authentification with global PINs in conjunction with authentification with local PINs.
- Create local PINs for extra protection of key information on the device memory. Possible to work with several local PINs at the same time (up to 7 PINs).
- Limit a number of PIN entry attempts.
- Indicate a fact of global PIN's change from default ones to original ones.
|
File system | - Built-in ISO/IEC 7816-4 file structure.
- A number of file subjects inside the folder is up to 255.
- Use File Allocation Table (FAT) for optimal placement of file objects incise the memory.
- A level of nested folders is limited by the amount of free storage for the file system.
- Storage of private and symmetric keys without an opportunity to export them.
- Use Security Environment for easy configure settings of cryptographic operation.
- Use the Rutoken Special Files (RSF) for storage the key information: encryption keys, certificates etc.
- Use predetermined folders for storage
|
use of predefined folders for storing - different types of key information with automatic selection of
|
the desired when - while creating and using the RSF
|
filesProhibition of exporting private and symmetric keys | + |
File system encryption | yes, transparent, GOST 28147-89 algorithm, unique encryption key for each device instance |
Additionally | use the Security Environment to easily configure the parameters of cryptographic operations |
Authentication and Privacy |
Two-factor authentication | Yes, token presentation + PIN entry |
Access levels | |
Delimiting access to file objects according to the access level | + |
Limit the number of PIN code entry attempts | Yes, configurable |
PIN support | - global PIN codes: Administrator and User,
- local PIN codes (for protecting specific objects in the device's memory, such as certificate containers),
- Customizable hardware PIN quality policies
|
Minimum PIN size limit | Yes, configurable independently for any PIN code |
Optional | - support for combined authentication:
- global PIN authentication,
- global PIN authentication global PIN authentication combined with local PIN authentication,
- the ability to simultaneously control access rights set by up to 7 local PIN codes,
- indication of the fact that global PIN codes have been changed from hidden ones to the original ones.
|
RFID tags |
Ability to embed RFIDtags | + |
Supported | - EM tag types are Marine,
- Mifare,
- ProxCard II, and ISOProx II,
- Etc.
|
Integrated monitoring and display |
Firmware integrity monitoring | + |
Monitoring the integrity of system memory areas | + |
Checking the integrity of RSF files before use | + |
Counter types | - file system change,
- counter PIN code change,
- counter consecutive failed PIN entry attempts,
- counter for successful electronic signature operations
|
Verification of the correct functioning of cryptographic algorithms | + |
Modes of operation of the LED indicator | - ready for operation,
- performing an operation,
- violation in the system memory area
|
...