Rutoken documentation

Page tree

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Next »

Technical Specifications devices Rutoken

Technical Specifications devices Rutoken

 USB tokens

Main Features

Hardware

protected microcontroller with integrated non-volatile memory

Interface

USB 1.1 interface+

EEPROM memory

From 32 to 128 Kbytes

Overall dimensions

58x16x8 mm

Weight

6.3 g

Serial number

32-bit serial number, unique

Supported Operating

  • Systems Microsoft Windows 10/2019/2016/8. 1/8/2012/7/2008 / Vista / 2003/XP,
  • GNU / Linux,
  • Apple macOS / OS X

Supported interfaces and standards

PKCS#11 version 2.20, including the Russian profile (2.30 draft)

+

Microsoft Crypto API

+

PC/SC

+

Microsoft Smartcard API

+

USB CCID (work without installing drivers)

+

ISO/IEC 7816

ISO/IEC 7816-4, 7816-8, 7816-12

Cryptoprovider

Own Crypto Service Provider

X. Certificates509 version 3 at the software level

+

Cryptographic features

Support for the GOST 28147-89 algorithm

+

Support for the GOST R 34.10-2012 algorithm

+

Support for the GOST R 34.10-2001 algorithm

+

Support for GOST 34.11-2012 algorithm (256 and 512 bits)

+

Support for the GOST 34.11-94 algorithm

+

Generation of session keys (paired communication keys)

+

Decoding according to the EC El-Gamal scheme

+

RSA algorithm support

+

Support algorithms DES (3DES), AES, RC2, RC4, MD4, MD5, SHA-1, SHA-256

storing the exported keys in EF,
SHA-1, SHA-256, MD5 PKCS#11, RC4, MD4, MD5, SHA-1, SHA-256, 3DES, AES minidriver

File system

File structure is

built in the ISO/IEC 7816-4

Type of placement of file objects in memory (file system architecture)

using File Allocation Table (FAT)

The number of folders and their nesting

level is limited by memory

Number of file objects within the folder

to 255 inclusive

Storing key information

file usage Rutoken Special File (RSF) files for the storage of encryption keys, certificates;


the use of pre-defined folders for storing different types of key information with automatic selection of the desired folder when creating and using a RSF file

, the export Ban is private, and symmetric keys

+

file system Encryption

is transparent, the algorithm GOST 28147-89, a unique encryption key for each device instance

Additionally

use the Security Environment to easily configure the parameters of cryptographic operations

Authentication and Privacy

Two-factor authentication

Yes, token presentation + PIN entry

Access levels

  • Guest,
  • User,
  • Administrator

Delimiting access to file objects according to the access level

+

Limit the number of PIN code entry attempts

Yes, configurable

PIN support

  • global PIN codes: Administrator and User,
  • local PIN codes (for protecting specific objects in the device's memory, such as certificate containers)

Minimum PIN size limit

Yes, configurable independently for any PIN code

Optional

  • support for combined authentication:

o   global PIN authentication

o   global PIN authentication global PIN authentication combined with local PIN authentication.

  • the ability to simultaneously control access rights set from 1 to 7 local PIN codes.
  • indication of the fact that the default PIN codes have been changed.

Flash memory

Aboutbyem

From 0 to 64 GB (зdepending on the model).)

Average write speed, MB/s

6.9

Average read speed, MB/s

29.3

RFID tags

Ability to embed RFIDtags

+

Supported

  • EM tag types are Marine,
  • Mifare,
  • ProxCard II and ISOProx II,
  • Indala

Integrated monitoring and display

Firmware integrity monitoring

+

Monitoring the integrity of system memory areas

+

Checking the integrity of RSF files before use

+

Counter types

  • file system change,
  • counter PIN code change,
  • counter consecutive failed PIN entry attempts PIN code entry attempts cods,
  • counter for successful electronic signature operations

Verification of the correct functioning of cryptographic algorithms

+

Presence of an LED indicator

+

Modes of operation of the LED indicator

  • ready for operation,
  • performing an operation,
  • violation in the system memory area


Smart Сards

 

Main Features

Hardware

protected microcontroller with integrated non-volatile memory

Interface

Smart card ID-1

EEPROM memory

From 64 KB to 128 KB

Overall dimensions

85.6 x 53.98 x 0.76 mm

Weight

5.5 gr.

Serial number

32-bit serial number, unique

Supported Operating

  • Systems Microsoft Windows 10/8. 1/2019/2016 / 2012R2/8/2012/7/2008R2 / Vista / 2008
  • GNU / Linux (including domestic ones)
  • Apple macOS 10.15/10.14/10.13/10.12/10.11/10.10/10.9
  • Android 5 and later
  • iOS 13 and later

Supported interfaces and standards

PKCS#11 version 2.20, including the Russian profile (2.30 draft)

+

Microsoft Crypto API

+

PC/SC

+

Microsoft Smartcard API

+

USB CCID (work without installing drivers)

+

ISO / IEC 7816

  • ISO / IEC 7816-3, T=0 and T=1 protocol for contact chip,
  • ISO 14443 (NFC) for contactless chip

Cryptoprovider

Own Crypto Service Provider

X. Certificates509 version 3 at the software level

+

Cryptographic features

Support for the GOST 28147-89 algorithm

+

Algorithm SupportGOST R 34.12-2015 (Magma)

+

Algorithm SupportGOST R 34.12-2015 (Grasshopper)

+

Support for the GOST R 34.10-2012 algorithm

+

Support for GOST 34.11-2012 algorithm (256 and 512 bits)

+

Support for the GOST 34.11-94 algorithm

+

Generation of session keys (paired communication keys)

  • according to the scheme VKO GOST R 34.10-2001 according to RFC 4357
  • according to the scheme VKO GOST R 34.10-2012 according to RFC 7836 for version 2.0

Decoding according to the EC El-Gamal scheme

+

RSA algorithm support

+

ECDSA algorithm support

+

Support algorithms DES (3DES), AES, RC2, RC4, MD4, MD5, SHA-1, SHA-256

storing the exported keys in EF,
SHA-1, SHA-256, MD5 PKCS#11, RC4, MD4, MD5, SHA-1, SHA-256, 3DES, AES minidriver

File system

File structure is

built in the ISO/IEC 7816-4

Type of placement of file objects in memory (file system architecture)

using the File Allocation Table (FAT)

Number of folders and their nesting

level the level is limited by the amount of free memory

Number of file objects inside the folder

up to 255 inclusive

Storing key information

  • using Rutoken Special File (RSF-files)for storing encryption keys, certificates;
  • use of predefined folders for storing different types of key information with automatic selection of the desired folder when creating and using RSF files

Prohibition of exporting private and symmetric keys

+

File system encryption

yes, transparent, GOST 28147-89 algorithm, unique encryption key for each device instance

Additionally

use the Security Environment to easily configure the parameters of cryptographic operations

Authentication and Privacy

Two-factor authentication

Yes, token presentation + PIN entry

Access levels

  • Guest
  • User
  • Administrator

Delimiting access to file objects according to the access level

+

Limit the number of PIN code entry attempts

Yes, configurable

PIN support

  • global PIN codes: Administrator and User,
  • local PIN codes (for protecting specific objects in the device's memory, such as certificate containers)
  • Customizable hardware PIN quality policies

Minimum PIN size limit

Yes, configurable independently for any PIN code

Optional

  • support for combined authentication:
    • global PIN authentication
    • global PIN authentication global PIN authentication combined with local PIN authentication.
  • the ability to simultaneously control access rights set by up to 7 local PIN codes.
  • indication of the fact that global PIN codes have been changed from hidden ones to the original ones.

RFID tags

Ability to embed RFIDtags

+

Supported

  • EM tag types are Marine,
  • Mifare,
  • ProxCard II, and ISOProx II,
  • Etc.

Integrated monitoring and display

Firmware integrity monitoring

+

Monitoring the integrity of system memory areas

+

Checking the integrity of RSF files before use

+

Counter types

  • file system change
  • counter PIN code change
  • counter consecutive failed PIN entry attempts
  • counter for successful electronic signature operations

Verification of the correct functioning of cryptographic algorithms

+

Modes of operation of the LED indicator

  • ready for operation
  • performing an operation
  • violation in the system memory area

 

 


  • No labels