Aktiv Co. Rutoken ECP
Table of Contents
Aktiv Co. offers the Rutoken ECP, an USB crypto token with 64K memory and support for RSA keys up to 2048bit key length.
Rutoken ECP
- USB IDs: 0a89:0030
- Memory: 64K
- ATR: 3B 8B 01 52 75 74 6F 6B 65 6E 20 44 53 20 C1 (Rutoken ECP (DS))
- ATR: 3B 8B 01 52 75 74 6F 6B 65 6E 20 45 43 50 A0 (Rutoken ECP)
On-board cryptographic functions
- RSA (with RSA keys up to 2048 bits)
- GOST R 34.10-2001 ( RFC 5832)
- GOST 34.11-94 ( RFC 5831)
- GOST 28147-89 ( RFC 5830)
- Key generation: ElGamal and Diffie-Hellman schemes
Authentication
- 3 categories of owners: Administrator, User, Guest
- 2 Global PIN-codes: Administrator and User
- Local PIN-codes
- Combined authentication
- The possibility of simultaneous control of the access rights by the 7 Local PIN-codes
File system features
- File structure of ISO/IEC 7816-4
- The level of subdirectory - limited by space available for file system
- Number of file objects inside directory - up to 255, inclusive
- Using files Rutoken Special File (RSF-files) to store keys and PIN-codes
- Storage of private and symmetric keys, without the possibility of exports from device
- Predefined directory for storing different kinds of key information (RSF-files) and automatic selection of the predefined directories
- The total amount of memory for file structure - 64 kB
Initialize
$ pkcs15-init --erase-card $ pkcs15-init --create-pkcs15 --so-pin "87654321" --so-puk "" $ pkcs15-init --store-pin --label "User PIN" --auth-id 02 --pin "12345678" --puk "" --so-pin "87654321" --finalize
Speed
(With OpenSC 0.12.0 pkcs15-init tool on Mac OS X 10.6)
- Erasing: real 0m16.517s
- GOST key generation: 0m3.883s
- RSA 1024 key generation: 1m21.419s
- RSA 2048 key generation: "forever" (11m15.332s)
Notes
- When initialising with pkcs15-init, a PUK code must not be present (press enter when asked or use --puk "")
- Card can be erased with pkcs15-init --erase-card (including all keys) without any authentication.
