Настройка и проверка работы ЭЦП

Распаковать папку в /opt/kalkancrypt

в env прописать

LD_LIBRARY_PATH=:/opt/kalkancrypt/:/opt/kalkancrypt/lib/engines

Centos/RHEL/Oracle Linux:

yum install pcsc-lite

Debian/Ubuntu:

apt install libpcsclite-dev

systemctl restart damu

Пример проверки ЭЦП

output={}

crypto=require("pkg/crypto")
--xml=[[<data><in:R01 xmlns:in="http://aisoip.adilet.gov.kz/webservices/BANK/types/Request"><in:items><in:BankID>99999</in:BankID></in:items></in:R01></data>]]

output.ersurl,output.ernurl=crypto.TSASetUrl("http://tsp.pki.gov.kz:80")
--output.signedxml,output.erssign,output.ernsign=crypto.SignXml(xml,'/data/*')

xml=request.input.signxml

cert,output.ers1,output.ern1=crypto.GetCertFromXml(xml)
cert=StrReplace(cert," ","",-1)

regexp=require('goluago/regexp')
function regexpMatch(s,rx,n)
        local re = regexp.compile(rx)
        return re.findSubmatch(s or '')[n]
  end

ser,output.ers2,output.ern2=crypto.CertificateGetInfo(cert,0x0000080d)
output.iin=regexpMatch(ser,'IIN(\\d{12})',2)
output.cn,output.ers2,output.ern2=crypto.CertificateGetInfo(cert,0x0000080a)
output.fio=regexpMatch(output.cn,'CN=(.+)\\0',2)
notBefore,output.ers2,output.ern2=crypto.CertificateGetInfo(cert,0x00000813)
output.notBefore1=regexpMatch(notBefore,'notBefore=(.+)\\0',2)
notAfter,output.ers2,output.ern2=crypto.CertificateGetInfo(cert,0x00000814)
output.notAfter1=regexpMatch(notAfter,'notAfter=(.+)\\0',2)
output.notBefore2 = TimeParseFormat(output.notBefore1,"02.01.2006 15:04:05 MST","2006-01-02 15:04:05")
output.notAfter2 = TimeParseFormat(output.notAfter1,"02.01.2006 15:04:05 MST","2006-01-02 15:04:05")
output.ers1,output.ern1=crypto.LoadCertificateFromFile('/opt/certs/test/t/root_rsa.cer',0x00000201)
output.ers2,output.ern2=crypto.LoadCertificateFromFile('/opt/certs/test/t/nca_rsa.cer',0x00000202)
output.ersv,output.ernv=crypto.VerifyXml(xml or '')