Crypto_fs Installation
Required Files
- Obtain the CFS software package of the target version, referring to Component Preparation, and download Ascend-mindxdl-crypto-fs_{version}_linux-{arch}.zip based on the OS configuration of the encryption tool installation environment.
- Decompress the package to obtain Ascend-mindxdl-crypto-fs_{version}_linux-{arch}.tar.gz and digital signature files Ascend-mindxdl-crypto-fs_{version}_linux-{arch}.tar.gz.cms and Ascend-mindxdl-crypto-fs_{version}_linux-{arch}.tar.gz.crl.
- Decompress the Ascend-mindxdl-crypto-fs_{version}_linux-{arch}.tar.gz package to obtain the following files:
.\crypto_fs ├── bin │ └── crypto_fs # Crypto_fs binary files. ├── lib # Directory of dependent SO files.
Generating Certificates
- Prepare server.csr and the private key server.key, and encrypt the private key file in the following ciphertext header format:
The ciphertext format is as follows:
Table 1 Parameter
Length (Unit: Byte)
Description
version
1
Ciphertext header version.
alg_id
1
Algorithm ID: 0 or 1.
- 0: AES_GCM_128
- 1: AES_GCM_256
salt
16
Salt value
iter_count
4
Number of iterations. Default: 10000.
gcm_tag
16
GCM label.
iv
12
Initial vector
cipher
Determined by the length of the private key.
Ciphertext content of the private key.
The password must contain 40 to 64 characters and contain at least two types of the following: digits, uppercase letters, lowercase letters, and special characters. The password complexity is the same as that of the PSK password.
- Apply for a certificate from your internal certificate issuing department or an external certificate issuing authority that meets your security requirements. Download the issued certificates. The root certificate CA.pem and TLS certificate rsa.CFS.pem are used as examples. To use the CRL, export the cert.crl file.
- Save CA.pem, rsa.CFS.pem, cert.crl (optional), and server.key in the same directory for future use.
Parent topic: Installation and Deployment