19
June
2023
Unofficial instructions for installing Chromium-Gost on Linux
12:05

Unofficial instructions for installing Chromium-Gost on Linux

19 June 2023 12:05

The Chromium-Gost web browser is used to view websites that use cryptography GOST R 34.10-2012.

Installing Chroimum-Gost on Linux OS

1) Open the address in your browser https://github.com/deemru/Chromium-Gost

2) Scroll down the page and click the link "Download".
chromium-gost-download

3) From section Assets download the file corresponding to the operating system version:
\.DEB- for Debian, Ubuntu, Linux Mint
\.RPM- for Fedora Linux, CentOS, etc.
chromium-gost-dl

4) After downloading, close the browser (exit it).

5) Remove the package chromium if it was installed because it conflicts with the package chromium-gost-stable 

sudo apt remove chromium

6) Remove the launch shortcut (desktop file) of the old chromium program

rm ~/.local/share/applications/chromium-browser.desktop

7) In Explorer, in the “Downloads” or “Downloads” folder, double-click the mouse to start installing the program package.

8) To install Chromium-Gost, click "Install package".

chromium-browser-desktop

The shortcut to launch the application is located in the Start menu - Internet, and has the name "Chromium-Gost".

Note: to work with sites that use TLS cryptographic protection, the Chroimum-Gost browser alone may not be enough. To enable encryption according to GOST, you need to download install from site cryptopro.ru and install additional components.

Configuring Linux to enable GOST encryption

To work on Russian websites with GOST encryption, you need to install the following components:

  1. Crypto provider CryptoPro CSP(trial version for 90 days, paid) - download linux-amd64_deb.tgz, unpack the archive, run the batch file sudo sh install_gui.sh. Wizard settings - default (click "Next"). There is no need to select the “Copy root certificates from OS to CryptoPro” item.

  2. Package cprocsp-pki-cades from the plugin archive (see point 3).

  3. Package cprocsp-pki-plugin Cades - plugin("CryptoPRO browser plugin" - free)

  4. Russian Trusted Root CA root certificate
    openssl x509 -in rootca_ssl_rsa2022.cer -out rootca.cer -outform PEM
    sudo cp rootca.cer /usr/local/share/ca-certificates/ && sudo update-ca-certificates -v

  5. Root certificate of the Ministry of Telecom and Mass Communications - the Main Certification Authority GOST R 34.10-2012
    openssl x509 -inform der -outform pem -in guts_2012.cer -out guts2012.cer
    sudo cp guts2012.cer /usr/local/share/ca-certificates/ && sudo update-ca-certificates -v

  6. Root certificate of the Ministry of Digital Development - the Main Certification Authority 2022 GUTS_2022.CER
    openssl x509 -inform der -outform pem -in Kornevoy_sertifikat_GUTS_2022.CER -out guts.cer
    sudo cp guts.cer /usr/local/share/ca-certificates/ && sudo update-ca-certificates -v

  7. Federal Treasury Root Certificate
    openssl x509 -in Sertifikat-udostoveryayushchego-tsentra-Federalnogo-kaznacheystva-2023.CER -out fed.cer -outform PEM
    sudo cp fed.cer /usr/local/share/ca-certificates/ && sudo update-ca-certificates -v

  8. Public Services plugin iFCPlugin-x86_64.deb

  9. Personal certificate of an individual or legal entity installed in CryptoPro

  10. Certificate of the certification center that issued the certificate to the individual. / legal face.
    openssl x509 -in tensorca-2023_gost2012.cer -out tensor.cer -outform PEM
    sudo cp tensor.cer /usr/local/share/ca-certificates/ && sudo update-ca-certificates -v

Checking the encryption of TLS connections according to GOST

Test page - "Government services":https://gosuslugi.ru/
See secure connection properties:Secure connection - Valid certificate.

  • if the GlobalSign RSA OV SSL CA certificate is valid, then the client browser does not support GOST TLS;

  • if the certificate is valid from the Ministry of Digital Development of Russia (issued by the Ministry of Telecom and Mass Communications of Russia), then the browser supports and uses GOST TLS.

    GOST cryptography

If necessary, uninstalling Chromium-Gost in Ubuntu or Linux Mint can be done from the Terminal:

sudo dpkg -r chromium-gost-stable

To remove CryptoPro, run sudo sh install_gui.sh again and select removal. After removing CryptoPro, TLS encryption according to GOST will become unavailable.

GOST encryption does not work without CryptoPro!



Related publications

Languages

Theme

RSS feeds

Atom 1.0 RSS

Popular tags

Random post

I'll be lucky!

Archive of posts

Search on Site

Weather forecast