Electronic signature of GOST R ??? PDF documents in the LibreOffice office suite

 3r?383. 3r3-31. Electronic signature of GOST R ??? PDF documents in the LibreOffice office suite The time has come to fulfill your civic duty - to pay taxes. We will pay taxes through the portal. Government services 3r3-3572. . In the personal account of the portal of state services we will enter 3r335. using 3r33572. electronic signature (3-3337. terminology 3-33572. of the Gosuser services portal), i.e. having a certificate obtained in an accredited certifying center (CA), and a private key. Both of them I keep on
PKCS # 11
token. with the support of Russian cryptography: 3r33565.  3r?383. to access the Government services portal. Redfox browser , which is a modified with the support of Russian cryptography browser Mozilla Firefox. As you know, libreoffice office suite as certificate stores also uses NSS storage. 3r33565.  3r?383. The Redfox-52 browser was installed in the /usr /lical /lib64 /firefox-52 folder. 3r33565.  3r?383. To connect the libraries of the NSS (Network Security Services) package with GOST-algorithms support, set the value of the LD_LIBRARY_PATH variable as follows: 3r33565.  3r?383.
3r3116. $ export LD_LIBRARY_PATH = /usr /lical /lib64 /firefox-52: $ LD_LIBRARY_PATH
$
3r33565.  3r?383. As a certificate store, libreoffice typically uses a certificate store from a Firefox browser, Thunderbird email client, or the Seamonkey integrated package. Nothing prevents you from using GoogleChrome /Cromium or browser certificate storage. create 3r33572. its independent storage (Tools-> Options-> Security-> Certificate): 3r3655.  3r?383. 3r33565.  3r?383. Digital signatures-> Digital signatures). 3r33565.  3r?383. Certificates in the Firefox /NSS repository are successfully displayed and verified: 3r33535.  3r?383. 3r33565.  3r?383. 3r360. 3r33565.  3r?383. 3r33565.  3r?383. However, the signature after selecting the certificate and clicking the “OK” button is not formed: 3r3-3565.  3r?383. 3r33565.  3r?383. Digital Signatures-> Sign PDF). After it is downloaded, we try to sign it (File-> Digital Signatures-> Digital Signatures) (see above, choose a certificate, prescribe, for example, the purpose of signing a document):
 3r?383. 3r33565.  3r?383. 3r380. 3r33565.  3r?383. 3r33565.  3r?383. And the signature is formed !!! We see that the signature of the formation on the basis of the certificate "Test ???" with the key GOST R ???-??? bits. The signature is valid. 3r33565.  3r?383. 3r33565.  3r?383. Exit libreoffice. Run libreoffice again, load the signed pdf-file, check the signatures. All OK. View signatories certificates. All OK. Miracles! Signing PDFs works. We put the second, third signature Everything works. But something is haunted. We do an additional check. 3r33565.  3r?383. Open the signed PDF file (I used the built-in editor from mc - Midnight Commander - a console file manager for Linux). We find the electronic signature (/Type /Sig /):
 3r?383. 3r33565.  3r?383. 3r395. 3r33565.  3r?383. 3r33565.  3r?383. As you can see, the signature is stored in character hexadecimal. Copy it and save it in a file. To convert a file into a binary form (DER encoding), we use the utility xxd:
 3r?383.
3r3116. $ xxd –p –r <файл с подписью из PDF> ><файл> .der 3r38383. $
3r33565.  3r?383. The resulting file contains a detached PKCS # 7 format signature in DER-encoding. Now this signature can be viewed with any asn1-prase, for example, the openssl utility. But since we are talking about the NSS package, we will use the derdump utility or 3r3111. pp utility
: 3r33565.  3r?383.
3r3116. $ pp –t p7 –u –i pkcs7_detach.p7 3r3-3583. PKCS # 7 Content Info: 3r3583. PKCS # 7 Signed dаta:
Version: 1 (0x1)
Digest Algorithm List:
Digest Algorithm (1): 3a3r3583 SHA-256. Content Information: 3r33583. PKCS # 7 dаta:
3r?383. Certificate List: 3r38383. Certificate (1): 3—3–3583. dаta: 3r?583. Version: 3 (0x2)
Serial Number: 4107 (0x100b) 3r3353583. Signature Algorithm: GOST R ???-2012 signature with GOST R ???-2012-512
Issuer: "E = ca_12_512 @ lissi.ru, OGRN = 123456789012? INN = 1234
5678901? CN = UT 12_51? O = UT 12_51? L = GnuPG GOST 3r38383. -2012-51? ST = Moscow region, C = RU "3r???. Validity: 3r???. Not Before: Sat Sep ???:17:???r3r3583. Not After: Tue Sep ???:17:??? r3r3583. Subject: "C = RU, ST = Moscow Region, CN = F
And O, SN = Fam, givenName = And O, E = xx @ xx.ru, L = City
, STREET = Street, INN = 123456789012 , SNILS = 12345678901 "3r33583. Subject Public Key Info:
Public Key Algorithm: GOST R 10/34/??? Public Key:
. . . 3r?383. Digest Encryption Algorithm: GOST R ???-2012 Key 512
Encrypted Digest:
34: 9d: 6f: 37: e6: 60: 00: ed: fe: ef: f7: 96: db: 52: 66: e1:
47: 4c: 5d: da: 7f: 9f: f3: 20: 50: ac: 73: 6c: 97: db: f9: 8d:
43: 9b: 8f: 40: 61: 99: d3: 4b: 17: 08: b8: 34: e3: 1e: 92: 76: 3r33383. b1: 0c: dd: 37: 01: 1e: 2a: 30: 45: 68: 06: af: 3d: 33: 5e: 2f:
71: c8: 17: b3: a9: 8a: 6b: 2f: 78: 9e: e4: b2: 00: 59: 6f: 5a: 3r353583. a0: c5: 9e: be: 1e: 4b: ca: d5: 64: 25: 50: 1a: 6f: f9: 55: b8:
3a: cf: 37: a0: 04: eb: 89: b4: 6c: 39: 77: 27: 92: de: 61: c7:
b1: d3: a5: 2f: ef: 66: 9b: f5: 71: 42: 77: 0a: d2: 10: 7f: 50 3r3353583. $
3r33565.  3r?383. And then it became clear that not everything is so good. Yes, the Digest Encryption Algorithm: GOST R ???-2012 Key 512 signature algorithm is in accordance with the certificate selected for signing, but the signature is generated from the hash calculated using the SHA-256 algorithm (Digest Algorithm (1): SHA-256). And this is wrong from the point: the hash for GOST R ???-2012 Key 512 should be considered according to the algorithm GOST R ???-2012-512. 3r33565.  3r?383. Getting started and analyzing the source code of libreoffice: the devil is not so bad as he is painted. In this article, we consider the use of the NSS package for generating an electronic signature. If anyone prefers on the MS Windows platform to use CryptoAPI (and, accordingly, GOST-CSP), it can, by analogy with this material, make the appropriate refinement. 3r33565.  3r?383. Aniliz showed that changes will have to be made in just two files: 3r33535.  3r?383. - 3r3504. ~ /libreoffice-???.2 /vcl /source /gdi /pdfwriter_impl.cxx [/i] 3r33565.  3r?383. - 3r3504. ~ /libreoffice-???.2 /xmlsecurity /source /pdfio /pdfdocument.cxx [/i] 3r33565.  3r?383. These changes are associated with the correct choice of hash functions for GOST certificates. The choice of the hash function will be determined depending on the type of certificate key. Choosing a hash algorithm, for example, in PDFWriter :: Sign (pdfwriter_impl.cxx file) will look like this:
 3r?383.
3r3176. bool PDFWriter :: Sign (PDFSignContext & rContext)
{3r38383. #ifndef _WIN32
/* Added variables * /
SECKEYPublicKey * pubk = NULL; 3r?383. SECOidTag hashAlgTag; 3r?383. HASH_HashType hashType; 3r?383. int hashLen; 3r?383. 3r?383. CERTCertificate * cert = CERT_DecodeCertFromPackage (reinterpret_cast
(RContext.m_pDerEncoded), rContext.m_nDerEncoded); 3r?383. 3r?383. if (! cert) 3r3r. {3r38383. SAL_WARN ("vcl.pdfwriter", "CERT_DecodeCertFromPackage failed"); 3r?383. return false; 3r?383.} 3r3-3583. /* Get the public key from the certificate * /3r38383. pubk = CERT_ExtractPublicKey (cert); 3r?383. if (pubk == NULL)
return NULL; 3r?383. /* Check the type of public key * /
switch (pubk-> keyType) {3r33583. case gost3410Key:
hashAlgTag = SEC_OID_GOSTHASH; 3r?383. hashType = HASH_AlgGOSTHASH; 3r?383. hashLen = SHA256_LENGTH; 3r?383. break; 3r?383. case gost3410Key_256:
hashAlgTag = SEC_OID_GOST3411_2012_256; 3r?383. hashType = HASH_AlgGOSTHASH_12_256; 3r?383. hashLen = SHA256_LENGTH; 3r?383. break; 3r?383. case gost3410Key_512:
hashAlgTag = SEC_OID_GOST3411_2012_512; 3r?383. hashLen = SHA256_LENGTH * 2; 3r?383. hashType = HASH_AlgGOSTHASH_12_512; 3r?383. break; 3r?383. default: 3r38383. hashAlgTag = SEC_OID_SHA256; 3r?383. hashType = HASH_AlgSHA256; 3r?383. hashLen = SHA256_LENGTH; 3r?383. break; 3r?383.} 3r3-3583. /* Calculate hash * /
HashContextScope hc (HASH_Create (hashType)); 3r?383. . . . 3r?383.}
3r33565.  3r?383. The remaining changes in logic are similar. The patch for the ~ /libreoffice-???.2 /vcl /source /gdi /pdfwriter_impl.cxx file is located
here: [/b] 3r33440.
3r3442. --- pdfwriter_impl_ORIG.cxx 2017-10-???: 25: ??? +0300
+++ pdfwriter_impl.cxx 2018-10-???: 48: ??? +0300
@@ -6698.6 +6698.9 @@
CERTCertificate * cert,
SECItem * digest) 3r33583. {3r38383. + SECKEYPublicKey * pubk = NULL; 3r?383. + SECOidTag hashAlgTag; 3r?383. +
NSSCMSMessage * result = NSS_CMSMessage_Create (nullptr); 3r?383. if (! result) 3r38383. {3r38383. @@ -6732.8 +??? @@
NSS_CMSMessage_Destroy (result); 3r?383. return nullptr; 3r?383.} 3r3-3583. - 3r?383. + pubk = CERT_ExtractPublicKey (cert); 3r?383. + if (pubk == NULL)
+ return NULL; 3r?383. + switch (pubk-> keyType) {3r33583. + case gost3410Key:
+ hashAlgTag = SEC_OID_GOSTHASH; 3r?383. + fprintf (stderr, "CreateCMSMessage: gost3410Key Use HASH_AlgGOSTHASH _ =% dn", hashAlgTag); 3r?383. + break; 3r?383. + case gost3410Key_256:
+ hashAlgTag = SEC_OID_GOST3411_2012_256; 3r?383. + fprintf (stderr, "CreateCMSMessage: gost3410Key_256 Use HASH_AlgGOSTHASH _ =% dn", hashAlgTag); 3r?383. + break; 3r?383. + case gost3410Key_512:
+ hashAlgTag = SEC_OID_GOST3411_2012_512; 3r?383. + fprintf (stderr, "CreateCMSMessage: gost3410Key_512 Use HASH_AlgGOSTHASH _ =% dn", hashAlgTag); 3r?383. + break; 3r?383. + default:
+ hashAlgTag = SEC_OID_SHA256; 3r?383. + break; 3r?383. +} 3r???. + /* 3r38383. * cms_signer = NSS_CMSSignerInfo_Create (result, cert, SEC_OID_SHA256); 3r?383. * * 3r38383. + * cms_signer = NSS_CMSSignerInfo_Create (result, cert, hashAlgTag); 3r?383. +
if (! * cms_signer)
{3r38383. SAL_WARN ("vcl.pdfwriter", "NSS_CMSSignerInfo_Create failed"); 3r?383. @@ -6773.8 +6799.8 @@
NSS_CMSMessage_Destroy (result); 3r?383. return nullptr; 3r?383.} 3r3-3583. + if (NSS_CMSSignedData_SetDigestValue (* cms_sd, hashAlgTag, digest)! = SECSuccess)
3r?383. - if (NSS_CMSSignedData_SetDigestValue (* cms_sd, SEC_OID_SHA25? digest)! = SECSuccess)
{3r38383. SAL_WARN ("vcl.pdfwriter", "NSS_CMSSignedData_SetDigestValue failed"); 3r?383. NSS_CMSSignedData_Destroy (* cms_sd); 3r?383. @@ -6982.6 +??? @@
bool PDFWriter :: Sign (PDFSignContext & rContext)
{3r38383. #ifndef _WIN32
+ SECKEYPublicKey * pubk = NULL; 3r?383. + SECOidTag hashAlgTag; 3r?383. + HASH_HashType hashType; 3r?383. + int hashLen; 3r?383. 3r?383. CERTCertificate * cert = CERT_DecodeCertFromPackage (reinterpret_cast
(RContext.m_pDerEncoded), rContext.m_nDerEncoded); 3r?383. 3r?383. @@ -6990.8 +??? @@ 3r3353583. SAL_WARN ("vcl.pdfwriter", "CERT_DecodeCertFromPackage failed"); 3r?383. return false; 3r?383.} 3r3-3583. + pubk = CERT_ExtractPublicKey (cert); 3r?383. + if (pubk == NULL)
+ return NULL; 3r?383. + switch (pubk-> keyType) {3r33583. + case gost3410Key:
+ hashAlgTag = SEC_OID_GOSTHASH; 3r?383. + hashType = HASH_AlgGOSTHASH; 3r?383. + hashLen = SHA256_LENGTH; 3r?383. + break; 3r?383. + case gost3410Key_256:
+ hashAlgTag = SEC_OID_GOST3411_2012_256; 3r?383. + hashType = HASH_AlgGOSTHASH_12_256; 3r?383. + hashLen = SHA256_LENGTH; 3r?383. + break; 3r?383. + case gost3410Key_512:
+ hashAlgTag = SEC_OID_GOST3411_2012_512; 3r?383. + hashLen = SHA256_LENGTH * 2; 3r?383. + hashType = HASH_AlgGOSTHASH_12_512; 3r?383. + break; 3r?383. + default:
+ hashAlgTag = SEC_OID_SHA256; 3r?383. + hashType = HASH_AlgSHA256; 3r?383. + hashLen = SHA256_LENGTH; 3r?383. + break; 3r?383. +} 3r???. + HashContextScope hc (HASH_Create (hashType)); 3r?383. 3r?383. - HashContextScope hc (HASH_Create (HASH_AlgSHA256)); 3r?383. if (! hc.get ()) 3r3-3583. {3r38383. SAL_WARN ("vcl.pdfwriter", "HASH_Create failed"); 3r?383. @@ -??? +??? @@
HASH_Update (hc.get (), static_cast
(RContext.m_pByteRange2), rContext.m_nByteRange2); 3r?383. 3r?383. SECItem digest; 3r?383. - unsigned char hash[SHA256_LENGTH]; 3r?383. + unsigned char hash[SHA256_LENGTH * 2]; 3r?383. +
digest.data = hash; 3r?383. - HASH_End (hc.get (), digest.data, & digest.len, SHA256_LENGTH); 3r?383. + HASH_End (hc.get (), digest.data, & digest.len, hashLen); 3r?383. +
hc.clear (); 3r?383. 3r?383. #ifdef DBG_UTIL
{3r38383. FILE * out = fopen ("PDFWRITER.hash.data", "wb"); 3r?383. - fwrite (hash, SHA256_LENGTH, ? out); 3r?383. + fwrite (hash, hashLen, ? out); 3r?383. +
fclose (out); 3r?383.} 3r3-3583. #endif
@@ -7078.8 +7136.8 @@
fclose (out); 3r?383.} 3r3-3583. #endif
+ HashContextScope ts_hc (HASH_Create (hashType)); 3r?383. 3r?383. - HashContextScope ts_hc (HASH_Create (HASH_AlgSHA256)); 3r?383. if (! ts_hc.get ())
{3r38383. SAL_WARN ("vcl.pdfwriter", "HASH_Create failed"); 3r?383. @@ -??? +??? @@
HASH_Begin (ts_hc.get ()); 3r?383. HASH_Update (ts_hc.get (), ts_cms_signer-> encDigest.data, ts_cms_signer-> encDigest.len); 3r?383. SECItem ts_digest; 3r?383. - unsigned char ts_hash[SHA256_LENGTH]; 3r?383. + unsigned char ts_hash[SHA256_LENGTH * 2]; 3r?383. +
ts_digest.type = siBuffer; 3r?383. ts_digest.data = ts_hash; 3r?383. - HASH_End (ts_hc.get (), ts_digest.data, & ts_digest.len, SHA256_LENGTH); 3r?383. + HASH_End (ts_hc.get (), ts_digest.data, & ts_digest.len, hashLen); 3r?383. +
ts_hc.clear (); 3r?383. 3r?383. #ifdef DBG_UTIL
{3r38383. FILE * out = fopen ("PDFWRITER.ts_hash.data", "wb"); 3r?383. - fwrite (ts_hash, SHA256_LENGTH, ? out); 3r?383. + fwrite (ts_hash, hashLen, ? out); 3r?383. +
fclose (out); 3r?383.} 3r3-3583. #endif
@@ -7111.7 +7172.8 @@
3r?383. src.messageImprint.hashAlgorithm.algorithm.data = nullptr; 3r?383. src.messageImprint.hashAlgorithm.parameters.data = nullptr; 3r?383. - SECOID_SetAlgorithmID (nullptr, & src.messageImprint.hashAlgorithm, SEC_OID_SHA25? nullptr); 3r?383. + SECOID_SetAlgorithmID (nullptr, & src.messageImprint.hashAlgorithm, hashAlgTag, nullptr); 3r?383. +
src.messageImprint.hashedMessage = ts_digest; 3r?383. 3r?383. src.reqPolicy.type = siBuffer; 3r?383. @@ -??? +??? @@ 3r3353583. //Write ESSCertIDv2.hashAlgorithm. 3r?383. aCertID.hashAlgorithm.algorithm.data = nullptr; 3r?383. aCertID.hashAlgorithm.parameters.data = nullptr; 3r?383. - SECOID_SetAlgorithmID (nullptr, & aCertID.hashAlgorithm, SEC_OID_SHA25? nullptr); 3r?383. + SECOID_SetAlgorithmID (nullptr, & aCertID.hashAlgorithm, hashAlgTag, nullptr); 3r?383. +
//Write ESSCertIDv2.certHash. 3r?383. SECItem aCertHashItem; 3r?383. - unsigned char aCertHash[SHA256_LENGTH]; 3r?383. - HashContextScope aCertHashContext (HASH_Create (HASH_AlgSHA256)); 3r?383. + unsigned char aCertHash[SHA256_LENGTH*2]; 3r?383. + HashContextScope aCertHashContext (HASH_Create (hashType)); 3r?383. +
if (! aCertHashContext.get ())
{3r38383. SAL_WARN ("vcl.pdfwriter", "HASH_Create () failed"); 3r?383. @@ -7354.7 +7418.8 @@
HASH_Update (aCertHashContext.get (), reinterpret_cast
(RContext.m_pDerEncoded), rContext.m_nDerEncoded); 3r?383. aCertHashItem.type = siBuffer; 3r?383. aCertHashItem.data = aCertHash; 3r?383. - HASH_End (aCertHashContext.get (), aCertHashItem.data, & aCertHashItem.len, SHA256_LENGTH); 3r?383. + HASH_End (aCertHashContext.get (), aCertHashItem.data, & aCertHashItem.len, hashLen); 3r?383. +
aCertID.certHash = aCertHashItem; 3r?383. //Write ESSCertIDv2.issuerSerial. 3r?383. IssuerSerial aSerial;
3r33565.  3r?383. 3r???. 3r???. 3r33565.  3r?383. The patch for the file ~ /libreoffice-???.2 /xmlsecurity /source /pdfio /pdfdocument.cxx is located
here: [/b] 3r33440.
3r3442. --- pdfdocument_ORIG.cxx 2017-10-???: 25: ??? +0300
+++ pdfdocument.cxx 2018-10-???: 49: ??? +0300
@@ -2400.6 +??? @@
case SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION:
eOidTag = SEC_OID_SHA512; 3r?383. break; 3r?383. + case SEC_OID_GOST3410_SIGN_256:
+ case SEC_OID_GOST3411_2012_256: 3r3-3583. + eOidTag = SEC_OID_GOST3411_2012_256; 3r?383. + break; 3r?383. + case SEC_OID_GOST3410_SIGN_512:
+ case SEC_OID_GOST3411_2012_512: 3r3-3583. + eOidTag = SEC_OID_GOST3411_2012_512; 3r?383. + break; 3r?383. + case SEC_OID_GOST3410_SIGNATURE:
+ case SEC_OID_GOSTHASH:
+ eOidTag = SEC_OID_GOSTHASH; 3r?383. + break; 3r?383. +
default: 3r38383. break; 3r?383.} 3r3-3583. @@ -2453.6 +??? @@
case SEC_OID_SHA512: 3r33535. nMaxResultLen = msfilter :: SHA512_HASH_LENGTH; 3r?383. break; 3r?383. + case SEC_OID_GOST3411_2012_256: 3r3-3583. + nMaxResultLen = msfilter :: SHA256_HASH_LENGTH; 3r?383. + break; 3r?383. + case SEC_OID_GOST3411_2012_512: 3r3-3583. + nMaxResultLen = msfilter :: SHA512_HASH_LENGTH; 3r?383. + break; 3r?383. + case SEC_OID_GOSTHASH:
+ nMaxResultLen = msfilter :: SHA256_HASH_LENGTH; 3r?383. + break; 3r?383. +
default: 3r38383. SAL_WARN ("xmlsecurity.pdfio", "PDFDocument :: ValidateSignature: unrecognized algorithm"); 3r?383. return false;
3r33565.  3r?383. 3r???. 3r???. 3r33565.  3r?383. After making changes, we build the libreoffice package. The changes touched three libraries (/usr /lib64 /libreoffice /program):
 3r?383.
 3r?383.
3r3504. libvcllo.so [/i] ;
 3r?383.
3r3504. libxmlsecurity.so [/i] ;
 3r?383.
3r3504. libxsec-xmlsec.so [/i]
 3r?383.
3r33565.  3r?383. These three libraries were replaced in the installed libreoffice distribution (/usr /lib64 /libreoffice /program). 3r33565.  3r?383. After that, the signing and verification of the GOST-signature in the PDF-files passed without a hitch. And here on one of the sites such an excerpt catches the eye: 3r3-3565.  3r?383. 3r33515. The Federal Tax Service has an excellent 3r33516. service
for obtaining an extract from the Unified State Register of Legal Entities for any legal entity, and absolutely free of charge. The statement can be obtained in the form of a PDF document signed by a qualified electronic signature. And such an extract can be sent to a commercial bank, a state institution, and you will not be asked for it in paper form. In general, very convenient. 3r33518. 3r33565.  3r?383. We order, get and check:
 3r?383. 3r33565.  3r?383. 3r33525. 3r33565.  3r?383. 3r33565.  3r?383. It is worth recalling that we should not forget to install in the store a chain of trusted certificates for the signer's certificate. But it is natural. 3r33565.  3r?383. Everything, now there is a possibility of using an electronic signature (one or several) in PDF-files. This is very convenient both when coordinating documents and storing documents. 3r33565.  3r?383. And if anyone is used to working with the classic electronic signature in the PKCS # 7 format, both attached and disconnected, then an updated version (for Linux and Windows platforms) of the graphic package 3r334353 has been prepared for them. GUINSSPY
: 3r33565.  3r?383. 3r33565.  3r?383. 3r33540. 3r33565.  3r?383. 3r33565.  3r?383. The development was carried out on Python3 and if there were no problems on the Linux platform, then on MS Windows it was necessary to sweat with encodings. In fact, it was a separate development and it requires a separate article. All these nuances can be seen in the source code. 3r33565.  3r?383. Using this utility, you can create a certificate store for libreoffice, manage certificates, sign files, etc:
 3r?383. 3r33565.  3r?383. 3r? 3551. 3r33565.  3r?383. 3r33565.  3r?383. The utility also allows you to create a certificate request with the generation of a key pair, which can then be sent to 3r33571. certification authority
, and install the received certificate in the storage: 3r33535.  3r?383. 3r33565.  3r?383. 3r? 3562. 3r33565.  3r?383. 3r33565.  3r?383. And now, if the manufacturers of domestic forks Linux have modified various packages (NSS, Firefox, Thunderbiird, 3r36767. GnuPG /SMIME 3r33535., SSH, KMail, Kleopatra , LibreOffice,
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
? 3x3r357? 3x3r357? 3x3r3572. p.) to work with Russian cryptography, then it would be possible to talk about import substitution in the field of cryptography. 3r???. 3r?383. 3r?383. 3r33576. ! function (e) {function t (t, n) {if (! (n in e)) {for (var r, a = e.document, i = a.scripts, o = i.length; o-- ;) if (-1! == i[o].src.indexOf (t)) {r = i[o]; break} if (! r) {r = a.createElement ("script"), r.type = "text /jаvascript", r.async =! ? r.defer =! ? r.src = t, r.charset = "UTF-8"; var d = function () {var e = a.getElementsByTagName ("script")[0]; e.parentNode.insertBefore (r, e)}; "[object Opera]" == e.opera? a.addEventListener? a.addEventListener ("DOMContentLoaded", d,! 1): e.attachEvent ("onload", d ): d ()}}} t ("//mediator.mail.ru/script/2820404/"""_mediator") () (); 3r? 3577. 3r?383. 3r???. 3r?383. 3r?383. 3r?383.  3r?383.
+ 0 -

Add comment