EDS - Isn't It That Easy?
Do you have any questions? Contact us!
I agree the Terms of Service
published October 22, 2019
In June 2016, we began work on a large project, "Tengri Wallet," which Kazakhstan Tengri Bank ordered.
Our Middle Full Stack Developer, Andrey Shmelev, will tell about a small part of this project.
In June 2016, we began work on a large project, "Tengri Wallet," which Kazakhstan Tengri Bank ordered.
Our Middle Full Stack Developer, Andrey Shmelev, will tell about a small part of this project.
For several years now, the Government of Kazakhstan has been working on introducing electronic public services. Now contracts and certificates can be issued through the e-Government Portal.
I think you know from your own experience that receiving any public services is always accompanied by collecting and signing many documents. You should always be prepared for the fact that you will need to confirm your identity. For this, the use of an electronic digital signature - EDS, was once legally fixed for a long time. The basic wording of the use of EDS: "EDS is equivalent to a handwritten signature".
I think you know from your own experience that receiving any public services is always accompanied by collecting and signing many documents. You should always be prepared for the fact that you will need to confirm your identity. For this, the use of an electronic digital signature - EDS, was once legally fixed for a long time. The basic wording of the use of EDS: "EDS is equivalent to a handwritten signature".
Carrying out banking operations is always accompanied by many documents that need to be signed both by the bank itself and its customers.
From the very beginning, Tengri Bank planned to create a web-based tool that would allow their customers to receive the necessary banking services via the Internet. This tool was intended to help and more effectively manage the business of the bank's customers. With his appearance, people would no longer have to go to the bank branch, stand in line, and fill out many documents. The development team was tasked with creating an electronic wallet to provide customers with easy access to various payments, from utility bills to online purchases.
From the very beginning, Tengri Bank planned to create a web-based tool that would allow their customers to receive the necessary banking services via the Internet. This tool was intended to help and more effectively manage the business of the bank's customers. With his appearance, people would no longer have to go to the bank branch, stand in line, and fill out many documents. The development team was tasked with creating an electronic wallet to provide customers with easy access to various payments, from utility bills to online purchases.
The ability to make payments lies with the AvangardPlat service. This is a state structure, the only provider of such services in the Republic of Kazakhstan. The keyword is the state structure.
Twelve developers and two managers began work on the project, part of the team temporarily moved to work in Kazakhstan.
Since the project was quite large, in this article we will talk about the introduction of the electronic digital signature in the project specifically.
So, the team arrived in Almaty ...
Twelve developers and two managers began work on the project, part of the team temporarily moved to work in Kazakhstan.
Since the project was quite large, in this article we will talk about the introduction of the electronic digital signature in the project specifically.
So, the team arrived in Almaty ...
Vadim Glebov
In 2016, he was the project manager for Tengri Bank.
Currently, he is a Teamlead for the mobile back-end team of the project.
Currently, he is a Teamlead for the mobile back-end team of the project.
Andrei Shmelev
Middle Full Stack Developer at Attractor Software
Vadim Glebov introduced the Tengri Bank development team, and then we started planning tasks. During the planning, he noted that very soon we were going to integrate AvangardPlat, and discussed the plan about introducing the digital signature.
At first, the task looked exciting and straightforward. I had to find specifications on using digital signatures in XML, understand this process, and make a prototype. I have been doing this for a while. In the course of the work, two things became clear - the signature gives the legal file force (this was understandable before), the second - since the project is for the Republic of Kazakhstan, the name and all accompanying procedures must be carried out following local laws. It was time for chaos ...
At first, the task looked exciting and straightforward. I had to find specifications on using digital signatures in XML, understand this process, and make a prototype. I have been doing this for a while. In the course of the work, two things became clear - the signature gives the legal file force (this was understandable before), the second - since the project is for the Republic of Kazakhstan, the name and all accompanying procedures must be carried out following local laws. It was time for chaos ...
The Republic of Kazakhstan legislation defines the criteria for digital signatures in the form of GOSTs, and one of the mandatory standards was the use of a certified "cryptographic provider." This program can encrypt information under GOSTs, and must pass the test in the National Security Service. That would not be a problem, but ...
We received the desired archive only after a while. Getting it was not an easy task. Library folders for Java, PHP, and something similar to Linux libraries finally fell into the hands of developers. As it turned out later, there were examples of using code for Java and PHP in the archive, but there were no examples of using libraries for some reason.
The study of the information that the team received did not bring useful and impressive results.
We received the desired archive only after a while. Getting it was not an easy task. Library folders for Java, PHP, and something similar to Linux libraries finally fell into the hands of developers. As it turned out later, there were examples of using code for Java and PHP in the archive, but there were no examples of using libraries for some reason.
The study of the information that the team received did not bring useful and impressive results.
There were references to the desired encryption algorithms in the source codes, but these libraries did not provide the necessary functionality. The team had to research libraries under Linux "by touch" and independently find solutions.
Judging by the name, it was clear that these libraries belonged to OpenSSL. And OpenSSL was a guarantee of modern security on the Internet, with a long history and a large community. However, to ensure it, the knowledge of a couple of teams is usually enough. Immediately they had to dive deeper.
Judging by the name, it was clear that these libraries belonged to OpenSSL. And OpenSSL was a guarantee of modern security on the Internet, with a long history and a large community. However, to ensure it, the knowledge of a couple of teams is usually enough. Immediately they had to dive deeper.
Andrei Shmelev
Middle Full Stack Developer at Attractor Software
It's fun to read the OpenSSL code. It looks like a USSR device - monumental, sometimes frightening, but reliable and doing its job at all costs.
I learnt that some modules extend the original OpenSSL functionality, with one exception - while OpenSSL did not start. The developers of this product were silent. Then the team decided to use the libraries as they were, and to recreate the reduced initialization mechanism used in OpenSSL, albeit with truncated functionality. It was relatively challenging, but it was worth it - we got a prototype with essential functions, using the right libraries, and encrypting information with the suitable algorithm.
I learnt that some modules extend the original OpenSSL functionality, with one exception - while OpenSSL did not start. The developers of this product were silent. Then the team decided to use the libraries as they were, and to recreate the reduced initialization mechanism used in OpenSSL, albeit with truncated functionality. It was relatively challenging, but it was worth it - we got a prototype with essential functions, using the right libraries, and encrypting information with the suitable algorithm.
The solution was quite complicated. It came down to using the C language construct in conjunction with Ruby, where we faced specific problems and specificities of this language. It was an exciting experience for the team because they did not have to dive deeply into the low-level layers of such a familiar Ruby language before that.
As you dive into the code, the amount of documentation available decreases.
A fascinating procedure followed this for checking algorithms - the correctness of creating a digest, the process for working with keys and modifying XML documents in accordance with the established standard, and much more - there is nothing to list. Having checked everything yourself, it's time to review the work done on the AvangardPlat test server.
A fascinating procedure followed this for checking algorithms - the correctness of creating a digest, the process for working with keys and modifying XML documents in accordance with the established standard, and much more - there is nothing to list. Having checked everything yourself, it's time to review the work done on the AvangardPlat test server.
Andrei Shmelev
Middle Full Stack Developer at Attractor Software
It was a very long process, as one extra or missing character led to errors due to non-compliance with standards. During this period, we worked together with the developers of AvangardPlat. Along the way, I tried to run OpenSSL in the usual way and then reuse certificate verification functions (yes, certificates also required a particular algorithm). One night it succeeded, and a new prototype was written, which was much easier to maintain than a hybrid of C and Ruby. Of course, the task would not have been solved without the team's help, and it was an enjoyable experience working with such developers.
After this improvement, the integration process went almost lightning fast. Our messages now met all criteria, and responses from AvangardPlat were also carefully checked according to standards. Tengri got the opportunity to make payments for all kinds of services, utilities, and dozens of others. The project went on alert.
Andrei Shmelev
Middle Full Stack Developer at Attractor Software
Unfortunately, the need to work with the state crypto provider developers was a source of stress and the cause of the entire Tengri project problem. Perhaps this structure did not rely on people.
I want to note that the main thing in any project is people. Plans, procedures, standards, and technologies are all secondary. People should always come first. And if good people surround you, you can solve any problem. This was indicative if you take the Tengri development team.
I want to note that the main thing in any project is people. Plans, procedures, standards, and technologies are all secondary. People should always come first. And if good people surround you, you can solve any problem. This was indicative if you take the Tengri development team.
In April 2017, the application became available for all customers of the bank.
Tengri wallet is a bank payment system integrated with the national payment system, the interaction with which is carried out using an electronic digital signature.
Now users of the system are paying with electronic currency, backed by the issuer's bank money. The system allows you to keep track of electronic cash purchases and sales by individuals, suppliers, and electronic money sellers. One of the system's strengths is its ability to answer questions: how much electronic money is in the order and how much money you need to keep in an individual account to the issuing bank of real money. As part of the project, a "continuous delivery" process was set up.
"Tengri wallet" is one of the most advanced payment systems in Kazakhstan.
Tengri wallet is a bank payment system integrated with the national payment system, the interaction with which is carried out using an electronic digital signature.
Now users of the system are paying with electronic currency, backed by the issuer's bank money. The system allows you to keep track of electronic cash purchases and sales by individuals, suppliers, and electronic money sellers. One of the system's strengths is its ability to answer questions: how much electronic money is in the order and how much money you need to keep in an individual account to the issuing bank of real money. As part of the project, a "continuous delivery" process was set up.
"Tengri wallet" is one of the most advanced payment systems in Kazakhstan.
Did you like this article?
Share article on social networks
Worked on the article:
Middle Full Stack Developer
Maria Ilchenko
PR and Event Manager
