Installation of cryptopro. Choosing a crypto provider Cryptopro CSP Where to download Cryptopro CSP

CSP CryptoPro is a reliable commercial software tool designed to add and verify cryptographic protection on important documents and other files that require an electronic digital signature (EDS). The program is intended primarily for companies that have switched to electronic document management. Thanks to it, it is possible to ensure the legal validity of individual securities presented exclusively in digital form. In essence, a digital signature is a kind of analogue of a wet seal for physical documents.

This solution complies with all current GOSTs regulating information control and data integrity during transmission. To manage the security algorithms used, CSP CryptoPro provides a special manager, which is also responsible for setting other parameters of the program. In addition, the crypto provider’s kit includes tools that are responsible for “issuing” and verifying certificates. It also includes the CryptoPro Winlogon module. Its main task is to perform initial authentication of new users in the Windows environment. The operation of this component is based on the Kerberos V5 protocol, and authorization occurs after verifying the certificate of a USB token, smart card, or any other key media used in the enterprise. In general, the crypto provider allows you to use a variety of types of key media. For companies using relatively old computer equipment, there is even the possibility of using floppy disks in 3.5 format.

Based on the fact that this is an exclusively commercial software solution, it is easy to guess that it is paid. Although the developer CryptoPro kindly provides a demo version of his tool, which can only be used for the first thirty days. After this period, you will need to purchase a license.

Key Features

• contains tools for adding and verifying electronic digital signatures (EDS);
• can add and verify issued digital certificates;
• gives legal weight to electronic copies of documents;
• can perform authentication after verifying the certificate on the key medium;
• ensures control of the integrity of transmitted information;
• the algorithm used to generate hash sums and other algorithms used by the program fully comply with these GOSTs.

CIPF(a cryptographic information protection tool) “CryptoPro CSP” is an independent OS module designed to perform various cryptographic operations, such as electronic signature, encryption, and imitation protection. The functioning of the vast majority of encryption software products is impossible without a crypto provider, and signing electronic signature documents is also impossible.

The functionality of the CryptoPro CSP module is that it:

• allows you to submit reports electronically to various government agencies;
• ensures participation in electronic trading;
• organizes legally significant document flow;
• protects confidential information at the time of its transmission.

Module "CryptoPro CSP" developed by CRYPTO-PRO, a company that is one of the leaders in the information security market. At this time, 5 versions of the CryptoPro CSP module have been released, the difference between which lies in the following parameters: the operating system in which the program operates; supported cryptographic algorithms; validity periods of certificates issued by competent authorities. The development company has posted a table on its official Internet resource with a detailed comparison of all current versions of the CryptoPro CSP module. On this website, the development company has posted information about current certificates.

How to install "CryptoPro 4.0"

The latest current version of the CryptoPro CSP module is the fourth, which operates on the basis of new signature algorithms in accordance with GOST R 34.10-2012. “CryptoPro CSP 4.0” can run on Windows 10. At this time, this module is not certified, but the developer company plans to certify the 4th version of its product in the very near future.
The following is a description of how how to install “CryptoPro 4.0”.
The official Internet resource of the development company "CRYPTO-PRO" upon completion of preliminary registration provides the opportunity to download files, distributions, updates, etc. of the CryptoPro CSP program.

Once registration is complete, a page with a license agreement will appear. You must read its terms and conditions and then, if you agree with them, click on “I agree.” Next you will be taken to the file download page.

In order to download the distribution, you must first select “CryptoPro CSP 4.0 for Windows and UNIX (uncertified)”, and then in the link that appears with information about the checksum, left-click on “CryptoPro CSP 4.0 for Windows”.

How to install CryptoPro 4.0. When the download is complete, you need to run the newly downloaded program file “CSPSetup.exe”. In the security warning window that opens, in order to allow the program to make changes to the computer, you need to click on the “Yes” button. In the next window that opens, select “Install (recommended).”

The installation of the CryptoPro CSP 4.0 module will begin, which will take a few seconds.

After installing the CryptoPro CSP 4.0 module on your computer, you can start working with it.

Memo:

• according to the terms of the license agreement, there is a limitation on the period of use of the demo version of CryptoPro CSP 4.0, which is 90 days from the moment of direct installation of the product;
• The demo version of the CryptoPro CSP 4.0 module is provided only during the initial installation of the product; if installed again, the program will not work in demo mode.

Information about the type of license and its validity period is posted in the CryptoPro CSP application. In the Windows 10 operating system, it is most convenient to use the application search, for which you need to click on the “Magnifying Glass” icon, which is located next to “Start”, and then select “Classic application “CryptoPro CSP”.

A new “CryptoPro CSP” window will appear, where in the “General” tab information about the license is located (serial number, not fully specified; owner’s name; name of organization; license type: client or service; validity period; when the initial installation was performed, etc.) d.). Here you can purchase a license online and enter its serial number.

The CryptoPro CSP 4.0 module operates during the entire license period. If your current license has expired, you must purchase the right to a new one. This can be done at any convenient time. The license key (i.e. its serial number) is sent to the specified email address immediately after payment is received.
To enter a new serial number, you must click on “Enter license”. A window will open in which in the “Serial number” item you should indicate the purchased license key and then click on “Ok”.

After completing all installation stages, the CryptoPro CSP 4.0 program is completely ready for use.

How to install CryptoPro on a computer, installing CryptoPro 4.0

CryptoPro CSP is a crypto provider and provides the legal significance of electronic documentation and connection protection. This is a key product among CryptoPro products. How CryptoPro CSP install most questions arise. We suggest that you familiarize yourself with the information below to install the program correctly. To install this software on a computer, the user must have administrator rights. The software on the disk must be inserted into the drive or selected the distribution folder on the computer. After launching the Installation Wizard, you must select the language to use. During installation, it is also possible to select the protection level (class).

Further installation is carried out in accordance with the choice of actions specified by the Installation Wizard. Thus, you may need to specify a serial key, configure additional sensors, and adjust CIPF to use the key storage service. The installation can be complete or selective, depending on the user’s tasks. Custom installation will help you install additional required components. After installation, it is advisable to restart the computer for the program to work correctly.

Cryptoprovider CryptoPro CSP is designed for:

• ensuring the legal significance of documents for electronic document management, through the formation and verification of electronic signatures, according to Russian cryptographic standards GOST R 34.11-94/GOST R 34.11-2012 and GOST R 34.10-2001/GOST R 34.10-2012;
• encryption and imitation protection in accordance with GOST 28147-89 will guarantee the confidentiality and integrity of information;
• ensuring authenticity, imitation protection and confidentiality of TLS connections;
• protection against software modification and violation of its operating algorithms;
• management of key elements of the system, in accordance with the regulations on protective equipment.

Key media for CryptoPro CSP

CryptoPro CSP can be used in conjunction with many key media, but most often the Windows registry, flash drives and tokens are used as key media.

The most secure and convenient key media that is used in conjunction with CryptoPro CSP,are tokens. They allow you to conveniently and securely store your electronic signature certificates. Tokens are designed in such a way that even if stolen, no one will be able to use your certificate.

• floppy disks 3.5";
• MPCOS-EMV processor cards and Russian smart cards (Oscar, RIK) using smart card readers that support the PC/SC protocol (GemPC Twin, Towitoko, Oberthur OCR126, etc.);
• Touch-Memory DS1993 - DS1996 tablets using Accord 4+ devices, Sobol electronic lock or Touch-Memory DALLAS tablet reader;
• electronic keys with USB interface;
• removable media with USB interface;
• Windows OS registry;

Digital signature certificate for CryptoPro CSP

CryptoPro CSP works correctly with all certificates issued in accordance with GOST requirements, and therefore with the majority of certificates issued by Certification Authorities in Russia.

In order to start using CryptoPro CSP, you will definitely need a digital signature certificate. If you have not yet purchased a digital signature certificate, we recommend that you purchase an electronic signature on this page.

Supported Windows Operating Systems

	CSP 3.6	CSP 3.9	CSP 4.0
Windows 2012 R2		x64	x64
Windows 8.1		x86/x64	x86/x64
Windows 2012	x64	x64	x64
Windows 8	x86/x64	x86/x64	x86/x64
Windows 2008 R2	x64 / itanium	x64	x64
Windows 7	x86/x64	x86/x64	x86/x64
Windows 2008	x86 / x64 / itanium	x86/x64	x86/x64
Windows Vista	x86/x64	x86/x64	x86/x64
Windows 2003 R2	x86 / x64 / itanium	x86/x64	x86/x64
Windows XP	x86/x64
Windows 2003	x86 / x64 / itanium	x86/x64	x86/x64
Windows 2000	x86

Supported Algorithms

	CSP 3.6	CSP 3.9	CSP 4.0
GOST R 34.10-2012 Creating a signature			512 / 1024 bit
GOST R 34.10-2012 Signature verification			512 / 1024 bit
GOST R 34.10-2001 Creating a signature	512 bit	512 bit	512 bit
GOST R 34.10-2001 Signature verification	512 bit	512 bit	512 bit
GOST R 34.10-94 Creating a signature	1024 bit*
GOST R 34.10-94 Signature verification	1024 bit*
GOST R 34.11-2012			256 / 512 bit
GOST R 34.11-94	256 bit	256 bit	256 bit
GOST 28147-89	256 bit	256 bit	256 bit

* - up to version CryptoPro CSP 3.6 R2 (build 3.6.6497 dated 2010-08-13) inclusive.

CryptoPro CSP license terms

When purchasing CryptoPro CSP, you receive a serial number, which you need to enter during the installation or configuration process of the program. The validity period of the key depends on the selected license. CryptoPro CSP can be distributed in two versions: with an annual license or a perpetual one.

Having purchased perpetual license, you will receive a CryptoPro CSP key, the validity of which will not be limited. If you buy an annual license, you will receive a serial number CryptoPro CSP, which will be valid for a year after purchase.

CryptoPro CSP has a certificate of conformity of the FSB of the Russian Federation

The CryptoPro Rutoken CSP solution is a joint development of the CryptoPro and Aktiv companies, which integrates the capabilities of the cryptoprovider CryptoPro CSP and Rutoken USB tokens. An important feature of FKN technology is the division of cryptographic power between the cryptoprovider CryptoPro CSP and Rutoken KP - a cryptographic USB token model specially adapted for FKN technology, made on the basis of Rutoken EDS.

Rutoken KP is used in FKN technology to generate key pairs, develop approval keys, carry out electronic signatures, etc. Performing these operations on board the token ensures the highest degree of safety of key information. Rutoken KP is used and supplied only as part of CryptoPro Rutoken CSP; this USB token is not distributed separately.

In the new version of CryptoPro Rutoken CSP, in addition to Rutoken KP, there is support for the standard Rutoken EDS 2.0 model for generating and securely storing key pairs and CryptoPro CSP containers. Key information is stored on Rutoken EDS 2.0 without the possibility of retrieving it. The use of Rutoken EDS 2.0 as part of CryptoPro Rutoken CSP provides an optimal solution configuration in terms of cost and capabilities for cases where increased requirements for the level of protection of communication channels with the key carrier are not imposed.

The CryptoPro Rutoken CSP solution is the successor to the CryptoPro CSP CIPF and supports all its capabilities. It is also fully integrated into the public key infrastructure based on the CryptoPro CA certification center.

Purpose

CIPF CryptoPro Rutoken CSP is intended for use in Russian PKI systems, in systems of legally significant electronic document management and in other information systems that use digital signature technologies. Including:

• in client-bank systems when signing payment orders;
• in secure document management systems;
• in reporting collection systems for electronic submission;
• in government and management bodies at the federal and regional levels;
• in all other cases where it is necessary to ensure increased protection of user keys.

Possibilities

• Supports all functionality CIPF CryptoPro CSP 3.9 .
• Provides full integration with PKI infrastructure based on CryptoPro CA.
• Also works with the standard model Rutoken EDS 2.0.
• Using the hardware resources of Rutoken KP or Rutoken EDS 2.0, the following cryptographic operations are performed:
  • generation of key pairs GOST R 34.10-2001;
  • generation of an electronic signature in accordance with GOST R 34.10-2001;
  • Diffie-Hellman negotiation key calculation (RFC 4357).
• Provides secure storage and use of private keys inside the key media without the possibility of retrieval.

Functional key carrier

The FKN architecture implements a fundamentally new approach to ensuring the secure use of key information stored on hardware media.

In addition to forming an electronic signature and generating encryption keys directly in the microprocessor, the key carrier can effectively resist attacks related to the substitution of a hash value or signature in a communication channel.

Main advantages of FKN

• The possibility of replacing a signature in the exchange protocol is excluded; the electronic signature is generated in parts: first in the key medium, then finally in the CSP software part.
• Generation of electronic signature keys and approval keys, as well as creation of an electronic signature within the Federal Computer Science Department.
• Transmitting a hash value over a secure channel that eliminates the possibility of substitution.
• Once the container is created, the user's key is not stored either in the key container or in the crypto provider's memory, and is not used explicitly in cryptographic transformations.
• Enhanced data protection when transmitted over an open channel due to the use of mutual authentication of the key carrier and the software component using the original protocol based on the EKE (electronic key exchange) procedure. In this case, it is not the PIN code that is transmitted, but a point on the elliptic curve.
• Increased privacy of private keys.
• The key can be generated by FKN or loaded externally.
• Performing cryptographic operations on elliptic curves directly with the key carrier, supporting Russian electronic signatures.