Cryptopro 4.0 system requirements. Purpose of CryptoPro CSP. Operating systems and hardware platforms

Good afternoon dear friends! Today I want to review with you the CryptoPro CSP software product, which is very important for our work. CryptoPro CSP is a program, not free, that helps us install our certificates, or digital signature, digital signature, whatever, the meaning is the same.

Let's take a closer look at this program. There are several versions of this program. Versions 3.6, 3.9, 4.0. In addition, there are still a huge number of modifications of each version.

Versions of CryptoPro CSP

Why are there 3 versions used? Why not leave just the latest one? The answer is very simple. Each version is made for a specific operating system. For example, CryptoPro CSP 3.6 can be installed on Windows 2000, XP and so on, but there is a limit. The latest operating system you can install on version 3.6 is Windows 8 and Windows 2012. What if we tell you Windows 10? Then you need to install version 4.0. There are no special differences between 3.9 and 4.0, specifically in terms of operating platforms.

That is, if you Windows 7, then you need to buy version 3.6, and if Windows 10, then 4.0.

License for CryptoPro CSP

License for CryptoPro CSP definitely a must buy. The license price is not so high as to steal the program. Especially CryptoPro is not a greedy company and it has perpetual licenses, that is, according to the “buy and forget” principle. But there are times when the program is needed in the middle of the night and urgently, and perhaps there is no time to buy it. So I'll tell you a little secret.

CryptoPro CSP for free!

You didn't think so! CryptoPro CSP It's still possible for free. Guys,who wrote the program, I repeat, they are not greedy and understand everything. Therefore, they gave you a gift in the form of using their program for free for e three months. But after the trial period ends, you will still have to purchase a license forthis software product.

How to install CryptoPro CSP

T Now let's look at the process of installing the program. To do this, download the distribution, unpack it and open it. I will install version 3.6.

Unpacking the distribution

Now open the installation file, just double-click with the left mouse button.

We see the installation process.

The program may warn you that you may have to restart your computer after installing the program. Therefore, I advise you, before clicking anything, save all open documents and close all programs so as not to lose data. Click "OK"

After the program Once fully installed, you will see a window like this. Just click “Finish”

After this, the program will ask you to reboot now or later? You can do this now, then click " OK ", if you want to reboot later, click "No".

That's it, the installation is complete!

Download CryptoPro CSP for free

You can download the program from the official website, but pre-registration is required there. But manufacturer says that installation can only be done after you purchase the program either from them or from partners. Everything they say is true. But if you still just want to introduce b If you have a program, you can download it from me.

Download CryptoPro CSP 4.0

Download CryptoPro CSP 3.9 R2

Download CryptoPro CSP 3.6 R4

CryptoPro CSP 5.0

Also be sure to read my article. There I talk about why this plugin is needed and how important it is for our work with CryptoPro CSP.

N and that's all! If you have any questions, ask them in the comments! Good luck and good luck to everyone!

To be the first to receive all the news from our website!

CIPF(a cryptographic information protection tool) “CryptoPro CSP” is an independent OS module designed to perform various cryptographic operations, such as electronic signature, encryption, and imitation protection. The functioning of the vast majority of encryption software products is impossible without a crypto provider, and signing electronic signature documents is also impossible.

The functionality of the CryptoPro CSP module is that it:

• allows you to submit reports electronically to various government agencies;
• ensures participation in electronic trading;
• organizes legally significant document flow;
• protects confidential information at the time of its transmission.

Module "CryptoPro CSP" developed by CRYPTO-PRO, a company that is one of the leaders in the information security market. At this time, 5 versions of the CryptoPro CSP module have been released, the difference between which lies in the following parameters: the operating system in which the program operates; supported cryptographic algorithms; validity periods of certificates issued by competent authorities. The development company has posted a table on its official Internet resource with a detailed comparison of all current versions of the CryptoPro CSP module. On this website, the development company has posted information about current certificates.

How to install “CryptoPro 4.0”

The latest current version of the CryptoPro CSP module is the fourth, which operates on the basis of new signature algorithms in accordance with GOST R 34.10-2012. “CryptoPro CSP 4.0” can run on Windows 10. At this time, this module is not certified, but the developer company plans to certify the 4th version of its product in the very near future.
The following is a description of how how to install “CryptoPro 4.0”.
The official Internet resource of the development company "CRYPTO-PRO" upon completion of preliminary registration provides the opportunity to download files, distributions, updates, etc. of the CryptoPro CSP program.

Once registration is complete, a page with a license agreement will appear. You must read its terms and conditions and then, if you agree with them, click on “I agree.” Next you will be taken to the file download page.

In order to download the distribution, you must first select “CryptoPro CSP 4.0 for Windows and UNIX (uncertified)”, and then in the link that appears with information about the checksum, left-click on “CryptoPro CSP 4.0 for Windows”.

How to install CryptoPro 4.0. When the download is complete, you need to run the newly downloaded program file “CSPSetup.exe”. In the security warning window that opens, in order to allow the program to make changes to the computer, you need to click on the “Yes” button. In the next window that opens, select “Install (recommended).”

The installation of the CryptoPro CSP 4.0 module will begin, which will take a few seconds.

After installing the CryptoPro CSP 4.0 module on your computer, you can start working with it.

Memo:

• according to the terms of the license agreement, there is a limitation on the period of use of the demo version of CryptoPro CSP 4.0, which is 90 days from the moment of direct installation of the product;
• The demo version of the CryptoPro CSP 4.0 module is provided only during the initial installation of the product; if installed again, the program will not work in demo mode.

Information about the type of license and its validity period is posted in the CryptoPro CSP application. In the Windows 10 operating system, it is most convenient to use the application search, for which you need to click on the “Magnifying Glass” icon, which is located next to “Start”, and then select “Classic application “CryptoPro CSP”.

A new “CryptoPro CSP” window will appear, where in the “General” tab information about the license is located (serial number, not fully specified; owner’s name; name of organization; license type: client or service; validity period; when the initial installation was performed, etc.) d.). Here you can purchase a license online and enter its serial number.

The CryptoPro CSP 4.0 module operates during the entire license period. If your current license has expired, you must purchase the right to a new one. This can be done at any convenient time. The license key (i.e. its serial number) is sent to the specified email address immediately after payment is received.
To enter a new serial number, you must click on “Enter license”. A window will open in which in the “Serial number” item you should indicate the purchased license key and then click on “Ok”.

After completing all installation stages, the CryptoPro CSP 4.0 program is completely ready for use.

CSP CryptoPro is a program for adding and checking digital files. It adds and protects cryptographic files (electronic documents) that contain a digital signature. CryptoPro has "Winlogon" for very important documents and third-party files that support a digital certificate.

CSP CryptoPro is used in companies that have documents in electronic form. The program provides protection and legal force for valuable documents and securities in digital form. Digitally signed data has the power of official documents.

CSP CryptoPro allows you to create digital security and sign (certificate) for any document. This program is suitable for organizations with valid GOST standards. It controls the data and structure of information. Security program algorithms are managed through a special manager.

You can configure CSP CryptoPro and specify the level of protection and confidentiality of documents. After setup, some documents will be strictly confidential. The program is equipped with tools that issue and verify security certificates. Using the CryptoPro Winlogon module, you can register new users in the Windows operating system.

CryptoPro Winlogon works with support for the Kerberos V5 protocol. Login and access to data is carried out after a complete verification of the certificate of the storage medium located in the organization.

The crypto provider provides protection for various sources of digital data. Older organizations and companies use hardware to support floppy disks. CryptoPro was created on a commercial basis with a paid license. Once you install the program, you use it for 30 days, that is, a trial period. After this you will have to buy a license.

Key Features

• Digital certificate protection through verification tools;
• full verification of digital documents and the relevance of the certificate;
• electronic registration of documents on a legal basis;
• accessing and verifying the certificate on the main media;
• full control and verification of data after information transfer;
• comparison of document size and other algorithms for work;
• the program supports documents that are created in accordance with these GOSTs;
• complete protection of digital documents and customization of the degree of protection;

CryptoPro CSP 5.0 is a new generation of crypto provider, developing three main product lines of the CryptoPro company: CryptoPro CSP (classic tokens and other passive storage of secret keys), CryptoPro FKN CSP/Rutoken CSP (unretrievable keys on tokens with secure messaging) and CryptoPro DSS (keys in the cloud).

All the advantages of products from these lines are not only preserved, but also multiplied in CryptoPro CSP 5.0: the list of supported platforms and algorithms is wider, performance is higher, and the user interface is more convenient. But the main thing is that working with all key media, including keys in the cloud, is now uniform. To transfer the application system in which CryptoPro CSP of any version worked to support keys in the cloud or to new media with non-removable keys, no software reworking will be required - the access interface remains the same, and work with the key in the cloud will occur exactly the same in the same way as with the classic key carrier.

Purpose of CryptoPro CSP

• Generating and verifying an electronic signature.
• Ensuring confidentiality and monitoring the integrity of information through its encryption and imitation protection.
• Ensuring authenticity, confidentiality and imitational protection of connections using the and protocols.
• Monitoring the integrity of system and application software to protect it from unauthorized changes and violations of trusted functioning.

Supported Algorithms

In CryptoPro CSP 5.0, along with Russian ones, foreign cryptographic algorithms are implemented. Now users have the opportunity to use familiar key media to store RSA and ECDSA private keys.

Supported key storage technologies

Cloud token

In the cryptoprovider CryptoPro CSP 5.0, for the first time, it became possible to use keys stored on the CryptoPro DSS cloud service through the CryptoAPI interface. Now keys stored in the cloud can be easily used by any user applications, as well as most Microsoft applications.

Media with non-retrievable keys and secure messaging

CryptoPro CSP 5.0 adds support for media with non-retrievable keys that implement the protocol SESPAKE, allowing authentication without transmitting the user’s password in clear text, and establishing an encrypted channel for the exchange of messages between the crypto provider and the carrier. An attacker located in the channel between the medium and the user's application can neither steal the authentication password nor replace the signed data. When using such media, the problem of secure work with non-removable keys is completely solved.

The companies Active, InfoCrypt, SmartPark and Gemalto have developed new secure tokens that support this protocol (SmartPark and Gemalto starting from version 5.0 R2).

Media with non-removable keys

Many users want to be able to work with non-retrievable keys, but not upgrade tokens to the FKN level. Especially for them, the provider has added support for the popular key carriers Rutoken EDS 2.0, JaCarta-2 GOST and InfoCrypt VPN-Key-TLS.

List of manufacturers and models supported by CryptoPro CSP 5.0

List of manufacturers and models of media with non-retrievable keys supported by CryptoPro CSP 5.0

Company	Carrier
ISBC	Esmart Token GOST
Assets	Rutoken 2151
	Rutoken PINPad
	Rutoken EDS
	Rutoken EDS 2.0
	Rutoken EDS 2.0 2100
	Rutoken EDS 2.0 3000
	Rutoken EDS PKI
	Rutoken EDS 2.0 Flash
	Rutoken EDS 2.0 Bluetooth
	Rutoken EDS 2.0 Touch
	Smart card Rutoken 2151
	Smart card Rutoken EDS 2.0 2100
Aladdin R.D.	JaCarta-2 GOST
Infocrypt	InfoCrypt Token++ TLS
	InfoCrypt VPN-Key-TLS

Classic passive USB tokens and smart cards

Most users prefer fast, cheap and convenient key storage solutions. As a rule, preference is given to tokens and smart cards without cryptographic coprocessors. As in previous versions of the provider, CryptoPro CSP 5.0 retains support for all compatible media produced by the companies Active, Aladdin R.D., Gemalto/SafeNet, Multisoft, NovaCard, Rosan, Alioth, MorphoKST and SmartPark.

In addition, of course, as before, methods for storing keys in the Windows registry, on a hard drive, on flash drives on all platforms are supported.

List of manufacturers and models supported by CryptoPro CSP 5.0

List of manufacturers and models of classic passive USB tokens and smart cards supported by CryptoPro CSP 5.0

Company	Carrier
Alioth	SCOne Series (v5/v6)
Gemalto	Optelio Contactless Dxx Rx
	Optelio Dxx FXR3 Java
	Optelio G257
	Optelio MPH150
ISBC	Esmart Token
	Esmart Token GOST
MorphoKST	MorphoKST
NovaCard	Cosmo
Rosan	G&D element V14 / V15
	G&D 3.45 / 4.42 / 4.44 / 4.45 / 4.65 / 4.80
	Kona 2200s / 251 / 151s / 261 / 2320
	Kona2 S2120s/C2304/D1080
SafeNet	eToken Java Pro JC
	eToken 4100
	eToken 5100
	eToken 5110
	eToken 5105
	eToken 5205
Assets	Rutoken 2151
	Rutoken S
	Rutoken KP
	Rutoken Lite
	Rutoken EDS
	Rutoken EDS 2.0
	Rutoken EDS 2.0 3000
	Rutoken EDS Bluetooth
	Rutoken EDS Flash
	Smart card Rutoken 2151
	Smart card Rutoken Lite
	Smart card Rutoken EDS SC
	Smart card Rutoken EDS 2.0
Aladdin R.D.	JaCarta GOST
	JaCarta PKI
	JaCarta PRO
	JaCarta LT
	JaCarta-2 GOST
Infocrypt	InfoCrypt Token++ lite
Multisoft	MS_Key isp.8 Hangar
	MS_Key ESMART use.5
SmartPark	Master's degree
	R301 Foros
	Oscar
	Oscar 2
	Magister's Rutoken

CryptoPro Tools

As part of CryptoPro CSP 5.0, a cross-platform (Windows/Linux/macOS) graphical application appeared - “CryptoPro Tools”.

The main idea is to provide users with the opportunity to conveniently solve common problems. All basic functions are available in a simple interface - at the same time, we have also implemented a mode for advanced users, which opens up additional opportunities.

Using CryptoPro Tools, the tasks of managing containers, smart cards and crypto provider settings are solved, and we have also added the ability to create and verify a PKCS#7 electronic signature.

Supported Software

CryptoPro CSP allows you to quickly and securely use Russian cryptographic algorithms in the following standard applications:

• office suite Microsoft Office;
• mail server Microsoft Exchange and client Microsoft Outlook;
• products Adobe Systems Inc.;
• browsers Yandex.Browser, Sputnik, Internet Explorer,Edge;
• application signature generation and verification tool Microsoft Authenticode;
• web servers Microsoft IIS, nginx, Apache;
• Remote Desktop Tools Microsoft Remote Desktop Services;
• Microsoft Active Directory.

Integration with the CryptoPro platform

From the very first release, support and compatibility with all our products are provided:

• CryptoPro CA;
• CA Services;
• CryptoPro EDS;
• CryptoPro IPsec;
• CryptoPro EFS;
• CryptoPro.NET;
• CryptoPro Java CSP.
• CryptoPro NGate

Operating systems and hardware platforms

Traditionally, we work in an unrivaled wide range of systems:

• Microsoft Windows;
• Mac OS;
• Linux;
• FreeBSD;
• Solaris;
• Android;
• Sailfish OS.

hardware platforms:

• Intel/AMD;
• PowerPC;
• MIPS (Baikal);
• VLIW (Elbrus);
• Sparc.

and virtual environments:

• Microsoft Hyper-V
• VMWare
• Oracle Virtual Box
• RHEV.

Supported by different versions of CryptoPro CSP.

To use CryptoPro CSP with a license for a workstation and a server.

Interfaces for embedding

For integration into applications on all platforms, CryptoPro CSP is available through standard interfaces for cryptographic tools:

• Microsoft CryptoAPI;
• PKCS#11;
• OpenSSL engine;
• Java CSP (Java Cryptography Architecture)
• Qt SSL.

Performance for every taste

Years of development experience allows us to cover all solutions from miniature ARM boards such as Raspberry PI to multiprocessor servers based on Intel Xeon, AMD EPYC and PowerPC, with excellent performance scaling.

Regulatory documents

Complete list of regulatory documents

• The crypto provider uses algorithms, protocols and parameters defined in the following documents of the Russian standardization system:
• R 50.1.113–2016 “Information technology. Cryptographic information protection. Cryptographic algorithms accompanying the use of electronic digital signature algorithms and hashing functions" (also see RFC 7836 "Guidelines on the Cryptographic Algorithms to Accompany the Usage of Standards GOST R 34.10-2012 and GOST R 34.11-2012")
• R 50.1.114–2016 “Information technology. Cryptographic information protection. Elliptic curve parameters for cryptographic algorithms and protocols" (also see RFC 7836 "Guidelines on the Cryptographic Algorithms to Accompany the Usage of Standards GOST R 34.10-2012 and GOST R 34.11-2012")
• R 50.1.111–2016 “Information technology. Cryptographic information protection. Password protection of key information"
• R 50.1.115–2016 “Information technology. Cryptographic information protection. "Shared Key Generation Protocol with Password Authentication" (also see RFC 8133 The Security Evaluated Standardized Password-Authenticated Key Exchange (SESPAKE) Protocol ")
• Methodological recommendations TC 26 “Cryptographic information protection” “Use of sets of encryption algorithms based on GOST 28147-89 for the transport layer security protocol (TLS)”
• Methodological recommendations TC 26 “Cryptographic information protection” “Use of GOST 28147-89, GOST R 34.11 and GOST R 34.10 algorithms in cryptographic messages in CMS format”
• Technical specification TC 26 “Cryptographic information protection” “Use of GOST 28147-89, GOST R 34.11-2012 and GOST R 34.10-2012 in the IKE and ISAKMP key exchange protocols”
• Technical specification TC 26 “Cryptographic information protection” “Use of GOST 28147-89 when encrypting attachments in IPsec ESP protocols”
• Technical specification TC 26 “Cryptographic information protection” “Use of GOST R 34.10, GOST R 34.11 algorithms in the certificate profile and certificate revocation list (CRL) of the X.509 public key infrastructure”
• Technical specification TC 26 “Cryptographic information protection” “Extension of PKCS#11 for the use of Russian standards GOST R 34.10-2012 and GOST R 34.11-2012”

A cryptoprovider is a means of cryptoprotection of information (), without which use becomes impossible. is formed on the basis of cryptographic algorithms, and the implementation of these processes is possible only with the presence of CIPF. CryptoPro CSP is the most popular product on the Russian market of cryptographic utilities. Most electronic trading platforms, state information systems (UAIS FST, EGAIS, etc.) and regulatory authorities that accept reports via the Internet (Federal Tax Service, Social Insurance Fund, Pension Fund of Russia) work with this program.

At the end of September 2019, two versions of CIPF are valid in the CRYPTO-PRO line - 4.0 and 5.0. Both programs are certified and provide a full range of capabilities for digital signature owners. In this article we will focus on, consider the functions and characteristics of the software, licensing features, installation and configuration procedures.

We will help you obtain an electronic signature. Consultation 24 hours!

Leave a request and get a consultation.

CIPF CryptoPro version 4.0: characteristics and functionality

State portals and trading platforms that accept information from users post on their websites requirements and instructions for working with electronic documents. In addition to , there is another popular crypto provider on the market - VipNet CSP. But some organizations (for example, Rosreestr) limit users’ choices and specify in the requirements the mandatory use of CryptoPro CSP. When issuing CEDS certificates, certification authorities also most often use CryptoPro, so if the user installs another crypto provider on the PC, errors may occur when creating the digital signature.

Software functions

CryptoPro software is systematically updated and improved. Latest certified build version (3-Base version). All current updates can be tracked on the developer’s official website in the “Certificates” section.

The crypto provider has been certified by the FSB. This means that it can be used to create an electronic signature and encrypt data in accordance with the Federal Law-63.

CIPF performs the following functions:

• gives legal force to digital files certified by the CEDS;
• prevents data compromise using modern cryptographic encryption and imitation protection tools;
• guarantees the authenticity and immutability of electronic files;
• supports the official authorization of private entrepreneurs and legal entities on Internet platforms and web portals of government bodies.

Without a crypto provider, the user will not be able to participate in electronic document management (EDF) and perform the following operations:

• remote ;
• sending reporting documentation to Rosstat, Pension Fund and other government agencies;
• interaction with information services, AIS State Order, GIS Housing and Communal Services, etc.;
• bank transfers and other financial transactions where CEDS are needed;
• submitting an online application for participation in auctions under Federal Laws No. 223 and No. 44;
• support of bankruptcy proceedings;
• interaction with participants of corporate e-document flow.

From January 1, 2019, all CAs issue electronic certificates according to the new standard (GOST R 34.10-2012). The software fully complies with this standard and supports new cryptographic protection algorithms.

• System requirements for installing software

  To fully use all the functionality of the crypto provider, all that remains is to install certificates in the PC registry. As a rule, CAs issue certificates on key flash media; in rare cases, they are sent to the owner’s email.

  The certificate is installed in the “Service” section of the CryptoPro program. It is recommended to perform this procedure in accordance with the instructions from the developer. As a result, the certificate should be saved in the “Personal” folder.

  At the final stage, save the root certificate (RC), which is available for download on the CA website. This document is saved in the Trusted folder. The CS performs an important function in e-document flow - it confirms that the certificate was obtained from an accredited CA.