Programs

Cryptopro csp 4.0 license agreement. Purpose of CryptoPro CSP

CIPF(means of cryptographic information protection) " CryptoPro CSP" is an independent OS module designed to perform various crypto-operations, such as electronic signature, encryption, imitation protection. The functioning of the vast majority of encryption software products is impossible without a crypto provider, and it is also impossible to sign ES documents.

The functionality of the CryptoPro CSP module is that it:

allows you to submit reports electronically to various government agencies;
provides participation in electronic auctions;
organizes legally significant document circulation;
protects confidential information at the time of its transfer.

Module "CryptoPro CSP" developed by "CRYPTO-PRO" - a company that is one of the leaders in the market of information security tools. For this period, 5 versions of the CryptoPro CSP module have been released, the difference between which lies in the following parameters: the operating system in which the program operates; supported cryptoalgorithms; the validity period of certificates issued by the competent authorities. The developer company posted a table with a detailed comparison of all current versions of the CryptoPro CSP module on its official Internet resource. On this web page, the developer company has posted information about valid certificates.

How to install "CryptoPro 4.0"

The latest actual version of the CryptoPro CSP module is the fourth, which operates on the basis of new signature algorithms in accordance with GOST R 34.10-2012. "CryptoPro CSP 4.0" can work in Windows 10. For this period this module not certified, but the developer company plans to certify the 4th version of its product in the very near future.
The following is a description of how to install "CryptoPro 4.0".
The official Internet resource of the CRYPTO-PRO developer company, upon completion of the preliminary registration, provides the opportunity to download files, distributions, updates, etc. of the CryptoPro CSP program.

Upon completion of registration, a page with a license agreement will appear. You must read its terms and conditions and then, if you agree with them, click on "I agree". Next, you will be redirected to the file download page.

In order to download the distribution, you must first select "CryptoPro CSP 4.0 for Windows and UNIX (non-certified)", and then left-click on "CryptoPro CSP 4.0 for Windows" in the link with checksum information that appears.

How to install "CryptoPro 4.0". When the download is complete, you need to run the just downloaded program file CSPSetup.exe. In the window that opens about the security warning, in order to allow the program to make changes to the computer, you need to click on the "Yes" button. In the next window that opens, select "Install (recommended)".

The direct installation of the CryptoPro CSP 4.0 module will begin, which takes a few seconds.

Upon completion of the installation of the CryptoPro CSP 4.0 module on the computer, you can start working with it.

Reminder:

under the terms of the license agreement, there is a limitation on the period of use of the demo version of "CryptoPro CSP 4.0", which is 90 days from the date of direct installation of the product;
the demo version of the module "CryptoPro CSP 4.0" is provided only with initial installation product, if you reinstall the program in demo mode, it will not work.

Information about the type of license and the period of its validity is available in the CryptoPro CSP application. In the operating room Windows system 10 it is most convenient to use the application search, for which you need to click on the "Magnifying glass" icon, which is located next to "Start", and then select "CryptoPro CSP Classic Application".

A new “CryptoPro CSP” window will appear, where the “General” tab contains information about the license (incomplete serial number; owner’s name; company name; license type: client or service; period of validity; when the initial installation was carried out, etc.). d.). Here you can also purchase a license online and enter its serial number.

The operation of the CryptoPro CSP 4.0 module is carried out during the entire period of the license. If the current license has expired, then you need to buy the right to a new one. This can be done at any convenient time. The license key (i.e. its serial number) is sent to the specified email address immediately after payment is received.
To enter a new serial number, you must click on "Enter license". A window will open in which, in the paragraph " Serial number» you must indicate the purchased license key and then click on "OK".

After completing all the installation steps, the CryptoPro CSP 4.0 program is completely ready for use.

CryptoPro CSP 5.0 is a new generation of cryptographic provider that develops three main product lines of CryptoPro company: CryptoPro CSP (classic tokens and other passive storage of secret keys), CryptoPro FKN CSP / Rutoken CSP (non-retrievable keys on tokens with secure messaging) and CryptoPro DSS (keys in the cloud).

All the advantages of the products of these lines are not only preserved, but also multiplied in CryptoPro CSP 5.0: a wider list of supported platforms and algorithms, higher performance, more convenient user interface. But the main thing is that work with all key carriers, including keys in the cloud, is now uniform. For translate application system, in which CryptoPro CSP of any version worked, to support keys in the cloud or to new media with non-recoverable keys, no reworking of the software is required - the access interface remains the same, and work with the key in the cloud will occur in exactly the same way as with the classic key carrier.

Purpose of CryptoPro CSP

Formation and verification electronic signature.
Ensuring confidentiality and integrity control of information through its encryption and imitation protection.
Ensuring the authenticity, confidentiality and imitation protection of connections using the , and protocols.
Monitoring the integrity of system and application software to protect it from unauthorized changes and violations of trusted functioning.

Supported Algorithms

In CryptoPro CSP 5.0, along with Russian ones, foreign cryptographic algorithms are implemented. Users can now use familiar key carriers to store RSA and ECDSA private keys.

Supported key storage technologies

Cloud token

In CryptoPro CSP 5.0, for the first time, it became possible to use keys stored on cloud service CryptoPro DSS, through the CryptoAPI interface. Now the keys stored in the cloud can be easily used by anyone user applications, and most Microsoft applications.

Media with non-removable keys and secure messaging

CryptoPro CSP 5.0 adds support for media with non-recoverable keys that implement the protocol SESPAKE, which allows you to perform authentication without passing the user's password in clear form, and establish an encrypted channel for exchanging messages between the crypto provider and the carrier. An attacker in the channel between the carrier and the user's application can neither steal the password during authentication nor change the data being signed. When using such media, the problem is completely solved. safe work with irretrievable keys.

Active, InfoCrypt, SmartPark and Gemalto companies have developed new secure tokens that support this protocol (SmartPark and Gemalto starting from version 5.0 R2).

Media with non-removable keys

Many users want to be able to work with non-retrievable keys, but not upgrade tokens to the FKN level. Especially for them, the provider has added support for popular key carriers Rutoken EDS 2.0, JaCarta-2 GOST and InfoCrypt VPN-Key-TLS.

List of manufacturers and models supported by CryptoPro CSP 5.0

List of manufacturers and models of media with non-recoverable keys supported by CryptoPro CSP 5.0

Company	Carrier
ISBC	Esmart Token GOST
Assets	Rutoken 2151
	Rutoken PINPad
	Rutoken EDS
	Rutoken EDS 2.0
	Rutoken EDS 2.0 2100
	Rutoken EDS 2.0 3000
	Rutoken EDS PKI
	Rutoken EDS 2.0 Flash
	Rutoken EDS 2.0 Bluetooth
	Rutoken EDS 2.0 Touch
	Smart card Rutoken 2151
	Smart card Rutoken EDS 2.0 2100
Aladdin R.D.	JaCarta-2 GOST
infocrypt	InfoCrypt Token++ TLS
infocrypt	InfoCrypt VPN-Key-TLS

Classic passive USB tokens and smart cards

Most users prefer fast, cheap and convenient key storage solutions. As a rule, preference is given to tokens and smart cards without cryptographic coprocessors. As in previous versions provider, CryptoPro CSP 5.0 retains support for all compatible media manufactured by Active, Aladdin R.D., Gemalto / SafeNet, Multisoft, NovaCard, Rosan, Alioth, MorphoKST and SmartPark.

In addition, of course, as before, methods for storing keys in Windows registry, hard drive, flash drives on all platforms.

List of manufacturers and models supported by CryptoPro CSP 5.0

List of manufacturers and models of classic passive USB tokens and smart cards supported by CryptoPro CSP 5.0

Company	Carrier
Alioth	SCOne Series (v5/v6)
gemalto	Optelio Contactless Dxx Rx
	Optelio Dxx FXR3 Java
	Optelio G257
	Optelio MPH150
ISBC	Esmart Token
ISBC	Esmart Token GOST
MorphoKST	MorphoKST
NovaCard	Cosmo
Rosan	G&D element V14 / V15
	G&D 3.45 / 4.42 / 4.44 / 4.45 / 4.65 / 4.80
	Kona 2200s / 251 / 151s / 261 / 2320
	Kona2 S2120s / C2304 / D1080
safenet	eToken Java Pro JC
	eToken 4100
	eToken 5100
	eToken 5110
	eToken 5105
	eToken 5205
Assets	Rutoken 2151
	Rutoken S
	Rutoken KP
	Rutoken Lite
	Rutoken EDS
	Rutoken EDS 2.0
	Rutoken EDS 2.0 3000
	Rutoken EDS Bluetooth
	Rutoken EDS Flash
	Smart card Rutoken 2151
	Smart card Rutoken Lite
	Smart card Rutoken EDS SC
	Smart card Rutoken EDS 2.0
Aladdin R.D.	JaCarta GOST
	JaCarta PKI
	JaCarta PRO
	JaCartaLT
	JaCarta-2 GOST
infocrypt	InfoCrypt Token++ Lite
Multisoft	MS_Key version 8 Angara
Multisoft	MS_Key ESMART version 5
SmartPark	master's
	R301 Foros
	Oscar
	Oscar 2
	Rutoken Master

CryptoPro Tools

As part of CryptoPro CSP 5.0, a cross-platform (Windows/Linux/macOS) graphics application- “CryptoPro Tools” (“CryptoPro Tools”).

The main idea is to enable users to conveniently solve typical tasks. All the main functions are available in a simple interface - at the same time, we have also implemented a mode for advanced users, which opens up additional opportunities.

With the help of CryptoPro Tools, the tasks of managing containers, smart cards and settings of crypto providers are solved, and we have also added the ability to create and verify a PKCS # 7 electronic signature.

Supported software

CryptoPro CSP allows you to quickly and securely use Russian cryptographic algorithms in the following standard applications:

office suite Microsoft Office;
mail server Microsoft Exchange and client Microsoft Outlook;
products Adobe Systems Inc.;
browsers Yandex.Browser, Sputnik, Internet Explorer ,edge;
tool for generating and verifying application signatures Microsoft Authenticode;
web servers Microsoft IIS, nginx, Apache;
remote desktop tools Microsoft Remote Desktop Services;
Microsoft Active Directory.

Integration with the CryptoPro platform

From the very first release, support and compatibility with all our products is provided:

CryptoPro CA;
CA services;
CryptoPro EDS;
CryptoPro IPsec;
CryptoPro EFS;
CryptoPro.NET;
CryptoPro Java CSP.
CryptoPro NGate

Operating systems and hardware platforms

Traditionally, we work in an unsurpassed wide range of systems:

Microsoft Windows;
MacOS;
Linux;
FreeBSD;
solaris;
android;
SailfishOS.

hardware platforms:

Intel/AMD;
PowerPC;
MIPS (Baikal);
VLIW (Elbrus);
Sparc.

and virtual environments:

Microsoft Hyper-V
VMWare
Oracle VirtualBox
RHEV.

Supported different versions CryptoPro CSP.

To use CryptoPro CSP with a license for workplace and server.

Embedding Interfaces

For embedding in applications on all platforms, CryptoPro CSP is available through standard interfaces for cryptographic tools:

Microsoft Crypto API
PKCS#11;
OpenSSL engine;
Java CSP (Java Cryptography Architecture)
Qt SSL.

Performance for every taste

Years of development experience allows us to cover everything from miniature ARM boards such as Raspberry PI to multi-processor servers based on Intel Xeon, AMD EPYC, and PowerPC, scaling performance very well.

Regulatory documents

Full list of regulatory documents

The crypto provider uses the algorithms, protocols and parameters defined in the following documents Russian system standardization:
R 50.1.113-2016 " Information technology. Cryptographic protection information. Cryptographic Algorithms Accompanying the Application of Digital Signature Algorithms and Hashing Functions" (also see RFC 7836 "Guidelines on the Cryptographic Algorithms to Accompany the Usage of Standards GOST R 34.10-2012 and GOST R 34.11-2012")
R 50.1.114–2016 “Information technology. Cryptographic protection of information. Elliptic Curve Parameters for Cryptographic Algorithms and Protocols" (also see RFC 7836 "Guidelines on the Cryptographic Algorithms to Accompany the Usage of Standards GOST R 34.10-2012 and GOST R 34.11-2012")
R 50.1.111–2016 “Information technology. Cryptographic protection of information. Password protection of key information»
R 50.1.115–2016 “Information technology. Cryptographic protection of information. Shared Key Derivation Protocol with Password-Based Authentication" (also see RFC 8133 The Security Evaluated Standardized Password-Authenticated Key Exchange (SESPAKE) Protocol")
Guidelines TC 26 "Cryptographic information protection" "Using sets of encryption algorithms based on GOST 28147-89 for the transport layer security protocol (TLS)"
Guidelines TC 26 "Cryptographic information protection" "Use of algorithms GOST 28147-89, GOST R 34.11 and GOST R 34.10 in cryptographic messages of the CMS format"
Technical specification TC 26 "Cryptographic information protection" "Use of GOST 28147-89, GOST R 34.11-2012 and GOST R 34.10-2012 in the IKE and ISAKMP key exchange protocols"
Technical specification TC 26 "Cryptographic information protection" "Use of GOST 28147-89 when encrypting attachments in IPsec ESP protocols"
Technical specification TK 26 "Cryptographic information protection" "Use of algorithms GOST R 34.10, GOST R 34.11 in the certificate profile and certificate revocation list (CRL) infrastructure public keys X.509"
Technical Specification TK 26 "Cryptographic Information Protection" "PKCS # 11 extension for use Russian standards GOST R 34.10-2012 and GOST R 34.11-2012"

CSP CryptoPro is a program for adding and verifying digital files. It adds and protects cryptographic files (electronic documents) that have a digital signature. CryptoPro has "Winlogon" for very sensitive documents and third party files that support a digital certificate.

CSP CryptoPro is used in companies where there are documents in electronic form. The program provides protection and legal force for valuable documents and papers in digital form. Data from digital signature are as valid as official documents.

CSP CryptoPro allows you to create digital protection and put a signature (certificate) on any document. This program is suitable for organizations with valid GOSTs. It controls the data and the structure of information. Management of security program algorithms is provided through a special manager.

You can set up CSP CryptoPro and specify the level of protection and confidentiality of documents. Once configured, some documents will be strictly confidential. The program is equipped with tools that issue and verify security certificates. Using the CryptoPro Winlogon module, you can register new users in the Windows operating system.

CryptoPro Winlogon works with Kerberos V5 protocol support. Login and access to data is carried out after a full verification of the certificate of the information carrier located in the organization.

Cryproprovider provides protection for various sources of digital data. Older organizations and companies use floppy support equipment. CryptoPro was created on a commercial basis with a paid license. After installing the program, you use it for 30 days, that is, a trial period. After that, you will have to buy a license.

Key features

Protection of a digital certificate, through verification tools;
full verification of digital documents and the relevance of the certificate;
electronic registration of documents on a legal basis;
access to the certificate on the main carrier and its verification;
full control and verification of data after the transfer of information;
comparison of document size and other algorithms for work;
the program supports documents that are created in accordance with these GOSTs;
full protection of digital documents and setting the degree of protection;

Cryptoprovider is a means of cryptographic protection of information (), without which use becomes impossible. is formed on the basis of cryptographic algorithms, and the implementation of these processes is possible only in the presence of CIPF. CryptoPro CSP is the most popular product on Russian market cryptographic utilities. Most electronic trading platforms, state information systems (EAIS FTS, EGAIS, etc.) and regulatory authorities that accept reports via the Internet (FTS, FSS, PFR) work with this program.

At the end of September 2019, two versions of CIPF are valid in the CRYPTO-PRO line - 4.0 and 5.0. Both programs are certified and provide full set opportunities for EDS holders. In this article, we will focus on, consider the functions and characteristics of the software, licensing features, installation and configuration procedures.

We will help you get an EDS. Consultation 24 hours!

Leave a request and get a consultation.

CIPF CryptoPro version 4.0: features and functionality

State portals and trading platforms that accept from users post requirements and instructions for working with electronic documents. In addition, there is another popular crypto provider on the market - VipNet CSP. But some organizations (for example, Rosreestr) limit users in their choice and indicate in the requirements the mandatory use of CryptoPro CSP. When issuing CEDS certificates, certification centers also most often use CryptoPro, so if a user installs another crypto provider on a PC, errors may occur when creating an ES.

Software functions

CryptoPro software tools are systematically updated and improved. Latest certified build version (3-Base version). Everything actual updates can be tracked on the official website of the developer in the "Certificates" section.

The crypto provider has been certified by the FSB. This means that it can be used to create an electronic signature and encrypt data in accordance with the FZ-63 law.

SKZI performs the following functions:

gives legal effect to digital files certified by CECP;
prevents data from being compromised by modern means crypto-encryption and imitation protection;
guarantees the authenticity and immutability of electronic files;
supports the official authorization of private entrepreneurs and legal entities on Internet sites and web portals of state bodies.

Without a crypto provider, the user will not be able to participate in electronic document management (EDM) and perform the following operations:

remote ;
sending reporting documentation to Rosstat, FIU and other government agencies;
interaction in information services, AIS Goszakaz, GIS housing and communal services, etc.;
bank transfers and others financial operations where CECP is needed;
filing an online application for participation in auctions under Federal Law No. 223 and No. 44;
support of the bankruptcy procedure;
interaction with participants of corporate EDI.

From January 1, 2019, all CAs issue electronic certificates according to the new standard (GOST R 34.10-2012). The software fully complies with this standard and supports new encryption algorithms.

System requirements for software installation

For the full use of all functionality the only thing left for the crypto provider is to install the certificates in the PC registry. As a rule, CAs issue certificates on key flash media, in rare cases they are sent to email owner.

The certificate is installed in the "Service" section of the CryptoPro program. This procedure is recommended to be performed in accordance with the instructions from the developer. As a result, the certificate should be saved in the "Personal" folder.

At the final stage, save the root certificate (CA), which is available for download on the CA website. This document is saved in the Trusted folder. The CS performs an important function in EDF - it confirms that the certificate has been received from an accredited CA.

Good afternoon dear friends! Today I want to discuss with you a very important for our work software CryptoPro CSP. CryptoPro CSP is a program, not free, that helps us install our certificates, well, or EDS, EDS, whatever, the meaning is the same.

Let's take a closer look at this program. There are several versions of this program. Versions 3.6, 3.9, 4.0. In addition, there are still a huge number of modifications of each version.

Versions of CryptoPro CSP

Why is 3 versions used? Why not just keep the last one? The answer is very simple. Each version is made for a specific operating system. For example CryptoPro CSP 3.6 can be installed on Windows 2000, XP and so on, but there is a limit. Last operating system on which you can bet version 3.6 is Windows 8 and Windows 2012. What if you say Windows 10? Then you need to install the 4.0 version. There are no special differences between 3.9 and 4.0, namely in terms of operating platforms.

That is, if you Windows 7, then you need to buy version 3.6, and if Windows 10, then 4.0.

License for CryptoPro CSP

License for CryptoPro CSP must be purchased. The price of the license is not so high as to steal the program. Especially CryptoPro not a greedy firm and it has perpetual licenses, that is, according to the principle "I bought it and forgot it." But there are times when the program was needed in the middle of the night and urgently, and perhaps there is no time to buy it. So I will tell you a little secret.

CryptoPro CSP for free!

You didn't think so! CryptoPro CSP it's still possible for free. Guys,who wrote the program, I repeat, not greedy and everyone understands. Therefore, they have given you a gift in the form of using their program for free for e three months. But after finishing trial period You will still need to purchase a license forthis software product.

How to install CryptoPro CSP

T Now let's look at the process of installing the program. To do this, download the distribution, unpack it and open it. I will install version 3.6.

I unpack the distribution

Now let's open setup file, just double-click the left mouse button.

We see the installation process.

The program may warn you that you may have to restart your computer after installing the program. Therefore, I advise you, before clicking something, save all open documents and close all programs so as not to lose data. Click "OK"

After the program fully installed, you will see this window. Just click "Done"

After that, the program will ask you to reboot now or later? You can do it now, then click " OK ”, if you want to restart later, then click “No”.

That's it, the installation is complete!

Download CryptoPro CSP for free

You can download the program from the official site, but it requires prior registration. But manufacturer says that the installation can be done only after you buy the program either from them or from partners. Everything they say is right. But if you still just want to acquaint b Xia with the program, you can download it from me.

Download CryptoPro CSP 4.0

Download CryptoPro CSP 3.9 R2

Download CryptoPro CSP 3.6 R4

CryptoPro CSP 5.0

Also be sure to read my article. There I talk about why this plugin is needed and how important it is for our work with CryptoPro CSP.

H and that's all! If you have any questions ask them in the comments! Good luck and good luck to everyone!

To be the first to receive all the news from our site!