Latest version of cryptopro csp. Purpose of CryptoPro CSP
CryptoPro Rutoken CSP solution is joint development companies "CryptoPro" and "Active", which integrates the capabilities of the crypto provider CryptoPro CSP and USB tokens Rutoken. An important feature of FKN technology is the division of cryptographic power between the cryptoprovider CryptoPro CSP and Rutoken KP - a cryptographic USB token model specially adapted for FKN technology, made on the basis of Rutoken EDS.
Rutoken KP is used in FKN technology to generate key pairs, develop approval keys, implement electronic signature etc. Performing these operations on board the token ensures the highest possible degree of safety of key information. Rutoken KP is used and supplied only as part of CryptoPro Rutoken CSP; this USB token is not distributed separately.
IN new version CryptoPro Rutoken CSP, in addition to Rutoken KP, there is support for the standard model Rutoken EDS 2.0 for generating and securely storing key pairs and CryptoPro CSP containers. Key information is stored on Rutoken EDS 2.0 without the possibility of retrieving it. The use of Rutoken EDS 2.0 as part of CryptoPro Rutoken CSP provides an optimal solution configuration in terms of cost and capabilities for cases where there are increased requirements for the level of protection of communication channels with key carrier are not presented.
The CryptoPro Rutoken CSP solution is the successor to the CryptoPro CSP CIPF and supports all its capabilities. It is also fully integrated into the infrastructure public keys, based on the CryptoPro UC certification center.
Purpose
CIPF CryptoPro Rutoken CSP is intended for use in Russian systems PKI, in systems of legally significant electronic document management and in others information systems using technology digital signature. Including:
- in client-bank systems when signing payment orders;
- in secure document management systems;
- in reporting collection systems for submission to in electronic format;
- in government and management bodies at the federal and regional levels;
- in all other cases where it is necessary to ensure increased protection of user keys.
Possibilities
- Supports all functionality CIPF CryptoPro CSP 3.9 .
- Provides full integration with PKI infrastructure based on CryptoPro CA.
- Also works with the standard model Rutoken EDS 2.0.
- Using the hardware resources of Rutoken KP or Rutoken EDS 2.0, the following cryptographic operations are performed:
- generation of key pairs GOST R 34.10-2001;
- generation of an electronic signature in accordance with GOST R 34.10-2001;
- Diffie-Hellman negotiation key calculation (RFC 4357).
- Provides secure storage and use of private keys inside the key media without the possibility of retrieval.
Functional key carrier
The FKN architecture implements a fundamentally new approach to ensuring safe use key information stored on hardware media.
In addition to forming an electronic signature and generating encryption keys directly in the microprocessor, the key carrier can effectively resist attacks related to the substitution of a hash value or signature in a communication channel.
Main advantages of FKN
- The possibility of replacing the signature in the exchange protocol is excluded; the electronic signature is generated in parts: first in the key medium, then finally in the CSP software part.
- Generation of electronic signature keys and approval keys, as well as creation of an electronic signature within the Federal Computer Science Department.
- Transmitting a hash value over a secure channel that eliminates the possibility of substitution.
- Once the container is created, the user's key is not stored either in the key container or in the crypto provider's memory, and is not used explicitly in cryptographic transformations.
- Enhanced data protection during transmission open channel thanks to the use of mutual authentication of the key carrier and the software component using the original protocol based on the EKE (electronic key exchange) procedure. In this case, it is not the PIN code that is transmitted, but a point on the elliptic curve.
- Increased privacy of private keys.
- The key can be generated by FKN or loaded externally.
- Performing cryptographic operations on elliptic curves directly with the key carrier, supporting Russian electronic signatures.
How to install CryptoPro on a computer, installing CryptoPro 4.0
CryptoPro CSP is a crypto provider and provides the legal significance of electronic documentation and connection protection. This is a key product among CryptoPro products. How Install CryptoPro CSP most questions arise. We suggest that you familiarize yourself with the information below to install the program correctly. To install this software on a computer, the user must have administrator rights. The software on the disk must be inserted into the drive or selected the distribution folder on the computer. After launching the Installation Wizard, you must select the language to use. During installation, it is also possible to select the protection level (class).
Further installation is carried out in accordance with the choice of actions specified by the Installation Wizard. Thus, you may need to specify a serial key, configure additional sensors, and adjust CIPF to use the key storage service. The installation can be complete or selective, depending on the user’s tasks. Custom installation will help you install additional required components. After installation, it is advisable to restart the computer for the program to work correctly.
To install the system without installation disk You must download and install all distributions of components from this manual. The installation must be performed with local administrator rights.
Installation of CIPF CryptoPro CSP
Download and install the CryptoPro CSP distribution according to the purchased license.
Open the CryptoPro CSP program and enter serial number licenses. Depending on your computer, this can be done in different ways:
Installing the RuToken driver
Download and install components for working with RuToken media. (if certificates are stored on flash media, skip this step). When installing components, disconnect RuToken from your computer.
Installing Capicom
Installing Certification Authority certificates
Download and install Certification Authority certificates
Browser installation and configuration
The system works in the following browsers: Internet Explorer versions not lower than 11, Mozilla Firefox, Google Chrome, Yandex.Browser, Opera.
For installation .
For correct Internet work Explorer with the Kontur.Extern system, you need to run the utility to configure the browser.
You can also configure the browser manually. To do this, use this.
To install other browsers, contact your system administrator.
Installing Adobe Reader
Download and install Adobe Reader. Use the link to the official Adobe website. To begin installation, you must select the operating system version and language.
Installing a shortcut
For ease of login, save to your desktop. After installation is complete, you must restart your computer. Before you start working in the reporting system, do not forget to install a signing certificate. Use the instructions for installing a personal certificate.
Installation completed
The first place to start is to decide on the version you need. Client or server. If you plan to use the CryptoPro CSP CIPF on the server, buy it right away. A client license will not work. Yes, the price of a server license is several times higher and more earlier versions it was possible to install a client license on the server, but today client licenses simply will not be installed on server operating systems, despite the fact that everything worked in the trial (test) period.
GOST R 34.10-2012
Find out if you need support for the new 2012 electronic signature standards. Only supports the electronic signature standard GOST R 34.10-2012 (“Creating a signature” and “Verifying a signature”). The remaining versions of the crypto provider (3.0, 3.6 and 3.9) support GOST 94 and 2001.
Please be informed
The order of transition to national standard GOST R 34.10-2012 in electronic signature means for information that does not contain state secrets.
From the document of the FSB of Russia No. 149/7/1/3-58 dated January 31, 2014 “On the procedure for transition to the use of new digital signature standards and hashing functions,” we learn that after December 31, 2019, it will be unacceptable to use GOST R 34.10 to create an electronic signature -2001.
FSB Certificate
.jpg)
In many information systems (especially government ones), one of the main and mandatory requirements is the presence of an FSB certificate of conformity for the software. On this moment Versions 3.6 and 4.0 are certified.
The CryptoPro CSP 4.0 version has FSB certificates for protection classes and for operating systems from Windows Vista up to Windows 10.
CryptoPro CSP 3.9 R2 CryptoPro CSP 4.0 R2 supporting work in Windows 10 today received a positive conclusion from the FSB.
Windows or Unix
If you choose version 3.6, then you need to decide which one operating system The software will be installed - on Windows or Unix-like. This division is only available in the CryptoPro CSP version 3.6 and earlier. If you purchase the or version, then it does not matter which operating system you plan to install it on - Windows or Unix-like.
Software "CryptoPro CSP" designed to monitor the integrity of system and application software, manage key elements of the system in accordance with the regulations on security measures, authorization and ensuring legal significance electronic documents when exchanging them between users. In addition to the crypto provider itself, CryptoPro CSP includes the products CryptoPro TLS, CryptoPro EAP-TLS, CryptoPro Winlogon and CryptoPro Revocation Provider.
The solution is intended for:
- authorization and ensuring the legal significance of electronic documents when exchanging them between users, through the use of procedures for generating and verifying an electronic signature (ES) in accordance with domestic standards GOST R 34.10-2001 / GOST R 34.10-2012 (using GOST R 34.11-94 / GOST R 34.11-2012);
- ensuring confidentiality and monitoring the integrity of information through its encryption and imitation protection, in accordance with GOST 28147-89;
- ensuring authenticity, confidentiality and imitational protection of connections via TLS protocol;
- monitoring the integrity of system and application software to protect it from unauthorized changes and malfunctions;
- management of key elements of the system in accordance with the regulations on protective equipment.
Implemented Algorithms
- The algorithm for generating the hash function value is implemented in accordance with the requirements of GOST R 34.11-94 / GOST R 34.11-2012 " Information technology. Cryptographic information protection. Hash function."
- Algorithms for generating and verifying an electronic signature are implemented in accordance with the requirements of GOST R 34.10-2001 / GOST R 34.10-2012 “Information technology. Cryptographic information protection. Processes of formation and verification of electronic digital signatures.”
- The data encryption/decryption algorithm and the calculation of imitative inserts are implemented in accordance with the requirements of GOST 28147-89 “Information processing systems. Cryptographic protection."
When generating private and public keys, it is possible to generate with various parameters in accordance with GOST R 34.10-2001 / GOST R 34.10-2012.
When generating a hash function value and encryption, it is possible to use various replacement nodes in accordance with GOST R 34.11-94 and GOST 28147-89.
Supported key media types
- floppy disks 3.5;
- smart cards using smart card readers that support the PC/SC protocol;
- Touch-Memory DS1993 - DS1996 tablets using Accord 4+ devices, electronic lock Sobol, Krypton or Touch-Memory DALLAS tablet reader (only in Windows versions);
- electronic keys With USB interface(USB tokens);
- removable media with USB interface;
- Windows OS registry;
- Solaris/Linux/FreeBSD OS files.
| CSP 3.6 | CSP 3.9 | CSP 4.0 | CSP 5.0 | |
|---|---|---|---|---|
| Windows Server 2016 | x64* | x64** | x64 | |
| Windows 10 | x86 / x64* | x86 / x64** | x86/x64 | |
| Windows Server 2012 R2 | x64 | x64 | x64 | |
| Windows 8.1 | x86/x64 | x86/x64 | x86/x64 | |
| Windows Server 2012 | x64 | x64 | x64 | x64 |
| Windows 8 | x86/x64 | x86/x64 | x86/x64 | |
| Windows Server 2008 R2 | x64 / itanium | x64 | x64 | x64 |
| Windows 7 | x86/x64 | x86/x64 | x86/x64 | x86/x64 |
| Windows Server 2008 | x86 / x64 / itanium | x86/x64 | x86/x64 | x86/x64 |
| Windows Vista | x86/x64 | x86/x64 | ||
| Windows Server 2003 R2 | x86 / x64 / itanium | x86/x64 | x86/x64 | x86/x64 |
| Windows Server 2003 | x86 / x64 / itanium | x86/x64 | x86/x64 | x86/x64 |
| Windows XP | x86/x64 | |||
| Windows 2000 | x86 |