What is crypto about. Installation of cryptopro. Main advantages of FKN

To protect transmitted data, the Information Portal croinform .ru uses a cryptographic information protection tool (CIPF) from the Crypto-Pro company. To install this software, follow a few simple steps.

Step 1. Download the CryptoPro CSP distribution kit (version 4.0)

To download the distribution, go to the CRYPTO-PRO website http://www.cryptopro.ru/

In the “Login” form, enter the following username information: MBKI , password: MBKI and click Login

The Download Center page opens. In the list of programs, select CryptoPro CSP(First on the list).

Select CryptoPro CSP distribution (version 4.0) which suits your operating system. Save the file to disk.

Step 2. Installation of CryptoPro CSP (version 4.0)

Launch the distribution package of the CryptoPro CSP program downloaded in step 1. The “Installation Window” will appear on the screen. Select the recommended installation option, Install (Recommended).

A window will appear displaying the installation process of CryptoPro CSP.

After completing the installation process of CryptoPro CSP, you will receive a message.

A temporary license is valid for 30 days. After this period, the full package of CIPF functions stops working, but some of the information protection functions necessary to work with Information Portal, remains.

CryptoPRO is one of the cryptographic utilities (cryptoprovider). Which is necessary for generating an electronic digital signature () and working with key certificates. In this article we will analyze in detail the process of installing the CryptoPRO program on a computer.

After you have purchased a CryptoPro CSP license or decided to try out free three-month access to the program’s functions, the question arises: how to use it on a computer?

How to install Crypto-PRO

The answer, as always, is in the user manual, which is available on the program’s official website and is also included when purchasing a license. But since it so happens that no one reads it anyway, we’ll describe the installation process point by point.

First step: PC check

At this stage, you need to make sure that your computer does not have old version this program. You can do this by carefully looking through all the Start menu items on your computer; if you do not find the CryptoPRO item in it, then most likely this software was not installed on your computer.

If you find CryptoPRO in the list of programs, make sure that its version is outdated, for this:

1. Launch CryptoPRO PKI
2. Open the License Management tab – CryptoPRO CSP
3. Look at the version number in the right window

If the program version is 3.6.**** and higher, then reinstallation is not necessary and you can proceed to the fourth step. If the specified version is lower than 3.6.****, uninstall the program using standard means Windows and restart your computer. Then proceed to the next step.

Second step: download the distribution

Fill required fields, agree with license agreement and go to the next page (at the time of writing the instructions it looked like this):

Third step: installing CryptoPRO CSP on your computer

Run the downloaded file and follow the installer steps until you see the following window:

Enter necessary information and The serial number you received when purchasing the license. If you want to get free trial access, leave this field blank and click Further.

After installation is complete, restart your computer. Ready!

Fourth step: enter the license key (optional)

If the program is already installed on your computer and you only need to enter license key, follow the next path.

The CryptoPro Rutoken CSP solution is a joint development of the CryptoPro and Aktiv companies, which integrates the capabilities of the cryptoprovider CryptoPro CSP and Rutoken USB tokens. Important feature FKN technology is the division of cryptographic power between the cryptoprovider CryptoPro CSP and Rutoken KP - a model of a cryptographic USB token specially adapted for FKN technology, made on the basis of Rutoken EDS.

Rutoken KP is used in FKN technology to generate key pairs, develop approval keys, implement electronic signature etc. Performing these operations on board the token ensures the highest possible degree of safety of key information. Rutoken KP is used and supplied only as part of CryptoPro Rutoken CSP; this USB token is not distributed separately.

IN new version CryptoPro Rutoken CSP, in addition to Rutoken KP, there is support for the standard Rutoken EDS 2.0 model for generating and securely storing key pairs and CryptoPro CSP containers. Key information is stored on Rutoken EDS 2.0 without the possibility of retrieving it. The use of Rutoken EDS 2.0 as part of CryptoPro Rutoken CSP provides an optimal solution configuration in terms of cost and capabilities for cases where increased requirements for the level of protection of communication channels with the key carrier are not imposed.

The CryptoPro Rutoken CSP solution is the successor to the CryptoPro CSP CIPF and supports all its capabilities. It is also fully integrated into the public key infrastructure based on the CryptoPro CA certification center.

Purpose

CIPF CryptoPro Rutoken CSP is intended for use in Russian systems PKI, in systems of legally significant electronic document management and in others information systems using digital signature technologies. Including:

• in client-bank systems when signing payment orders;
• in secure document management systems;
• in reporting collection systems for submission to in electronic format;
• in government and management bodies at the federal and regional levels;
• in all other cases where it is necessary to ensure increased protection of user keys.

Possibilities

• Supports all functionality CIPF CryptoPro CSP 3.9 .
• Provides full integration with PKI infrastructure based on CryptoPro CA.
• Also works with the standard model Rutoken EDS 2.0.
• Using the hardware resources of Rutoken KP or Rutoken EDS 2.0, the following cryptographic operations are performed:
  • generation of key pairs GOST R 34.10-2001;
  • generation of an electronic signature in accordance with GOST R 34.10-2001;
  • Diffie-Hellman negotiation key calculation (RFC 4357).
• Provides secure storage and use of private keys inside the key media without the possibility of retrieval.

Functional key carrier

The architecture of the Faculty of Computer Science implements fundamentally new approach to ensure safe use key information stored on hardware media.

In addition to forming an electronic signature and generating encryption keys directly in the microprocessor, the key carrier can effectively resist attacks related to the substitution of a hash value or signature in a communication channel.

Main advantages of FKN

• The possibility of replacing a signature in the exchange protocol is excluded; the electronic signature is generated in parts: first in the key medium, then finally in the CSP software part.
• Generation of electronic signature keys and approval keys, as well as creation of an electronic signature within the Federal Computer Science Department.
• Transmitting a hash value over a secure channel that eliminates the possibility of substitution.
• Once the container is created, the user's key is not stored either in the key container or in the crypto provider's memory, and is not used explicitly in cryptographic transformations.
• Enhanced data protection during transmission open channel thanks to the use of mutual authentication of the key carrier and the software component using the original protocol based on the EKE (electronic key exchange) procedure. In this case, it is not the PIN code that is transmitted, but a point on the elliptic curve.
• Increased privacy of private keys.
• The key can be generated by FKN or loaded externally.
• Performing cryptographic operations on elliptic curves directly with the key carrier, supporting Russian electronic signatures.

Implementation modern means personal identification - huge step in the development of electronic document management. Many believe that the development of such a direction has no practical meaning, that the use of such tools is necessary only for a small number of users, and nothing will exceed a simple signature in reliability and convenience, but this is far from the case.

An electronic digital signature allows you to determine the authenticity of your identity in digital document flow, which significantly increases its efficiency and saves time and money.

An electronic digital signature (or EDS) is, in essence, electronic props, which allows you to protect the digital version of a document from forgery. The legislator defines an electronic signature as an analogue of a handwritten signature, which is used for the purpose of identifying a person in electronic document management.

Types of digital signature

In practice, several variants of digital signature are used.

Simple digital signature does not contain elements of cryptographic protection. Security is ensured by using login, password and connection codes.

In general, it is used only for the actual identification of the user, and is not used to protect a specific document.

Such a signature can still certify documents, however, this requires fulfillment certain conditions:

• adding to a specific document;
• use complies with internal document flow rules;
• availability of information about the identity of the sender of the file.

Unskilled refers to an enhanced signature, but its degree of protection is less than that of a qualified one. However, in this case, cryptographic protection methods are already used. Using such a signature allows you not only to sign a document, but also to make changes to it and then confirm them.

Qualified I am considered the most secure option. Cryptographic protection methods are used, which are confirmed by special authorities. Use in practice is difficult, but there is an undoubted advantage - reliability. You can connect such a signature only in a special certification center.

Test methods, services and results

Using digital signature is undoubtedly practical and convenient. However, each user must have the skills to verify its accuracy, which protects against possible violations by counterparties.

It is not difficult to check. To do this, just use one of several services. Thus, you can verify the authenticity of a document signed using an electronic digital signature by uploading it to the website crypto.kontur.ru.

This service will allow you to quickly analyze a document and get the result. To use it, you need to configure your computer accordingly, but it is not difficult, you just need to follow the instructions on the site.

If you cannot install the electronic signature on your computer yourself, you should contact certification centers. Upon completion of their work, an installation certificate for the electronic signature facility is drawn up.

1. Certificate validity period.
2. Is the signature on the revoked list?
3. Is the digital signature one of those issued by accredited centers?

The most popular verification method is verification through the State Services portal. However, there are many more services that are approximately the same in their effectiveness.

In general, verification methods can be divided into two types:

1. Verification of a document signed with digital signature.
2. Checking the digital signature itself.

Another way to check your digital signature is to install the appropriate program on your PC. Typically used CryptoPro due to the many full-fledged functions for working with digital signatures.

The result of any check is confirmation or non-confirmation of the authenticity of the digital signature or the document signed by it. Such services simply need to be used for work, as they fully ensure the security of electronic document management.

If work via digital signature is carried out on permanent basis, then it is recommended to use software from CryptoPro.

How to install digital signature

To install the electronic signature on a PC, you will need to download the appropriate software and follow the instructions.

Programs

First of all, you need to install it on your computer CryptoPro CSP program. Further:

1. Run the program in any of the ways. As an option, open the Control Panel, the “Programs” menu and find what you need there, or find it through a search if the location is not known. Run as administrator.
2. After starting the program, a window will appear in which you need to find the “Service” tab.
3. Next, look for the “View certificates in container” menu.
4. The Browse window appears, where you can view information about the container name and reader. Click OK.
5. In the next window “Certificates in container private key"No action needs to be taken. Just skip it by clicking Next.
6. A window with user data will appear. You need to select "Properties".
7. Install new Certificate, to do this, select “Install certificate”.
8. In the next window we don’t do anything and just click “Next”.
9. Next, you need to select the “Place all certificates in one storage” item, to do this, click “Browse” and select the “Personal” folder.
10. The last step is to click “Finish”.

Plugins

There is also a useful plugin from CryptoPro that allows you to create and verify signatures on web pages. CryptoPro EDS Browser plug-in can work with any modern browser, including Chrome and Yandex.

1. Sign documents for electronic document management.
2. Validate web form data.
3. Certify any files sent from the user's computer.
4. Sign messages.

Using the plugin, you can check both regular and improved electronic signatures. An important advantage is that it is distributed completely free of charge.

To install the plugin you don’t need any special skills, everything happens in automatic mode. You just need to run the installer file, then select “Run”, “Next” and “Ok”. The program will do everything itself.

Copying of materials is permitted only when using an active link to this site.

Installation and configuration of CryptoPro for working with electronic signatures

To participate in electronic trading, each entrepreneur must have his own electronic digital signature. An electronic signature acts as an analogue of a handwritten signature, giving an electronic document legal force. For participation in electronic auctions on government procurement websites it is necessary to provide high guarantees of the reliability and authenticity of the submitted signature in the application for participation in the tender and in all related documentation. In order to authenticate persons signing electronic documents, the CryptoPro cryptographic utility was created, which allows you to generate and verify digital signatures.

A little about the keys

To obtain your own digital signature, you must contact a certified certification center (CA), which issues a root certificate, as well as a public and private key.

CA root certificate is a file with the .cer extension that allows the system to identify the certification authority.

Subscriber public key– this is the personal file of the owner of the electronic key, used to verify the reliability and authenticity of the signed document. The public key can be published and sent in any way and to anyone; it is public information.

Subscriber private key is a set of encrypted files stored on electronic media. The owner of the private key uses a secret PIN code for authorization in the system, therefore, if it is lost, the subscriber must immediately revoke his key through the certification center.

After receiving an electronic signature, you need to install software on your computer to work with the digital signature. The cryptoprovider program CryptoPro 3.6 supports the state standards of the Russian Federation: GOST R 34.10–2001, GOST R 34.11–94 and GOST R 34.10–94.

The main purpose of CryptoPro

1. Ensuring the process of giving electronic documents legal significance through the use of digital signatures;
2. Ensuring confidentiality and monitoring the integrity of encrypted information;
3. Integrity control and software protection from unauthorized changes.

The CryptoPro 3.6 utility is compatible with the following operating systems:

After graduation Microsoft Windows 10 CryptoPro is also updating its software and certifying the new version of CryptoPro CSP 4.0

Installation and configuration of CryptoPro

1. On the official website cryptopro.ru you need to purchase the required version of the utility and install the cryptoprovider. Launch CryptoPro CSP and, using the installer prompts, install the utility on your computer.
2. Next, you need to install the electronic ID support driver. Private keys can be stored on floppy disks, smart cards and other electronic media, but tokens in the form of a USB key fob (eToken, Rutoken) are considered the most convenient analogue. For correct operation of the media, install the appropriate driver.
3. Then you need to configure the readers. We launch CryptoPro as an administrator and in the window that opens, find the “Hardware” tab and click “Configure readers.” In the “Manage Readers” window that opens, click “Add”. Select the desired reader (for example, for eToken, select AKS ifdh 0). After installation, click “Finish”.
4. Let's move on to installing a personal digital signature user certificate. In the “Service” tab, click “Install personal certificate”. Let's indicate the path to the certificate file with the .cer extension.
5. Next, insert the token into the USB connector of the computer, indicating the container for storing the private key. To configure it in automatic mode, you can check the box next to “Find container automatically.” The system will prompt you to enter your PIN code and place your personal certificate in the storage. After installation, click Finish.
6. Let's move on to setting up the browser to work with the government procurement portal. The website zakupki.gov.ru only works with Internet browser Explorer. In the browser properties, you need to select the “Security” tab, in which you should select “Trusted Sites” and click “Sites”. In the window that opens, you need to register the following websites:

1. Next, you need to go to the government procurement website and in the left column of the menu in the “Advanced” section, find the “Documents” item and click “Files for setting up the workplace.” Download all output files and install.

Read also: Sale of property of bankrupts and debtors

How to check the operation of the digital signature?

Below is a topical video:

How to install cryptopro on a computer step by step where to start

Digital signature certificate(electronic digital signature) is essentially a set of numbers. These numbers are generated when a document is encrypted, which is based on personal data necessary to identify the user. After receiving a digital signature from the certification center, it must be installed. Only after this will you be able to use it. We will tell you.

Before installation of digital signature make sure the program is available CryptoPro CSP. The absence of this program excludes the possibility of using a digital signature. Download CryptoPro you can by going to official site developers. This paid program however, you will be provided with free trial period, which will last 3 months.

Let's assume that the program CryptoPro you already have installed on your personal computer. The following steps will tell you, how to install a ZCP certificate on a computer:

• Open on your computer “ Control Panel" In the panel window, select from the list of programs CryptoPro. Run it double click mouse (left button);

• In the window running program from the list different tabs select the tab “ Service”;

• In the tab that opens, click on the column “ View certificates in a container”;

• Next, in the window that appears, click on “ Review" This window displays the available reader and container name. Review the information received, then click “ OK”;

• The window that opens has the name “ Certificates in a private key container" Press “ Further” without any changes or input of information;

• A window will open telling you about the user, serial number electronic signature and its validity period. Select “ Properties”;

• In the certificate window that appears, you need to install a new one. This is easy to do by clicking on “ Install certificate”;

• “ Certificate Import Wizard" Review the information provided and click “ Further”;

• In the new window, select the item called “ Place all certificates...” Click on the “ Review”;

Now you know how to install digital signature certificate on computer. Enjoy the simplicity and ease of working with a unique electronic digital signature.

Tell your friends on social networks

comments 3

I made the installation algorithm, but go to Personal Area I can’t do it on government procurement

How to install CryptoPro - how to install a certificate in CryptoPro?

CryptoPRO is a crypto provider that allows you to generate digital signature and allowing you to work with key certificates. The installation process of CryptoPRO on Personal Computer and this article is devoted to. Let's take a closer look at how to install CryptoPro CSP for free.

A description of this process is contained in the user manual on the official website, and is also included when purchasing a license. Let's look at the procedure step by step.

CryptoPro plugin is not installed in the browser

Before starting work, the user needs to make sure that the outdated version product. The check is carried out in the menu if the CryptoPRO item is missing, therefore CryptoPro plugin is not installed in the browser.

If the item of interest is found in the menu, you need to check whether the version is outdated. To do this, launch CryptoPRO, in the License Management tab in the right window, look at the version number and license validity period.

Download CryptoPRO CSP

After it turns out that not installed CryptoPro digital signature browser plug in, let's start downloading CryptoPRO CSP and installing it on your PC.

Since the provider is a means of cryptographic information protection, its distribution is accordingly recorded by certain supervisory authorities. In order to download the program you will need to register. Next, refer to the link sent to your email. After clicking on it, select CryptoPRO CSP from the list of products.

Installing CryptoPRO on a computer R

Download installation file is made before how to install CryptoPRO on your computer. To install, run the file. If the security system issues a warning, then you need to allow the program to make changes to your PC. Next, click “Install” and wait a few minutes. User participation is not required at this stage. After installation, it is recommended to restart your computer.

CryptoPRO license key

Now enter the license key.

• In the programs we look for CryptoPRO, select CryptoPRO CSP
• Enter the serial number.

Check that installed version matches the one you purchased. If you have version 4.0, then, accordingly, select CryptoPRO CSP 4.0. This version is recommended for Windows 10.

Software "CryptoPro CSP" designed to monitor the integrity of system and application software, manage key elements of the system in accordance with the regulations on security measures, authorization and ensuring legal significance electronic documents when exchanging them between users. In addition to the crypto provider itself, CryptoPro CSP includes the products CryptoPro TLS, CryptoPro EAP-TLS, CryptoPro Winlogon and CryptoPro Revocation Provider.

The solution is intended for:

• authorization and ensuring the legal significance of electronic documents when exchanging them between users, through the use of procedures for generating and verifying an electronic signature (ES) in accordance with domestic standards GOST R 34.10-2001 / GOST R 34.10-2012 (using GOST R 34.11-94 / GOST R 34.11-2012);
• ensuring confidentiality and monitoring the integrity of information through its encryption and imitation protection, in accordance with GOST 28147-89;
• ensuring authenticity, confidentiality and imitational protection of connections via TLS protocol;
• monitoring the integrity of system and application software to protect it from unauthorized changes and violations of correct functioning;
• management of key elements of the system in accordance with the regulations on protective equipment.

Implemented Algorithms

• The algorithm for generating the hash function value is implemented in accordance with the requirements of GOST R 34.11-94 / GOST R 34.11-2012 " Information technology. Cryptographic information protection. Hash function."
• Algorithms for generating and verifying an electronic signature are implemented in accordance with the requirements of GOST R 34.10-2001 / GOST R 34.10-2012 “Information technology. Cryptographic information protection. Processes of formation and verification of electronic digital signatures.”
• The data encryption/decryption algorithm and the calculation of imitative inserts are implemented in accordance with the requirements of GOST 28147-89 “Information processing systems. Cryptographic protection."

When generating private and public keys, it is possible to generate with various parameters in accordance with GOST R 34.10-2001 / GOST R 34.10-2012.
When generating a hash function value and encryption, it is possible to use various replacement nodes in accordance with GOST R 34.11-94 and GOST 28147-89.

Supported key media types

• floppy disks 3.5;
• smart cards using smart card readers that support the PC/SC protocol;
• Touch-Memory DS1993 - DS1996 tablets using Accord 4+ devices, an electronic lock “Sobol”, “Krypton” or a Touch-Memory DALLAS tablet reader (only in Windows versions);
• electronic keys With USB interface(USB tokens);
• removable media with USB interface;
• Windows OS registry;
• Solaris/Linux/FreeBSD OS files.