Installing CSP 4.0 cryptopro. Purpose Cryptopro CSP.

CSP Cryptopro is a program to add and verify digital files. It adds and protects cryptographic files (electronic documents), in which there is a digital signature. In the cryptopro there is "WinLogon" for very important documents and third-party filesthat support the digital certificate.

CSP cryptopro applies in companies where there are documents in in electronic format. The program provides protection and legal force for valuable documents and papers in digital video. Data with a digital signature have a force as official documents.

CSP Cryptopro allows you to create digital protection and put a signature (certificate) for any document. This program is suitable for organizations with existing guests. It controls the data and structure of information. Management of security program algorithms is provided through a special manager.

You can configure CSP cryptopro and specify the level of protection and confidential documents. After setting up, some documents will be strictly confidential. The program is equipped with tools that give out and check security certificates. Using the WinLogon cryptopro module, you can register new users in the operating room. windows system.

WinLogon cryptopro works with support for the Kerberos V5 protocol. Input and data access is carried out after full verification of the media certificate of information in the organization.

The cryproproter provides protection of different digital data sources. In old organizations and companies use equipment to support diskettes. Cryptopro is created on a commercial basis with a paid license. By installing the program, you use it 30 days, that is, a trial period. After that, you will have to buy a license.

Key features

Protection digital certificate, through check tools;
full check of digital documents and the relevance of the certificate;
electronic registration of documents on a legal basis;
access to the certificate on the main carrier and verification;
full control and verification of data after information transfer;
comparing the size of the document and other algorithms for work;
the program supports documents that are created according to this GOST;
full protection of digital documents and setting up the degree of protection;

SPZI (means of cryptographic protection of information) " Cryptopro CSP."It is an independent OS module designed to perform various crypto ops, such as an electronic signature, encryption, imitobracy. Functioning of the overwhelming majority of encryption software products It is impossible without a cryptoproder, it is also impossible to sign EP documents.

The functions of the CSP cryptopro module is that it:

allows you to submit reports in electronic form to various government agencies;
provides participation in electronic trading;
organizes a legally significant document flow;
protecting confidential information at the time of its transfer.

Module Cryptopro CSP Developed "Crypto-Pro" - a company that is one of the leaders in the market for the protection of information. For this period, 5 versions of the CSP cryptopro module are released, the difference in the following parameters: operating systemwhich functions the program; supported cryptal farms; Terms of action issued by the competent authorities certificates. The company-developer on its official Internet resource has placed a table with a detailed comparison of all topical versions of the CSP cryptopro module. On this Internet page, the developer company has placed information about the valid certificates.

How to install "Cryptopro 4.0"

The last urgent version of the CSP cryptopro module is the fourth, which operates on the basis of new signature algorithms according to GOST R 34.10-2012. CSP 4.0 cryptopro can work in Windows 10. For this period, this module is not certified, but the developer is planned to certify the 4th version of its product in the very near future.
The following is a description of how to install "Cryptopro 4.0".
The official Internet resource of the Kripto-Pro developer at the completion of the preliminary registration provides the ability to download files, distributions, updates, etc. CSP Cryptopro programs.

Upon completion of the registration, a page with a license agreement will appear. With its rules and conditions, it is necessary to read and then, in case of consent with them, click on "I agree." Next will be made to the File Downloads page.

In order to download the distribution, you must first select "CSP 4.0 cryptopro for Windows and UNIX (non-certified)", and then in the reference link that appears control sum Press the left mouse button on the CSP 4.0 Cryptopro for Windows.

How to install "Cryptopro 4.0". When the download is completed, you need to start the just downloaded program file "CSPSETUP.exe". In the security warning window that opens, in order to allow the program to make changes to the computer, you need to click on the "Yes" button. In the following window that opens, select "Install (recommended)".

The direct installation of the CSP 4.0 cryptopro module will begin, which takes a few seconds.

When the installation of the CSP 4.0 cryptopro module is completed, you can start working with it.

Memo:

by conditions license Agreement There is a limitation of the term of the demo version of CSP 4.0 cryptopro, which is 90 days from the date of direct installation of the product;
the demo version of the CSP 4.0 cryptopro module is provided only for initial installation Product, in case of re-installation, the program will not work in the demo mode.

Information on the type of license and the period of its action is posted in the CSP Cryptopro Appendix. In the Windows 10 operating system, it is convenient to use the search for applications, for which it is necessary to click on the Magnaya icon, which is located next to the "start", and then choose " Classic app Cryptopro CSP.

A new CSP cryptopro window appears, where the license information is available in the General tab ( serial numberspecified not completely; Owner's name; name of company; License type: client or service; validity; When the primary installation was carried out, etc.). Here you can buy a license online and enter its serial number.

The operation of the CPP 4.0 cryptopro module is carried out during the entire period of the license. If the validity period of the current license has expired, then you need to buy the right to a new one. This can be done at any convenient time. Sending a license key (i.e. its serial number) is carried out on the specified electronic address Immediately after receipt of payment.
To enter a new serial number, you must click on the "Entering License". A window will open in which in the Serial Number item should be specified purchased license key And then click on "OK".

After completing all stages of installation, the CSP 4.0 cryptopro program is fully ready for operation.

Before installing, it is necessary to figure out: what is the EDS and what is needed for it? EDS - electronic personal digital signature. This set of digits and letters encrypt documentation and certificates of different levels. The main contents of the documents are often passport or other personal data (for example, rights). Before installing this signature, of course, you need to get. This is done in the notarial office, which is engaged in the ECP and EDS.

If you want to install the EDS and confirm the print license, then you need to install the program in advance for its recognition. Without her nothing will work. Often it is cryptopro CSP 3.6. It can be either installed from the disk after purchasing it in the store, or install from the Internet.

On a note! The second option is much easier. The licensed version of the program costs about two or three thousand rubles.

Step 1. Carefully examine the data of your computer and using the Start menu: not whether the program has already been installed earlier (especially if you are this moment You are going to use not your device).

if you do not have it, then go to the number two;
if it is still on the device, check the product version, see if it will suit you (if not, the program should be reinstalled if yes, then we leave everything without change), also do not forget to make sure the term of the cryptopro is not Ice! It is very important.

Step 2. If you understand that you have this program on your computer, then proceed to the installation. Sometimes it is not quite easy. You need to go to the license site (this is very important because the pirated version will not work in full) and try to establish the program.

When you go to the site you will see the following image.
Here it is necessary to choose the "pre-registration" graph.
When switching to this link You will be prompted to fill the questionnaire. The main thing is to write reliable and complete data. After registration we agree with the agreement and go to download.

Step 3. However, we download not yet the program itself, but only installation file.. Therefore, after the file prompts, open it.

Step 4. Now I set the program itself.

Important! In some cases, it happens that antivirus program Do not miss the cryptopro, considering it viral or especially dangerous. Do not be afraid, but only we enter the program to "trusted" and install on.

Step 4. We wait for the final download!

Step 5. To work correctly on your personal Computer, enter your license number (key).

Video - installation of cryptopro 4.0 and why it is needed

Step-by-step installation of EDP

Step 1. Open the "Control Panel" tab (with the Loupec and the Start menu).

Step 2. Run a predetermined program.

Step 3.When starting the cryptopro, we transfer us to main screen programs. On it, as you can see, quite a lot of folds. We also need a tab called "Service".

Step 4.Next, you need to "see certificates in a closed key container." You should not enter the name of the key container manually (although, if you want, you can do this, it is your right), but for convenience, click on the Overview tab.

Step 5. After your click will pop up an additional tab, where you must select your container, as well as the available reader. When you familiarize yourself with everything and check the data, click "Okay".

Step 6. If you are doing everything right, then we will result in the previous tab. We are no longer required to add any changes, so we go to the next window, clicking "Next".

Step 7. You switched to the next tab. It is located absolutely all personal information, which was encrypted with EDS. You can also find and familiarize yourself with the validity period. Check also the serial number of your program and signature (in no case should it be forgotten). Select "Properties".

Step 8. Now you have to install a new certificate.

Step 9. You will automatically go to the next tab. Here you need to carefully examine all the information. And if you agree with it, then only then go to the next page.

Step 10. Here we need to see all the certificates that are in the repository. This will help the "Overview" button.

Step 11. Since we encrypted our personal data, select the appropriate folder with the name "personal" and click "Okai".

Step 12. Congratulations! You have successfully installed the certificate. For complete completion, click on "ready" and wait just a couple of seconds.

You can install ready-made certificates. hard diskand with removable carriers. Now we are talking about installing an electronic signature from the flash drive.

In essence, in addition to some actions, copying EDS from the flash drive nothing different from normal installation Certificates. Before installing you just need to insert the flash drive itself with a computer signature. Further actions will be fully and completely coincided with the usual installation.

Installing root certificate

What is generally required root certificate And where is it produced? The root certificate is installed in the general storage to secure the server and promote its favorable work without any errors or shortcomings. To install and receive a certificate you will need TCSP. This is the product certification test center. You will need to enter the application using the administrator to get to the center of the center. The site can be blocked by your antivirus, but it is completely normal. It only stands to trust so that he will continue to have no problem.

From our new article, you can find out what, and also consider detailed review best programs.

Step 1.Request the certificate.

Step 2. When you come permission, download it from the center.

Step 3. Open the certificate and install according to the instructions on the screen (you don't have to do anything, only a few times click on the "Next" button).

Installation of keys in the "Registry"

If you want to know, and also consider detailed description Programs, you can read a new article about it on our portal.

Step 1. You must configure the "Registry". And only then you can already start installing the key.

Step 2. Copy the container in which the keys are / key.

Step 3. Insert it in the "Registry".

Step 4. Install the container in the program in the registry exactly as it was done with the certificate.

Cryptopro hangs when installing a certificate, what to do?

To prevent possible program hangs that adversely affect the installation of your signature, you need:

establish licensed software;
set licensed programsince the pirated version is very often subjected to freezes;
check the computer for viruses or available updates (If any, they need to be eliminated).

Also reasons for hanging may be:

incorrect paths to files, their inaccuracy;
if the certificate period is stopped by the company or finally expired.

If none of the proposed reasons is suitable, contact the technical support service, where you will definitely help and eradicate the problem.

Video - Installation of EDS (digital signature) in CSP cryptopro

CRPTOPRO CSP 5.0 - a new generation of cryptoprodar, developing three main product line companies Cryptopro: CSP cryptopro (classic tokens and other passive storage of secret keys), Cryptopro FCN CSP / Ructane CSP (Unfurned keys on tokens with secure messaging) and cryptopro DSS (keys in the cloud).

All the advantages of these linek products are not only persisted, but also proves in CSP 5.0 cryptopro: wider list of supported platforms and algorithms, higher speed, more convenient user interface. But the main thing is to work with all key carriers, including the keys in the cloud, is now uniform. To transfer the application system in which the CSP cryptopro worked any of the versions, to support keys in the cloud or new media with the unacted keys, no processing of the access interface remains united, and working with the key in the cloud will occur exactly The same as with a classic key carrier.

Purpose Cryptopro CSP.

Formation and verification of electronic signature.
Ensuring confidentiality and monitoring the integrity of information through its encryption and imitobracy.
Ensuring authenticity, confidentiality and imitobackers of connections on protocols, and.
Monitoring the integrity of systemic and applied software to protect it from unauthorized changes and violations of trusted operation.

Supported algorithms

In CSP 5.0 cryptopro, along with Russian, foreign cryptographic algorithms were implemented. Users now have the opportunity to use the usual keystore storage keys keys RSA. and ECDSA.

Supported keys storage technologies

Cloud Tocken

In Cryptoprovider, CSP 5.0 cryptopro appeared the possibility of using keys stored on cloud service DSS cryptopro, through the CryptoAPI interface. Now the keys stored in the cloud can be easily used both by any user applications and most Microsoft applications.

Media with unchecked keys and protected messaging

CSP 5.0 Cryptopro added support for carriers with unacted keys implementing the protocol Sespakeallowing you to carry out authentication without passing the user password in the open form, and install the encrypted channel for exchanging messages between the cryptoprodder and the carrier. The violator, which is in the channel between the media and the user application, can neither steal the password when authentication nor replace the subscribed data. When using similar media, the problem of safe operation with unaccustomed keys is fully solved.

Companies Active, Infocript, Smartpark and Gemalto developed new protected tokens that support this protocol (Smartpark and Gemalto starting with version 5.0 R2).

Carriers with unacted keys

Many users want to be able to work with those unacted keys, but at the same time not to update the tokens to the FCN level. Especially for them to the provider added support for popular key carriers of Ructane EDP 2.0, Jacarta-2 GOST and InfoCrypt VPN-KEY-TLS.

List of manufacturers and models Supported cryptopro CSP 5.0

List of manufacturers and models of media with unacted keys supported CSP 5.0 cryptopro

Company	Carrier
ISBC.	Esmart Token Gost.
Assets	Routeen 2151.
	Rukenet Pinpad.
	Ructen EDP
	Ructen EDS 2.0
	Ructen EDS 2.0 2100
	Ructen EDS 2.0 3000
	Routeen EDS PKI
	Ructen EDS 2.0 Flash
	Ructoen EDS 2.0 Bluetooth
	Ructen EDS 2.0 Touch
	Smart Map Routeen 2151
	Smart Map Routeen EDS 2.0 2100
Aladdin RD	Jacarta-2 GOST
Infocript.	InfoCrypt Token ++ TLS
Infocript.	InfoCrypt VPN-KEY-TLS

Classic passive USB tokens and smart cards

Most users prefer quick, cheap and convenient key storage solutions. As a rule, preference is given to tokens and smart cards without cryptographic coprocessors. As in previous versions Provider, in CRPTOPRO CSP 5.0, the support of all compatible carriers of the company's production, Aladdin RD, Gemalto / Safenet, MultiSoft, Novacard, Rosan, Alioth, Morphokst and smartpark are preserved.

In addition, of course, as before, methods for storing keys in windows registry, on hard disk, on flash drives on all platforms.

List of manufacturers and models Supported cryptopro CSP 5.0

List of manufacturers and models of classic passive USB-tokens and smart cards supported CSP 5.0 cryptopro

Company	Carrier
Alioth.	SCONE SERIES (V5 / V6)
Gemalto.	Optelio Contactless DXX RX
	Optelio DXX FXR3 Java
	Optelio G257.
	Optelio MPH150.
ISBC.	Esmart Taken.
ISBC.	Esmart Token Gost.
Morphokst.	Morphokst.
Novacard	Cosmo.
Rosan.	G & D Element V14 / V15
	G & D 3.45 / 4.42 / 4.44 / 4.45 / 4.65 / 4.80
	Kona 2200s / 251/151s / 261/2320
	Kona2 S2120S / C2304 / D1080
SafeNet.	etoken Java Pro JC
	etoken 4100.
	etoken 5100.
	etoken 5110
	etoken 5105.
	etoken 5205.
Assets	Routeen 2151.
	Ructen S.
	Ructen KP.
	Ructen Lite.
	Ructen EDP
	Ructen EDS 2.0
	Ructen EDS 2.0 3000
	Ructogen EDP bluetooth
	Ructen EDS Flash.
	Smart Map Routeen 2151
	Smart Map Routeen Lite
	Smart Map Routeen EDP SC
	Smart Map Routeen EDS 2.0
Aladdin RD	Jacarta Gost.
	Jacarta PKI
	Jacarta Pr.
	Jacarta Lt.
	Jacarta-2 GOST
Infocript.	InfoCrypt Token ++ Lite
MultiSoft.	MS_KEY P.8 Angara
MultiSoft.	MS_KEY Esmart isp.5.
Smartepark.	Master
	R301 Foros
	Oscar
	Oscar 2.
	Routeen Master

Cryptopro tools

The CSP 5.0 cryptopro appeared cross-platform (Windows / Linux / MacOS) graphics application - "Cryptopro Tools" ("Cryptopro Tools").

The main idea is to provide the ability to users conveniently solve typical tasks. All basic functions are available in simple interface - At the same time, we have implemented and the mode for experienced users, which opens up additional features.

Using the cryptopro tools, container management tasks, smart cards and cryptoproker settings are solved, and we also added the ability to create and check the PKCS # 7 electronic signature.

Supported software

CRPTOPRO CSP allows you to quickly and safely use Russian cryptographic algorithms in the following standard applications:

office package Microsoft Office.;
mail server Microsoft Exchange. and client Microsoft Outlook.;
products Adobe Systems Inc.;
browsers Yandex.Browser, satellite, Internet Explorer. , Edge.;
means for forming and verifying signatures of applications Microsoft Authenticode.;
web servers Microsoft IIS., nginx, Apache.;
remote desktops Microsoft. Remote. Desktop. Services.;
Microsoft Active Directory..

Integration with a cryptopro platform

From the first release, support and compatibility with all our products are provided:

Cryptopro Uz;
UC services;
Cryptopro EDS;
Cryptopro ipsec;
Cryptopro EFS;
Cryptopro.net;
Cryptopro Java CSP.
Cryptopro Ngate.

Operating systems and hardware platforms

Traditionally, we work in an unsurpassed wide spectrum of systems:

Microsoft Windows;
Mac OS;
Linux;
FreeBSD;
Solaris;
Android;
Sailfish OS.

hardware platforms:

Intel / AMD;
PowerPC;
MIPS (Baikal);
VLIW (Elbrus);
SPARC.

and virtual environments:

Microsoft Hyper-V
Vmware.
Oracle Virtual Box.
RHEV.

Supported different versions Cryptopro CSP.

To use CSP cryptopro with a license for workplace and server.

Interfaces for embedding

To embed into applications on all platforms, CSP cryptopro is available through standard interfaces For cryptographic drugs:

Microsoft CryptoAPI;
PKCS # 11;
Openssl Engine;
Java CSP (Java Cryptography Architecture)
Qt SSL.

Performance for every taste

Many years of development experience allows us to cover all solutions from miniature ARM cards, such as Raspberry PI, to multiprocessor servers on intel database Xeon, AMD EPYC and PowerPC, well scaling performance.

Regulatory documents

Full list of regulatory documents

Algorithms, protocols and parameters defined in the following documents are used in the cryptoprovider. russian system Standardization:
P 50.1.113-2016 " Information technology. Cryptographic information protection. Cryptographic algorithms related to the use of algorithms digital signature and hashing functions "(also see RFC 7836" Guidelines on the Cryptographic Algorithms to Accompany The Usage Of Standards Gost R 34.10-2012 and GOST R 34.11-2012 ")
P 50.1.114-2016 "Information technology. Cryptographic information protection. Elliptical curves parameters for cryptographic algorithm and protocols "(also see RFC 7836" Guidelines on the Cryptographic Algorithms to Accompany The Usage Of Standards Gost R 34.10-2012 and Gost R 34.11-2012 ")
P 50.1.111-2016 "Information technology. Cryptographic information protection. Password Protection of Key Information »
P 50.1.115-2016 "Information technology. Cryptographic information protection. Password-based outfitting protocol (also see RFC 8133 The Security Evaluated Standardized Password-Authenticated Key Exchange (Sespake) Protocol "
Methodical recommendations of TC 26 "Cryptographic Information Protection" "Using sets of encryption algorithms based on GOST 28147-89 for the transport level security protocol (TLS)"
Methodical recommendations of TC 26 "Cryptographic Information Protection" "Using Algorithms GOST 28147-89, GOST R 34.11 and GOST R 34.10 in cryptographic messages of CMS format"
Technical specification of TC 26 "Cryptographic Information Protection" "Use of GOST 28147-89, GOST R 34.11-2012 and GOST R 34.10-2012 in IKE and ISAKMP key exchange protocols"
Technical specification of TC 26 "Cryptographic Information Protection" "Using GOST 28147-89 when encrypted investments in IPSec ESP protocols"
Technical Specification of TC 26 "Cryptographic Information Protection" "Using Algorithms GOST R 34.10, GOST R 34.11 in the Certificate Profile and Certificate Review List (CRL) of the Open Keys Infrastructure X.509
Technical specification of TC 26 "Cryptographic Information Protection" "Expansion of PKCS # 11 for the use of Russian standards GOST R 34.10-2012 and GOST R 34.11-2012"

Cryptoprovider is a means of cryptographic information (), without which the use becomes impossible. It is formed on the basis of cryptographic algorithms, and the implementation of these processes is possible only in the presence of SCJ. CSP cryptopro is the most popular product on the Russian cryptographic utility market. With this program, most electronic trading platforms, information state systems (EAIS FST, Yegais, etc.) and control bodies that take reporting via the Internet (FTS, FSS, FFR) are working.

At the end of September 2019, two versions of SKZI - 4.0 and 5.0 are valid in the "Crypto-Pro" lineup. Both programs are certified and provide full set opportunities for owners of EDS. In this article, we will stop at, consider the functions and characteristics of software, licensing features, installation procedure and configuration.

Let's help you get the EDS. Consultation 24 hours!

Leave the application and get advice.

Ski cryptopro version 4.0: characteristics and functionality

State portals I. shopping groundsHaving hosts users on their websites and instructions for working with electronic documents. In addition, there is another popular cryptoprovider in the market - VIPNET CSP. But some organizations (for example, Rosreestr) limit users in choosing and indicate the required use of CSP cryptopro. When issuing CEP certificates, certifying centers are also most often used cryptopro, so if the user installs another cryptoproder on the PC, errors may occur when creating EP.

Functions in

CryptoPro software tools are systematically updated and improved. Last certified version assembly (3-Base execution). All current updates can be tracked on the developer's official website in the "Certificates" section.

Cryptoprovider has been certified by the FSB. This means that it can be used to create an electronic signature and encryption of data in accordance with the law FZ-63.

Skusi performs the following functions:

gives the legal force digital files certified by CEP;
prevents compromising data using modern means cryptociphesifices and imitobackers;
guarantees the authenticity and invariance of electronic files;
supports the official authorization of private entrepreneurs and legal entities on Internet sites and web portals of state bodies.

Without cryptoprovider, the user will not be able to participate in electronic document flow (Edo) and perform the following operations:

remote;
sending reporting documentation to Rosstat, FIU and other government agencies;
interaction in information services, AIS GOSCAKAZ, GIS Housing and Public, etc.;
bank transfers and other financial transactions where CEP needs;
applying online applications for participation in the auctions according to the Federal Law No. 223 and No. 44;
support of bankruptcy procedure;
interaction with participants of the corporate EDO.

From January 1, 2019, all CC produce electronic certificates According to the new standard (GOST R 34.10-2012). Software Fully complies with this standard and supports new crypto protection algorithms.

System Requirements for Software Installation

For full use All functionality Cryptoprovider remains only to establish certificates in the PC registry. As a rule, the CACs give certificates on key flash drives, in rare cases - send to email owner.

The certificate is installed in the "Service" section of Cryptopro. This procedure is recommended to be performed in accordance with the instructions from the developer. As a result, the certificate must be saved in the "Personal" folder.

At the final stage, save the root certificate (COP), which is hosted for downloading on the UTS website. This document is saved in the "Trusted" folder. The COP performs an important function in Edo - confirms that the certificate is obtained in an accredited CC.