Skzi cryptopro csp version 3.0. Choosing a crypto provider Cryptopro CSP. Installing and configuring the browser

Windows Setup

To protect the transmitted data on the Information Portal croinform.ru, a cryptographic information protection tool (CIPF) of the Crypto-Pro company is used. To install this software, follow a few simple steps.

Step 1. Downloading the CryptoPro CSP distribution (version 4.0)

To download the distribution kit, go to the CRYPTO-PRO website http://www.cryptopro.ru/

In the Login form, enter the following username: MBKI , password: MBKI and click Login


The Download Center page opens. In the list of programs, select CryptoPro CSP (First in the list).

Choose distribution kit CryptoPro CSP (version 4.0), which is suitable for your operating system. Save the file to disk.

Step 2. Installing CryptoPro CSP (version 4.0)

Run the distribution kit of the CryptoPro CSP program downloaded at step 1. The "Installation window" will appear on the screen. Select the recommended installation option, "Install (recommended)".


A window will appear showing the CryptoPro CSP installation process.


After the CryptoPro CSP installation process is completed, you will receive a message.


The temporary license is valid for 30 days. After this period, the full package of CIPF functions ceases to work, however, some of the information protection functions necessary for working with the Information Portal remain.

CSP CryptoPro is a reliable commercial software tool designed to add and verify cryptographic protection on sensitive documents and other files that require an electronic digital signature (EDS). The program is designed primarily for companies that have switched to electronic document management. Thanks to it, it is possible to ensure the legal force of individual securities presented exclusively in digital form. In fact, a digital signature is a kind of analogue of a wet seal for physical documents.

This solution complies with all current GOSTs that regulate information control and data integrity during transmission. To manage the security algorithms used in CSP CryptoPro, a special manager is provided, which is also responsible for setting other parameters of the program. In addition to it, the cryptoprovider kit includes tools that are responsible for "issuing" and verifying certificates. It also includes the CryptoPro Winlogon module. Its main task is to perform the initial authentication of new users in the Windows environment. The operation of this component is based on the Kerberos V5 protocol, and authorization occurs after verifying the certificate of a USB token, smart card, or any other key medium used in the enterprise. In general, a cryproprovider allows you to use a variety of types of key carriers. For companies using relatively old computer equipment, even the possibility of using floppy disks in 3.5 format is provided.

Based on the fact that we have an exclusively commercial software solution, it is easy to guess that it is paid. Although the developer of CryptoPro kindly provides a demo version of his tool, which can only be used for the first thirty days. After this period, you will need to purchase a license.

Key Features

  • contains tools for adding and verifying an electronic digital signature (EDS);
  • knows how to add and verify issued digital certificates;
  • gives legal weight to electronic copies of documents;
  • can perform authentication after checking the certificate on the key carrier;
  • provides control of the integrity of the transmitted information;
  • the algorithm used to generate hash sums and other algorithms used by the program fully comply with these GOSTs.
CryptoPro CSP is intended for:
  • ensuring the legal significance of documents for electronic document management, through the formation and verification of electronic signatures, according to Russian cryptographic standards GOST R 34.11-94 / GOST R 34.11-2012 and GOST R 34.10-2001 / GOST R 34.10-2012;
  • encryption and imitation protection in accordance with GOST 28147-89 will guarantee the confidentiality and integrity of information;
  • ensuring authenticity, imitation protection and confidentiality of TLS connections;
  • protection against software modification and violation of its operation algorithms;
  • management of key elements of the system, in accordance with the regulation of protective equipment.

Key carriers for CryptoPro CSP

CryptoPro CSP can be used in conjunction with many key media, but the Windows registry, flash drives, and tokens are most commonly used as key media.

The most secure and convenient key carriers that are used in conjunction with CryptoPro CSP, are tokens. They allow you to conveniently and securely store your digital signature certificates. Tokens are designed in such a way that even in case of theft, no one will be able to use your certificate.

  • floppy disks 3.5";
  • MPCOS-EMV processor cards and Russian smart cards (Oscar, RIK) using smart card readers supporting PC/SC protocol (GemPC Twin, Towitoko, Oberthur OCR126, etc.);
  • Touch-Memory tablets DS1993 - DS1996 using Accord 4+ devices, Sobol electronic lock or Touch-Memory DALLAS tablet reader;
  • electronic keys with USB interface;
  • removable media with USB interface;
  • Windows registry;

Digital signature certificate for CryptoPro CSP

CryptoPro CSP works correctly with all certificates issued in accordance with the requirements of GOST, and therefore with most certificates issued by Certification Centers in Russia.

In order to start using CryptoPro CSP, you will definitely need a digital signature certificate. If you have not yet purchased a digital signature certificate, we recommend that you buy a digital signature on this page.

Supported Windows operating systems

CSP 3.6 CSP 3.9 CSP 4.0
Windows 2012 R2 x64 x64
Windows 8.1 x86/x64 x86/x64
Windows 2012 x64 x64 x64
Windows 8 x86/x64 x86/x64 x86/x64
Windows 2008 R2 x64/itanium x64 x64
Windows 7 x86/x64 x86/x64 x86/x64
Windows 2008 x86 / x64 / itanium x86/x64 x86/x64
Windows Vista x86/x64 x86/x64 x86/x64
Windows 2003 R2 x86 / x64 / itanium x86/x64 x86/x64
Windows XP x86/x64
Windows 2003 x86 / x64 / itanium x86/x64 x86/x64
Windows 2000 x86

Supported Algorithms

CSP 3.6 CSP 3.9 CSP 4.0
GOST R 34.10-2012 Creating a signature 512 / 1024 bit
GOST R 34.10-2012 Signature verification 512 / 1024 bit
GOST R 34.10-2001 Creating a signature 512 bit 512 bit 512 bit
GOST R 34.10-2001 Signature verification 512 bit 512 bit 512 bit
GOST R 34.10-94 Creating a signature 1024 bits*
GOST R 34.10-94 Signature verification 1024 bits*
GOST R 34.11-2012 256 / 512 bit
GOST R 34.11-94 256 bit 256 bit 256 bit
GOST 28147-89 256 bit 256 bit 256 bit

* - up to CryptoPro CSP 3.6 R2 (build 3.6.6497 dated 2010-08-13) inclusive.

CryptoPro CSP License Terms

When buying CryptoPro CSP, you get a serial number that you need to enter during the installation or program setup process. The key validity period depends on the selected license. CryptoPro CSP can be distributed in two versions: with an annual license or perpetual.

Having bought perpetual license, you will receive a CryptoPro CSP key, the validity of which will not be limited. If you buy an annual license, you will receive a serial number CryptoPro CSP, which will be valid for a year after purchase.

CryptoPro CSP has a certificate of compliance of the Federal Security Service of the Russian Federation

The CryptoPro Rutoken CSP solution is a joint development of the CryptoPro and Aktiv companies, which integrates the capabilities of the CryptoPro CSP crypto provider and Rutoken USB tokens. An important feature of the FKN technology is the division of cryptographic powers between the cryptographic provider CryptoPro CSP and Rutoken KP, a cryptographic USB token model specially adapted for the FKN technology, made on the basis of the Rutoken EDS.

Rutoken KP is used in the FKN technology to generate key pairs, develop approval keys, implement an electronic signature, etc. Performing these operations on board the token ensures the highest degree of security of key information. Rutoken KP is used and supplied only as part of CryptoPro Rutoken CSP, this USB token is not distributed separately.

In the new version of CryptoPro Rutoken CSP, in addition to Rutoken KP, there is support for the standard Rutoken EDS 2.0 model for generating and securely storing CryptoPro CSP key pairs and containers. Key information is stored on Rutoken EDS 2.0 without the possibility of extracting it. The use of Rutoken EDS 2.0 as part of CryptoPro Rutoken CSP provides an optimal solution configuration in terms of cost and capabilities for cases where there are no increased requirements for the level of protection of communication channels with a key carrier.

The CryptoPro Rutoken CSP solution is the successor of CryptoPro CSP CIPF and supports all its features. It is also fully integrated into the public key infrastructure based on the certification center "CryptoPro CA".

Purpose

CIPF CryptoPro Rutoken CSP is intended for use in Russian PKI systems, legally significant electronic document management systems and other information systems using digital signature technologies. Including:

  • in client-bank systems when signing payment orders;
  • in secure document management systems;
  • in reporting collection systems for submission in electronic form;
  • in government and administration at the federal and regional levels;
  • in all other cases, where it is necessary to provide increased protection of user keys.

Possibilities

  • Supports all functionality CIPF CryptoPro CSP 3.9 .
  • Provides full integration with PKI infrastructure based on CryptoPro CA.
  • It also works with the standard model Rutoken EDS 2.0.
  • Using the hardware resources of Rutoken KP or Rutoken EDS 2.0, the following cryptographic operations are performed:
    • generation of key pairs GOST R 34.10-2001;
    • formation of an electronic signature in accordance with GOST R 34.10-2001;
    • Diffie-Hellman negotiation key calculation (RFC 4357).
  • Provides secure storage and use of private keys inside the key carrier without the possibility of extraction.

Functional key carrier

The FKN architecture implements a fundamentally new approach to ensuring the safe use of key information stored on a hardware medium.

In addition to the formation of an electronic signature and the generation of encryption keys directly in the microprocessor, the key carrier allows you to effectively resist attacks associated with the substitution of a hash value or signature in a communication channel.

The main advantages of FKN

  • The possibility of signature substitution in the exchange protocol is excluded, the electronic signature is generated in parts: first in the key carrier, then finally in the CSP software.
  • Generation of electronic signature keys and approval keys, as well as the creation of an electronic signature within the FKN.
  • Transferring a hash value over a secure channel that excludes the possibility of spoofing.
  • After the container is created, the user's key is not stored either in the key container or in the memory of the cryptographic provider, and is not used explicitly in cryptographic transformations.
  • Enhanced data protection during transmission over an open channel due to the use of mutual authentication of the key carrier and the software component using the original protocol based on the EKE (electronic key exchange) procedure. In this case, it is not a PIN code that is transmitted, but a point on an elliptic curve.
  • Increased privacy of private keys.
  • The key can be generated by the FKN or loaded from outside.
  • Performing cryptographic operations on elliptic curves directly by the key carrier, support for the Russian electronic signature.

The introduction of modern means of personal identification is a huge step in the development of electronic document management. Many believe that the development of such a direction does not make practical sense, that the use of such tools is necessary only for a small number of users and nothing will exceed a simple signature in reliability and convenience, but this is far from the case.

An electronic digital signature allows you to determine the authenticity of a person in a digital workflow, which significantly increases its efficiency and saves time and money.

An electronic digital signature (or EDS) is, in fact, electronic props, which allows you to protect the digital version of any document from forgery. The legislator defines an EDS as an analogue of a handwritten signature, which is used to identify a person in electronic document management.

Types of EDS

In practice, several variants of EDS are used.

Simple EDS does not contain cryptographic protection elements. Security is ensured by using a login, password and connection codes.

In general, it is used only for the actual identification of the user, and is not used to protect a specific document.

Such a signature can still certify documents, however, this requires execution certain conditions:

  • adding to a specific document;
  • use complies with the internal rules of workflow;
  • the presence of information about the identity of the sender of the file.

Unskilled refers to an enhanced signature, but the degree of its protection is less than that of a qualified one. However, in this case cryptographic methods of protection are already used. Using such a signature allows not only to sign a document, but also to make changes to it with their subsequent confirmation.

Qualified i is considered the most secure option. Cryptographic protection methods are used, the confirmation of which is carried out by special authorities. It is difficult to use in practice, but there is a definite plus - reliability. You can connect such a signature only in a special certification center.

Methods, services and test results

The use of EDS is undoubtedly practical and convenient. However, each user must have the skills to check its validity, which protect against possible violations by counterparties.

Checking is not difficult. To do this, just use one of several services. So, you can check the authenticity of a document signed with an EDS by uploading it to the site crypto.kontur.ru.

This service will allow you to quickly analyze the document and get the result. To use it, you need to properly configure your computer, but it's not difficult, you just need to follow the instructions on the site.

If you can’t install the ES on your computer on your own, you should contact the certification centers. At the end of their work, an act of installing an electronic signature means is drawn up.

  1. Certificate validity period.
  2. Whether the signature is on the revoked list.
  3. Whether the EDS belongs to the number issued by accredited centers.

The most popular verification method is verification through the State Services portal. However, there are many more services that are approximately the same in terms of their effectiveness.

In general, verification methods can be divided into two types:

  1. Verification of a document signed with an EDS.
  2. Checking the EDS itself.

Another way to check the EDS is to install the appropriate program on a PC. Typically used CryptoPro because of the many full-fledged functions for working with EDS.

The result of any verification is confirmation or non-confirmation of the authenticity of the digital signature or the document signed by it. Such services simply need to be used for work, as they fully allow you to ensure the security of electronic document management.

In the event that work through the EDS is performed on an ongoing basis, it is recommended to use the software from CryptoPro.

How to install an EDS

To install an ES on a PC, you will need to download the appropriate software and follow the instructions.

Programs

First of all, you need to install on your computer CryptoPro CSP program. Further:

  1. Run the program in any of the ways. As an option - open the Control Panel, the "Programs" menu and find the one you need there, or find it through the search if the location is not known. The launch is performed on behalf of the administrator.
  2. After starting the program, a window will appear in which you need to find the "Service" tab.
  3. Next, look for the menu "View certificates in the container."
  4. The "Browse" window appears, in which you can see information about the name of the container and the reader. Press OK.
  5. In the next window, "Certificates in the Private Key Container", no action is required. Just skip it by clicking Next.
  6. A window with user data will appear. You need to select "Properties".
  7. We install a new Certificate, for this we select "Install Certificate".
  8. In the next window, do nothing and just click "Next".
  9. Next, you need to select the item "Place all certificates in one store", for this we click "Browse" and select the "Personal" folder.
  10. The last step is to click "Finish".

Plugins

There is also a useful plugin from CryptoPro that allows you to create and verify signatures on web pages. CryptoPro EDS Browser plug-in can work with any modern browser, including Chrome and Yandex.

  1. Sign documents for electronic document management.
  2. Validate web form data.
  3. Notarize any files sent from the user's computer.
  4. Sign messages.

Using the plug-in, you can check both a regular ES and an improved one. An important plus is that it is distributed completely free of charge.

No special skills are required to install the plugin, everything happens automatically. You just need to run the installer file, then select "Run", "Next" and "OK". The program will do everything itself.

Copying materials is allowed only when using an active link to this site.

Installing and configuring CryptoPro to work with an electronic signature

To participate in electronic trading, each entrepreneur must have their own digital signature. EDS acts as an analogue of a handwritten signature that gives legal force to an electronic document. To participate in electronic auctions on public procurement websites, it is necessary to provide high guarantees for the reliability and authenticity of the submitted signature in the application for participation in the tender and in all related documentation. In order to authenticate persons signing electronic documents, the CryptoPro cryptographic utility was created, which allows generating and verifying an EDS.

A little about keys

To obtain your own digital signature, you must contact a certified certification authority (CA), which issues a root certificate, as well as a public and private key.

CA root certificate is a file with the .cer extension that allows the system to identify the certification authority.

Subscriber public key is a nominal file of the owner of the electronic key used to verify the validity and authenticity of the signed document. The public key can be published and sent anywhere and to anyone, it is public information.

Private key of the subscriber is a set of encrypted files stored on an electronic medium. The owner of the private key uses a secret pin code for authorization in the system, therefore, if it is lost, the subscriber must immediately revoke his key through the certification center.

After receiving the electronic signature, it is necessary to install the software on the computer to work with the digital signature. The cryptographic provider CryptoPro 3.6 supports the state standards of the Russian Federation: GOST R 34.10–2001, GOST R 34.11–94 and GOST R 34.10–94.

The main purpose of CryptoPro

  1. Ensuring the process of giving legal significance to electronic documents through the use of EDS;
  2. Ensuring confidentiality and integrity control of encrypted information;
  3. Integrity control and protection of software from unauthorized changes.

The CryptoPro 3.6 utility is compatible with the following operating systems:

After the release of Microsoft Windows 10, CryptoPro also updates its software and certifies the new version of CryptoPro CSP 4.0

Installing and configuring CryptoPro

  1. On the official site cryptopro.ru, you need to purchase the required version of the utility and install the crypto provider. Launch CryptoPro CSP and, using the installer's prompts, install the utility on your computer.
  2. Next, you need to install the e-ID support driver. Private keys can be stored on floppy disks, smart cards and other electronic media, but tokens in the form of a USB key fob (eToken, Rutoken) are considered the most convenient analogue. For the correct operation of the media, we install the appropriate driver.
  3. Then you need to configure the readers. We launch CryptoPro as an administrator and in the window that opens we find the "Hardware" tab and click "Configure readers". In the "Manage readers" window that opens, click "Add". Select the desired reader (for example, for eToken, select AKS ifdh 0). After installation, click "Finish".
  4. Let's move on to installing a personal digital signature user certificate. In the "Service" tab, click "Install personal certificate". Specify the path to the certificate file with the .cer extension.
  5. Next, insert the token into the computer's USB port, indicating the private key storage container. To configure in automatic mode, you can check the box next to "Find container automatically". The system will prompt you to enter a PIN code and place a personal certificate in the store. After installation, click Finish.
  6. Let's move on to setting up the browser to work with the public procurement portal. The site zakupki.gov.ru works only with the Internet Explorer browser. In the browser properties, select the "Security" tab in which you should select "Trusted Sites" and click "Sites". In the window that opens, you need to register the following websites:
  1. Next, you need to go to the public procurement website and in the left menu column in the "Additional" section, find the "Documents" item and click "Files to configure the workplace." Download all output files and install.

Read also: Benefits for labor veterans in the Vladimir region in 2020

How to check the work of the EDS?

Below is a related video:

How to install cryptopro on a computer step by step where to start

EDS certificate(electronic digital signature) is, in fact, a set of numbers. The generation of these numbers occurs when a document is encrypted, which is based on personal data necessary to identify the user. After receiving a digital signature in the certification center, it must be installed. Only after that, you can use it. We will advise you.

Before installing the EDS make sure you have the program CryptoPro CSP. The absence of this program excludes the possibility of using a digital signature. Download CryptoPro you can go to official site developers. This is a paid program, however, you will be given a free trial period that will last for 3 months.

Let's assume the program CryptoPro already installed on your personal computer. The following steps will tell you how to install a CAP certificate on a computer:

  • Open on your computer Control Panel". In the panel window, select from the list of programs CryptoPro. Run it by double-clicking the mouse (left button);
  • In the window of the running program, from the list of various tabs, select the tab “ Service”;
  • In the tab that opens, click on the column “ View certificates in a container”;
  • Next, in the window that appears, click on “ Review". This window shows the available reader and container name. Review the information received, then click “ OK”;
  • The window that opens is titled “ Certificates in a private key container". Press " Further” without any changes and input of information;
  • A window will open that tells about the user, the serial number of the electronic signature and its validity period. Select " Properties”;
  • In the certificate window that appears, you need to install a new one. This is easy to do by clicking on " Install Certificate”;
  • Certificate Import Wizard". Read the information provided and click " Further”;
  • In the new window, select the item called " Place all certificates…”. Click on the button " Review”;

Now you know how to install a digital signature certificate on a computer. Enjoy simplicity and ease of work with a unique electronic digital signature.

Tell your friends on social networks

comments 3

I did the installation algorithm, but I can’t enter my personal account on public procurement

How to install CryptoPro - how to install a certificate in CryptoPro?

CryptoPRO is a cryptographic provider that allows you to generate a digital signature and makes it possible to work with key certificates. The process of installing CryptoPRO on a personal computer is the subject of this article. Let's consider in detail how to install CryptoPro CSP for free.

The description of this process is contained in the user manual on the official website, which is also attached when purchasing a license. Let's analyze the procedure step by step.

CryptoPro plugin is not installed in the browser

Before starting work, the user needs to make sure that an outdated version of the product is not installed on his PC. The check is performed in the menu if the CryptoPRO item is absent, therefore CryptoPro plugin is not installed in the browser.

If the item of interest in the menu is found, you need to check if the version is outdated. To do this, launch CryptoPRO, in the License Management tab in the right window, look at the version number and license validity period.

Download CryptoPRO CSP

After it turns out that not installed CryptoPro EDS browser plug in, proceed to download CryptoPRO CSP and install it on your PC.

Since the provider is a means of cryptographic protection of information, accordingly, its distribution is recorded in certain supervisory authorities. In order to download the program, you will need to register. Then follow the link sent to your email. By clicking on it, we select CryptoPRO CSP from the list of products.

Installing CryptoPRO on a computer R

The installation file is downloaded before how to install CryptoPRO on a computer. To install, run the file. If the security system issues a warning, then you need to allow the program to make changes to your PC. Next, click "Install" and wait a few minutes. User participation is not required at this stage. After installation, it is recommended to restart your computer.

CryptoPRO license key

Now enter the license key.

  • We look for CryptoPRO in programs, select CryptoPRO CSP
  • Enter the serial number.

Check that the installed version matches the one you purchased. If you have version 4.0, then, accordingly, choose CryptoPRO CSP 4.0. This version is recommended for Windows 10.

Liked the article? Share with friends:
You may also be interested