Choosing a crypto provider Cryptopro CSP. Installing cryptopro Using cryptopro csp version 3.6 1

To protect transmitted data, the Information Portal croinform .ru uses a cryptographic information protection tool (CIPF) from the Crypto-Pro company. To install this software, follow a few simple steps.

Step 1. Download the CryptoPro CSP distribution kit (version 4.0)

To download the distribution, go to the CRYPTO-PRO website http://www.cryptopro.ru/

In the “Login” form, enter the following username information: MBKI , password: MBKI and click Login

The Download Center page opens. In the list of programs, select CryptoPro CSP(First on the list).

Select CryptoPro CSP distribution (version 4.0), which is suitable for your operating system. Save the file to disk.

Step 2. Installation of CryptoPro CSP (version 4.0)

Launch the distribution package of the CryptoPro CSP program downloaded in step 1. The “Installation Window” will appear on the screen. Select the recommended installation option, "Install (Recommended)."

A window will appear displaying the installation process of CryptoPro CSP.

After completing the installation process of CryptoPro CSP, you will receive a message.

A temporary license is valid for 30 days. After this period full package CIPF functions stop working, but some of the information protection functions necessary to work with Information Portal, remains.

The CryptoPro Rutoken CSP solution is a joint development of the CryptoPro and Aktiv companies, which integrates the capabilities of the cryptoprovider CryptoPro CSP and Rutoken USB tokens. An important feature of FKN technology is the division of cryptographic power between the cryptoprovider CryptoPro CSP and Rutoken KP - a cryptographic USB token model specially adapted for FKN technology, made on the basis of Rutoken EDS.

Rutoken KP is used in FKN technology to generate key pairs, develop approval keys, implement electronic signature etc. Performing these operations on board the token ensures the highest possible degree of safety of key information. Rutoken KP is used and supplied only as part of CryptoPro Rutoken CSP; this USB token is not distributed separately.

IN new version CryptoPro Rutoken CSP, in addition to Rutoken KP, there is support for the standard Rutoken EDS 2.0 model for generating and securely storing key pairs and CryptoPro CSP containers. Key information is stored on Rutoken EDS 2.0 without the possibility of retrieving it. The use of Rutoken EDS 2.0 as part of CryptoPro Rutoken CSP provides an optimal solution configuration in terms of cost and capabilities for cases where increased requirements for the level of protection of communication channels with the key carrier are not imposed.

The CryptoPro Rutoken CSP solution is the successor to the CryptoPro CSP CIPF and supports all its capabilities. It is also fully integrated into the infrastructure public keys, based on the CryptoPro UC certification center.

Purpose

CIPF CryptoPro Rutoken CSP is intended for use in Russian PKI systems, in systems of legally significant electronic document management and in others information systems using digital signature technologies. Including:

in client-bank systems when signing payment orders;
in secure document management systems;
in reporting collection systems for submission to in electronic format;
in government and management bodies at the federal and regional levels;
in all other cases where it is necessary to ensure increased protection user keys.

Possibilities

Supports all functionality CIPF CryptoPro CSP 3.9 .
Provides full integration with PKI infrastructure based on CryptoPro CA.
Also works with the standard model Rutoken EDS 2.0.
Using the hardware resources of Rutoken KP or Rutoken EDS 2.0, the following cryptographic operations are performed:
- generation of key pairs GOST R 34.10-2001;
- generation of an electronic signature in accordance with GOST R 34.10-2001;
- Diffie-Hellman negotiation key calculation (RFC 4357).
Provides safe storage and the use of private keys within a key carrier without the possibility of retrieval.

Functional key carrier

The FKN architecture implements a fundamentally new approach to ensuring the secure use of key information stored on hardware media.

In addition to forming an electronic signature and generating encryption keys directly in the microprocessor, the key carrier can effectively resist attacks related to the substitution of a hash value or signature in a communication channel.

Main advantages of FKN

The possibility of replacing the signature in the exchange protocol is excluded; the electronic signature is generated in parts: first in the key medium, then finally in the CSP software part.
Generation of electronic signature keys and approval keys, as well as creation of an electronic signature within the Federal Computer Science Department.
Transmitting a hash value over a secure channel that eliminates the possibility of substitution.
Once the container is created, the user key is not stored in any key container, neither in the memory of the crypto provider, nor are they used explicitly in cryptographic transformations.
Enhanced data protection when transmitted over an open channel due to the use of mutual authentication of the key carrier and the software component using the original protocol based on the EKE (electronic key exchange) procedure. In this case, it is not the PIN code that is transmitted, but a point on the elliptic curve.
Increased privacy of private keys.
The key can be generated by FKN or loaded externally.
Performing cryptographic operations on elliptic curves directly with the key carrier, supporting Russian electronic signatures.

The introduction of modern means of personal identification is a huge step in the development of electronic document management. Many believe that the development of such a direction has no practical meaning, that the use of such tools is necessary only for a small number of users, and nothing will exceed a simple signature in reliability and convenience, but this is far from the case.

An electronic digital signature allows you to determine the authenticity of your identity in digital document flow, which significantly increases its efficiency and saves time and money.

An electronic digital signature (or EDS) is, in essence, electronic props, which allows you to protect the digital version of a document from forgery. The legislator defines an electronic signature as an analogue of a handwritten signature, which is used for the purpose of identifying a person in electronic document management.

Types of digital signature

In practice, several variants of digital signature are used.

Simple digital signature does not contain elements of cryptographic protection. Security is ensured by using login, password and connection codes.

In general, it is used only for the actual identification of the user, but is not used to protect a specific document.

Such a signature can still certify documents, however, this requires fulfillment certain conditions:

adding to a specific document;
use complies with internal document flow rules;
availability of information about the identity of the sender of the file.

Unskilled refers to an enhanced signature, but its degree of protection is less than that of a qualified signature. However, in this case, cryptographic protection methods are already used. Using such a signature allows you not only to sign a document, but also to make changes to it and then confirm them.

Qualified I am considered the most secure option. Cryptographic protection methods are used, which are confirmed by special authorities. Use in practice is difficult, but there is an undoubted advantage - reliability. You can connect such a signature only in a special certification center.

Test methods, services and results

Using digital signature is undoubtedly practical and convenient. However, each user must have the skills to verify its accuracy, which protects against possible violations by counterparties.

It is not difficult to check. To do this, just use one of several services. Thus, you can verify the authenticity of a document signed using an electronic digital signature by uploading it to the website crypto.kontur.ru.

This service will allow you to quickly analyze a document and get the result. To use it, you need to configure your computer accordingly, but it is not difficult, you just need to follow the instructions on the site.

If you cannot install the electronic signature on your computer yourself, you should contact certification centers. Upon completion of their work, an installation certificate for the electronic signature facility is drawn up.

Certificate validity period.
Is the signature on the list of revoked signatures?
Is the digital signature one of those issued by accredited centers?

The most popular verification method is verification through the State Services portal. However, there are many more services that are approximately the same in their effectiveness.

In general, verification methods can be divided into two types:

Verification of a document signed with digital signature.
Checking the digital signature itself.

Another way to check your digital signature is to install the appropriate program on your PC. Typically used CryptoPro due to the many full-fledged functions for working with digital signatures.

The result of any check is confirmation or non-confirmation of the authenticity of the digital signature or the document signed by it. Such services simply need to be used for work, as they fully ensure the security of electronic document management.

If work via digital signature is carried out on an ongoing basis, it is recommended to use software from CryptoPro.

How to install digital signature

To install the electronic signature on a PC, you will need to download the appropriate software and follow the instructions.

Programs

First of all, you need to install it on your computer CryptoPro CSP program. Further:

Run the program in any of the ways. As an option, open the Control Panel, the “Programs” menu and find what you need there, or find it through a search if the location is not known. Run as administrator.
After starting the program, a window will appear in which you need to find the “Service” tab.
Next, look for the “View certificates in container” menu.
The Browse window appears, where you can view information about the container name and reader. Click OK.
In the next window, “Certificates in the private key container,” you do not need to perform any actions. Just skip it by clicking Next.
A window with user data will appear. You need to select "Properties".
We install a new Certificate, to do this, select “Install Certificate”.
In the next window we don’t do anything and just click “Next”.
Next, you need to select the “Place all certificates in one storage” item, to do this, click “Browse” and select the “Personal” folder.
The last step is to click “Finish”.

Plugins

There is also a useful plugin from CryptoPro that allows you to create and verify signatures on web pages. CryptoPro EDS Browser plug-in can work with any modern browser, including Chrome and Yandex.

Sign documents for electronic document management.
Validate web form data.
Certify any files sent from the user's computer.
Sign messages.

Using the plugin, you can check both regular and improved electronic signatures. An important advantage is that it is distributed completely free of charge.

To install the plugin you don’t need any special skills, everything happens in automatic mode. You just need to run the installer file, then select “Run”, “Next” and “Ok”. The program will do everything itself.

Copying of materials is permitted only when using an active link to this site.

Installation and configuration of CryptoPro for working with electronic signatures

To participate in electronic trading, each entrepreneur must have his own electronic digital signature. An electronic signature acts as an analogue of a handwritten signature, giving an electronic document legal force. To participate in electronic auctions on government procurement websites, it is necessary to provide high guarantees of the reliability and authenticity of the submitted signature in the application for participation in the tender and in all related documentation. In order to authenticate persons signing electronic documents, the CryptoPro cryptographic utility was created, which allows you to generate and verify digital signatures.

A little about the keys

To obtain your own digital signature, you must contact a certified certification center (CA), which issues a root certificate, as well as a public and private key.

CA root certificate is a file with the .cer extension that allows the system to identify the certification authority.

Subscriber public key– this is the personal file of the owner of the electronic key, used to verify the reliability and authenticity of the signed document. The public key can be published and sent in any way and to anyone; it is public information.

Subscriber private key is a set of encrypted files stored on electronic media. The owner of the private key uses a secret PIN code for authorization in the system, therefore, if it is lost, the subscriber must immediately revoke his key through the certification center.

After receiving an electronic signature, you need to install software on your computer to work with the digital signature. The cryptoprovider program CryptoPro 3.6 supports the state standards of the Russian Federation: GOST R 34.10–2001, GOST R 34.11–94 and GOST R 34.10–94.

The main purpose of CryptoPro

Ensuring the process of giving electronic documents legal significance through the use of digital signatures;
Ensuring confidentiality and monitoring the integrity of encrypted information;
Integrity control and software protection from unauthorized changes.

The CryptoPro 3.6 utility is compatible with the following operating systems:

After graduation Microsoft Windows 10 CryptoPro is also updating its software and certifying the new version of CryptoPro CSP 4.0

Installation and configuration of CryptoPro

On the official website cryptopro.ru you need to purchase the required version of the utility and install the cryptoprovider. Launch CryptoPro CSP and, using the installer prompts, install the utility on your computer.
Next, you need to install the electronic ID support driver. Private keys can be stored on floppy disks, smart cards, and other electronic media, but the most convenient analogue is considered to be tokens in the form of a USB keychain (eToken, Rutoken). For correct operation of the media, install the appropriate driver.
Then you need to configure the readers. We launch CryptoPro as an administrator and in the window that opens, find the “Hardware” tab and click “Configure readers.” In the “Manage Readers” window that opens, click “Add”. Select the desired reader (for example, for eToken, select AKS ifdh 0). After installation, click “Finish”.
Let's move on to installing a personal digital signature user certificate. In the “Service” tab, click “Install personal certificate”. Let's indicate the path to the certificate file with the .cer extension.
Next, insert the token into the USB connector of the computer, indicating the container for storing the private key. To configure it in automatic mode, you can check the box next to “Find container automatically.” The system will prompt you to enter a PIN code and place the personal certificate in the storage. After installation, click Finish.
Let's move on to setting up the browser to work with the government procurement portal. The website zakupki.gov.ru only works with Internet browser Explorer. In the browser properties, you need to select the “Security” tab, in which you should select “Trusted Sites” and click “Sites”. In the window that opens, you need to register the following websites:

Next, you need to go to the government procurement website and in the left column of the menu in the “Advanced” section, find the “Documents” item and click “Files for setting up the workplace.” Download all output files and install.

Read also: Sale of property of bankrupts and debtors

How to check the operation of the digital signature?

Below is a topical video:

How to install cryptopro on a computer step by step where to start

Digital signature certificate(electronic digital signature) is essentially a set of numbers. These numbers are generated when a document is encrypted, which is based on personal data necessary to identify the user. After receiving a digital signature from the certification center, it must be installed. Only after this will you be able to use it. We will tell you.

Before installation of digital signature make sure the program is available CryptoPro CSP. The absence of this program excludes the possibility of using a digital signature. Download CryptoPro you can by going to official site developers. This paid program However, you will be given a free trial period that will last for 3 months.

Let's assume that the program CryptoPro you already have installed on your personal computer. The following steps will tell you, how to install a ZCP certificate on a computer:

Open on your computer “ Control Panel" In the panel window, select from the list of programs CryptoPro. Launch it by double clicking the mouse (left button);

In the window running program From the list of various tabs, select the “tab” Service”;

In the tab that opens, click on the column “ View certificates in a container”;

Next, in the window that appears, click on “ Review" This window displays the available reader and container name. Review the information received, then click “ OK”;

The window that opens has the name “ Certificates in a private key container" Press “ Further” without any changes or input of information;

A window will open telling you about the user, serial number electronic signature and its validity period. Select “ Properties”;

In the certificate window that appears, you need to install a new one. This is easy to do by clicking on “ Install certificate”;

“ Certificate Import Wizard" Review the information provided and click “ Further”;

In the new window, select the item called “ Place all certificates...” Click on the “ Review”;

Now you know how to install a digital signature certificate on a computer. Enjoy the simplicity and ease of working with a unique electronic digital signature.

Tell your friends on social networks

comments 3

I made the installation algorithm, but go to Personal Area I can’t do it on government procurement

How to install CryptoPro - how to install a certificate in CryptoPro?

CryptoPRO is a crypto provider that allows you to generate an electronic digital signature and makes it possible to work with key certificates. The installation process of CryptoPRO on Personal Computer and this article is devoted to. Let's take a closer look at how to install CryptoPro CSP for free.

A description of this process is contained in the user manual on the official website, and is also included when purchasing a license. Let's look at the procedure step by step.

CryptoPro plugin is not installed in the browser

Before starting work, the user needs to make sure that an outdated version of the product is not installed on his PC. The check is carried out in the menu if the CryptoPRO item is missing, therefore CryptoPro plugin is not installed in the browser.

If the item of interest is found in the menu, you need to check whether the version is outdated. To do this, launch CryptoPRO, in the License Management tab in the right window, look at the version number and license validity period.

Download CryptoPRO CSP

After it turns out that not installed CryptoPro digital signature browser plug in, let's start downloading CryptoPRO CSP and installing it on your PC.

Since the provider is a means of cryptographic information protection, its distribution is accordingly recorded by certain supervisory authorities. In order to download the program you will need to register. Next, refer to the link sent to your email. After clicking on it, select CryptoPRO CSP from the list of products.

Installing CryptoPRO on a computer R

Download installation file is made before how to install CryptoPRO on your computer. To install, run the file. If the security system issues a warning, then you need to allow the program to make changes to your PC. Next, click “Install” and wait a few minutes. User participation is not required at this stage. After installation, it is recommended to restart your computer.

CryptoPRO license key

Now enter the license key.

In the programs we look for CryptoPRO, select CryptoPRO CSP
Enter the serial number.

Check that installed version matches the one you purchased. If you have version 4.0, then, accordingly, select CryptoPRO CSP 4.0. This version is recommended for Windows 10.

Software "CryptoPro CSP" designed to monitor the integrity of system and application software, manage key elements of the system in accordance with the regulations on security measures, authorization and ensure the legal significance of electronic documents when exchanging them between users. In addition to the crypto provider itself, CryptoPro CSP includes the products CryptoPro TLS, CryptoPro EAP-TLS, CryptoPro Winlogon and CryptoPro Revocation Provider.

The solution is intended for:

authorization and ensuring the legal significance of electronic documents when exchanging them between users, through the use of procedures for generating and verifying an electronic signature (ES) in accordance with domestic standards GOST R 34.10-2001 / GOST R 34.10-2012 (using GOST R 34.11-94 / GOST R 34.11-2012);
ensuring confidentiality and monitoring the integrity of information through its encryption and imitation protection, in accordance with GOST 28147-89;
ensuring authenticity, confidentiality and imitational protection of connections via the TLS protocol;
monitoring the integrity of system and application software to protect it from unauthorized changes and violations of correct functioning;
management of key elements of the system in accordance with the regulations on protective equipment.

Implemented Algorithms

The algorithm for generating the hash function value is implemented in accordance with the requirements of GOST R 34.11-94 / GOST R 34.11-2012 " Information technology. Cryptographic information protection. Hash function."
Algorithms for generating and verifying an electronic signature are implemented in accordance with the requirements of GOST R 34.10-2001 / GOST R 34.10-2012 “Information technology. Cryptographic information protection. Processes of formation and verification of electronic digital signatures.”
The data encryption/decryption algorithm and the calculation of imitative inserts are implemented in accordance with the requirements of GOST 28147-89 “Information processing systems. Cryptographic protection."

When generating private and public keys, it is possible to generate with various parameters in accordance with GOST R 34.10-2001 / GOST R 34.10-2012.
When generating a hash function value and encryption, it is possible to use various replacement nodes in accordance with GOST R 34.11-94 and GOST 28147-89.

Supported key media types

floppy disks 3.5;
smart cards using smart card readers that support the PC/SC protocol;
Touch-Memory DS1993 - DS1996 tablets using Accord 4+ devices, an electronic lock “Sobol”, “Krypton” or a Touch-Memory DALLAS tablet reader (only in Windows versions);
electronic keys With USB interface(USB tokens);
removable media with USB interface;
Windows OS registry;
Solaris/Linux/FreeBSD OS files.

	CSP 3.6	CSP 3.9	CSP 4.0	CSP 5.0
Windows Server 2016		x64*	x64**	x64
Windows 10		x86 / x64*	x86 / x64**	x86/x64
Windows Server 2012 R2		x64	x64	x64
Windows 8.1		x86/x64	x86/x64	x86/x64
Windows Server 2012	x64	x64	x64	x64
Windows 8	x86/x64	x86/x64	x86/x64
Windows Server 2008 R2	x64/iteanium	x64	x64	x64
Windows 7	x86/x64	x86/x64	x86/x64	x86/x64
Windows Server 2008	x86 / x64 / itanium	x86/x64	x86/x64	x86/x64
Windows Vista	x86/x64	x86/x64
Windows Server 2003 R2	x86 / x64 / itanium	x86/x64	x86/x64	x86/x64
Windows Server 2003	x86 / x64 / itanium	x86/x64	x86/x64	x86/x64
Windows XP	x86/x64
Windows 2000	x86

The first place to start is to decide on the version you need. Client or server. If you plan to use the CryptoPro CSP CIPF on the server, buy it right away. A client license will not work. Yes, the price of a server license is several times higher, and in earlier versions it was possible to install a client license on the server, but today client licenses simply cannot be installed on server operating systems, despite the fact that everything worked in the trial (test) period.

GOST R 34.10-2012

Find out if you need support for the new 2012 electronic signature standards. Only supports the electronic signature standard GOST R 34.10-2012 (“Creating a signature” and “Verifying a signature”). The remaining versions of the crypto provider (3.0, 3.6 and 3.9) support GOST 94 and 2001.

Please be informed

The procedure for transition to the national standard GOST R 34.10-2012 in electronic signature tools for information that does not contain state secrets has been determined.

From the document of the FSB of Russia No. 149/7/1/3-58 dated January 31, 2014 “On the procedure for transition to the use of new digital signature standards and hashing functions,” we learn that after December 31, 2019, it will be unacceptable to use GOST R 34.10 to create an electronic signature -2001.

FSB Certificate

In many information systems (especially government ones), one of the main and mandatory requirements is the presence of an FSB certificate of conformity for the software. On this moment Versions 3.6 and 4.0 are certified.

The CryptoPro CSP 4.0 version has FSB certificates for protection classes and for operating systems from Windows Vista to Windows 10.

CryptoPro CSP 3.9 R2 CryptoPro CSP 4.0 R2 supporting work in Windows 10 today received a positive conclusion from the FSB.

Windows or Unix

If you choose version 3.6, then you need to decide which one operating system The software will be installed - on Windows or Unix-like. This division is only available in versions of CryptoPro CSP 3.6 and earlier. If you purchase the or version, then it does not matter which operating system you plan to install it on - Windows or Unix-like.