How to install CryptoPro on a computer, installing CryptoPro 4.0

CryptoPro CSP is a crypto provider and provides the legal significance of electronic documentation and connection protection. This is a key product among CryptoPro products. How CryptoPro CSP install most questions arise. We suggest that you familiarize yourself with the information below to install the program correctly. To install this software on a computer, the user must have administrator rights. The software on the disk must be inserted into the drive or selected the distribution folder on the computer. After launching the Installation Wizard, you must select the language to use. During installation, it is also possible to select the protection level (class).

Further installation is carried out in accordance with the choice of actions specified by the Installation Wizard. Thus, you may need to specify a serial key, configure additional sensors, and adjust CIPF to use the key storage service. Installation can be complete or selective, depending on the user’s tasks. Custom installation will help you install additional required components. It is advisable to restart the computer after installation for the program to work correctly.

Good afternoon dear friends! Today I want to review with you the CryptoPro CSP software product, which is very important for our work. CryptoPro CSP is a program, not free, that helps us install our certificates, or digital signature, digital signature, whatever, the meaning is the same.

Let's take a closer look at this program. There are several versions of this program. Versions 3.6, 3.9, 4.0. In addition, there are still a huge number of modifications of each version.

Versions of CryptoPro CSP

Why are there 3 versions used? Why not leave just the latest one? The answer is very simple. Each version is made for a specific operating system. For example, CryptoPro CSP 3.6 can be installed on Windows 2000, XP and so on, but there is a limit. Last operating system, on which you can bet version 3.6 is Windows 8 and Windows 2012. What if we tell you Windows 10? Then you need to install version 4.0. There are no special differences between 3.9 and 4.0, specifically in terms of operating platforms.

That is, if you Windows 7, then you need to buy version 3.6, and if Windows 10, then 4.0.

License for CryptoPro CSP

License for CryptoPro CSP definitely a must buy. The license price is not so high as to steal the program. Especially CryptoPro is not a greedy company and it has perpetual licenses, that is, according to the “buy and forget” principle. But there are times when the program is needed in the middle of the night and urgently, and perhaps there is no time to buy it. So I'll tell you a little secret.

CryptoPro CSP for free!

You didn't think so! CryptoPro CSP It's still possible for free. Guys,who wrote the program, I repeat, they are not greedy and understand everything. Therefore, they gave you a gift in the form of using their program for free for e three months. But after the trial period ends, you will still have to purchase a license forthis software product.

How to install CryptoPro CSP

T Now let's look at the process of installing the program. To do this, download the distribution, unpack it and open it. I will install version 3.6.

Unpacking the distribution

Now let's open installation file, just double-click with the left mouse button.

We see the installation process.

The program may warn you that you may have to restart your computer after installing the program. Therefore, I advise you, before clicking anything, save everything open documents and close all programs to avoid losing data. Click "OK"

After the program Once fully installed, you will see a window like this. Just click “Finish”

After this, the program will ask you to reboot now or later? You can do this now, then click " OK ", if you want to reboot later, click "No".

That's it, the installation is complete!

Download CryptoPro CSP for free

You can download the program from the official website, but pre-registration is required there. But manufacturer says that installation can only be done after you purchase the program either from them or from partners. Everything they say is true. But if you still just want to introduce b If you have a program, you can download it from me.

Download CryptoPro CSP 4.0

Download CryptoPro CSP 3.9 R2

Download CryptoPro CSP 3.6 R4

CryptoPro CSP 5.0

Also be sure to read my article. There I talk about why this plugin is needed and how important it is for our work with CryptoPro CSP.

N and that's all! If you have any questions, ask them in the comments! Good luck and good luck to everyone!

To be the first to receive all the news from our website!

CryptoPro CSP 5.0 is a new generation of crypto provider, developing three main product lines of the CryptoPro company: CryptoPro CSP (classic tokens and other passive storage of secret keys), CryptoPro FKN CSP/Rutoken CSP (unretrievable keys on tokens with secure messaging) and CryptoPro DSS (keys in the cloud).

All the advantages of products from these lines are not only preserved, but also multiplied in CryptoPro CSP 5.0: the list of supported platforms and algorithms is wider, performance is higher, and the user interface is more convenient. But the main thing is that working with all key media, including keys in the cloud, is now uniform. To transfer the application system in which CryptoPro CSP of any version worked to support keys in the cloud or to new media with non-removable keys, no software reworking will be required - the access interface remains the same, and work with the key in the cloud will occur exactly the same in the same way as with the classic key carrier.

Purpose of CryptoPro CSP

• Formation and verification electronic signature.
• Ensuring confidentiality and monitoring the integrity of information through its encryption and imitation protection.
• Ensuring authenticity, confidentiality and imitational protection of connections using the and protocols.
• Monitoring the integrity of system and application software to protect it from unauthorized changes and violations of trusted functioning.

Supported Algorithms

In CryptoPro CSP 5.0, along with Russian ones, foreign cryptographic algorithms are implemented. Now users have the opportunity to use familiar key media to store RSA and ECDSA private keys.

Supported key storage technologies

Cloud token

In the cryptoprovider CryptoPro CSP 5.0, for the first time, it became possible to use keys stored on cloud service CryptoPro DSS, via the CryptoAPI interface. Now keys stored in the cloud can be easily used by any user applications, as well as most Microsoft applications.

Media with non-retrievable keys and secure messaging

CryptoPro CSP 5.0 adds support for media with non-retrievable keys that implement the protocol SESPAKE, allowing authentication without transmitting the user’s password in clear text, and establishing an encrypted channel for the exchange of messages between the crypto provider and the carrier. An attacker located in the channel between the medium and the user's application can neither steal the authentication password nor replace the signed data. When using such media, the problem is completely solved safe work with non-removable keys.

The companies Active, InfoCrypt, SmartPark and Gemalto have developed new secure tokens that support this protocol (SmartPark and Gemalto starting from version 5.0 R2).

Media with non-removable keys

Many users want to be able to work with non-retrievable keys, but not upgrade tokens to the FKN level. Especially for them, the provider has added support for popular key media Rutoken EDS 2.0, JaCarta-2 GOST and InfoCrypt VPN-Key-TLS.

List of manufacturers and models supported by CryptoPro CSP 5.0

List of manufacturers and models of media with non-retrievable keys supported by CryptoPro CSP 5.0

Company	Carrier
ISBC	Esmart Token GOST
Assets	Rutoken 2151
	Rutoken PINPad
	Rutoken EDS
	Rutoken EDS 2.0
	Rutoken EDS 2.0 2100
	Rutoken EDS 2.0 3000
	Rutoken EDS PKI
	Rutoken EDS 2.0 Flash
	Rutoken EDS 2.0 Bluetooth
	Rutoken EDS 2.0 Touch
	Smart card Rutoken 2151
	Smart card Rutoken EDS 2.0 2100
Aladdin R.D.	JaCarta-2 GOST
Infocrypt	InfoCrypt Token++ TLS
	InfoCrypt VPN-Key-TLS

Classic passive USB tokens and smart cards

Most users prefer fast, cheap and convenient key storage solutions. As a rule, preference is given to tokens and smart cards without cryptographic coprocessors. As in previous versions provider, CryptoPro CSP 5.0 retains support for all compatible media produced by the companies Active, Aladdin R.D., Gemalto/SafeNet, Multisoft, NovaCard, Rosan, Alioth, MorphoKST and SmartPark.

In addition, of course, methods for storing keys in Windows registry, on hard drive, on flash drives on all platforms.

List of manufacturers and models supported by CryptoPro CSP 5.0

List of manufacturers and models of classic passive USB tokens and smart cards supported by CryptoPro CSP 5.0

Company	Carrier
Alioth	SCOne Series (v5/v6)
Gemalto	Optelio Contactless Dxx Rx
	Optelio Dxx FXR3 Java
	Optelio G257
	Optelio MPH150
ISBC	Esmart Token
	Esmart Token GOST
MorphoKST	MorphoKST
NovaCard	Cosmo
Rosan	G&D element V14 / V15
	G&D 3.45 / 4.42 / 4.44 / 4.45 / 4.65 / 4.80
	Kona 2200s / 251 / 151s / 261 / 2320
	Kona2 S2120s/C2304/D1080
SafeNet	eToken Java Pro JC
	eToken 4100
	eToken 5100
	eToken 5110
	eToken 5105
	eToken 5205
Assets	Rutoken 2151
	Rutoken S
	Rutoken KP
	Rutoken Lite
	Rutoken EDS
	Rutoken EDS 2.0
	Rutoken EDS 2.0 3000
	Rutoken EDS Bluetooth
	Rutoken EDS Flash
	Smart card Rutoken 2151
	Smart card Rutoken Lite
	Smart card Rutoken EDS SC
	Smart card Rutoken EDS 2.0
Aladdin R.D.	JaCarta GOST
	JaCarta PKI
	JaCarta PRO
	JaCarta LT
	JaCarta-2 GOST
Infocrypt	InfoCrypt Token++ lite
Multisoft	MS_Key isp.8 Hangar
	MS_Key ESMART use.5
SmartPark	Master's degree
	R301 Foros
	Oscar
	Oscar 2
	Magister's Rutoken

CryptoPro Tools

As part of CryptoPro CSP 5.0, a cross-platform (Windows/Linux/macOS) graphical application appeared - “CryptoPro Tools”.

The main idea is to provide users with the opportunity to conveniently solve common problems. All main functions are available in simple interface- at the same time, we have also implemented a mode for advanced users, which opens up additional opportunities.

Using CryptoPro Tools, the tasks of managing containers, smart cards and crypto provider settings are solved, and we have also added the ability to create and verify a PKCS#7 electronic signature.

Supported Software

CryptoPro CSP allows you to quickly and securely use Russian cryptographic algorithms in the following standard applications:

• office suite Microsoft Office;
• mail server Microsoft Exchange and client Microsoft Outlook;
• products Adobe Systems Inc.;
• browsers Yandex.Browser, Sputnik, Internet Explorer ,Edge;
• application signature generation and verification tool Microsoft Authenticode;
• web servers Microsoft IIS, nginx, Apache;
• Remote Desktop Tools Microsoft Remote Desktop Services;
• Microsoft Active Directory.

Integration with the CryptoPro platform

From the very first release, support and compatibility with all our products are provided:

• CryptoPro CA;
• CA Services;
• CryptoPro EDS;
• CryptoPro IPsec;
• CryptoPro EFS;
• CryptoPro.NET;
• CryptoPro Java CSP.
• CryptoPro NGate

Operating systems and hardware platforms

Traditionally, we work in an unrivaled wide range of systems:

• Microsoft Windows;
• Mac OS;
• Linux;
• FreeBSD;
• Solaris;
• Android;
• Sailfish OS.

hardware platforms:

• Intel/AMD;
• PowerPC;
• MIPS (Baikal);
• VLIW (Elbrus);
• Sparc.

and virtual environments:

• Microsoft Hyper-V
• VMWare
• Oracle Virtual Box
• RHEV.

Supported different versions CryptoPro CSP.

To use CryptoPro CSP with a license for workplace and server.

Interfaces for embedding

For integration into applications on all platforms, CryptoPro CSP is available through standard interfaces for cryptographic tools:

• Microsoft CryptoAPI;
• PKCS#11;
• OpenSSL engine;
• Java CSP (Java Cryptography Architecture)
• Qt SSL.

Performance for every taste

Years of development experience allows us to cover all solutions from miniature ARM boards such as Raspberry PI to multiprocessor servers based on Intel Xeon, AMD EPYC and PowerPC, with excellent performance scaling.

Regulatory documents

Complete list of regulatory documents

• The crypto provider uses algorithms, protocols and parameters defined in the following documents of the Russian standardization system:
• R 50.1.113–2016 " Information technology. Cryptographic information protection. Cryptographic algorithms accompanying the use of electronic algorithms digital signature and hashing functions" (also see RFC 7836 "Guidelines on the Cryptographic Algorithms to Accompany the Usage of Standards GOST R 34.10-2012 and GOST R 34.11-2012")
• R 50.1.114–2016 “Information technology. Cryptographic information protection. Elliptic curve parameters for cryptographic algorithms and protocols" (also see RFC 7836 "Guidelines on the Cryptographic Algorithms to Accompany the Usage of Standards GOST R 34.10-2012 and GOST R 34.11-2012")
• R 50.1.111–2016 “Information technology. Cryptographic information protection. Password protection of key information"
• R 50.1.115–2016 “Information technology. Cryptographic information protection. "Shared Key Generation Protocol with Password Authentication" (also see RFC 8133 The Security Evaluated Standardized Password-Authenticated Key Exchange (SESPAKE) Protocol ")
• Methodological recommendations TC 26 “Cryptographic information protection” “Use of sets of encryption algorithms based on GOST 28147-89 for the transport layer security protocol (TLS)”
• Methodological recommendations TC 26 “Cryptographic information protection” “Use of GOST 28147-89, GOST R 34.11 and GOST R 34.10 algorithms in cryptographic messages in CMS format”
• Technical specification TC 26 “Cryptographic information protection” “Use of GOST 28147-89, GOST R 34.11-2012 and GOST R 34.10-2012 in the IKE and ISAKMP key exchange protocols”
• Technical specification TC 26 “Cryptographic information protection” “Use of GOST 28147-89 when encrypting attachments in IPsec ESP protocols”
• Technical specification TC 26 “Cryptographic information protection” “Use of GOST R 34.10, GOST R 34.11 algorithms in the certificate profile and certificate revocation list (CRL) infrastructure public keys X.509"
• Technical specification TC 26 “Cryptographic information protection” “Extension of PKCS#11 for the use of Russian standards GOST R 34.10-2012 and GOST R 34.11-2012”

A cryptoprovider is a means of cryptoprotection of information (), without which use becomes impossible. is formed on the basis of cryptographic algorithms, and the implementation of these processes is possible only with the presence of CIPF. CryptoPro CSP is the most popular product on Russian market cryptographic utilities. Most electronic trading platforms, state information systems (UAIS FST, EGAIS, etc.) and regulatory authorities that accept reports via the Internet (Federal Tax Service, Social Insurance Fund, Pension Fund of Russia) work with this program.

At the end of September 2019, two versions of CIPF are valid in the CRYPTO-PRO line - 4.0 and 5.0. Both programs are certified and provide a full range of capabilities for digital signature owners. In this article we will focus on, consider the functions and characteristics of the software, licensing features, installation and configuration procedures.

We will help you obtain an electronic signature. Consultation 24 hours!

Leave a request and get a consultation.

CIPF CryptoPro version 4.0: characteristics and functionality

State portals and trading platforms, accepting from users, post on their websites requirements and instructions for working with electronic documents. In addition to , there is another popular crypto provider on the market - VipNet CSP. But some organizations (for example, Rosreestr) limit users’ choices and specify in the requirements the mandatory use of CryptoPro CSP. When issuing CEDS certificates, certification authorities also most often use CryptoPro, so if the user installs another crypto provider on the PC, errors may occur when creating the digital signature.

Software functions

CryptoPro software is systematically updated and improved. Latest certified build version (3-Base version). All current updates can be tracked on the developer’s official website in the “Certificates” section.

The crypto provider has been certified by the FSB. This means that it can be used to create an electronic signature and encrypt data in accordance with the Federal Law-63.

CIPF performs the following functions:

• gives legal force digital files, certified by CECP;
• prevents data compromise using modern cryptographic encryption and imitation protection tools;
• guarantees the authenticity and immutability of electronic files;
• supports the official authorization of private entrepreneurs and legal entities on Internet platforms and web portals of government bodies.

Without a crypto provider, the user will not be able to participate in electronic document management (EDF) and perform the following operations:

• remote ;
• sending reporting documentation to Rosstat, Pension Fund and other government agencies;
• interaction with information services, AIS State Order, GIS Housing and Communal Services, etc.;
• bank transfers and other financial transactions where CEDS are needed;
• submitting an online application for participation in auctions under Federal Laws No. 223 and No. 44;
• support of bankruptcy proceedings;
• interaction with participants of corporate e-document flow.

From January 1, 2019, all CAs issue electronic certificates according to the new standard (GOST R 34.10-2012). Software fully complies with this standard and supports new cryptographic protection algorithms.

• System requirements for installing software

  For full use everyone functionality The only thing left for the crypto provider to do is install the certificates in the PC registry. As a rule, CAs issue certificates on key flash media, in rare cases they are sent to email owner.

  The certificate is installed in the “Service” section of the CryptoPro program. It is recommended to perform this procedure in accordance with the instructions from the developer. As a result, the certificate should be saved in the “Personal” folder.

  At the final stage, save the root certificate (RC), which is available for download on the CA website. This document is saved in the Trusted folder. The CS performs an important function in e-document flow - it confirms that the certificate was obtained from an accredited CA.

Before installation, you need to understand: what is an digital signature and why is its installation necessary? EDS - electronic personal digital signature. This set of numbers and letters is used to encrypt documentation and certificates of different levels. The main content of documents is often passport or other personal data (for example, rights). Before installation, this signature must, of course, be obtained. This is done in a notary office that deals with electronic signature and digital signature.

If you want to install an electronic digital signature and confirm a printing license, then you need to install a program to recognize it in advance. Nothing will work without her. Often this is CryptoPRO CSP 3.6. You can either install it from a disk, having previously purchased it in a store, or install it from the Internet.

On a note! The second option is much simpler. The licensed version of the program costs about two to three thousand rubles.

Step 1. Carefully examine the data on your computer and use the Start menu to check whether the program has already been installed previously (especially if you are in this moment you are going to use a device that is not yours).

• if you don’t have it, then go to step number two;
• if it is still on the device, then check the product version, see if it suits you (if not, then you should reinstall the program, if so, then leave everything unchanged), also do not forget to make sure that the CryptoPRO expiration date does not expired! It is very important.

Step 2. If you understand that this program is on your computer, then proceed to installation. Sometimes this is not entirely easy to do. You need to go to the licensing website (this is very important because pirated version will not work fully) and try to install the program.

1. When you visit the site, you will see the following image.

   

   

2. Here you need to select the “Pre-registration” column.

   

3. When you click on this link, you will be asked to fill out a form. The main thing is to write reliable and complete data. After registration, we agree to the agreement and proceed to download.

   

   

   

Step 3. However, we are not downloading the program itself, but only the installation file. Therefore, after the file has downloaded, open it.

Step 4. Now we install the program itself.

Important! In some cases it happens that antivirus program We do not miss CryptoPRO, considering it viral or especially dangerous. Don’t be scared, just add the program to “Trusted” and install it further.

Step 4. We are waiting for the final download!

Step 5. For the program to work correctly on your personal computer, enter your license (key) number.

Video - Installing CryptoPro 4.0 and why you need it

Step-by-step installation of digital signature

Step 1. Open the “Control Panel” tab (using a magnifying glass or the “Start” menu).

Step 2. We launch the pre-installed program.

Step 3. When we launch CryptoPRO, we are transferred to the main screen of the program. As you can see, it has a lot of folds. We need a tab called “Service”.

Step 4. Next you need to “View certificates in the private key container.” Don't enter a name key container manually (although you can do it this way if you want, it’s your right), but for convenience, click on the “Review” tab.

Step 5. After your click, an additional tab will pop up where you will need to select your container, as well as the available reader. When you have read everything and checked the data, click “Okay”.

Step 6. If you did everything correctly, then we will be taken back to previous tab. We don’t need to add any more changes, so move on to the next window by clicking “Next”.

Step 7 You have moved to the next tab. Absolutely everything is located here personal information, which was encrypted with digital signature. You can also find and view the validity period. Check also serial number your program and signature (this should never be forgotten). Select “Properties”.

Step 8 Now you have to install a new certificate.

Step 9 You will automatically be taken to the next tab. Here you need to carefully study all the information. And if you agree with it, then only move on to the next page.

Step 10 Here we need to look at all the certificates that are in the store. The “Browse” button will help with this.

Step 11 Since we encrypted our personal data, select the appropriate folder called “Personal” and click “Okay”.

Step 12 Congratulations! You have successfully installed the certificate. To complete it, click on “Finish” and wait just a couple of seconds.

You can install ready-made certificates using: hard drive, and with removable media. Now let's talk about installing an electronic signature from a flash drive.

In fact, apart from some actions, copying an electronic signature from a flash drive is no different from the usual installation of certificates. Before installation, you just need to insert the signed flash drive into your computer. Further actions will completely coincide with the usual installation.

Installing a root certificate

Why is installation required at all? root certificate and where is it produced? The root certificate is installed in a shared storage to secure the server and facilitate its smooth operation without any errors or shortcomings. To install and obtain a certificate, you will need a TCSP. This is a test certification center for the product. You will need to be logged into the application as an administrator to access the center's website. The site may be blocked by your antivirus, but this is completely normal. You just need to add it to the trusted ones so that no problems arise in the future.

From our new article, you can find out which one, and also consider detailed review the best programs.

Step 1. Request a certificate.

Step 2. When you receive the permit, download it from the center.

Step 3. Open the certificate and install according to the instructions on the screen (you don’t have to do anything, just click on the “Next” button a few times).

Installing keys in the “Registry”

If you want to know and also consider detailed description program, you can read a new article about this on our portal.

Step 1. You need to configure the Registry. And only then can you start installing the key.

Step 2. Copy the container that contains the keys/key.

Step 3. Paste it into the Registry.

Step 4. Install the container in the program into the registry in the same way as was done with the certificate.

CryptoPRO freezes when installing a certificate, what should I do?

To prevent possible program freezes that will adversely affect the installation of your signature, you need to:

• install licensed software;
• install licensed program, since the pirated version freezes very often;
• scan your computer for viruses or available updates(if any, they must be eliminated).

Freezes can also be caused by:

• incorrect paths to files, their inaccuracy;
• if the certificate is suspended by the company or has finally expired.

If none of the proposed reasons are suitable, then contact technical support, where they will definitely help you and fix the problem.

Video - Installing an EDS (digital signature) in CryptoPro CSP