The latest version of cryptopro csp 3.9. Purpose of CryptoPro CSP. CryptoPro CSP license terms
To install the system without installation disk You must download and install all distributions of components from this manual. The installation must be performed with local administrator rights.
Installation of CIPF CryptoPro CSP
Download and install the distribution CryptoPro CSP according to the purchased license.
Open the CryptoPro CSP program and enter the license serial number. Depending on your computer, this can be done in different ways:
Installing the RuToken driver
Download and install components for working with RuToken media. (if certificates are stored on flash media, skip this step). When installing components, disconnect RuToken from your computer.
Installing Capicom
Installing Certification Authority certificates
Download and install Certification Authority certificates
Browser installation and configuration
The system works in the following browsers: Internet Explorer versions no lower than 11, Mozilla Firefox, Google Chrome, Yandex.Browser, Opera.
For installation .
For Internet Explorer to work correctly with the Kontur.Extern system, you must run the utility to configure the browser.
You can also configure the browser manually. To do this, use this.
To install other browsers, contact your system administrator.
Installing Adobe Reader
Download and install Adobe Reader. Use the link to the official Adobe website. To begin installation, you must select the operating system version and language.
Installing a shortcut
For ease of login, save to your desktop. After installation is complete, you must restart your computer. Before you start working in the reporting system, do not forget to install a signing certificate. Use the instructions for installing a personal certificate.
Installation completed
Cryptoprovider CryptoPro CSP is designed for:- authorization and ensuring the legal significance of electronic documents when exchanging them between users, through the use of procedures for generating and verifying electronic digital signature(EDS) in accordance with domestic standards GOST R 34.10-94, GOST R 34.11-94, GOST R 34.10-2001;
- ensuring confidentiality and monitoring the integrity of information through its encryption and imitation protection, in accordance with GOST 28147-89; ensuring authenticity, confidentiality and impersonation protection of TLS connections;
- integrity control, system and application software to protect it from unauthorized modification or disruption of proper functioning; management of key elements of the system in accordance with the regulations on protective equipment.
Key media for CryptoPro CSP
CryptoPro CSP can be used in conjunction with many key media, but most often the Windows registry, flash drives and tokens are used as key media.
The most secure and convenient key media that is used in conjunction with CryptoPro CSP,are tokens. They allow you to conveniently and securely store your electronic signature certificates. Tokens are designed in such a way that even if stolen, no one will be able to use your certificate.
Supported by CryptoPro CSP key carriers:- floppy disks 3.5";
- MPCOS-EMV processor cards and Russian smart cards (Oscar, RIK) using smart card readers that support the PC/SC protocol (GemPC Twin, Towitoko, Oberthur OCR126, etc.);
- Touch-Memory DS1993 - DS1996 tablets using Accord 4+ devices, Sobol electronic lock or Touch-Memory DALLAS tablet reader;
- electronic keys with USB interface;
- removable media with USB interface;
- Windows OS registry;
Digital signature certificate for CryptoPro CSP
CryptoPro CSP works correctly with all certificates issued in accordance with GOST requirements, and therefore with the majority of certificates issued by Certification Authorities in Russia.
In order to start using CryptoPro CSP, you will definitely need a digital signature certificate. If you have not yet purchased a digital signature certificate, we recommend that you do so.
Supported Windows Operating Systems
CSP 3.6 | CSP 3.9 | CSP 4.0 | |
---|---|---|---|
Windows 10 | x86/x64 | x86/x64 | |
Windows 2012 R2 | x64 | x64 | |
Windows 8.1 | x86/x64 | x86/x64 | |
Windows 2012 | x64 | x64 | x64 |
Windows 8 | x86/x64 | x86/x64 | x86/x64 |
Windows 2008 R2 | x64/iteanium | x64 | x64 |
Windows 7 | x86/x64 | x86/x64 | x86/x64 |
Windows 2008 | x86 / x64 / itanium | x86/x64 | x86/x64 |
Windows Vista | x86/x64 | x86/x64 | x86/x64 |
Windows 2003 R2 | x86 / x64 / itanium | x86/x64 | x86/x64 |
Windows XP | x86/x64 | ||
Windows 2003 | x86 / x64 / itanium | x86/x64 | x86/x64 |
Windows 2000 | x86 |
Supported UNIX-like operating systems
CSP 3.6 | CSP 3.9 | CSP 4.0 | |
---|---|---|---|
iOS 11 | ARM7 | ARM7 | |
iOS 10 | ARM7 | ARM7 | |
iOS 9 | ARM7 | ARM7 | |
iOS 8 | ARM7 | ARM7 | |
iOS 6/7 | ARM7 | ARM7 | ARM7 |
iOS 4.2/4.3/5 | ARM7 |
|
|
Mac OS X 10.12 | x64 | x64 | |
Mac OS X 10.11 | x64 | x64 | |
Mac OS X 10.10 | x64 | x64 | |
Mac OS X 10.9 | x64 | x64 | |
Mac OS X 10.8 | x64 | x64 | x64 |
Mac OS X 10.7 | x64 | x64 | x64 |
Mac OS X 10.6 | x86/x64 | x86/x64 |
|
Android 3.2+ / 4 | ARM7 | ||
Solaris 10/11 | x86/x64/sparc | x86/x64/sparc | x86/x64/sparc |
Solaris 9 | x86/x64/sparc | ||
Solaris 8 | |||
AIX 5/6/7 | PowerPC | PowerPC | PowerPC |
FreeBSD 10 | x86/x64 | x86/x64 | |
FreeBSD 8/9 | x86/x64 | x86/x64 | x86/x64 |
FreeBSD 7 | x86/x64 | ||
FreeBSD 6 | x86 | ||
FreeBSD 5 | |||
LSB 4.0 | x86/x64 | x86/x64 | x86/x64 |
LSB 3.0 / LSB 3.1 | x86/x64 | ||
RHEL 7 | x64 | x64 | |
RHEL 4 / 5 / 6 | x86/x64 | x86/x64 | x86/x64 |
RHEL 3.3 spec. assembly | x86 | x86 | x86 |
RedHat 7/9 | |||
CentOS 7 | x86/x64 | x86/x64 | |
CentOS 5/6 | x86/x64 | x86/x64 | x86/x64 |
TD OS AIS FSSP of Russia (GosLinux) | x86/x64 | x86/x64 | x86/x64 |
CentOS 4 | x86/x64 | ||
Ubuntu 15.10 / 16.04 / 16.10 | x86/x64 | x86/x64 | |
Ubuntu 14.04 | x86/x64 | x86/x64 | |
Ubuntu 12.04 / 12.10 / 13.04 | x86/x64 | x86/x64 | |
Ubuntu 10.10 / 11.04 / 11.10 | x86/x64 | x86/x64 | |
Ubuntu 10.04 | x86/x64 | x86/x64 | x86/x64 |
Ubuntu 8.04 | x86/x64 | ||
Ubuntu 6.04 | x86/x64 | ||
ALTLinux 7 | x86/x64 | x86/x64 | |
ALTLinux 6 | x86/x64 | x86/x64 | x86/x64 |
ALTLinux 4/5 | x86/x64 | ||
Debian 9 | x86/x64 | x86/x64 | |
Debian 8 | x86/x64 | x86/x64 | |
Debian 7 | x86/x64 | x86/x64 | |
Debian 6 | x86/x64 | x86/x64 | x86/x64 |
Debian 4/5 | x86/x64 | ||
Linpus Lite 1.3 | x86/x64 | x86/x64 | x86/x64 |
Mandriva Server 5 Business Server 1 |
x86/x64 | x86/x64 | x86/x64 |
Oracle Enterprise Linux 5/6 | x86/x64 | x86/x64 | x86/x64 |
Open SUSE 12.2/12.3 | x86/x64 | x86/x64 | x86/x64 |
SUSE Linux Enterprise 11 | x86/x64 | x86/x64 | x86/x64 |
Linux Mint 18 | x86/x64 | x86/x64 | |
Linux Mint 13 / 14 / 15 / 16 / 17 | x86/x64 | x86/x64 |
Supported Algorithms
CSP 3.6 | CSP 3.9 | CSP 4.0 | |
---|---|---|---|
GOST R 34.10-2012 Creating a signature | 512 / 1024 bit | ||
GOST R 34.10-2012 Signature verification | 512 / 1024 bit | ||
GOST R 34.10-2001 Creating a signature | 512 bit | 512 bit | 512 bit |
GOST R 34.10-2001 Signature verification | 512 bit | 512 bit | 512 bit |
GOST R 34.10-94 Creating a signature | 1024 bit* | ||
GOST R 34.10-94 Signature verification | 1024 bit* | ||
GOST R 34.11-2012 | 256 / 512 bit | ||
GOST R 34.11-94 | 256 bit | 256 bit | 256 bit |
GOST 28147-89 | 256 bit | 256 bit | 256 bit |
* - up to version CryptoPro CSP 3.6 R2 (build 3.6.6497 dated 2010-08-13) inclusive.
CryptoPro CSP license terms
When purchasing CryptoPro CSP, you receive a serial number, which you need to enter during the installation or configuration process of the program. The validity period of the key depends on the selected license. CryptoPro CSP can be distributed in two versions: with an annual or perpetual license.
Having purchased perpetual license, you will receive a CryptoPro CSP key, the validity of which will not be limited. If you buy, you will receive a serial number CryptoPro CSP, which will be valid for a year after purchase.
- Generation of electronic signature keys and approval keys
- Generating and verifying an electronic signature
- Import of software-generated private ES keys - to enhance their security
- Updating the installation base of the cryptoprovider "CryptoPro CSP"
Peculiarities
The main feature (previously the product was called "CryptoPro eToken CSP") is the use of functional key carrier (FKN) technology.
Functional key carrier (FKN)- architecture of software and hardware products based on smart cards or USB tokens, implementing a fundamentally new approach to ensuring the secure use of a key on a smart card or USB token.
Thanks to the presence of a secure communication channel between the token and the crypto provider, part of the cryptographic transformations, including the storage of private keys and digital signature keys in non-removable form, is transferred to a smart card or USB token.
In addition to hardware generation of keys, their secure storage and generation of digital signatures in the microprocessor of the key carrier, the FKN architecture allows you to effectively resist attacks related to the substitution of a hash value or signature in the communication channel between the software and hardware parts of the CSP.
In “CryptoPro FKN CSP” version 3.9, the key carrier is a specially developed JaCarta CryptoPro token, presented in the form factors of a smart card and a USB token.
Part CIPF "CryptoPro FKN CSP" version 3.9 includes a specially developed JaCarta CryptoPro token with the ability to calculate digital signature using the FKN technology of the CRYPTO-PRO company and produced in the form factors of a USB token (in Nano or XL housing) or a smart card.
JaCarta CryptoPro carries out safe storage and the use of private ES keys, performs mutual authentication of the CSP and the token, as well as strict two-factor authentication of the user-token owner.
Key advantages of JaCarta CryptoPro
- It is the fastest token among FKN devices (it is almost 3 times faster than existing products working with FKN in the speed of electronic signature generation - based on the Protocol for measuring the performance of FKN devices "CRYPTO-PRO" dated December 8, 2014).
- The principle applied Secure by design– uses a secure microcontroller, designed to be secure for security purposes, has built-in protection at both the hardware and software levels against cloning, hacking and all other attacks known to date.
- The generation of ES keys, approval keys, as well as the creation of ES takes place within the JaCarta CryptoPro token.
- Uses a secure data transmission channel with software part"CryptoPRO FKN CSP".
Compound
"CryptoPro FKN CSP" version 3.9 consists of two key components.
1. USB token or JaCarta CryptoPro smart card:
- is a functional key carrier (FKN), in which Russian cryptography is implemented in hardware;
- allows you to safely store and use private keys;
- generates an electronic signature “under the mask” - K(h), which allows you to protect the exchange channel between the token (smart card) and the crypto software provider (CSP);
- performs mutual authentication of the CSP and the token and strict two-factor authentication of the user - the owner of the token.
2. Crypto Provider (CSP):
- is a high-level programming interface (MS CAPI) for external applications and provides them with a set of cryptographic functions;
- from the signature “under the mask” received from the hardware token (smart card) - K(h), “removes” the mask K(s) and forms a “normal” signature, understandable for external applications
Architecture of "CryptoPro FKN CSP" version 3.9
Technical characteristics of the JaCarta CryptoPro token
Microcontroller Specifications | Manufacturer | INSIDE Secure |
Model | AT90SC25672RCT | |
EEPROM Memoryс | 72 KB | |
Operating system characteristics | operating system | Athena Smartcard Solutions OS755 |
International certificates | CC EAL4+ | |
Supported crypto algorithms | GOST R 34.10-2001, GOST 28147-89, GOST R 34.11-94 | |
Supported Interfaces | USB | Yes |
Contact interface (ISO7816-3) | T=1 | |
Safety Certificates | FSB of Russia | Certificate of conformity of the Federal Security Service of Russia No. SF/114-2734 Certificate of conformity of the Federal Security Service of Russia No. SF/114-2735 |
Supported OS | Microsoft Windows Server 2003 | (32/64-bit platforms) |
Microsoft Windows Vista | (32/64-bit platforms) | |
Microsoft Windows 7 | (32/64-bit platforms) | |
Microsoft Windows Server 2008 | (32/64-bit platforms) | |
Microsoft Windows Server 2008 R2 | (32/64-bit platforms) | |
CentOS 5/6 | (32/64-bit platforms) | |
Linpus Lite 1.3 | (32/64-bit platforms) | |
Mandriva Server 5 | (32/64-bit platforms) | |
Oracle Enterprise Linux 5/6 | (32/64-bit platforms) | |
Open SUSE 12 | (32/64-bit platforms) | |
Red Hat Enterprise Linux 5/6 | (32/64-bit platforms) | |
SUSE Linux Enterprise 11 | (32/64-bit platforms) | |
Ubuntu 8.04/10.04/11.04/11.10/12.04 | (32/64-bit platforms) | |
ALT Linux 5/6 | (32/64-bit platforms) | |
Debian 6 | (32/64-bit platforms) | |
FreeBSD 7/8/9 | (32/64-bit platforms) | |
Execution time of cryptographic operations | Importing a key | 3.2 op/s (USB token), 2.4 op/s (smart card) |
Creating a signature | 5.8 op/s (USB token), 3.9 op/s (smart card) | |
Available Key Media | Smart card | JaCarta CryptoPro |
USB token | JaCarta CryptoPro |
Safety Certificates
confirming that the cryptographic information protection tool (CIPF) "CryptoPro FKN CSP" Version 3.9 (version 1) complies with the requirements of GOST 28147-89, GOST R 34.11-94, GOST R 34.10-2001, the requirements of the FSB of Russia for encryption (cryptographic) class means KS1, requirements for electronic signature tools, approved by order of the FSB of Russia dated December 27, 2011 No. 796, established for class KS1, and can be used for cryptographic protection (creation and management of key information, encryption of data contained in the area random access memory, calculation of the hash function value for data contained in the RAM area, protection of TLS connections, implementation of electronic signature functions in accordance with Federal Law of April 6, 2011 No. 63-FZ “On Electronic Signature”: creation of an electronic signature, verification electronic signature, creation of an electronic signature key, creation of a key for verifying an electronic signature) information that does not contain information constituting a state secret.
confirming that the cryptographic information protection tool (CIPF) "CryptoPro FKN CSP" Version 3.9 (version 2) complies with the requirements of GOST 28147-89, GOST R 34.11-94, GOST R 34.10-2001, the requirements of the FSB of Russia for encryption (cryptographic) class means KS2, requirements for electronic signature tools, approved by order of the FSB of Russia dated December 27, 2011 No. 796, established for the KS2 class, and can be used for cryptographic protection (creation and management of key information, encryption of data contained in the RAM area, calculation of the value hash functions for data contained in the RAM area, protection of TLS connections, implementation of electronic signature functions in accordance with Federal Law of April 6, 2011 No. 63-FZ "On Electronic Signature": creation of an electronic signature, verification of an electronic signature, creation of an electronic signature key, creation of a key for verifying an electronic signature) information that does not contain information constituting a state secret.
As a rule, the idea to download Cryptopro 3.9 R2 for Windows 10 appears among entrepreneurs with a lot of paperwork. However, the product is also suitable for household purposes, because electronic signatures are increasingly becoming part of the life of an ordinary person.
Peculiarities
Cryptopro 3.9 R2 is a multifunctional cryptographic software. The latest, most current version is used on any Windows 10 device, including tablets. The scope of application of this program is very extensive:- Protection of the authorship of documents;
- Ensuring secure document flow;
- Working with electronic signatures;
The installation takes place in several stages, but to avoid mistakes, download the correct version - x32/x64 bits. And if your computer is running without , then even the most powerful cryptographic protection of documents will not protect you from possible penetration. Therefore, we recommend installing