Download CryptoPro version 3.6 6497. Purpose of CryptoPro CSP

CryptoPro CSP 5.0 is a new generation of crypto provider, developing three main product lines of the CryptoPro company: CryptoPro CSP (classic tokens and other passive storage of secret keys), CryptoPro FKN CSP/Rutoken CSP (unretrievable keys on tokens with secure messaging) and CryptoPro DSS (keys in the cloud).

All the advantages of products from these lines are not only preserved, but also multiplied in CryptoPro CSP 5.0: the list of supported platforms and algorithms is wider, performance is higher, and the user interface is more convenient. But the main thing is that working with all key media, including keys in the cloud, is now uniform. To transfer the application system in which CryptoPro CSP of any version worked to support keys in the cloud or to new media with non-removable keys, no software reworking will be required - the access interface remains the same, and work with the key in the cloud will occur exactly the same in the same way as with the classic key carrier.

Purpose of CryptoPro CSP

• Generating and verifying an electronic signature.
• Ensuring confidentiality and monitoring the integrity of information through its encryption and imitation protection.
• Ensuring authenticity, confidentiality and imitational protection of connections using the and protocols.
• Monitoring the integrity of system and application software to protect it from unauthorized changes and violations of trusted functioning.

Supported Algorithms

In CryptoPro CSP 5.0, along with Russian ones, foreign cryptographic algorithms are implemented. Now users have the opportunity to use familiar key media to store RSA and ECDSA private keys.

Supported key storage technologies

Cloud token

In the cryptoprovider CryptoPro CSP 5.0, for the first time, it became possible to use keys stored on the CryptoPro DSS cloud service through the CryptoAPI interface. Now keys stored in the cloud can be easily used by any user applications, as well as most Microsoft applications.

Media with non-retrievable keys and secure messaging

CryptoPro CSP 5.0 adds support for media with non-retrievable keys that implement the protocol SESPAKE, allowing authentication without transmitting the user’s password in clear text, and establishing an encrypted channel for the exchange of messages between the crypto provider and the carrier. An attacker located in the channel between the medium and the user's application can neither steal the authentication password nor replace the signed data. When using such media, the problem of secure work with non-removable keys is completely solved.

The companies Active, InfoCrypt, SmartPark and Gemalto have developed new secure tokens that support this protocol (SmartPark and Gemalto starting from version 5.0 R2).

Media with non-removable keys

Many users want to be able to work with non-retrievable keys, but not upgrade tokens to the FKN level. Especially for them, the provider has added support for the popular key carriers Rutoken EDS 2.0, JaCarta-2 GOST and InfoCrypt VPN-Key-TLS.

List of manufacturers and models supported by CryptoPro CSP 5.0

List of manufacturers and models of media with non-retrievable keys supported by CryptoPro CSP 5.0

Company	Carrier
ISBC	Esmart Token GOST
Assets	Rutoken 2151
	Rutoken PINPad
	Rutoken EDS
	Rutoken EDS 2.0
	Rutoken EDS 2.0 2100
	Rutoken EDS 2.0 3000
	Rutoken EDS PKI
	Rutoken EDS 2.0 Flash
	Rutoken EDS 2.0 Bluetooth
	Rutoken EDS 2.0 Touch
	Smart card Rutoken 2151
	Smart card Rutoken EDS 2.0 2100
Aladdin R.D.	JaCarta-2 GOST
Infocrypt	InfoCrypt Token++ TLS
	InfoCrypt VPN-Key-TLS

Classic passive USB tokens and smart cards

Most users prefer fast, cheap and convenient key storage solutions. As a rule, preference is given to tokens and smart cards without cryptographic coprocessors. As in previous versions of the provider, CryptoPro CSP 5.0 retains support for all compatible media produced by the companies Active, Aladdin R.D., Gemalto/SafeNet, Multisoft, NovaCard, Rosan, Alioth, MorphoKST and SmartPark.

In addition, of course, as before, methods for storing keys in the Windows registry, on a hard drive, on flash drives on all platforms are supported.

List of manufacturers and models supported by CryptoPro CSP 5.0

List of manufacturers and models of classic passive USB tokens and smart cards supported by CryptoPro CSP 5.0

Company	Carrier
Alioth	SCOne Series (v5/v6)
Gemalto	Optelio Contactless Dxx Rx
	Optelio Dxx FXR3 Java
	Optelio G257
	Optelio MPH150
ISBC	Esmart Token
	Esmart Token GOST
MorphoKST	MorphoKST
NovaCard	Cosmo
Rosan	G&D element V14 / V15
	G&D 3.45 / 4.42 / 4.44 / 4.45 / 4.65 / 4.80
	Kona 2200s / 251 / 151s / 261 / 2320
	Kona2 S2120s/C2304/D1080
SafeNet	eToken Java Pro JC
	eToken 4100
	eToken 5100
	eToken 5110
	eToken 5105
	eToken 5205
Assets	Rutoken 2151
	Rutoken S
	Rutoken KP
	Rutoken Lite
	Rutoken EDS
	Rutoken EDS 2.0
	Rutoken EDS 2.0 3000
	Rutoken EDS Bluetooth
	Rutoken EDS Flash
	Smart card Rutoken 2151
	Smart card Rutoken Lite
	Smart card Rutoken EDS SC
	Smart card Rutoken EDS 2.0
Aladdin R.D.	JaCarta GOST
	JaCarta PKI
	JaCarta PRO
	JaCarta LT
	JaCarta-2 GOST
Infocrypt	InfoCrypt Token++ lite
Multisoft	MS_Key isp.8 Hangar
	MS_Key ESMART use.5
SmartPark	Master's degree
	R301 Foros
	Oscar
	Oscar 2
	Magister's Rutoken

CryptoPro Tools

As part of CryptoPro CSP 5.0, a cross-platform (Windows/Linux/macOS) graphical application appeared - “CryptoPro Tools”.

The main idea is to provide users with the opportunity to conveniently solve common problems. All basic functions are available in a simple interface - at the same time, we have also implemented a mode for advanced users, which opens up additional possibilities.

Using CryptoPro Tools, the tasks of managing containers, smart cards and crypto provider settings are solved, and we have also added the ability to create and verify a PKCS#7 electronic signature.

Supported Software

CryptoPro CSP allows you to quickly and securely use Russian cryptographic algorithms in the following standard applications:

• office suite Microsoft Office;
• mail server Microsoft Exchange and client Microsoft Outlook;
• products Adobe Systems Inc.;
• browsers Yandex.Browser, Sputnik, Internet Explorer,Edge;
• application signature generation and verification tool Microsoft Authenticode;
• web servers Microsoft IIS, nginx, Apache;
• Remote Desktop Tools Microsoft Remote Desktop Services;
• Microsoft Active Directory.

Integration with the CryptoPro platform

From the very first release, support and compatibility with all our products are provided:

• CryptoPro CA;
• CA Services;
• CryptoPro EDS;
• CryptoPro IPsec;
• CryptoPro EFS;
• CryptoPro.NET;
• CryptoPro Java CSP.
• CryptoPro NGate

Operating systems and hardware platforms

Traditionally, we work in an unrivaled wide range of systems:

• Microsoft Windows;
• Mac OS;
• Linux;
• FreeBSD;
• Solaris;
• Android;
• Sailfish OS.

hardware platforms:

• Intel/AMD;
• PowerPC;
• MIPS (Baikal);
• VLIW (Elbrus);
• Sparc.

and virtual environments:

• Microsoft Hyper-V
• VMWare
• Oracle Virtual Box
• RHEV.

Supported by different versions of CryptoPro CSP.

To use CryptoPro CSP with a license for a workstation and a server.

Interfaces for embedding

For integration into applications on all platforms, CryptoPro CSP is available through standard interfaces for cryptographic tools:

• Microsoft CryptoAPI;
• PKCS#11;
• OpenSSL engine;
• Java CSP (Java Cryptography Architecture)
• Qt SSL.

Performance for every taste

Years of development experience allows us to cover all solutions from miniature ARM boards such as Raspberry PI to multiprocessor servers based on Intel Xeon, AMD EPYC and PowerPC, with excellent performance scaling.

Regulatory documents

Complete list of regulatory documents

• The crypto provider uses algorithms, protocols and parameters defined in the following documents of the Russian standardization system:
• R 50.1.113–2016 “Information technology. Cryptographic information protection. Cryptographic algorithms accompanying the use of electronic digital signature algorithms and hashing functions" (also see RFC 7836 "Guidelines on the Cryptographic Algorithms to Accompany the Usage of Standards GOST R 34.10-2012 and GOST R 34.11-2012")
• R 50.1.114–2016 “Information technology. Cryptographic information protection. Elliptic curve parameters for cryptographic algorithms and protocols" (also see RFC 7836 "Guidelines on the Cryptographic Algorithms to Accompany the Usage of Standards GOST R 34.10-2012 and GOST R 34.11-2012")
• R 50.1.111–2016 “Information technology. Cryptographic information protection. Password protection of key information"
• R 50.1.115–2016 “Information technology. Cryptographic information protection. "Shared Key Generation Protocol with Password Authentication" (also see RFC 8133 The Security Evaluated Standardized Password-Authenticated Key Exchange (SESPAKE) Protocol ")
• Methodological recommendations TC 26 “Cryptographic information protection” “Use of sets of encryption algorithms based on GOST 28147-89 for the transport layer security protocol (TLS)”
• Methodological recommendations TC 26 “Cryptographic information protection” “Use of GOST 28147-89, GOST R 34.11 and GOST R 34.10 algorithms in cryptographic messages in CMS format”
• Technical specification TC 26 “Cryptographic information protection” “Use of GOST 28147-89, GOST R 34.11-2012 and GOST R 34.10-2012 in the IKE and ISAKMP key exchange protocols”
• Technical specification TC 26 “Cryptographic information protection” “Use of GOST 28147-89 when encrypting attachments in IPsec ESP protocols”
• Technical specification TC 26 “Cryptographic information protection” “Use of GOST R 34.10, GOST R 34.11 algorithms in the certificate profile and certificate revocation list (CRL) of the X.509 public key infrastructure”
• Technical specification TC 26 “Cryptographic information protection” “Extension of PKCS#11 for the use of Russian standards GOST R 34.10-2012 and GOST R 34.11-2012”

CIPF(a cryptographic information protection tool) “CryptoPro CSP” is an independent OS module designed to perform various cryptographic operations, such as electronic signature, encryption, and imitation protection. The functioning of the vast majority of encryption software products is impossible without a crypto provider, and signing electronic signature documents is also impossible.

The functionality of the CryptoPro CSP module is that it:

• allows you to submit reports electronically to various government agencies;
• ensures participation in electronic trading;
• organizes legally significant document flow;
• protects confidential information at the time of its transmission.

Module "CryptoPro CSP" developed by CRYPTO-PRO, a company that is one of the leaders in the information security market. At this time, 5 versions of the CryptoPro CSP module have been released, the difference between which lies in the following parameters: the operating system in which the program operates; supported cryptographic algorithms; validity periods of certificates issued by competent authorities. The development company has posted a table on its official Internet resource with a detailed comparison of all current versions of the CryptoPro CSP module. On this website, the development company has posted information about current certificates.

How to install “CryptoPro 4.0”

The latest current version of the CryptoPro CSP module is the fourth, which operates on the basis of new signature algorithms in accordance with GOST R 34.10-2012. “CryptoPro CSP 4.0” can run on Windows 10. At this time, this module is not certified, but the developer company plans to certify the 4th version of its product in the very near future.
The following is a description of how how to install “CryptoPro 4.0”.
The official Internet resource of the development company "CRYPTO-PRO" upon completion of preliminary registration provides the opportunity to download files, distributions, updates, etc. of the CryptoPro CSP program.

Once registration is complete, a page with a license agreement will appear. You must read its terms and conditions and then, if you agree with them, click on “I agree.” Next you will be taken to the file download page.

In order to download the distribution, you must first select “CryptoPro CSP 4.0 for Windows and UNIX (uncertified)”, and then in the link that appears with information about the checksum, left-click on “CryptoPro CSP 4.0 for Windows”.

How to install CryptoPro 4.0. When the download is complete, you need to run the newly downloaded program file “CSPSetup.exe”. In the security warning window that opens, in order to allow the program to make changes to the computer, you need to click on the “Yes” button. In the next window that opens, select “Install (recommended).”

The installation of the CryptoPro CSP 4.0 module will begin, which will take a few seconds.

After installing the CryptoPro CSP 4.0 module on your computer, you can start working with it.

Memo:

• according to the terms of the license agreement, there is a limitation on the period of use of the demo version of CryptoPro CSP 4.0, which is 90 days from the moment of direct installation of the product;
• The demo version of the CryptoPro CSP 4.0 module is provided only during the initial installation of the product; if installed again, the program will not work in demo mode.

Information about the type of license and its validity period is posted in the CryptoPro CSP application. In the Windows 10 operating system, it is most convenient to use the application search, for which you need to click on the “Magnifying Glass” icon, which is located next to “Start”, and then select “Classic application “CryptoPro CSP”.

A new “CryptoPro CSP” window will appear, where in the “General” tab information about the license is located (serial number, not fully specified; owner’s name; name of organization; license type: client or service; validity period; when the initial installation was performed, etc.) d.). Here you can purchase a license online and enter its serial number.

The CryptoPro CSP 4.0 module operates during the entire license period. If your current license has expired, you must purchase the right to a new one. This can be done at any convenient time. The license key (i.e. its serial number) is sent to the specified email address immediately after payment is received.
To enter a new serial number, you must click on “Enter license”. A window will open in which in the “Serial number” item you should indicate the purchased license key and then click on “Ok”.

After completing all installation stages, the CryptoPro CSP 4.0 program is completely ready for use.

A cryptoprovider is a means of cryptoprotection of information (), without which use becomes impossible. is formed on the basis of cryptographic algorithms, and the implementation of these processes is possible only with the presence of CIPF. CryptoPro CSP is the most popular product on the Russian market of cryptographic utilities. Most electronic trading platforms, state information systems (UAIS FST, EGAIS, etc.) and regulatory authorities that accept reports via the Internet (Federal Tax Service, Social Insurance Fund, Pension Fund of Russia) work with this program.

At the end of September 2019, two versions of CIPF are valid in the CRYPTO-PRO line - 4.0 and 5.0. Both programs are certified and provide a full range of capabilities for digital signature owners. In this article we will focus on, consider the functions and characteristics of the software, licensing features, installation and configuration procedures.

We will help you obtain an electronic signature. Consultation 24 hours!

Leave a request and get a consultation.

CIPF CryptoPro version 4.0: characteristics and functionality

State portals and trading platforms that accept information from users post on their websites requirements and instructions for working with electronic documents. In addition to , there is another popular crypto provider on the market - VipNet CSP. But some organizations (for example, Rosreestr) limit users’ choices and specify in the requirements the mandatory use of CryptoPro CSP. When issuing CEDS certificates, certification authorities also most often use CryptoPro, so if the user installs another crypto provider on the PC, errors may occur when creating the digital signature.

Software functions

CryptoPro software is systematically updated and improved. Latest certified build version (3-Base version). All current updates can be tracked on the developer’s official website in the “Certificates” section.

The crypto provider has been certified by the FSB. This means that it can be used to create an electronic signature and encrypt data in accordance with the Federal Law-63.

CIPF performs the following functions:

• gives legal force to digital files certified by the CEDS;
• prevents data compromise using modern cryptographic encryption and imitation protection tools;
• guarantees the authenticity and immutability of electronic files;
• supports the official authorization of private entrepreneurs and legal entities on Internet platforms and web portals of government bodies.

Without a crypto provider, the user will not be able to participate in electronic document management (EDF) and perform the following operations:

• remote ;
• sending reporting documentation to Rosstat, Pension Fund and other government agencies;
• interaction with information services, AIS State Order, GIS Housing and Communal Services, etc.;
• bank transfers and other financial transactions where CEDS are needed;
• submitting an online application for participation in auctions under Federal Laws No. 223 and No. 44;
• support of bankruptcy proceedings;
• interaction with participants of corporate e-document flow.

From January 1, 2019, all CAs issue electronic certificates according to the new standard (GOST R 34.10-2012). The software fully complies with this standard and supports new cryptographic protection algorithms.

• System requirements for installing software

  To fully use all the functionality of the crypto provider, all that remains is to install certificates in the PC registry. As a rule, CAs issue certificates on key flash media; in rare cases, they are sent to the owner’s email.

  The certificate is installed in the “Service” section of the CryptoPro program. It is recommended to perform this procedure in accordance with the instructions from the developer. As a result, the certificate should be saved in the “Personal” folder.

  At the final stage, save the root certificate (RC), which is available for download on the CA website. This document is saved in the Trusted folder. The CS performs an important function in e-document flow - it confirms that the certificate was obtained from an accredited CA.

CSP CryptoPro is a program for adding and checking digital files. It adds and protects cryptographic files (electronic documents) that contain a digital signature. CryptoPro has "Winlogon" for very important documents and third-party files that support a digital certificate.

CSP CryptoPro is used in companies that have documents in electronic form. The program provides protection and legal force for valuable documents and securities in digital form. Digitally signed data has the power of official documents.

CSP CryptoPro allows you to create digital security and sign (certificate) for any document. This program is suitable for organizations with valid GOST standards. It controls the data and structure of information. Security program algorithms are managed through a special manager.

You can configure the CryptoPro CSP and specify the level of protection and confidentiality of documents. After setup, some documents will be strictly confidential. The program is equipped with tools that issue and verify security certificates. Using the CryptoPro Winlogon module, you can register new users in the Windows operating system.

CryptoPro Winlogon works with support for the Kerberos V5 protocol. Login and access to data is carried out after a complete verification of the certificate of the storage medium located in the organization.

The crypto provider provides protection for various sources of digital data. Older organizations and companies use hardware to support floppy disks. CryptoPro was created on a commercial basis with a paid license. Once you install the program, you use it for 30 days, that is, a trial period. After this you will have to buy a license.

Key Features

• Digital certificate protection through verification tools;
• full verification of digital documents and the relevance of the certificate;
• electronic registration of documents on a legal basis;
• accessing and verifying the certificate on the main media;
• full control and verification of data after information transfer;
• comparison of document size and other algorithms for work;
• the program supports documents that are created in accordance with these GOSTs;
• complete protection of digital documents and customization of the degree of protection;

CSP CryptoPro is a reliable commercial software tool designed to add and verify cryptographic protection on important documents and other files that require an electronic digital signature (EDS). The program is intended primarily for companies that have switched to electronic document management. Thanks to it, it is possible to ensure the legal validity of individual securities presented exclusively in digital form. In essence, a digital signature is a kind of analogue of a wet seal for physical documents.

This solution complies with all current GOSTs regulating information control and data integrity during transmission. To manage the security algorithms used, CSP CryptoPro provides a special manager, which is also responsible for setting other parameters of the program. In addition, the crypto provider’s kit includes tools that are responsible for “issuing” and verifying certificates. It also includes the CryptoPro Winlogon module. Its main task is to perform initial authentication of new users in the Windows environment. The operation of this component is based on the Kerberos V5 protocol, and authorization occurs after verifying the certificate of a USB token, smart card, or any other key media used in the enterprise. In general, the crypto provider allows you to use a variety of types of key media. For companies using relatively old computer equipment, there is even the possibility of using floppy disks in 3.5 format.

Based on the fact that this is an exclusively commercial software solution, it is easy to guess that it is paid. Although the developer CryptoPro kindly provides a demo version of his tool, which can only be used for the first thirty days. After this period, you will need to purchase a license.

Key Features

• contains tools for adding and verifying electronic digital signatures (EDS);
• can add and verify issued digital certificates;
• gives legal weight to electronic copies of documents;
• can perform authentication after verifying the certificate on the key medium;
• ensures control of the integrity of transmitted information;
• the algorithm used to generate hash sums and other algorithms used by the program fully comply with these GOSTs.