Crypto pro fox version 31.1 0. Installing the CryptoPro CSP plugin in the Mozilla Firefox browser

To work remotely on a web platform that uses electronic document flow and requires digital signature, you will need an appropriate browser. It must support working with qualified public key certificates (issued by CAs and are a software tool). Until recently, there was only one Internet browser with this capability - Internet Explorer (IE) from Microsoft.

Later, the CRYPTO-PRO company developed the EDS Browser plug-in - a browser extension designed for generating and verifying an electronic signature when working on the network and exchanging data with EDF participants. Finally, in 2017, the developer released a full-fledged browser - CryptoPro Fox (hereinafter referred to as CryptoFox, CryptoPro Fox).

We will select the version of CryptoPro CSP for your business! Consultations 24 hours.

CryptoPro and Firefox

In fact, the company only improved an existing product. CryptoFox is an Internet browser designed by CryptoPro programmers based on the famous FireFox browser, produced by Mozilla Corporation (a subsidiary of the non-profit organization Mozilla Foundation). The application supports secure connection mode - Transport Layer Security (hereinafter referred to as TLS) using domestic cryptographic algorithms.

TLS is a cryptographic protocol - a successor to SSL (Secure Sockets Layer, about it in one of the next sections of the article), based on the same operating principles as its predecessor protocol. Provides secure transfer of information between Internet network nodes.

SSL is a cryptographic protocol that provides secure (secure) connections. It is based on the use of asymmetric encryption to recognize data exchange keys, and symmetric encryption to preserve confidentiality and message authentication codes.

Interesting fact. There is a city quest project with the same name - CryptoFox. The participant in the game is invited to solve various riddles, learn the secrets of his hometown, and receive prizes for successfully completing levels and successfully solving puzzles.

The release of the mentioned Internet browser was tested for a long time and received both positive and negative feedback from users. At the time of writing, the developer has settled on 4 stable versions of the browser, which he offers for download on his official website. We'll talk about them in this article.

Subscribe to our channel in Yandex Zen - Online cash register !
Be the first to receive the hottest news and life hacks!

CryptoPro Fox: stable versions of the browser

CryptoPro Fox is a browser that supports TLS and provides both types of authentication: one-way and two-way. CryptoFox is compatible with the following operating systems (hereinafter referred to as OS):

• Windows;
• Linux;
• Apple OS X.

To work in an Internet browser on Windows, Linux or Apple OS X, you will need to install distribution kits of a cryptographic information protection tool (hereinafter referred to as CIPF) compatible with your OS (3.6 or younger) and one of the versions of CryptoPro Fox (to choose from): for Windows - 24, 31, 38, 45 and for Linux/OS X - 17, 31, 38, 45.

1. Ask our specialist a question at the end of the article.
2. Get detailed advice and a full description of the nuances!
3. Or find a ready-made answer in the comments of our readers.

How to download the CryptoPro CSP cryptographic information system for the CryptoPro Fox browser?

You will definitely need to register on the developer portal. Without it, you will not have access to any of the company's product download pages. Go to the main page of the company's official website. On the right, under the “Buy” information block with the product icon (colored box), there is a login/registration form. Click on the “Registration” link - it is located to the right of the red “Login” button.

You will be taken to a page with an electronic form for creating a profile of a future user, the fields of which must be filled out correctly. Then you need to send this information to the developer. Algorithm for creating a personal account (hereinafter referred to as “PA”):

1. Enter your actual email address.
2. Choose security password. It should be complex and include capital letters and symbols. If the secret cipher is not complex enough, the system will ask you to come up with another, more reliable one.
3. Confirm it by re-entering it in the field below.
4. Provide personal information: your real name, surname and contact phone number.
5. Check the box indicating your consent to the processing of personal data by CRYPTO-PRO LLC. This action is required in accordance with Law No. 152-FZ of July 27, 2006.
6. Check the box next to “I’m not a robot.”
7. Click the red “Register” button.
8. A notification with a link to confirm the creation of a personal account will be sent to the e-mail you entered earlier. Follow it to confirm your registration.
9. Log in to the developer’s website using your username (your e-mail) and password.

Now all loading pages of the CryptoPro portal are available to you. To download the crypto provider distribution for the CryptoPro Fox browser, follow this link. Select any software product that suits your OS - compatibility parameters (type, OS version) are outlined on the download page for the specific version of the crypto provider.

For the first 90 days you can work with the crypto provider for free. At the end of the trial period you will have to purchase a license. Its cost is:

• annual (client) - from 1,200 rubles;
• unlimited term (client) - from 2,700 rubles;
• server (corporate, unlimited) - from 36,500 rub.

The license can be purchased either from the developer, in his online store, or from any of the official distributors. Check out their list on this page.

In 30 minutes we will set up a Rutoken digital signature for turnkey operation.

Leave a request and receive a consultation within 5 minutes.

How to download the CryptoPro Fox browser?

The version of CryptoPro Fox that suits you can be downloaded from this page of the developer’s website. The following stable versions of the Internet browser compatible with Windows OS are available for download: , , or . For Linux OS, the developer also offers 4 versions of the browser: 17, 31, 38 and 45. They must not only be compatible with the version of the OS itself, but also match its bit depth (32-/64-bit). From the developer portal you can download the following versions of the Crypto Pro Fox browser for Linux OS:

Available for Linux CentOS 6.6+:

To work in the Internet browser on OS X - an operating system for PCs and laptops manufactured by Apple, the developer offers for download a single distribution kit, including CIPF CryptoPro 3.6 R3 (stable release number) or younger, and a compatible version of the Internet browser included . Distributions of 4 versions of CryptoFox for OS X are also available: 17.0.3; 31.1.0 (compatible with 10.6+); 45.1.2 and 38.3.0 (compatible with 10.10+). You can download the Crypto Pro Fox browser for free.

To set up one-way authentication, just add the root certificate (hereinafter referred to as the RC) to the Trusted Root Certification Authorities store (detailed instructions are given below). How to ensure two-way authentication? Additionally, you will need the following hardware and software:

• USB drive (for example, ) - means of generating and verifying digital signatures are written to it;
• personal private key of an electronic signature issued by an accredited CA;
• private key certificate.

You also need to perform the following operations:

1. Install the personal private key certificate. Provide a link to it in the “My” storage of the current user’s profile.
2. Specify the certificate function (Extended Key Usage): “Client Authentication (1.3.6.1.5.5.7.3.2).”
3. Specify the purpose of the certificate key (Certificate Key Usage): “Digital Signing”, “Non-repudiation”, “Key Encipherment”, “Data Encipherment”.

The developer's official website contains voluminous and detailed instructions, including sections on setting up authentication. If you still have questions, it is advisable to read the developer's recommendations or.

• Crypto Pro Fox versions 24, 31, 38 and 45: installing a CA root certificate in Windows

  The root certificate is part of the public key. Issued by the CA and is an electronic document packaged in a file with the extension .crt. With its help, CAs sign all SSL certificates issued by them, and by issuing root certificates they guarantee users - EDF participants that the individual entrepreneur and/or legal entity that received the CS are verified and their actions are legal.

  The root certificate issued by the CA is included in the digital signature software. It is necessary for full work with the crypto provider, the secure Internet browser CryptoFox and digital signature. The .crt file contains the following data in encrypted form:

  • service information about the CA;
  • certificate validity period (start and end dates);
  • address of the service web page (for communication with the CA registry).

  The main function of a root certificate issued by a CA is to provide the ability to verify the authenticity of an open . The crypto provider uses this information during checks. The public keys of the electronic signature of an individual, individual entrepreneur or legal entity can theoretically be stolen, but it is impossible to use them without the KS issued by the CA. The scheme is designed to prevent attackers from using someone else’s digital signature. In this case, the KS can be obtained in two ways:

  1. In the CA on a protected medium.
  2. Download from the center's website using the link provided.

  Step-by-step installation algorithm:

  1. Download the root certificate issued by the CA to your PC (from secure media or via a link).
  2. Right-click on the file with the .crt extension.
  3. You need the "Install Certificate" option. Click on it.
  4. After launching the Import Wizard utility, click Next.
  5. In the new tab that opens, check the box next to “Place all certificates in the following store.”
  6. Click Browse.
  7. A utility window will appear with the option “Select certificate storage”, where a long list of folders will be displayed. Find and select the one named “Trusted Root Certification Authorities”.
  8. Make sure that the checkbox next to “Show physical storage” is unchecked.
  9. Click on the “OK” button.
  10. Click Next.
  11. Click "Done."

  As a result, a message indicating the end of the process will appear: “Import completed successfully.” Thus, the installation of the CS is completed. Now you can work with any version of Crypto Pro Fox, be it 24, 31, 38 or 45.

  CryptoPro Fox 17, 31, 38 and 45: how to install CS on Linux OS

  To install a computer system issued by a CA in Linux OS, switch to a superuser (account with a root-device). Use the certmgr console utility. Launch it and run the following command:

  # /opt/cprocsp/bin/adm64/certmgr -inst -store uroot -file<путь к файлу.crt>

  After entering it, you will need to enter the Root password in order to integrate the .crt file into the root partition of the disk.

  You can check the progress of the KS installation. To do this, run the command:

  # /opt/cprocsp/bin/amd64/certmgr -list

  If everything is done correctly, you will be able to work in Linux OS with any version of CryptoPro Fox: 17, 31, 38 or 45.

  We will remotely configure any software for working with digital signatures! We will help you solve all problems on the day you submit your application!

  Leave a request and receive a consultation within 5 minutes.

The rules for installing the CryptoPro CSP plugin in Mozilla Firefox differ depending on the browser version - 52 and higher, or an older one.

Mozilla Firefox versions below 52

To sign documents in Mozilla Firefox:

• Turn off automatic updates. To do this, go to “Menu” ⇒ “Settings” ⇒ “Additional” ⇒ “Updates” (Fig. 1).

Rice. 1. Location of update settings in Mozilla Firefox

• Install version 51.0.1 from the official Mozilla Firefox website.

To install CryptoPro Browser plug-in, you must follow these steps:

1. Download the installation program from the official website of the Crypto-Pro company www.cryptopro.ru/products/cades/plugin and run the executable file.

2. In the installation window for CryptoPro Browser plug-in, click the “Yes” button (Fig. 2-a).

Rice. 2-a. Installing CryptoPro Browser plug-in

3. Wait for the installation to complete (Fig. 2-b).

Rice. 2-b. Installing CryptoPro Browser plug-in

4. Click the “Ok” button and restart the Internet browser (Fig. 2-c).

Rice. 2-in. Installing CryptoPro Browser plug-in

Important

After installing CryptoProBrowser plug- inyou need to check whether the add-on for working with the electronic signature CryptoPro EDS Browser plug-in for browsers is installed in your browser.

5. Open the browser, click the “Browser Menu” button, select the “Add-ons” section (Fig. 3).

Rice. 3. Browser menu

6. Open the "Plugins" tab. Opposite the “CryptoPro CAdES NPAPI Browser Plug-in” plug-in, select the “Always enable” option in the drop-down menu (Fig. 4).

Rice. 4. Add-on management

7. Restart your browser.

Mozilla Firefox version 52 and higher

To install CryptoPro Browser plug-in, follow these steps:

1. Follow the link www.cryptopro.ru/products/cades/plugin, then select “browser extension” (Fig. 5).

Rice. 5. CryptoPro website

2. Click “Allow” (Fig. 6).

Rice. 6. Request resolution

3. Click “Add” (Fig. 7).

Rules for writing comments

Writing comments should be understood as the consent of users to comply with the rules for posting information on the site. We ask you to adhere to the following rules for writing comments. General provisions: Each user has the right to express his opinion on a topic of interest to him, as well as on any open content located on the site, without violating these rules. You can exercise this right by filling out a simple form and submitting it. The site administration welcomes constructive discussion of topics, expressing your own positions, reviews, or the desire to ask questions that interest you. The site www.site moderates comments on a regular basis in order to improve interaction between users and the Site Administration. This is not explicit censorship. These events are aimed at maximizing correct and respectful relationships and should not infringe on anyone’s interests. The site administrator monitors compliance with the rules. For questions about posting comments, as well as other questions related to the subject of the site, you can contact: postmaster@site. Basic requirements: Comments that contain: 1 Inappropriate statements addressed to anyone, aggressive behavior towards other participants, or the Site Administration are not allowed. Insults (in any form), unformatted vocabulary (swear words and expressions, slang). 2 Overtly emotional remarks, for example with calls for various types of illegal actions. Provocative expressions and phrases. 3 Writing with numerous spelling errors, unnecessary abbreviations of words, making it difficult to understand the essence of the author’s thoughts (adjustment is possible by the site administrator in order to bring the information to a logical form). 4 Use of only one or more languages ​​other than Russian. Exceptions include titles, links and other information relevant and necessary when compiling comments. 5 Malicious links, unreliable information that unreasonably discredits the essence of the issues discussed between the Administration and other participants. Not welcome: 1 Comments that are not related to the topics and meaning of the site. 2 Providing someone else's information without a link to the author. 3 Comments without indicating the name of the author and the subject of the message. 4 Various types of advertising messages. 5 Empty comments and reviews, or with unclear meaning. For violation of the rules, the site administration reserves the right to issue a warning to the author. Malicious non-compliance entails refusal to post comments, reviews, or questions. We try to publish comments, reviews, as well as answers to received questions promptly; if you have not received a response, please contact: postmaster@site.

This instruction describes the installation of CIPF CryptoPro CSP 4.0 in ROSA Fresh R7–R10 (RED X2–X3) for working with Rutoken electronic keys. The example is shown for 64-bit AMD64 architecture; for 32-bit i586, the installation is similar, up to the names of installation packages and folders. To install, you need skills in working with a file manager (for the KDE version this is Dolphin) and console (Konsole or F4 when working in Dolphin).

Obtaining installation packages

Before installing CIPF CryptoPro CSP 4.0, you first need to register on the website https://www.cryptopro.ru/ and download version 4.0 for Linux in the rpm package from the download page https://www.cryptopro.ru/products/csp/downloads.

Installation of basic components of CryptoPro

• Unpack the downloaded archive. This can be done by selecting the appropriate menu item in the GUI or by running console commands:

cd ~/Downloads/tar -xvf linux-amd64.tgz

A folder with CryptoPro installation files should appear.

• In the console, go to this folder:

cd linux-amd64/

Further installation must be performed with administrator rights (root).

• Run the console command to switch to administrator mode (su) and enter the password.
• Run the installation commands:

urpmi -a lsb-core ccid ./install.sh rpm -ivh cprocsp-rdr-pcsc-* lsb-cprocsp-pkcs11-*

If the administrator password is unknown, you can use the command sudo ./install.sh, and then - sudo rpm -ivh cprocsp-rdr-pcsc-* lsb-cprocsp-pkcs11-*, while entering the password of the current user (if he has it) rights).

To install in the GUI, launch the file manager Dolphin with administrator rights by running the following command:

Kdesu dolphin

In the window that opens, click on the install.sh file.

Installing Device Support Packs

Support packages for tokens/readers/expansion cards are in the CryptoPro CSP archive; their names begin with cprocsp-rdr- . If you need to use a specific device (for example, Rutoken EDS), install the appropriate package:

Sudo rpm -ivh cprocsp-rdr-rutoken*

The archive also contains driver packages (ifd-*). They should also be installed when using the appropriate devices. For example, for Rutoken S:

Sudo rpm -ivh ifd-rutokens*

Installing Graphics Components

If you plan to use (this step is included in the instructions in the link), rosa-crypto-tool or other programs and components with a graphical interface, you need to install two more packages:

Urpmi pangox-compat && rpm -ivh cprocsp-rdr-gui-gtk*

You should not install the cprocsp-rdr-gui package, because in conjunction with cprocsp-rdr-gui-gtk it breaks the operation of graphical components.

Connecting a token to a computer

Now you can connect Rutoken to the USB port of your computer.

To verify that the connection is correct, run the lsusb command.

Example of correct output:

Connection and installation of CryptoPro

• Run the program in a separate console pcscd with administrator rights (root). In the future, this should be done through the console and sudo, although you can also use the su command so as not to enter the password every time. sudo will be an indicator that the command requires administrator rights.

sudo pcscd -adffffff

After startup, do not close this console - you will be able to see how the system interacts with the smart card.

• Open another console.

• Run the utility of CryptoPro already installed in the /opt folder:

/opt/cprocsp/bin/amd64/list_pcsc

The utility must also “see” the device:

Installing certificates

After installing the packages, it will be possible to view containers on the Rutoken device. For example, to find out the path to the required container, run:

/opt/cprocsp/bin/amd64/csptest -keyset -enum_cont -verifyc -fq

To work with certificates, you need to install the certificate of the certification authority (in this case, install the root certificate directly) and the Rutoken certificate to the local storage.

• Download a file from the certification authority website containing the root certificate (usually it has a .cer or .p7b extension) and, if necessary, a certificate chain.

• Download the certificate revocation list (file with .crl extension) and install the resulting files using commands similar to the ones below.

Installing the root certificate of the certification authority:

<название файла>.cer -store uRoot

Setting up a certificate revocation list:

/opt/cprocsp/bin/amd64/certmgr -inst -crl -file ~/Downloads/<название файла>.crl

Installing an intermediate certificate chain:

/opt/cprocsp/bin/amd64/certmgr -inst -cert -file ~/Downloads/<название файла>.p7b -store CA

Installing a certificate from a root token:

/opt/cprocsp/bin/amd64/certmgr -inst -cont "<путь к контейнеру, начинающийся на \\.\>" -store uMy

You can find out more about the certmgr program.

Note. Most often, the .cer extension corresponds to a certificate, and .p7b to a container that can contain one or more certificates (for example, their chain).

Installation of CryptoPro Fox

CryptoPro Fox- a version of the Firefox browser that can work with CryptoPro.

• Download the browser from the CryptoPro website by selecting “Download CryptoPro Fox 45 for 64-bit Linux (CentOS 6.6+)”.
• Unzip the received package.
• Run the program cpfox.

To make it easier to work with CryptoPro Fox, you can create a shortcut to launch it on your desktop:

• Right-click on the table.
• Select an item Create → Application link.
• In the window that opens, on the tab Application specify the launch command and the name of the shortcut.

To check the installation is correct, try opening the website https://cpca.cryptopro.ru. If everything is ok, you will see the following:

Regular Firefox will not be able to open this address:

Notes

To work with other media, you need to install support modules for the corresponding devices. Module names: cprocsp-rdr-<название_устройства> . Such modules include (cprocsp-rdr-) emv, esmart, inpaspot, mskey, jacarta, novacard, rutoken.