Cryptopro csp 3.9 version 1. Purpose of CryptoPro CSP


CryptoPro CSP 5.0 is a new generation of crypto provider, developing three main product lines of the CryptoPro company: CryptoPro CSP (classic tokens and other passive storage of secret keys), CryptoPro FKN CSP/Rutoken CSP (unretrievable keys on tokens with secure messaging) and CryptoPro DSS (keys in the cloud).

All the advantages of products from these lines are not only preserved, but also multiplied in CryptoPro CSP 5.0: the list of supported platforms and algorithms is wider, performance is higher, and the user interface is more convenient. But the main thing is that working with all key media, including keys in the cloud, is now uniform. To transfer the application system in which CryptoPro CSP of any version worked to support keys in the cloud or to new media with non-removable keys, no software reworking will be required - the access interface remains the same, and work with the key in the cloud will occur exactly the same in the same way as with the classic key carrier.

Purpose of CryptoPro CSP

  • Generating and verifying an electronic signature.
  • Ensuring confidentiality and monitoring the integrity of information through its encryption and imitation protection.
  • Ensuring authenticity, confidentiality and imitational protection of connections using the and protocols.
  • Monitoring the integrity of system and application software to protect it from unauthorized changes and violations of trusted functioning.

Supported Algorithms

In CryptoPro CSP 5.0, along with Russian ones, foreign cryptographic algorithms are implemented. Now users have the opportunity to use familiar key media to store RSA and ECDSA private keys.

Supported key storage technologies

Cloud token

In the cryptoprovider CryptoPro CSP 5.0, for the first time, it became possible to use keys stored on the CryptoPro DSS cloud service through the CryptoAPI interface. Now keys stored in the cloud can be easily used by any user applications, as well as most Microsoft applications.

Media with non-retrievable keys and secure messaging

CryptoPro CSP 5.0 adds support for media with non-retrievable keys that implement the protocol SESPAKE, allowing authentication without transmitting the user’s password in clear text, and establishing an encrypted channel for the exchange of messages between the crypto provider and the carrier. An attacker located in the channel between the medium and the user's application can neither steal the authentication password nor replace the signed data. When using such media, the problem of secure work with non-removable keys is completely solved.

The companies Active, InfoCrypt, SmartPark and Gemalto have developed new secure tokens that support this protocol (SmartPark and Gemalto starting from version 5.0 R2).

Media with non-removable keys

Many users want to be able to work with non-retrievable keys, but not upgrade tokens to the FKN level. Especially for them, the provider has added support for the popular key carriers Rutoken EDS 2.0, JaCarta-2 GOST and InfoCrypt VPN-Key-TLS.

List of manufacturers and models supported by CryptoPro CSP 5.0

List of manufacturers and models of media with non-retrievable keys supported by CryptoPro CSP 5.0
Company Carrier
ISBC Esmart Token GOST
Assets Rutoken 2151
Rutoken PINPad
Rutoken EDS
Rutoken EDS 2.0
Rutoken EDS 2.0 2100
Rutoken EDS 2.0 3000
Rutoken EDS PKI
Rutoken EDS 2.0 Flash
Rutoken EDS 2.0 Bluetooth
Rutoken EDS 2.0 Touch
Smart card Rutoken 2151
Smart card Rutoken EDS 2.0 2100
Aladdin R.D. JaCarta-2 GOST
Infocrypt InfoCrypt Token++ TLS
InfoCrypt VPN-Key-TLS

Classic passive USB tokens and smart cards

Most users prefer fast, cheap and convenient key storage solutions. As a rule, preference is given to tokens and smart cards without cryptographic coprocessors. As in previous versions of the provider, CryptoPro CSP 5.0 retains support for all compatible media produced by the companies Active, Aladdin R.D., Gemalto/SafeNet, Multisoft, NovaCard, Rosan, Alioth, MorphoKST and SmartPark.

In addition, of course, as before, methods for storing keys in the Windows registry, on a hard drive, on flash drives on all platforms are supported.

List of manufacturers and models supported by CryptoPro CSP 5.0

List of manufacturers and models of classic passive USB tokens and smart cards supported by CryptoPro CSP 5.0
Company Carrier
Alioth SCOne Series (v5/v6)
Gemalto Optelio Contactless Dxx Rx
Optelio Dxx FXR3 Java
Optelio G257
Optelio MPH150
ISBC Esmart Token
Esmart Token GOST
MorphoKST MorphoKST
NovaCard Cosmo
Rosan G&D element V14 / V15
G&D 3.45 / 4.42 / 4.44 / 4.45 / 4.65 / 4.80
Kona 2200s / 251 / 151s / 261 / 2320
Kona2 S2120s/C2304/D1080
SafeNet eToken Java Pro JC
eToken 4100
eToken 5100
eToken 5110
eToken 5105
eToken 5205
Assets Rutoken 2151
Rutoken S
Rutoken KP
Rutoken Lite
Rutoken EDS
Rutoken EDS 2.0
Rutoken EDS 2.0 3000
Rutoken EDS Bluetooth
Rutoken EDS Flash
Smart card Rutoken 2151
Smart card Rutoken Lite
Smart card Rutoken EDS SC
Smart card Rutoken EDS 2.0
Aladdin R.D. JaCarta GOST
JaCarta PKI
JaCarta PRO
JaCarta LT
JaCarta-2 GOST
Infocrypt InfoCrypt Token++ lite
Multisoft MS_Key isp.8 Hangar
MS_Key ESMART use.5
SmartPark Master's degree
R301 Foros
Oscar
Oscar 2
Magister's Rutoken

CryptoPro Tools

As part of CryptoPro CSP 5.0, a cross-platform (Windows/Linux/macOS) graphical application appeared - “CryptoPro Tools”.

The main idea is to provide users with the opportunity to conveniently solve common problems. All basic functions are available in a simple interface - at the same time, we have also implemented a mode for advanced users, which opens up additional possibilities.

Using CryptoPro Tools, the tasks of managing containers, smart cards and crypto provider settings are solved, and we have also added the ability to create and verify a PKCS#7 electronic signature.

Supported Software

CryptoPro CSP allows you to quickly and securely use Russian cryptographic algorithms in the following standard applications:

  • office suite Microsoft Office;
  • mail server Microsoft Exchange and client Microsoft Outlook;
  • products Adobe Systems Inc.;
  • browsers Yandex.Browser, Sputnik, Internet Explorer,Edge;
  • application signature generation and verification tool Microsoft Authenticode;
  • web servers Microsoft IIS, nginx, Apache;
  • Remote Desktop Tools Microsoft Remote Desktop Services;
  • Microsoft Active Directory.

Integration with the CryptoPro platform

From the very first release, support and compatibility with all our products are provided:

  • CryptoPro CA;
  • CA Services;
  • CryptoPro EDS;
  • CryptoPro IPsec;
  • CryptoPro EFS;
  • CryptoPro.NET;
  • CryptoPro Java CSP.
  • CryptoPro NGate

Operating systems and hardware platforms

Traditionally, we work in an unrivaled wide range of systems:

  • Microsoft Windows;
  • Mac OS;
  • Linux;
  • FreeBSD;
  • Solaris;
  • Android;
  • Sailfish OS.

hardware platforms:

  • Intel/AMD;
  • PowerPC;
  • MIPS (Baikal);
  • VLIW (Elbrus);
  • Sparc.

and virtual environments:

  • Microsoft Hyper-V
  • VMWare
  • Oracle Virtual Box
  • RHEV.

Supported by different versions of CryptoPro CSP.

To use CryptoPro CSP with a license for a workstation and a server.

Interfaces for embedding

For integration into applications on all platforms, CryptoPro CSP is available through standard interfaces for cryptographic tools:

  • Microsoft CryptoAPI;
  • PKCS#11;
  • OpenSSL engine;
  • Java CSP (Java Cryptography Architecture)
  • Qt SSL.

Performance for every taste

Years of development experience allows us to cover all solutions from miniature ARM boards such as Raspberry PI to multiprocessor servers based on Intel Xeon, AMD EPYC and PowerPC, with excellent performance scaling.

Regulatory documents

Complete list of regulatory documents

  • The crypto provider uses algorithms, protocols and parameters defined in the following documents of the Russian standardization system:
  • R 50.1.113–2016 “Information technology. Cryptographic information protection. Cryptographic algorithms accompanying the use of electronic digital signature algorithms and hashing functions" (also see RFC 7836 "Guidelines on the Cryptographic Algorithms to Accompany the Usage of Standards GOST R 34.10-2012 and GOST R 34.11-2012")
  • R 50.1.114–2016 “Information technology. Cryptographic information protection. Elliptic curve parameters for cryptographic algorithms and protocols" (also see RFC 7836 "Guidelines on the Cryptographic Algorithms to Accompany the Usage of Standards GOST R 34.10-2012 and GOST R 34.11-2012")
  • R 50.1.111–2016 “Information technology. Cryptographic information protection. Password protection of key information"
  • R 50.1.115–2016 “Information technology. Cryptographic information protection. "Shared Key Generation Protocol with Password Authentication" (also see RFC 8133 The Security Evaluated Standardized Password-Authenticated Key Exchange (SESPAKE) Protocol ")
  • Methodological recommendations TC 26 “Cryptographic information protection” “Use of sets of encryption algorithms based on GOST 28147-89 for the transport layer security protocol (TLS)”
  • Methodological recommendations TC 26 “Cryptographic information protection” “Use of GOST 28147-89, GOST R 34.11 and GOST R 34.10 algorithms in cryptographic messages in CMS format”
  • Technical specification TC 26 “Cryptographic information protection” “Use of GOST 28147-89, GOST R 34.11-2012 and GOST R 34.10-2012 in the IKE and ISAKMP key exchange protocols”
  • Technical specification TC 26 “Cryptographic information protection” “Use of GOST 28147-89 when encrypting attachments in IPsec ESP protocols”
  • Technical specification TC 26 “Cryptographic information protection” “Use of GOST R 34.10, GOST R 34.11 algorithms in the certificate profile and certificate revocation list (CRL) of the X.509 public key infrastructure”
  • Technical specification TC 26 “Cryptographic information protection” “Extension of PKCS#11 for the use of Russian standards GOST R 34.10-2012 and GOST R 34.11-2012”
Cryptoprovider CryptoPro CSP is designed for:
  • ensuring the legal significance of documents for electronic document management, through the formation and verification of electronic signatures, according to Russian cryptographic standards GOST R 34.11-94/GOST R 34.11-2012 and GOST R 34.10-2001/GOST R 34.10-2012;
  • encryption and imitation protection in accordance with GOST 28147-89 will guarantee the confidentiality and integrity of information;
  • ensuring authenticity, imitation protection and confidentiality of TLS connections;
  • protection against software modification and violation of its operating algorithms;
  • management of key elements of the system, in accordance with the regulations on protective equipment.

Key media for CryptoPro CSP

CryptoPro CSP can be used in conjunction with many key media, but most often the Windows registry, flash drives and tokens are used as key media.

The most secure and convenient key media that is used in conjunction with CryptoPro CSP,are tokens. They allow you to conveniently and securely store your electronic signature certificates. Tokens are designed in such a way that even if stolen, no one will be able to use your certificate.

  • floppy disks 3.5";
  • MPCOS-EMV processor cards and Russian smart cards (Oscar, RIK) using smart card readers that support the PC/SC protocol (GemPC Twin, Towitoko, Oberthur OCR126, etc.);
  • Touch-Memory DS1993 - DS1996 tablets using Accord 4+ devices, Sobol electronic lock or Touch-Memory DALLAS tablet reader;
  • electronic keys with USB interface;
  • removable media with USB interface;
  • Windows OS registry;

Digital signature certificate for CryptoPro CSP

CryptoPro CSP works correctly with all certificates issued in accordance with GOST requirements, and therefore with the majority of certificates issued by Certification Authorities in Russia.

In order to start using CryptoPro CSP, you will definitely need a digital signature certificate. If you have not yet purchased a digital signature certificate, we recommend that you purchase an electronic signature on this page.

Supported Windows Operating Systems

CSP 3.6 CSP 3.9 CSP 4.0
Windows 2012 R2 x64 x64
Windows 8.1 x86/x64 x86/x64
Windows 2012 x64 x64 x64
Windows 8 x86/x64 x86/x64 x86/x64
Windows 2008 R2 x64/iteanium x64 x64
Windows 7 x86/x64 x86/x64 x86/x64
Windows 2008 x86 / x64 / itanium x86/x64 x86/x64
Windows Vista x86/x64 x86/x64 x86/x64
Windows 2003 R2 x86 / x64 / itanium x86/x64 x86/x64
Windows XP x86/x64
Windows 2003 x86 / x64 / itanium x86/x64 x86/x64
Windows 2000 x86

Supported Algorithms

CSP 3.6 CSP 3.9 CSP 4.0
GOST R 34.10-2012 Creating a signature 512 / 1024 bit
GOST R 34.10-2012 Signature verification 512 / 1024 bit
GOST R 34.10-2001 Creating a signature 512 bit 512 bit 512 bit
GOST R 34.10-2001 Signature verification 512 bit 512 bit 512 bit
GOST R 34.10-94 Creating a signature 1024 bit*
GOST R 34.10-94 Signature verification 1024 bit*
GOST R 34.11-2012 256 / 512 bit
GOST R 34.11-94 256 bit 256 bit 256 bit
GOST 28147-89 256 bit 256 bit 256 bit

* - up to version CryptoPro CSP 3.6 R2 (build 3.6.6497 dated 2010-08-13) inclusive.

CryptoPro CSP license terms

When purchasing CryptoPro CSP, you receive a serial number, which you need to enter during the installation or configuration process of the program. The validity period of the key depends on the selected license. CryptoPro CSP can be distributed in two versions: with an annual or perpetual license.

Having purchased perpetual license, you will receive a CryptoPro CSP key, the validity of which will not be limited. If you buy an annual license, you will receive a serial number CryptoPro CSP, which will be valid for a year after purchase.

CryptoPro CSP has a certificate of conformity of the FSB of the Russian Federation

CryptoTree is a comprehensive solution for organizing secure document workflow workplaces: encryption and electronic digital signature of documents, digital certificate management, authentication, etc.

The CryptoTree software product has a certificate of state registration with Rospatent.

The product is designed to provide a technical component when building secure legally significant systems (electronic document management, Internet applications, electronic archives, CRM and ERP systems, etc.).

The cryptoprovider CryptoPro CSP, which implements certified cryptographic algorithms, and the CryptoARM client application for performing encryption and electronic signature operations are installed at the user’s workplace. Keys and digital certificates are stored on the Rutoken electronic identifier to enhance the protection of secret data.

CryptoTree will be of interest to organizations deploying a PKI system, as well as using the services of third-party Certification Authorities. The CryptoTri product allows you to reduce the cost of creating jobs in PKI and reduce the time it takes for users to perform crypto operations, ensuring simplicity and ease of configuration. CryptoTri supports working with various PKI elements. This includes working with digital certificates and requests, as well as Trusted Time Stamp Services (TSA) and Current Status Services (OCSP).

Benefits of use

  • The cost of the CryptoTree software product is significantly lower than the amount spent when purchasing its component products separately.
  • Reducing the time for the purchase procedure itself: buying CryptoTree is faster and easier than contacting different companies for each product separately.
  • All software is collected in a single distribution file. Installation is done with one click of the mouse. During installation, the necessary operations are performed to configure the software modules.
  • Work with certified cryptographic algorithms.
  • Compliance with the requirements of the Federal Law of the Russian Federation No. 1-FZ of January 10, 2002 “On Electronic Digital Signature”.
  • Support for international standards and recommendations in the field of information security (X.509, PKCS, CMS).
  • Key information in the Rutoken protected memory remains safe even if the USB token is lost.
  • The standard delivery of CryptoTree includes document templates (regulations) that allow the customer to independently generate a complete package of documentation necessary to establish legally significant electronic document flow.
  • There is a positive conclusion from the Central Security Service of the FSB of Russia on the correctness of integrating CryptoPro CSP into CryptoARM.

Integration into application and business systems

CryptoTri can be used both to organize a workplace in PKI and as a basis for embedding crypto algorithms into application and business systems. Can be integrated into electronic document management systems at minimal cost. Implements the requirements to ensure legal significance. Additionally, consulting work can be carried out on the creation of regulations.

Product delivery

The CryptoTree software product comes in several different packages:

Basic equipment:

  • Key media Rutoken 32Kb;
  • Packaging (DVD box).

Basic equipment with a certified token:

  • License for the CryptoTri software product (includes activation numbers for CryptoPro CSP 3.6 and CryptoARM 4.X);
  • Brochure on legally significant electronic document management in printed form;
  • CD with solution distribution, presentation and regulation templates in electronic form;
  • CIPF form CryptoPro CSP (version 3.6);
  • Key media Rutoken 32Kb ndv3;
  • Certificate of authenticity/copy of FSTEC certificate of conformity;
  • Technical specifications (TU) for Rutoken 32Kb ndv3;
  • Packaging (DVD box).


2024 gtavrl.ru.