Step-by-step installation of the program without an installation disk. Step-by-step installation of the program without installation disc Cryptopro 3.9 latest version
- authorization and ensuring the legal significance of electronic documents when they are exchanged between users, through the use of procedures for generating and verifying an electronic digital signature (EDS) in accordance with domestic standards GOST R 34.10-94, GOST R 34.11-94, GOST R 34.10-2001;
- ensuring confidentiality and integrity control of information through its encryption and imitation protection, in accordance with GOST 28147-89; ensuring the authenticity, confidentiality and spoofing of TLS connections;
- integrity control, system and application software to protect it from unauthorized changes or from violation of the correct functioning; management of key elements of the system in accordance with the regulation of protective equipment.
Key carriers for CryptoPro CSP
CryptoPro CSP can be used in conjunction with many key media, but the Windows registry, flash drives, and tokens are most commonly used as key media.
The most secure and convenient key carriers that are used in conjunction with CryptoPro CSP, are tokens. They allow you to conveniently and securely store your digital signature certificates. Tokens are designed in such a way that even in case of theft, no one will be able to use your certificate.
Supported CryptoPro CSP key media:- floppy disks 3.5";
- MPCOS-EMV processor cards and Russian smart cards (Oscar, RIK) using smart card readers supporting PC/SC protocol (GemPC Twin, Towitoko, Oberthur OCR126, etc.);
- Touch-Memory tablets DS1993 - DS1996 using Accord 4+ devices, Sobol electronic lock or Touch-Memory DALLAS tablet reader;
- electronic keys with USB interface;
- removable media with USB interface;
- Windows registry;
Digital signature certificate for CryptoPro CSP
CryptoPro CSP works correctly with all certificates issued in accordance with the requirements of GOST, and therefore with most certificates issued by Certification Centers in Russia.
In order to start using CryptoPro CSP, you will definitely need a digital signature certificate. If you have not yet purchased a digital signature certificate, we recommend that you.
Supported Windows operating systems
CSP 3.6 | CSP 3.9 | CSP 4.0 | |
---|---|---|---|
Windows 10 | x86/x64 | x86/x64 | |
Windows 2012 R2 | x64 | x64 | |
Windows 8.1 | x86/x64 | x86/x64 | |
Windows 2012 | x64 | x64 | x64 |
Windows 8 | x86/x64 | x86/x64 | x86/x64 |
Windows 2008 R2 | x64/itanium | x64 | x64 |
Windows 7 | x86/x64 | x86/x64 | x86/x64 |
Windows 2008 | x86 / x64 / itanium | x86/x64 | x86/x64 |
Windows Vista | x86/x64 | x86/x64 | x86/x64 |
Windows 2003 R2 | x86 / x64 / itanium | x86/x64 | x86/x64 |
Windows XP | x86/x64 | ||
Windows 2003 | x86 / x64 / itanium | x86/x64 | x86/x64 |
Windows 2000 | x86 |
Supported UNIX-like operating systems
CSP 3.6 | CSP 3.9 | CSP 4.0 | |
---|---|---|---|
iOS 11 | ARM7 | ARM7 | |
iOS 10 | ARM7 | ARM7 | |
iOS 9 | ARM7 | ARM7 | |
iOS 8 | ARM7 | ARM7 | |
iOS 6 / 7 | ARM7 | ARM7 | ARM7 |
iOS 4.2 / 4.3 / 5 | ARM7 |
|
|
Mac OS X 10.12 | x64 | x64 | |
Mac OS X 10.11 | x64 | x64 | |
Mac OS X 10.10 | x64 | x64 | |
Mac OS X 10.9 | x64 | x64 | |
Mac OS X 10.8 | x64 | x64 | x64 |
Mac OS X 10.7 | x64 | x64 | x64 |
Mac OS X 10.6 | x86/x64 | x86/x64 |
|
Android 3.2+ / 4 | ARM7 | ||
Solaris 10 / 11 | x86/x64/sparc | x86/x64/sparc | x86/x64/sparc |
Solaris 9 | x86/x64/sparc | ||
Solaris 8 | |||
AIX 5 / 6 / 7 | PowerPC | PowerPC | PowerPC |
FreeBSD 10 | x86/x64 | x86/x64 | |
FreeBSD 8 / 9 | x86/x64 | x86/x64 | x86/x64 |
FreeBSD 7 | x86/x64 | ||
FreeBSD 6 | x86 | ||
FreeBSD 5 | |||
LSB 4.0 | x86/x64 | x86/x64 | x86/x64 |
LSB 3.0 / LSB 3.1 | x86/x64 | ||
RHEL7 | x64 | x64 | |
RHEL 4 / 5 / 6 | x86/x64 | x86/x64 | x86/x64 |
RHEL 3.3 spec. assembly | x86 | x86 | x86 |
Red Hat 7 / 9 | |||
CentOS 7 | x86/x64 | x86/x64 | |
CentOS 5 / 6 | x86/x64 | x86/x64 | x86/x64 |
TD OS AIS FSSP of Russia (GosLinux) | x86/x64 | x86/x64 | x86/x64 |
CentOS 4 | x86/x64 | ||
Ubuntu 15.10 / 16.04 / 16.10 | x86/x64 | x86/x64 | |
Ubuntu 14.04 | x86/x64 | x86/x64 | |
Ubuntu 12.04 / 12.10 / 13.04 | x86/x64 | x86/x64 | |
Ubuntu 10.10 / 11.04 / 11.10 | x86/x64 | x86/x64 | |
Ubuntu 10.04 | x86/x64 | x86/x64 | x86/x64 |
Ubuntu 8.04 | x86/x64 | ||
Ubuntu 6.04 | x86/x64 | ||
ALTLinux 7 | x86/x64 | x86/x64 | |
ALTLinux 6 | x86/x64 | x86/x64 | x86/x64 |
ALTLinux 4 / 5 | x86/x64 | ||
Debian 9 | x86/x64 | x86/x64 | |
Debian 8 | x86/x64 | x86/x64 | |
Debian 7 | x86/x64 | x86/x64 | |
Debian 6 | x86/x64 | x86/x64 | x86/x64 |
Debian 4 / 5 | x86/x64 | ||
Linpus Lite 1.3 | x86/x64 | x86/x64 | x86/x64 |
Mandriva Server 5 Business Server 1 |
x86/x64 | x86/x64 | x86/x64 |
Oracle Enterprise Linux 5/6 | x86/x64 | x86/x64 | x86/x64 |
Open SUSE 12.2/12.3 | x86/x64 | x86/x64 | x86/x64 |
SUSE Linux Enterprise 11 | x86/x64 | x86/x64 | x86/x64 |
Linux Mint 18 | x86/x64 | x86/x64 | |
Linux Mint 13 / 14 / 15 / 16 / 17 | x86/x64 | x86/x64 |
Supported Algorithms
CSP 3.6 | CSP 3.9 | CSP 4.0 | |
---|---|---|---|
GOST R 34.10-2012 Creating a signature | 512 / 1024 bit | ||
GOST R 34.10-2012 Signature verification | 512 / 1024 bit | ||
GOST R 34.10-2001 Creating a signature | 512 bit | 512 bit | 512 bit |
GOST R 34.10-2001 Signature verification | 512 bit | 512 bit | 512 bit |
GOST R 34.10-94 Creating a signature | 1024 bits* | ||
GOST R 34.10-94 Signature verification | 1024 bits* | ||
GOST R 34.11-2012 | 256 / 512 bit | ||
GOST R 34.11-94 | 256 bit | 256 bit | 256 bit |
GOST 28147-89 | 256 bit | 256 bit | 256 bit |
* - up to CryptoPro CSP 3.6 R2 (build 3.6.6497 dated 2010-08-13) inclusive.
CryptoPro CSP License Terms
When buying CryptoPro CSP, you get a serial number that you need to enter during the installation or program setup process. The key validity period depends on the selected license. CryptoPro CSP can be distributed in two versions: with an annual license or perpetual.
Having bought perpetual license, you will receive a CryptoPro CSP key, the validity of which will not be limited. If you buy, you will receive a serial number CryptoPro CSP, which will be valid for a year after purchase.
- Generation of ES keys and approval keys
- Formation and verification of electronic signature
- Import of programmatically generated ES private keys - to enhance their security
- Updating the installation base of the crypto-provider "CryptoPro CSP"
Peculiarities
The main feature (previously the product was called "CryptoPro eToken CSP") is the use of functional key carrier technology (FKN).
Functional key carrier (FKN)- the architecture of software and hardware products based on smart cards or USB tokens, which implements a fundamentally new approach to ensuring the safe use of a key on a smart card or USB token.
Due to the presence of a secure communication channel between the token and the crypto provider, part of the cryptographic transformations, including the storage of private keys and ES keys in a non-retrievable form, is transferred to a smart card or USB token.
In addition to hardware generation of keys, their secure storage and the formation of ES in the microprocessor of the key carrier, the FKN architecture makes it possible to effectively resist attacks associated with the substitution of a hash value or signature in the communication channel between the CSP software and hardware.
In "CryptoPro FKN CSP" version 3.9, a specially developed JaCarta CryptoPro token, presented in the form factors of a smart card and a USB token, acts as a key carrier.
Part CIPF "CryptoPro FKN CSP" version 3.9 includes a specially developed JaCarta CryptoPro token with the ability to calculate ES using the CRYPTO-PRO FKN technology and produced in the form factors of a USB token (in a Nano or XL case) or a smart card.
JaCarta CryptoPro securely stores and uses private ES keys, performs mutual authentication of the CSP and the token, as well as strong two-factor authentication of the user-owner of the token.
Key Benefits of JaCarta CryptoPro
- It is the fastest token among FKN devices (it is ahead of existing products working with FKN in terms of the speed of generating an electronic signature by almost 3 times - based on the Protocol for measuring the speed of FKN devices "CRYPTO-PRO" dated 08.12.2014).
- Principle applied Secure by design- uses a secure microcontroller, designed to be secure, for security purposes, has built-in protection both at the hardware and software levels against cloning, hacking and all other attacks known today.
- The generation of ES keys, approval keys, as well as the creation of ES takes place inside the JaCarta CryptoPro token.
- Uses a secure data transmission channel with the software part "CryptoPRO FKN CSP".
Composition
"CryptoPro FKN CSP" version 3.9 consists of two key components.
1. USB token or JaCarta CryptoPro smart card:
- is a functional key carrier (FKN), in which Russian cryptography is implemented in hardware;
- allows you to safely store and use the private keys of the ES;
- generates an ES "under the mask" - K(h), which allows you to protect the exchange channel between the token (smart card) and the software crypto provider (CSP);
- performs mutual authentication of the CSP and the token and strong two-factor authentication of the user - the owner of the token.
2. Crypto provider (CSP):
- is a high-level programming interface (MS CAPI) for external applications and provides them with a set of cryptographic functions;
- from the signature "under the mask" received from the hardware token (smart card) - K(h), "removes" the mask K(s) and forms a "normal" signature understandable for external applications
Architecture "CryptoPro FKN CSP" version 3.9
Specifications of the JaCarta CryptoPro token
Characteristics of the microcontroller | Manufacturer | INSIDE Secure |
Model | AT90SC25672RCT | |
EEPROM Memory | 72 Kb | |
Operating system specifications | Operating system | Athena Smartcard Solutions OS755 |
International certificates | CC EAL4+ | |
Supported cryptalgorithms | GOST R 34.10-2001, GOST 28147-89, GOST R 34.11-94 | |
Supported interfaces | USB | Yes |
Contact interface (ISO7816-3) | T=1 | |
Security Certifications | FSB of Russia | Certificate of conformity of the FSB of Russia No. SF / 114-2734 Certificate of conformity of the FSB of Russia No. SF / 114-2735 |
Supported OS | Microsoft Windows Server 2003 | (32/64-bit platforms) |
Microsoft Windows Vista | (32/64-bit platforms) | |
Microsoft Windows 7 | (32/64-bit platforms) | |
Microsoft Windows Server 2008 | (32/64-bit platforms) | |
Microsoft Windows Server 2008 R2 | (32/64-bit platforms) | |
CentOS 5/6 | (32/64-bit platforms) | |
Linpus Lite 1.3 | (32/64-bit platforms) | |
Mandriva Server 5 | (32/64-bit platforms) | |
Oracle Enterprise Linux 5/6 | (32/64-bit platforms) | |
Open SUSE 12 | (32/64-bit platforms) | |
Red Hat Enterprise Linux 5/6 | (32/64-bit platforms) | |
SUSE Linux Enterprise 11 | (32/64-bit platforms) | |
Ubuntu 8.04/10.04/11.04/11.10/12.04 | (32/64-bit platforms) | |
ALT Linux 5/6 | (32/64-bit platforms) | |
Debian 6 | (32/64-bit platforms) | |
FreeBSD 7/8/9 | (32/64-bit platforms) | |
Execution time of cryptographic operations | Key import | 3.2 op/s (USB token), 2.4 op/s (smart card) |
Create a signature | 5.8 op/s (USB token), 3.9 op/s (smart card) | |
Available key media | smart card | JaCarta CryptoPro |
USB token | JaCarta CryptoPro |
Security Certifications
confirming that the cryptographic information protection tool (CIPF) "CryptoPro FKN CSP" Version 3.9 (version 1) complies with the requirements of GOST 28147-89, GOST R 34.11-94, GOST R 34.10-2001, the requirements of the FSB of Russia for encryption (cryptographic) means of the class KS1, the requirements for electronic signature tools approved by the order of the Federal Security Service of Russia dated December 27, 2011 No. 796, established for the KS1 class, and can be used for cryptographic protection (creation and management of key information, encryption of data contained in the RAM area, calculation of the value hash functions for data contained in the RAM area, protection of TLS connections, implementation of electronic signature functions in accordance with the Federal Law of April 6, 2011 No. 63-FZ "On Electronic Signature": creation of an electronic signature, verification of an electronic signature, creation of an electronic signature key, creation of an electronic signature verification key) information that does not contain information constituting state secret.
confirming that the cryptographic information protection tool (CIPF) "CryptoPro FKN CSP" Version 3.9 (version 2) meets the requirements of GOST 28147-89, GOST R 34.11-94, GOST R 34.10-2001, the requirements of the FSB of Russia for encryption (cryptographic) means of the class KS2, the requirements for electronic signature tools approved by the order of the Federal Security Service of Russia dated December 27, 2011 No. 796, established for the KS2 class, and can be used for cryptographic protection (creation and management of key information, encryption of data contained in the RAM area, calculation of the value hash functions for data contained in the RAM area, protection of TLS connections, implementation of electronic signature functions in accordance with the Federal Law of April 6, 2011 No. 63-FZ "On Electronic Signature": creation of an electronic signature, verification of an electronic signature, creation of an electronic signature key, creation of an electronic signature verification key) information that does not contain information constituting state secret.