Download cryptopro 3.9 perpetual license. Purpose of CryptoPro CSP. Key benefits of JaCarta CryptoPro
- Generation of ES keys and agreement keys
- Formation and verification electronic signature
- Import of programmatically generated private keys of electronic signature - to enhance their security
- Updating the installation base of the encryption provider " CryptoPro CSP"
Peculiarities
The main feature (previously the product was called "CryptoPro eToken CSP") is the use of functional key carrier technology (FKN).
Functional key carrier (FKN)- architecture of software and hardware products based on smart cards or USB tokens, which implements a fundamentally new approach to ensuring the safe use of a key on a smart card or USB token.
Due to the presence of a secure communication channel between the token and the cryptographic provider, part of the cryptographic transformations, including the storage of private keys and ES keys in an unrecoverable form, is placed on a smart card or USB token.
In addition to the hardware generation of keys, their secure storage and the formation of digital signatures in the microprocessor of the key carrier, the architecture of the FKN allows you to effectively resist attacks related to the substitution of a hash value or signature in the communication channel between the software and hardware of the CSP.
In "CryptoPro FKN CSP" version 3.9, the specially developed JaCarta CryptoPro token, presented in the form factors of a smart card and a USB token, acts as a key carrier.
Part CIPF "CryptoPro FKN CSP" version 3.9 includes a specially developed token JaCarta CryptoPro with the ability to calculate the digital signature using the technology of the FKN company "CRYPTO-PRO" and issued in the form factors of a USB token (in a Nano or XL case) or a smart card.
JaCarta CryptoPro provides secure storage and use of private ES keys, performs mutual CSP and token authentication, as well as strong two-factor authentication of the user who owns the token.
Key benefits of JaCarta CryptoPro
- It is the fastest token among FKN devices (it is ahead of existing products that work with FKN, in terms of the speed of generating an electronic signature by almost 3 times - based on the Protocol for measuring the performance of FKN devices "CRYPTO-PRO" dated 08.12.2014).
- Principle applied Secure by design- a protected microcontroller is used, designed as safe, for security purposes, has built-in protection both at the hardware and software levels against cloning, hacking and all other attacks known to date.
- The generation of ES keys, agreement keys, as well as the creation of ES takes place inside the JaCarta CryptoPro token.
- Uses a secure data transmission channel with the "CryptoPRO FKN CSP" software part.
Composition
"CryptoPro FKN CSP" version 3.9 consists of two key components.
1.USB token or JaCarta CryptoPro smart card:
- is a functional key carrier (FKN), in which Russian cryptography is implemented in hardware;
- allows you to safely store and use private keys EP;
- generates electronic signature "under the mask" - K (h), which allows protecting the exchange channel between the token (smart card) and the software encryption provider (CSP);
- performs mutual CSP and token authentication and strong two-factor authentication of the user who owns the token.
2. Crypto Provider (CSP):
- is a high-level programming interface (MS CAPI) for external applications and provides them with a set of cryptographic functions;
- from the signature "under the mask" received from the hardware token (smart card) - K (h), "removes" the mask K (s) and forms a "normal" signature, understandable for external applications
Architecture "CryptoPro FKN CSP" version 3.9
JaCarta CryptoPro Token Specifications
Microcontroller characteristics | Manufacturer | INSIDE Secure |
Model | AT90SC25672RCT | |
EEPROM Memory | 72 Kb | |
Operating system characteristics | Operating system | Athena Smartcard Solutions OS755 |
International certifications | CC EAL4 + | |
Supported Cryptoalgorithms | GOST R 34.10-2001, GOST 28147-89, GOST R 34.11-94 | |
Supported interfaces | USB | Yes |
Contact interface (ISO7816-3) | T = 1 | |
Safety certifications | FSB of Russia | Federal Security Service of Russia Certificate of Conformity No. SF / 114-2734 Federal Security Service of Russia Certificate of Conformity No. SF / 114-2735 |
Supported OS | Microsoft Windows Server 2003 | (32/64-bit platforms) |
Microsoft Windows Vista | (32/64-bit platforms) | |
Microsoft Windows 7 | (32/64-bit platforms) | |
Microsoft Windows Server 2008 | (32/64-bit platforms) | |
Microsoft Windows Server 2008 R2 | (32/64-bit platforms) | |
CentOS 5/6 | (32/64-bit platforms) | |
Linpus Lite 1.3 | (32/64-bit platforms) | |
Mandriva Server 5 | (32/64-bit platforms) | |
Oracle Enterprise Linux 5/6 | (32/64-bit platforms) | |
Open SUSE 12 | (32/64-bit platforms) | |
Red Hat Enterprise Linux 5/6 | (32/64-bit platforms) | |
SUSE Linux Enterprise 11 | (32/64-bit platforms) | |
Ubuntu 8.04 / 10.04 / 11.04 / 11.10 / 12.04 | (32/64-bit platforms) | |
ALT Linux 5/6 | (32/64-bit platforms) | |
Debian 6 | (32/64-bit platforms) | |
FreeBSD 7/8/9 | (32/64-bit platforms) | |
Time of execution of cryptographic operations | Key import | 3.2 op / s (USB token), 2.4 op / s (smart card) |
Signature creation | 5.8 op / s (USB token), 3.9 op / s (smart card) | |
Available key media | Smart card | JaCarta CryptoPro |
USB token | JaCarta CryptoPro |
Safety certifications
confirming that the CryptoPro FKN CSP Version 3.9 (version 1) means of cryptographic information protection (CIPF) meets the requirements of GOST 28147-89, GOST R 34.11-94, GOST R 34.10-2001, the requirements of the FSB of Russia for encryption (cryptographic) means of the class KS1, the requirements for electronic signatures, approved by order of the FSB of Russia dated December 27, 2011 No. 796, established for the KS1 class, and can be used for cryptographic protection (creation and management of key information, encryption of data contained in the random access memory, calculation of the hash function value for data contained in the RAM area, protection of TLS connections, implementation of electronic signature functions in accordance with Federal Law No. 63-FZ of April 6, 2011 "On Electronic Signature": creation of an electronic signature, verification electronic signature, creating an electronic signature key, creating an electronic signature verification key) information that does not contain information constituting a state secret.
confirming that the CryptoPro FKN CSP version 3.9 (version 2) complies with the requirements of GOST 28147-89, GOST R 34.11-94, GOST R 34.10-2001, the requirements of the FSB of Russia for encryption (cryptographic) means of the class KS2, the requirements for electronic signatures, approved by order of the FSB of Russia dated December 27, 2011 No. 796, established for the KS2 class, and can be used for cryptographic protection (creating and managing key information, encrypting data contained in the RAM, calculating the value hash functions for data contained in the RAM, protection of TLS connections, implementation of electronic signature functions in accordance with Federal Law No. 63-FZ of April 6, 2011 "On Electronic Signatures": creating an electronic signature, verifying an electronic signature, creating an electronic signature key, creating an electronic signature verification key) information that does not contain information constituting state secrets.
To install a system without installation disk you need to download and install all distributions of components from this manual. The installation must be performed with local administrator rights.
Installation of CIPF CryptoPro CSP
Download and install the CryptoPro CSP distribution kit according to the purchased license.
Open the CryptoPro CSP program and enter serial number licenses. Depending on the computer, this can be done in different ways:
Installing the RuToken driver
Download and install components for working with RuToken. (if certificates are stored on flash media, skip this step). When installing components, disconnect RuToken from the computer.
Installing Capicom
Installing Certificates of the Certification Authority
Download and install certificates of the Certification Authority
Installing and configuring the browser
The system works in following browsers: Internet Explorer version 11 or higher, Mozilla Firefox, Google chrome, Yandex Browser, Opera.
For installation .
For Internet Explorer to work correctly with the Kontur.Extern system, you must run the browser settings utility.
You can also manually configure your browser. To do this, use this.
For installation of other browsers, contact your system administrator.
Install Adobe Reader
Download and install Adobe reader... Follow the link to the Adobe official website. To start the installation, you need to select the operating system version and language.
Installing a shortcut
Save to your desktop for easy login. After the installation is complete, you must restart your computer. Before starting work in the reporting system, do not forget to install the signature certificate. Follow the instructions for installing a personal certificate.
Installation completed
CryptoPro CSP is designed for:- authorization and legal validity electronic documents when exchanging them between users, through the use of procedures for the formation and verification of electronic digital signature(EDS) in accordance with domestic standards GOST R 34.10-94, GOST R 34.11-94, GOST R 34.10-2001;
- ensuring confidentiality and control of the integrity of information through its encryption and imitation protection, in accordance with GOST 28147-89; ensuring the authenticity, confidentiality and imitation protection of TLS connections;
- integrity control, system and application software to protect it from unauthorized changes or violation of the correct functioning; management of key elements of the system in accordance with the regulations of protective equipment.
Key carriers for CryptoPro CSP
CryptoPro CSP can be used in conjunction with a variety of key media, but most often the Windows registry, flash drives and tokens are used as key media.
The most secure and convenient key carriers that are used in conjunction with CryptoPro CSP are tokens. They allow you to conveniently and securely store your digital signature certificates. Tokens are designed in such a way that even in case of theft, no one can use your certificate.
Supported CryptoPro CSP key carriers:- floppy disks 3.5 ";
- MPCOS-EMV processor cards and Russian smart cards (Oscar, RIK) using smart card readers supporting the PC / SC protocol (GemPC Twin, Towitoko, Oberthur OCR126, etc.);
- Touch-Memory DS1993 - DS1996 tablets using Accord 4+ devices, Sable electronic lock or Touch-Memory DALLAS tablet reader;
- electronic keys with USB interface;
- removable media with USB interface;
- Windows registry
Digital Signature Certificate for CryptoPro CSP
CryptoPro CSP works correctly with all certificates issued in accordance with the requirements of GOST, which means with most certificates issued by Certification Centers in Russia.
In order to start using CryptoPro CSP, you will definitely need a digital signature certificate. If you have not yet purchased a digital signature certificate, we recommend that you.
Supported Windows operating systems
CSP 3.6 | CSP 3.9 | CSP 4.0 | |
---|---|---|---|
Windows 10 | x86 / x64 | x86 / x64 | |
Windows 2012 R2 | x64 | x64 | |
Windows 8.1 | x86 / x64 | x86 / x64 | |
Windows 2012 | x64 | x64 | x64 |
Windows 8 | x86 / x64 | x86 / x64 | x86 / x64 |
Windows 2008 R2 | x64 / itanium | x64 | x64 |
Windows 7 | x86 / x64 | x86 / x64 | x86 / x64 |
Windows 2008 | x86 / x64 / itanium | x86 / x64 | x86 / x64 |
Windows Vista | x86 / x64 | x86 / x64 | x86 / x64 |
Windows 2003 R2 | x86 / x64 / itanium | x86 / x64 | x86 / x64 |
Windows XP | x86 / x64 | ||
Windows 2003 | x86 / x64 / itanium | x86 / x64 | x86 / x64 |
Windows 2000 | x86 |
Supported UNIX-like operating systems
CSP 3.6 | CSP 3.9 | CSP 4.0 | |
---|---|---|---|
iOS 11 | ARM7 | ARM7 | |
iOS 10 | ARM7 | ARM7 | |
iOS 9 | ARM7 | ARM7 | |
iOS 8 | ARM7 | ARM7 | |
iOS 6/7 | ARM7 | ARM7 | ARM7 |
iOS 4.2 / 4.3 / 5 | ARM7 |
|
|
Mac OS X 10.12 | x64 | x64 | |
Mac OS X 10.11 | x64 | x64 | |
Mac OS X 10.10 | x64 | x64 | |
Mac OS X 10.9 | x64 | x64 | |
Mac OS X 10.8 | x64 | x64 | x64 |
Mac OS X 10.7 | x64 | x64 | x64 |
Mac OS X 10.6 | x86 / x64 | x86 / x64 |
|
Android 3.2+ / 4 | ARM7 | ||
Solaris 10/11 | x86 / x64 / sparc | x86 / x64 / sparc | x86 / x64 / sparc |
Solaris 9 | x86 / x64 / sparc | ||
Solaris 8 | |||
AIX 5/6/7 | PowerPC | PowerPC | PowerPC |
FreeBSD 10 | x86 / x64 | x86 / x64 | |
FreeBSD 8/9 | x86 / x64 | x86 / x64 | x86 / x64 |
FreeBSD 7 | x86 / x64 | ||
FreeBSD 6 | x86 | ||
FreeBSD 5 | |||
LSB 4.0 | x86 / x64 | x86 / x64 | x86 / x64 |
LSB 3.0 / LSB 3.1 | x86 / x64 | ||
RHEL 7 | x64 | x64 | |
RHEL 4/5/6 | x86 / x64 | x86 / x64 | x86 / x64 |
RHEL 3.3 spec. assembly | x86 | x86 | x86 |
RedHat 7/9 | |||
CentOS 7 | x86 / x64 | x86 / x64 | |
CentOS 5/6 | x86 / x64 | x86 / x64 | x86 / x64 |
TD OS AIS FSSP of Russia (GosLinux) | x86 / x64 | x86 / x64 | x86 / x64 |
CentOS 4 | x86 / x64 | ||
Ubuntu 15.10 / 16.04 / 16.10 | x86 / x64 | x86 / x64 | |
Ubuntu 14.04 | x86 / x64 | x86 / x64 | |
Ubuntu 12.04 / 12.10 / 13.04 | x86 / x64 | x86 / x64 | |
Ubuntu 10.10 / 11.04 / 11.10 | x86 / x64 | x86 / x64 | |
Ubuntu 10.04 | x86 / x64 | x86 / x64 | x86 / x64 |
Ubuntu 8.04 | x86 / x64 | ||
Ubuntu 6.04 | x86 / x64 | ||
ALTLinux 7 | x86 / x64 | x86 / x64 | |
ALTLinux 6 | x86 / x64 | x86 / x64 | x86 / x64 |
ALTLinux 4/5 | x86 / x64 | ||
Debian 9 | x86 / x64 | x86 / x64 | |
Debian 8 | x86 / x64 | x86 / x64 | |
Debian 7 | x86 / x64 | x86 / x64 | |
Debian 6 | x86 / x64 | x86 / x64 | x86 / x64 |
Debian 4/5 | x86 / x64 | ||
Linpus Lite 1.3 | x86 / x64 | x86 / x64 | x86 / x64 |
Mandriva Server 5 Buisness Server 1 |
x86 / x64 | x86 / x64 | x86 / x64 |
Oracle Enterprice Linux 5/6 | x86 / x64 | x86 / x64 | x86 / x64 |
Open SUSE 12.2 / 12.3 | x86 / x64 | x86 / x64 | x86 / x64 |
SUSE Linux Enterprice 11 | x86 / x64 | x86 / x64 | x86 / x64 |
Linux Mint 18 | x86 / x64 | x86 / x64 | |
Linux Mint 13/14/15/16/17 | x86 / x64 | x86 / x64 |
Supported algorithms
CSP 3.6 | CSP 3.9 | CSP 4.0 | |
---|---|---|---|
GOST R 34.10-2012 Signature creation | 512/1024 bit | ||
GOST R 34.10-2012 Signature verification | 512/1024 bit | ||
GOST R 34.10-2001 Signature creation | 512 bit | 512 bit | 512 bit |
GOST R 34.10-2001 Signature verification | 512 bit | 512 bit | 512 bit |
GOST R 34.10-94 Signature creation | 1024 bit * | ||
GOST R 34.10-94 Signature verification | 1024 bit * | ||
GOST R 34.11-2012 | 256/512 bit | ||
GOST R 34.11-94 | 256 bit | 256 bit | 256 bit |
GOST 28147-89 | 256 bit | 256 bit | 256 bit |
* - up to CryptoPro CSP 3.6 R2 (build 3.6.6497 from 2010-08-13) inclusive.
CryptoPro CSP license terms
When buying CryptoPro CSP, you get a serial number that you need to enter during the installation or configuration of the program. The key validity period depends on the selected license. CryptoPro CSP can be distributed in two versions: with an annual license or a perpetual one.
By purchasing perpetual license, you will receive a CryptoPro CSP key, which will not expire. If you buy, you will receive a serial number CryptoPro CSP, which will be valid for a year after purchase.