home  /  Inhibits  /  Cryptopro company. Step-by-step installation of the program without installation disc

Cryptopro company. Step-by-step installation of the program without installation disc

Inhibits
19.09.2020

The CryptoPro Rutoken CSP solution is a joint development of the CryptoPro and Aktiv companies, in which the capabilities of the CryptoPro CSP crypto provider and Rutoken USB tokens are integrated. An important feature of the FKN technology is the division of cryptographic powers between the CryptoPro CSP and Rutoken KP - a cryptographic USB token model specially adapted for the FKN technology, based on the Rutoken EDS.

Rutoken KP is used in the FCN technology to generate key pairs, generate agreement keys, implement electronic signatures, etc. Performing these operations on board the token ensures the highest possible degree of security of key information. Rutoken KP is used and supplied only as part of CryptoPro Rutoken CSP, this USB token is not distributed separately.

In the new version of CryptoPro Rutoken CSP, in addition to Rutoken KP, there is support for the standard Rutoken EDS 2.0 model for generating and secure storage of CryptoPro CSP key pairs and containers. Key information is stored on Rutoken EDS 2.0 and cannot be retrieved. The use of Rutoken EDS 2.0 as part of CryptoPro Rutoken CSP provides an optimal solution in terms of cost and capabilities for cases where increased requirements for the level of protection of communication channels with a key carrier are not imposed.

The CryptoPro Rutoken CSP solution is the successor of the CryptoPro CSP CIPF and supports all its capabilities. It is also fully integrated into the public key infrastructure based on the CryptoPro UC certification center.

Appointment

CryptoPro Rutoken CSP is intended for use in Russian PKI systems, in legally significant electronic document management systems and in other information systems using digital signature technologies. Including:

  • in client-bank systems when signing payment orders;
  • in systems of secure document flow;
  • in systems for collecting reports for submission in electronic form;
  • in the authorities and administration at the federal and regional levels;
  • in all other cases where it is necessary to provide increased protection of user keys.

Capabilities

  • Supports all functionality CIPF CryptoPro CSP 3.9 .
  • Provides full integration with PKI infrastructure based on CryptoPro UC.
  • It also works with the standard Rutoken EDS 2.0 model.
  • Using Rutoken KP or Rutoken EDS 2.0 hardware resources, the following cryptographic operations are performed:
    • generation of key pairs GOST R 34.10-2001;
    • formation of an electronic signature in accordance with GOST R 34.10-2001;
    • calculating the Diffie-Hellman negotiation key (RFC 4357).
  • Provides secure storage and use of private keys inside the key carrier without the possibility of retrieval.

Functional key carrier

The FKN architecture implements a fundamentally new approach to ensuring the safe use of key information that is stored on hardware media.

In addition to generating an electronic signature and generating encryption keys directly in the microprocessor, the key carrier allows you to effectively resist attacks related to the substitution of a hash value or signature in a communication channel.

The main advantages of FCN

  • The possibility of signature substitution in the exchange protocol is excluded, the electronic signature is generated in parts: first in the key carrier, then finally in the CSP software part.
  • Generation of electronic signature keys and agreement keys, as well as the creation of an electronic signature within the FKN.
  • Transmitting the hash value over a secure channel that excludes the possibility of spoofing.
  • After the container is created, the user key is not stored either in the key container or in the memory of the cryptographic provider, nor is it used explicitly in cryptographic transformations.
  • Enhanced data protection during transmission over an open channel due to the use of mutual authentication of the key carrier and the software component using the original protocol based on the EKE (electronic key exchange) procedure. In this case, not a PIN code is transmitted, but a point on an elliptic curve.
  • Enhanced confidentiality of private keys.
  • The key can be generated by the FKN or downloaded from the outside.
  • Performing cryptographic operations on elliptic curves directly with a key carrier, supporting Russian electronic signatures.

How to install CryptoPro on a computer, installing CryptoPro 4.0

CryptoPro CSP is a crypto provider and provides the legal value of electronic documentation, protection of connections. It is a key product among CryptoPro products. How CryptoPro CSP install most of all questions arise. We suggest that you familiarize yourself with the information below for the correct installation of the program. To install this software on a computer, the user must have administrator rights. You need to insert the software on the disk into the drive or select the folder with the distribution kit on your computer. After starting the Setup Wizard, you must select the language to use. During installation, there is also a choice of protection level (class).

Further installation is carried out in accordance with the choice of actions indicated by the Installation Wizard. So you may need to specify the serial key, configure additional sensors, adjust the SKZI to use the key storage service. The installation can be complete or custom, depending on the user's tasks. Custom installation helps you install additional prerequisites. It is advisable to reboot the computer after installation for the program to work correctly.

Software "CryptoPro CSP" designed to control the integrity of the system and application software, manage the key elements of the system in accordance with the regulations of protection means, authorization and ensure the legal significance of electronic documents when exchanging them between users. In addition to the crypto provider itself, CryptoPro CSP includes the products CryptoPro TLS, CryptoPro EAP-TLS, CryptoPro Winlogon and CryptoPro Revocation Provider.


The solution is intended for:

  • authorization and ensuring the legal significance of electronic documents when exchanging them between users, by using the procedures for generating and verifying an electronic signature (ES) in accordance with domestic standards GOST R 34.10-2001 / GOST R 34.10-2012 (using GOST R 34.11-94 / GOST R 34.11-2012);
  • ensuring confidentiality and control of the integrity of information through its encryption and imitation protection, in accordance with GOST 28147-89;
  • ensuring the authenticity, confidentiality and imitation protection of TLS connections;
  • monitoring the integrity of system and application software to protect it from unauthorized changes and violations of the correct functioning;
  • management of key elements of the system in accordance with the regulations of protective equipment.

Implemented algorithms

  • The algorithm for generating the value of the hash function is implemented in accordance with the requirements of GOST R 34.11-94 / GOST R 34.11-2012 “Information technology. Cryptographic information protection. Hash function ".
  • Algorithms for generating and verifying electronic signatures are implemented in accordance with the requirements of GOST R 34.10-2001 / GOST R 34.10-2012 “Information technology. Cryptographic information protection. Processes of Formation and Verification of Electronic Digital Signatures ”.
  • The data encryption / decryption algorithm and the calculation of the imitating insert are implemented in accordance with the requirements of GOST 28147-89 “Information processing systems. Cryptographic protection ".

When generating private and public keys, it is possible to generate with different parameters in accordance with GOST R 34.10-2001 / GOST R 34.10-2012.
When generating the hash value and encryption, it is possible to use various replacement nodes in accordance with GOST R 34.11-94 and GOST 28147-89.

Supported types of key media

  • floppy disks 3.5;
  • smart cards using smart card readers, supporting the PC / SC protocol;
  • touch-Memory tablets DS1993 - DS1996 using Accord 4+ devices, an electronic lock "Sable", "Krypton" or a Touch-Memory DALLAS tablet reader (only in Windows version);
  • electronic keys with USB interface (USB-tokens);
  • removable media with USB interface;
  • windows registry
  • solaris / Linux / FreeBSD OS files.
CSP 3.6 CSP 3.9 CSP 4.0 CSP 5.0
Windows Server 2016 x64 * x64 ** x64
Windows 10 x86 / x64 * x86 / x64 ** x86 / x64
Windows Server 2012 R2 x64 x64 x64
Windows 8.1 x86 / x64 x86 / x64 x86 / x64
Windows Server 2012 x64 x64 x64 x64
Windows 8 x86 / x64 x86 / x64 x86 / x64
Windows Server 2008 R2 x64 / itanium x64 x64 x64
Windows 7 x86 / x64 x86 / x64 x86 / x64 x86 / x64
Windows Server 2008 x86 / x64 / itanium x86 / x64 x86 / x64 x86 / x64
Windows Vista x86 / x64 x86 / x64
Windows Server 2003 R2 x86 / x64 / itanium x86 / x64 x86 / x64 x86 / x64
Windows Server 2003 x86 / x64 / itanium x86 / x64 x86 / x64 x86 / x64
Windows XP x86 / x64
Windows 2000 x86

The first thing to start with is to decide on the version that you need. Client or server. If you are planning to use CryptoPro CSP cryptographic information protection system on a server, buy immediately. A client license will not work. Yes, the price of a server license is several times higher and in earlier versions it was possible to install a CAL on the server, but today CALs will simply not be installed on server operating systems, despite the fact that everything worked in the trial (test) period.

GOST R 34.10-2012

Find out if you need support for the new 2012 electronic signature standards. It only supports the standard of electronic signature GOST R 34.10-2012 (“Signature creation” and “Signature verification”). Other versions of the encryption provider (3.0, 3.6 and 3.9) support GOST 94 and 2001.

Please be informed

The procedure for transition to the national standard GOST R 34.10-2012 in electronic signatures for information that does not contain state secrets has been determined.

From the document of the FSB of Russia No. 149/7/1 / 3-58 dated January 31, 2014 "On the procedure for switching to the use of new EDS standards and the hashing function", we learn that after December 31, 2019, it will be unacceptable to use GOST R 34.10 to create an electronic signature -2001.

FSB certificate

In many information systems (especially state ones), one of the main and mandatory requirements is the presence of an FSB certificate of conformity on the software. At the moment, versions 3.6 and 4.0 are certified.

CryptoPro CSP 4.0 version has FSB certificates for protection classes and for operating systems from Windows Vista to Windows 10.

CryptoPro CSP 3.9 R2 CryptoPro CSP 4.0 R2 supporting work in Windows 10 in today received a positive conclusion of the FSB.

Windows or Unix

If you choose version 3.6, then you need to decide on which operating system the software will be installed - on Windows or Unix-like. This division is available only in the CryptoPro СSP version 3.6 and earlier. If you buy a version of or, it doesn't matter which operating system you plan to install it on - Windows or Unix-like.

After purchasing a license from our online store, you will receive an email in which you will find:

  • product license key
  • link to product distribution kit
  • link to user manual
Since no one likes to read the user manual anyway (and you would not read this article if you read the manual), we only need product license key and link to distribution.

Step 1

First you need to find out if you have installed CryptoPro CSP earlier and if installed, which version?

This can be done by carefully studying your Start menu: there should be an item CRYPTO PROwhich has a program CryptoPro CSP.

If you haven't found it, most likely you don't have CryptoPRO installed, so feel free to go to.

If found - run CryptoPro СSP... There we see the General tab, where the license expiration date and version number are indicated.

If the version number corresponds to the version you purchased (for example, if the window says 4.0. ****, and you bought CryptoPro CSP 4.0 - it means it matches), then you you can not reinstall the program, but simply enter the license key. How to do it - look at .

Step 2

You found out that the program is not installed on you. So, you need to download CryptoPro CSP and install it.

It is not so easy to download it: a cryptographic provider is a means of cryptographic protection of information, which means that its distribution is subject to registration by the relevant authorities. Therefore, you will need to follow the link that came to you in the letter or go to the CryptoPro website yourself at the link http://www.cryptopro.ru/downloads and choose from the list of products CryptoPro CSP.

You will see something like this:


Click on the link " Pre-registration"and fill out a form of many fields. After filling out the form and registering, you will be asked to agree to the license agreement, and then you will still be able to download the distribution kit of the program.

At the time of publication, the page with the choice of the distribution looks like this:


If you bought the version CryptoPro CSP 3.6then you will need to select the version R4 - today it is the most functional.

If you purchased a license for CryptoPro CSP 3.9be careful: CryptoPro CSP 3.9 -certified version but does not support Windows 10, CryptoPro CSP 3.9R2 -supports Windows 10, certification planned for Q4 2015

If you bought version 4.0, then select the CryptoPro CSP 4.0 item accordingly (recommended for working with Windows 10, certification is planned in Q3 2015).

You will need to download this file:

Step 3

You have downloaded the installation file CryptoPro CSP, and now you will need to install the program itself. To do this, run the installation file, if you see a security warning you need to allow the program to make changes on your computer. In the opened button, press the button Install (Recommended)

The installation of the program takes place automatically within a few minutes and does not require user participation.


Everything, installation completed.

Step 4

Now you need to enter the license key in a special window. You can get to it in this way (the path may vary slightly depending on the version of the operating system):

Start - Programs - CryptoPro - CryptoPro CSP.

Then press the button License Entry


In the window that opens, fill in the fields in accordance with the received license.


Step 5

We are happy! We have just installed a crypto provider. Not that hard, right?

But you need to understand that CryptoPro CSP itself cannot do anything. The next step you will need to install (or simply configure) programs that will interact with CryptoPro CSP and solve your problems, whether it is an electronic signature, encryption or something else.

Usually, for the implementation of an electronic signature, they use or - they can be purchased from our online store. We tried to make the purchase as convenient as possible: electronic licenses are sent immediately after payment (even at night), a wide range of payment methods.

If the instruction seemed useful to you - share it, you will find buttons for this right under the article.

In the following instructions, I will show you how to install CryptoPro Office Signature , CryptoARMhow to work with tokens and so on.

If you don't want to miss our articles, subscribe to us on social networks! Links to our social media pages can be found at the very bottom of the screen.