Cryptopro software csp. Purpose of CryptoPro CSP

"Trinity"– full cycle system integrator. Construction of IT infrastructure, disaster-proof solutions, virtualization systems, production of servers and storage systems.

You need to buy a ready-made server with suitable parameters, but you don't know which one to choose? Are you confused by the variety of server platforms on the market today? Trinity specialists offer you a huge selection of modern servers and server platforms at affordable prices. We do not just carry out the sale of equipment - it is in our interests to choose the best option for the client, taking into account all his requirements and wishes.

Main areas of work:

• Designing server rooms and building disaster-proof solutions.
• Information Security.
• Virtualization of servers, storage systems, workstations.
• IT solutions for television, broadcasting and production automation, archival storage of media data, IPTV systems.

• Implementation of projects for the construction of data processing centers from the development of technical requirements to turnkey implementation.
• High performance clusters for parallel computing.
• Corporate servers and storage systems.
  Infrastructure for business applications (SAP, Microsoft, Oracle, etc.)

Servers and server platforms

In order to buy a server or server platform that will work uninterruptedly and for a long time for the benefit of your company, you need to be sure of the reliability of the purchased device. And this is where Trinity's services can make your choice much easier.

The Trinity company sells high-performance data storage systems and network equipment at affordable prices. Here you can buy a server platform or a server, both new and refurbished from well-known world manufacturers of server technology, having previously studied the required capacities and characteristics. Also, our company employs qualified specialists who will be happy to help you choose the right model and select the optimal server configuration, taking into account all the requirements and wishes. Just contact us at the given number and we will answer all your questions.

As a rule, the idea to download Cryptopro 3.9 R2 for Windows 10 appears among entrepreneurs with a large workflow. However, the product is also suitable for domestic purposes, because electronic signatures are increasingly becoming part of the life of an ordinary person.

Peculiarities

Cryptopro 3.9 R2 is a multifunctional cryptographic software. latest most current version applies to any device on Windows 10, including tablets. The scope of this program is very wide:

• Protection of authorship of documents;
• Ensuring secure workflow;
• Working with electronic signatures;

If you care about the security of your workflow, then downloading Cryptopro 3.9 R2 will be the right decision. This is a domestic development, and although it concerns very difficult questions in technical terms, working with the program is very simple. Of course, if you have little idea what Cryptopro is, then it is better to study the documentation first, and only then get to work.

Installation takes place in several stages, but in order not to make a mistake, download the correct version - x32 / x64 bits. And if your computer works without, then even the most powerful cryptographic protection of documents will not protect you from possible penetration. Therefore, we recommend installing

• Generation of ES keys and approval keys
• Formation and verification of electronic signature
• Import of programmatically generated ES private keys - to enhance their security
• Updating the installation base of the crypto provider " CryptoPro CSP"

Peculiarities

The main feature (previously the product was called "CryptoPro eToken CSP") is the use of functional key carrier technology (FKN).

Functional key carrier (FKN)- the architecture of software and hardware products based on smart cards or USB tokens, which implements a fundamentally new approach to providing safe use key on a smart card or USB token.

Due to the presence of a secure communication channel between the token and the crypto provider, part of the cryptographic transformations, including the storage of private keys and ES keys in a non-retrievable form, is transferred to a smart card or USB token.

In addition to hardware generation of keys, their secure storage and the formation of ES in the microprocessor of the key carrier, the FKN architecture makes it possible to effectively resist attacks associated with the substitution of a hash value or signature in the communication channel between the CSP software and hardware.

In "CryptoPro FKN CSP" version 3.9, a specially developed JaCarta CryptoPro token, presented in the form factors of a smart card and a USB token, acts as a key carrier.

Part CIPF "CryptoPro FKN CSP" version 3.9 includes a specially developed JaCarta CryptoPro token with the ability to calculate ES using the CRYPTO-PRO FKN technology and produced in the form factors of a USB token (in a Nano or XL case) or a smart card.

JaCarta CryptoPro securely stores and uses private ES keys, performs mutual authentication of the CSP and the token, as well as strong two-factor authentication of the user-owner of the token.

Key Benefits of JaCarta CryptoPro

• It is the fastest token among FKN devices (it is ahead of existing products working with FKN in terms of the speed of generating an electronic signature by almost 3 times - based on the Protocol for measuring the speed of FKN devices "CRYPTO-PRO" dated 08.12.2014).
• Principle applied Secure by design- uses a secure microcontroller, designed to be secure, for security purposes, has built-in protection both at the hardware and software levels against cloning, hacking and all other attacks known today.
• The generation of ES keys, approval keys, as well as the creation of ES takes place inside the JaCarta CryptoPro token.
• Uses a secure data transmission channel with the software part "CryptoPRO FKN CSP".

Compound

"CryptoPro FKN CSP" version 3.9 consists of two key components.

1. USB token or JaCarta CryptoPro smart card:

• is a functional key carrier (FKN), in which Russian cryptography is implemented in hardware;
• allows you to safely store and use private keys EP;
• generates an ES "under the mask" - K(h), which allows you to protect the exchange channel between the token (smart card) and the software crypto provider (CSP);
• performs mutual authentication of the CSP and the token and strong two-factor authentication of the user - the owner of the token.

2. Crypto provider (CSP):

• is a high-level programming interface (MS CAPI) for external applications and provides them with a set of cryptographic functions;
• from the signature "under the mask" received from the hardware token (smart card) - K(h), "removes" the mask K(s) and forms a "normal" signature understandable for external applications

Architecture "CryptoPro FKN CSP" version 3.9

Specifications of the JaCarta CryptoPro token

Characteristics of the microcontroller	Manufacturer	INSIDE Secure
	Model	AT90SC25672RCT
	EEPROM Memory	72 Kb
Operating system specifications	Operating system	Athena Smartcard Solutions OS755
	International certificates	CC EAL4+
	Supported cryptalgorithms	GOST R 34.10-2001, GOST 28147-89, GOST R 34.11-94
Supported interfaces	USB	Yes
	Contact interface (ISO7816-3)	T=1
Security Certifications	FSB of Russia	Certificate of conformity of the FSB of Russia No. SF / 114-2734 Certificate of conformity of the FSB of Russia No. SF / 114-2735
Supported OS	Microsoft Windows Server 2003	(32/64-bit platforms)
	Microsoft Windows Vista	(32/64-bit platforms)
	Microsoft Windows 7	(32/64-bit platforms)
	Microsoft Windows Server 2008	(32/64-bit platforms)
	Microsoft Windows Server 2008 R2	(32/64-bit platforms)
	CentOS 5/6	(32/64-bit platforms)
	Linpus Lite 1.3	(32/64-bit platforms)
	Mandriva Server 5	(32/64-bit platforms)
	Oracle Enterprise Linux 5/6	(32/64-bit platforms)
	Open SUSE 12	(32/64-bit platforms)
	Red Hat Enterprise Linux 5/6	(32/64-bit platforms)
	SUSE Linux Enterprise 11	(32/64-bit platforms)
	Ubuntu 8.04/10.04/11.04/11.10/12.04	(32/64-bit platforms)
	ALT Linux 5/6	(32/64-bit platforms)
	Debian 6	(32/64-bit platforms)
	FreeBSD 7/8/9	(32/64-bit platforms)
Execution time of cryptographic operations	Key import	3.2 op/s (USB token), 2.4 op/s (smart card)
	Create a signature	5.8 op/s (USB token), 3.9 op/s (smart card)
Available key media	smart card	JaCarta CryptoPro
	USB token	JaCarta CryptoPro

Security Certifications

confirming that the cryptographic information protection tool (CIPF) "CryptoPro FKN CSP" Version 3.9 (version 1) complies with the requirements of GOST 28147-89, GOST R 34.11-94, GOST R 34.10-2001, the requirements of the FSB of Russia for encryption (cryptographic) means of the class KS1, the requirements for electronic signature tools approved by the order of the Federal Security Service of Russia dated December 27, 2011 No. 796, established for the KS1 class, and can be used for cryptographic protection (creation and management of key information, encryption of data contained in the area random access memory, calculation of the hash value for data contained in the RAM area, protection of TLS connections, implementation of electronic signature functions in accordance with the Federal Law of April 6, 2011 No. 63-FZ "On Electronic Signature": creation of an electronic signature, verification electronic signature, creation of an electronic signature key, creation of an electronic signature verification key) information that does not contain information constituting a state secret.

confirming that the cryptographic information protection tool (CIPF) "CryptoPro FKN CSP" Version 3.9 (version 2) meets the requirements of GOST 28147-89, GOST R 34.11-94, GOST R 34.10-2001, the requirements of the FSB of Russia for encryption (cryptographic) means of the class KS2, the requirements for electronic signature tools approved by the order of the Federal Security Service of Russia dated December 27, 2011 No. 796, established for the KS2 class, and can be used for cryptographic protection (creation and management of key information, encryption of data contained in the RAM area, calculation of the value hash functions for data contained in the RAM area, protection of TLS connections, implementation of electronic signature functions in accordance with the Federal Law of April 6, 2011 No. 63-FZ "On Electronic Signature": creation of an electronic signature, verification of an electronic signature, creation of an electronic signature key, creation of an electronic signature verification key) information that does not contain information constituting state secret.

CryptoPro CSP is intended for:

• ensuring the legal significance of documents for electronic document management, using the formation and verification of electronic signatures, according to Russian cryptographic standards GOST R 34.11-94 / GOST R 34.11-2012 and GOST R 34.10-2001 / GOST R 34.10-2012;
• encryption and imitation protection in accordance with GOST 28147-89 will ensure the confidentiality and integrity of information;
• ensuring authenticity, imitation protection and confidentiality of TLS connections;
• protection against software modification and violation of its operation algorithms;
• management of key elements of the system, in accordance with the regulation of protective equipment.

Key carriers for CryptoPro CSP

CryptoPro CSP can be used in conjunction with many key carriers, but most often used as key carriers Windows registry, flash drives and tokens.

The most secure and convenient key carriers that are used in conjunction with CryptoPro CSP, are tokens. They allow you to conveniently and securely store your digital signature certificates. Tokens are designed in such a way that even in case of theft, no one will be able to use your certificate.

• floppy disks 3.5";
• MPCOS-EMV processor cards and Russian smart cards (Oscar, RIK) using smart card readers supporting PC/SC protocol (GemPC Twin, Towitoko, Oberthur OCR126, etc.);
• Touch-Memory tablets DS1993 - DS1996 using Accord 4+ devices, electronic lock Sable or Touch-Memory DALLAS tablet reader;
• electronic keys with USB interface;
• removable media with USB interface;
• Windows registry;

Digital signature certificate for CryptoPro CSP

CryptoPro CSP works correctly with all certificates issued in accordance with the requirements of GOST, and therefore with most certificates issued by Certification Centers in Russia.

In order to start using CryptoPro CSP, you will definitely need a digital signature certificate. If you have not yet purchased a digital signature certificate, we recommend that you buy a digital signature on this page.

Supported Windows operating systems

	CSP 3.6	CSP 3.9	CSP 4.0
Windows 2012 R2		x64	x64
Windows 8.1		x86/x64	x86/x64
Windows 2012	x64	x64	x64
Windows 8	x86/x64	x86/x64	x86/x64
Windows 2008 R2	x64/itanium	x64	x64
Windows 7	x86/x64	x86/x64	x86/x64
Windows 2008	x86 / x64 / itanium	x86/x64	x86/x64
Windows Vista	x86/x64	x86/x64	x86/x64
Windows 2003 R2	x86 / x64 / itanium	x86/x64	x86/x64
Windows XP	x86/x64
Windows 2003	x86 / x64 / itanium	x86/x64	x86/x64
Windows 2000	x86

Supported Algorithms

	CSP 3.6	CSP 3.9	CSP 4.0
GOST R 34.10-2012 Creating a signature			512 / 1024 bit
GOST R 34.10-2012 Signature verification			512 / 1024 bit
GOST R 34.10-2001 Creating a signature	512 bit	512 bit	512 bit
GOST R 34.10-2001 Signature verification	512 bit	512 bit	512 bit
GOST R 34.10-94 Creating a signature	1024 bits*
GOST R 34.10-94 Signature verification	1024 bits*
GOST R 34.11-2012			256 / 512 bit
GOST R 34.11-94	256 bit	256 bit	256 bit
GOST 28147-89	256 bit	256 bit	256 bit

* - up to CryptoPro CSP 3.6 R2 (build 3.6.6497 dated 2010-08-13) inclusive.

CryptoPro CSP License Terms

Buying CryptoPro CSP, you get serial number, which you need to enter when installing or configuring the program. The key validity period depends on the selected license. CryptoPro CSP can be distributed in two versions: with an annual license or perpetual.

Having bought perpetual license, you will receive a CryptoPro CSP key, the validity of which will not be limited. If you buy an annual license, you will receive a serial number CryptoPro CSP, which will be valid for a year after purchase.

CryptoPro CSP has a certificate of compliance of the Federal Security Service of the Russian Federation

Software "CryptoPro CSP" designed to control the integrity of system and application software, manage key elements of the system in accordance with the regulation of protection tools, authorization and ensure legal significance electronic documents when they are exchanged between users. CryptoPro CSP, in addition to the crypto provider itself, includes CryptoPro TLS, CryptoPro EAP-TLS, CryptoPro Winlogon and CryptoPro Revocation Provider products.

The solution is intended for:

• authorization and ensuring the legal significance of electronic documents when they are exchanged between users, through the use of procedures for generating and verifying an electronic signature (ES) in accordance with domestic standards GOST R 34.10-2001 / GOST R 34.10-2012 (using GOST R 34.11-94 / GOST R 34.11-2012);
• ensuring confidentiality and integrity control of information through its encryption and imitation protection, in accordance with GOST 28147-89;
• ensuring the authenticity, confidentiality and imitation protection of connections via the TLS protocol;
• monitoring the integrity of the system and application software to protect it from unauthorized changes and malfunctions;
• management of key elements of the system in accordance with the regulation of protective equipment.

Implemented Algorithms

• The hash function generation algorithm is implemented in accordance with the requirements of GOST R 34.11-94 / GOST R 34.11-2012 " Information technology. Cryptographic protection of information. hashing function.
• Algorithms for generating and verifying an electronic signature are implemented in accordance with the requirements of GOST R 34.10-2001 / GOST R 34.10-2012 “Information technology. Cryptographic protection of information. Processes of formation and verification of electronic digital signature.
• The data encryption/decryption algorithm and the calculation of the imitated insertion are implemented in accordance with the requirements of GOST 28147-89 “Information processing systems. Cryptographic protection”.

When generating private and public keys, it is possible to generate them with different parameters in accordance with GOST R 34.10-2001 / GOST R 34.10-2012.
When generating a hash function value and encryption, it is possible to use various replacement nodes in accordance with GOST R 34.11-94 and GOST 28147-89.

Supported key media types

• floppy disks 3.5;
• smart cards using smart card readers supporting PC/SC protocol;
• Touch-Memory DS1993 - DS1996 tablets using Accord 4+ devices, Sobol, Krypton electronic lock or Touch-Memory DALLAS tablet reader (only in Windows versions);
• electronic keys with USB interface (USB tokens);
• removable media with USB interface;
• Windows registry;
• Solaris/Linux/FreeBSD OS files.

	CSP 3.6	CSP 3.9	CSP 4.0	CSP 5.0
Windows Server 2016		x64*	x64**	x64
Windows 10		x86 / x64*	x86 / x64**	x86/x64
Windows Server 2012 R2		x64	x64	x64
Windows 8.1		x86/x64	x86/x64	x86/x64
Windows Server 2012	x64	x64	x64	x64
Windows 8	x86/x64	x86/x64	x86/x64
Windows Server 2008 R2	x64/itanium	x64	x64	x64
Windows 7	x86/x64	x86/x64	x86/x64	x86/x64
Windows Server 2008	x86 / x64 / itanium	x86/x64	x86/x64	x86/x64
Windows Vista	x86/x64	x86/x64
Windows Server 2003 R2	x86 / x64 / itanium	x86/x64	x86/x64	x86/x64
Windows Server 2003	x86 / x64 / itanium	x86/x64	x86/x64	x86/x64
Windows XP	x86/x64
Windows 2000	x86