Cryptopro csp version 3.6 and above. Purpose of CryptoPro CSP

CryptoPro CSP is intended for:
  • ensuring the legal significance of documents for electronic document management, using the formation and verification of electronic signatures, according to Russian cryptographic standards GOST R 34.11-94 / GOST R 34.11-2012 and GOST R 34.10-2001 / GOST R 34.10-2012;
  • encryption and imitation protection in accordance with GOST 28147-89 will guarantee the confidentiality and integrity of information;
  • ensuring authenticity, imitation protection and confidentiality of TLS connections;
  • protection against software modification and violation of its operation algorithms;
  • management of key elements of the system, in accordance with the regulation of protective equipment.

Key carriers for CryptoPro CSP

CryptoPro CSP can be used in conjunction with many key media, but the Windows registry, flash drives, and tokens are most commonly used as key media.

The most secure and convenient key carriers that are used in conjunction with CryptoPro CSP, are tokens. They allow you to conveniently and securely store your digital signature certificates. Tokens are designed in such a way that even in case of theft, no one will be able to use your certificate.

  • floppy disks 3.5";
  • MPCOS-EMV processor cards and Russian smart cards (Oscar, RIK) using smart card readers supporting PC/SC protocol (GemPC Twin, Towitoko, Oberthur OCR126, etc.);
  • Touch-Memory tablets DS1993 - DS1996 using Accord 4+ devices, Sobol electronic lock or Touch-Memory DALLAS tablet reader;
  • electronic keys with USB interface;
  • removable media with USB interface;
  • Windows registry;

Digital signature certificate for CryptoPro CSP

CryptoPro CSP works correctly with all certificates issued in accordance with the requirements of GOST, and therefore with most certificates issued by Certification Centers in Russia.

In order to start using CryptoPro CSP, you will definitely need a digital signature certificate. If you have not yet purchased a digital signature certificate, we recommend that you buy a digital signature on this page.

Supported Windows operating systems

CSP 3.6 CSP 3.9 CSP 4.0
Windows 2012 R2 x64 x64
Windows 8.1 x86/x64 x86/x64
Windows 2012 x64 x64 x64
Windows 8 x86/x64 x86/x64 x86/x64
Windows 2008 R2 x64/itanium x64 x64
Windows 7 x86/x64 x86/x64 x86/x64
Windows 2008 x86 / x64 / itanium x86/x64 x86/x64
Windows Vista x86/x64 x86/x64 x86/x64
Windows 2003 R2 x86 / x64 / itanium x86/x64 x86/x64
Windows XP x86/x64
Windows 2003 x86 / x64 / itanium x86/x64 x86/x64
Windows 2000 x86

Supported Algorithms

CSP 3.6 CSP 3.9 CSP 4.0
GOST R 34.10-2012 Creating a signature 512 / 1024 bit
GOST R 34.10-2012 Signature verification 512 / 1024 bit
GOST R 34.10-2001 Creating a signature 512 bit 512 bit 512 bit
GOST R 34.10-2001 Signature verification 512 bit 512 bit 512 bit
GOST R 34.10-94 Creating a signature 1024 bits*
GOST R 34.10-94 Signature verification 1024 bits*
GOST R 34.11-2012 256 / 512 bit
GOST R 34.11-94 256 bit 256 bit 256 bit
GOST 28147-89 256 bit 256 bit 256 bit

* - up to CryptoPro CSP 3.6 R2 (build 3.6.6497 dated 2010-08-13) inclusive.

CryptoPro CSP License Terms

When buying CryptoPro CSP, you get a serial number that you need to enter during the installation or program setup process. The key validity period depends on the selected license. CryptoPro CSP can be distributed in two versions: with an annual license or perpetual.

Having bought perpetual license, you will receive a CryptoPro CSP key, the validity of which will not be limited. If you buy an annual license, you will receive a serial number CryptoPro CSP, which will be valid for a year after purchase.

CryptoPro CSP has a certificate of compliance of the Federal Security Service of the Russian Federation

CryptoPro CSP 5.0 is a new generation of cryptographic provider that develops three main product lines of CryptoPro: CryptoPro CSP (classic tokens and other passive storage of secret keys), CryptoPro FKN CSP / Rutoken CSP (unretrievable keys on tokens with secure messaging) and CryptoPro DSS (keys in the cloud).

All the advantages of the products of these lines are not only preserved, but also multiplied in CryptoPro CSP 5.0: the list of supported platforms and algorithms is wider, the performance is higher, and the user interface is more convenient. But the main thing is that work with all key carriers, including keys in the cloud, is now uniform. To transfer the application system in which the CryptoPro CSP of any version worked to support keys in the cloud or to new media with non-retrievable keys, no software rework is required - the access interface remains the same, and work with the key in the cloud will occur exactly the same in the same way as with the classic key carrier.

Purpose of CryptoPro CSP

  • Formation and verification of electronic signature.
  • Ensuring confidentiality and integrity control of information through its encryption and imitation protection.
  • Ensuring the authenticity, confidentiality and imitation protection of connections using the , and protocols.
  • Monitoring the integrity of system and application software to protect it from unauthorized changes and violations of trusted functioning.

Supported Algorithms

In CryptoPro CSP 5.0, along with Russian ones, foreign cryptographic algorithms are implemented. Users can now use familiar key carriers to store RSA and ECDSA private keys.

Supported key storage technologies

Cloud token

In CryptoPro CSP 5.0, for the first time, it became possible to use keys stored on the CryptoPro DSS cloud service through the CryptoAPI interface. Now the keys stored in the cloud can be easily used by any user application, as well as by most Microsoft applications.

Media with non-removable keys and secure messaging

CryptoPro CSP 5.0 adds support for media with non-recoverable keys that implement the protocol SESPAKE, which allows you to perform authentication without transmitting the user's password in clear form, and to establish an encrypted channel for exchanging messages between the crypto provider and the carrier. An attacker in the channel between the carrier and the user's application can neither steal the password during authentication nor change the data being signed. When using such media, the problem of safe work with non-removable keys is completely solved.

Active, InfoCrypt, SmartPark and Gemalto companies have developed new secure tokens that support this protocol (SmartPark and Gemalto starting from version 5.0 R2).

Media with non-removable keys

Many users want to be able to work with non-retrievable keys, but not upgrade tokens to the FKN level. Especially for them, the provider has added support for popular key carriers Rutoken EDS 2.0, JaCarta-2 GOST and InfoCrypt VPN-Key-TLS.

List of manufacturers and models supported by CryptoPro CSP 5.0

List of manufacturers and models of media with non-recoverable keys supported by CryptoPro CSP 5.0
Company Carrier
ISBC Esmart Token GOST
Assets Rutoken 2151
Rutoken PINPad
Rutoken EDS
Rutoken EDS 2.0
Rutoken EDS 2.0 2100
Rutoken EDS 2.0 3000
Rutoken EDS PKI
Rutoken EDS 2.0 Flash
Rutoken EDS 2.0 Bluetooth
Rutoken EDS 2.0 Touch
Smart card Rutoken 2151
Smart card Rutoken EDS 2.0 2100
Aladdin R.D. JaCarta-2 GOST
infocrypt InfoCrypt Token++ TLS
InfoCrypt VPN-Key-TLS

Classic passive USB tokens and smart cards

Most users prefer fast, cheap and convenient key storage solutions. As a rule, preference is given to tokens and smart cards without cryptographic coprocessors. As in previous versions of the provider, CryptoPro CSP 5.0 retains support for all compatible media manufactured by Active, Aladdin R.D., Gemalto / SafeNet, Multisoft, NovaCard, Rosan, Alioth, MorphoKST and SmartPark.

In addition, of course, as before, ways to store keys in the Windows registry, on a hard drive, on flash drives on all platforms are supported.

List of manufacturers and models supported by CryptoPro CSP 5.0

List of manufacturers and models of classic passive USB tokens and smart cards supported by CryptoPro CSP 5.0
Company Carrier
Alioth SCOne Series (v5/v6)
gemalto Optelio Contactless Dxx Rx
Optelio Dxx FXR3 Java
Optelio G257
Optelio MPH150
ISBC Esmart Token
Esmart Token GOST
MorphoKST MorphoKST
NovaCard Cosmo
Rosan G&D element V14 / V15
G&D 3.45 / 4.42 / 4.44 / 4.45 / 4.65 / 4.80
Kona 2200s / 251 / 151s / 261 / 2320
Kona2 S2120s / C2304 / D1080
safenet eToken Java Pro JC
eToken 4100
eToken 5100
eToken 5110
eToken 5105
eToken 5205
Assets Rutoken 2151
Rutoken S
Rutoken KP
Rutoken Lite
Rutoken EDS
Rutoken EDS 2.0
Rutoken EDS 2.0 3000
Rutoken EDS Bluetooth
Rutoken EDS Flash
Smart card Rutoken 2151
Smart card Rutoken Lite
Smart card Rutoken EDS SC
Smart card Rutoken EDS 2.0
Aladdin R.D. JaCarta GOST
JaCarta PKI
JaCarta PRO
JaCartaLT
JaCarta-2 GOST
infocrypt InfoCrypt Token++ Lite
Multisoft MS_Key version 8 Angara
MS_Key ESMART version 5
SmartPark master's
R301 Foros
Oscar
Oscar 2
Rutoken Master

CryptoPro Tools

As part of CryptoPro CSP 5.0, a cross-platform (Windows / Linux / macOS) graphical application appeared - "CryptoPro Tools" ("CryptoPro Tools").

The main idea is to enable users to conveniently solve typical tasks. All the main functions are available in a simple interface - at the same time, we have also implemented a mode for advanced users, which opens up additional opportunities.

With the help of CryptoPro Tools, the tasks of managing containers, smart cards and settings of crypto providers are solved, and we have also added the ability to create and verify a PKCS # 7 electronic signature.

Supported Software

CryptoPro CSP allows you to quickly and securely use Russian cryptographic algorithms in the following standard applications:

  • office suite Microsoft office;
  • mail server Microsoft Exchange and client Microsoft Outlook;
  • products Adobe Systems Inc.;
  • browsers Yandex.Browser, Sputnik, Internet Explorer,edge;
  • tool for generating and verifying application signatures Microsoft Authenticode;
  • web servers Microsoft IIS, nginx, Apache;
  • remote desktop tools Microsoft Remote Desktop Services;
  • Microsoft Active Directory.

Integration with the CryptoPro platform

From the very first release, support and compatibility with all our products is provided:

  • CryptoPro CA;
  • CA services;
  • CryptoPro EDS;
  • CryptoPro IPsec;
  • CryptoPro EFS;
  • CryptoPro.NET;
  • CryptoPro Java CSP.
  • CryptoPro NGate

Operating systems and hardware platforms

Traditionally, we work in an unsurpassed wide range of systems:

  • Microsoft Windows;
  • MacOS;
  • Linux;
  • FreeBSD;
  • solaris;
  • android;
  • SailfishOS.

hardware platforms:

  • Intel/AMD;
  • PowerPC;
  • MIPS (Baikal);
  • VLIW (Elbrus);
  • Sparc.

and virtual environments:

  • Microsoft Hyper-V
  • VMWare
  • Oracle Virtual Box
  • RHEV.

Supported by different versions of CryptoPro CSP.

To use CryptoPro CSP with a license for a workstation and a server.

Embedding Interfaces

For embedding in applications on all platforms, CryptoPro CSP is available through standard interfaces for cryptographic tools:

  • Microsoft Crypto API
  • PKCS#11;
  • OpenSSL engine;
  • Java CSP (Java Cryptography Architecture)
  • Qt SSL.

Performance for every taste

Years of development experience allows us to cover everything from miniature ARM boards such as Raspberry PI to multi-processor servers based on Intel Xeon, AMD EPYC and PowerPC, with excellent performance scaling.

Regulatory documents

Full list of regulatory documents

  • The crypto provider uses algorithms, protocols and parameters defined in the following documents of the Russian standardization system:
  • R 50.1.113–2016 “Information technology. Cryptographic protection of information. Cryptographic Algorithms Accompanying the Application of Digital Signature Algorithms and Hashing Functions" (also see RFC 7836 "Guidelines on the Cryptographic Algorithms to Accompany the Usage of Standards GOST R 34.10-2012 and GOST R 34.11-2012")
  • R 50.1.114–2016 “Information technology. Cryptographic protection of information. Elliptic Curve Parameters for Cryptographic Algorithms and Protocols" (also see RFC 7836 "Guidelines on the Cryptographic Algorithms to Accompany the Usage of Standards GOST R 34.10-2012 and GOST R 34.11-2012")
  • R 50.1.111–2016 “Information technology. Cryptographic protection of information. Password protection of key information»
  • R 50.1.115–2016 “Information technology. Cryptographic protection of information. Shared Key Derivation Protocol with Password-Based Authentication" (also see RFC 8133 The Security Evaluated Standardized Password-Authenticated Key Exchange (SESPAKE) Protocol")
  • Guidelines TC 26 "Cryptographic information protection" "Using sets of encryption algorithms based on GOST 28147-89 for the transport layer security protocol (TLS)"
  • Guidelines TC 26 "Cryptographic information protection" "Use of algorithms GOST 28147-89, GOST R 34.11 and GOST R 34.10 in cryptographic messages of the CMS format"
  • Technical specification TC 26 "Cryptographic information protection" "Use of GOST 28147-89, GOST R 34.11-2012 and GOST R 34.10-2012 in the IKE and ISAKMP key exchange protocols"
  • Technical specification TC 26 "Cryptographic information protection" "Use of GOST 28147-89 when encrypting attachments in IPsec ESP protocols"
  • Technical specification TK 26 "Cryptographic information protection" "Use of algorithms GOST R 34.10, GOST R 34.11 in the certificate profile and certificate revocation list (CRL) of X.509 public key infrastructure"
  • Technical specification TC 26 "Cryptographic information protection" "PKCS # 11 extension for the use of Russian standards GOST R 34.10-2012 and GOST R 34.11-2012"

CryptoThree is a comprehensive solution for organizing secure workflow jobs: encryption and electronic digital signature of documents, digital certificate management, authentication, etc.

The CryptoThree software product has a certificate of state registration with Rospatent.

The product is designed to provide a technical component when building secure legally significant systems (electronic document management, Internet applications, electronic archives, CRM and ERP systems, etc.).

At the user's workplace, the CryptoPro CSP cryptoprovider is installed, which implements certified cryptoalgorithms, and the CryptoARM client application for performing encryption and electronic signature operations. Keys and digital certificates are stored on the Rutoken electronic identifier to enhance the protection of secret data.

CryptoThree will be of interest to organizations deploying a PKI system, as well as using the services of third-party Certification Authorities. The CryptoThree product allows you to reduce the cost of creating jobs in PKI and reduce the time it takes for users to complete crypto operations, providing simplicity and ease of setup. CryptoThree supports working with various PKI elements. This is work with digital certificates and requests, as well as with Trusted Time Stamping Services (TSA) and Actual Status Services (OCSP).

Benefits of using

  • The cost of the CryptoThree software product is significantly lower than the amount spent on purchasing its constituent products separately.
  • Reducing the time for the purchase procedure itself: buying CryptoThree is faster and easier than contacting different companies for each product separately.
  • All software is collected in a single distribution file. Installation is done with one click. During installation, the necessary operations are performed to configure the program modules.
  • Working with certified cryptographic algorithms.
  • Compliance with the requirements of the Federal Law of the Russian Federation No. 1-FZ of January 10, 2002 "On Electronic Digital Signature".
  • Support for international standards and recommendations in the field of information security (X.509, PKCS, CMS).
  • Key information in the protected memory of Rutoken remains safe even if the USB token is lost.
  • The standard delivery of CryptoThree includes templates of documents (regulations) that allow the customer to independently generate a complete package of documentation necessary to establish a legally significant electronic document management system.
  • There is a positive conclusion of the Central Security Service of the FSB of Russia on the correctness of embedding CryptoPro CSP in CryptoARM.

Embedding in applied and business systems

CryptoThree can be used both to organize a workplace in PKI, and as a basis for embedding cryptoalgorithms in applied and business systems. With minimal cost, it can be integrated into electronic document management systems. Implements requirements to ensure legal significance. Additionally, consulting work on the creation of regulations can be carried out.

Product delivery

The CryptoThree software product comes in several different configurations:

Basic equipment:

  • Key carrier Rutoken 32Kb;
  • Packing (DVD box).

Basic equipment with a certified token:

  • License for the CryptoThree software product (includes the activation numbers of CryptoPro CSP 3.6 and CryptoARM 4.X);
  • Brochure on legally significant electronic document management in printed form;
  • CD-ROM with solution distribution kit, presentation and templates of regulations in electronic form;
  • CIPF form CryptoPro CSP (version 3.6);
  • Key carrier Rutoken 32Kb ndv3;
  • Certificate of authenticity/copy of the FSTEC certificate of conformity;
  • Specifications (TU) for Rutoken 32Kb ndv3;
  • Packing (DVD box).


As a rule, the idea to download Cryptopro 3.9 R2 for Windows 10 appears among entrepreneurs with a large workflow. However, the product is also suitable for domestic purposes, because electronic signatures are increasingly becoming part of the life of an ordinary person.

Peculiarities

Cryptopro 3.9 R2 is a multifunctional cryptographic software. The latest most current version applies to any device running Windows 10, including tablets. The scope of this program is very wide:
  • Protection of authorship of documents;
  • Ensuring secure workflow;
  • Working with electronic signatures;
If you care about the security of your workflow, then downloading Cryptopro 3.9 R2 will be the right decision. This is a domestic development, and although it deals with very complex issues in technical terms, working with the program is very simple. Of course, if you have little idea what Cryptopro is, then it is better to study the documentation first, and only then get to work.

Installation takes place in several stages, but in order not to make a mistake, download the correct version - x32 / x64 bits. And if your computer works without, then even the most powerful cryptographic protection of documents will not protect you from possible penetration. Therefore, we recommend installing

RELATED ARTICLES