Purpose of CryptoPro CSP. Video surveillance Media with non-retrievable keys and secure messaging
"Trinity"– full-cycle system integrator. Construction of IT infrastructure, disaster-proof solutions, virtualization systems, production of servers and storage systems.
Do you need to buy a ready-made server with suitable parameters, but you don’t know which one to choose? Are you confused by the variety of server platforms on the market today? Trinity specialists offer you a huge selection of modern servers and server platforms at affordable prices. We do not just sell equipment - it is in our interests to choose the best option for the client, taking into account all his requirements and wishes.
Main areas of work:
- Designing server rooms and building disaster-proof solutions.
- Information Security.
- Virtualization of servers, data storage systems, workstations.
- IT solutions for television, automation of broadcasting and production, archival storage of media data, IPTV systems.
- Implementation of projects for the construction of data processing centers from the development of technical specifications to turnkey implementation.
- High-performance clusters for parallel computing.
- Corporate servers and data storage systems.
Infrastructure for business applications (SAP, Microsoft, Oracle, etc.)
Servers and server platforms
In order to buy a server or server platform that will work smoothly and for a long time for the benefit of your enterprise, you need to be confident in the reliability of the purchased device. And this is where the services provided by Trinity can significantly facilitate your choice.The Trinity company sells high-performance data storage systems and network equipment at affordable prices. From us you can buy a server platform or a server, both new and refurbished from world-famous manufacturers of server equipment, having previously studied the required power and characteristics. Also, our company employs qualified specialists who will be happy to help you choose the appropriate model and select the optimal server configuration, taking into account all the requirements and wishes. Just contact us at the number provided and we will answer all your questions.
Cryptoprovider CryptoPro CSP is designed for:
authorization and ensuring the legal significance of electronic documents when exchanging them between users, through the use of procedures for generating and verifying an electronic signature (ES) in accordance with domestic standards GOST R 34.10-2001 / GOST R 34.10-2012 (using GOST R 34.11-94 / GOST R 34.11-2012);
ensuring confidentiality and monitoring the integrity of information through its encryption and imitation protection, in accordance with GOST 28147-89;
ensuring authenticity, confidentiality and imitational protection of connections via the TLS protocol;
monitoring the integrity of system and application software to protect it from unauthorized changes and violations of correct functioning;
management of key elements of the system in accordance with the regulations on protective equipment.
Implemented Algorithms
The algorithm for generating the hash function value is implemented in accordance with the requirements of GOST R 34.11-94 / GOST R 34.11-2012 "Information technology. Cryptographic information protection. Hash function."
Algorithms for generating and verifying an electronic signature are implemented in accordance with the requirements of GOST R 34.10-2001 / GOST R 34.10-2012 "Information technology. Cryptographic protection of information. Processes for generating and verifying an electronic digital signature."
The data encryption/decryption algorithm and the calculation of imitative inserts are implemented in accordance with the requirements of GOST 28147-89 "Information processing systems. Cryptographic protection."
When generating private and public keys, it is possible to generate with various parameters in accordance with GOST R 34.10-2001 / GOST R 34.10-2012.
When generating a hash function value and encryption, it is possible to use various replacement nodes in accordance with GOST R 34.11-94 and GOST 28147-89.
Classification of operating systems for using CryptoPro CSP with a license for a workstation and a server.
Supported key media types
floppy disks 3.5";
smart cards using smart card readers that support the PC/SC protocol;
Touch-Memory DS1993 - DS1996 tablets using Accord 4+ devices, Sobol electronic lock, KRYPTON-LOCK APMDZ or Touch-Memory DALLAS tablet reader (Windows version only);
electronic keys with a USB interface (USB tokens);
removable media with USB interface;
Windows OS registry;
Solaris/Linux/FreeBSD OS files.
Certificates of conformity for CIPF "CryptoPro CSP"
- Generation of electronic signature keys and approval keys
- Generating and verifying an electronic signature
- Import of software-generated private ES keys - to enhance their security
- Updating the installation base of the cryptoprovider "CryptoPro CSP"
Peculiarities
The main feature (previously the product was called "CryptoPro eToken CSP") is the use of functional key carrier (FKN) technology.
Functional key carrier (FKN)- architecture of software and hardware products based on smart cards or USB tokens, implementing a fundamentally new approach to ensuring the secure use of a key on a smart card or USB token.
Thanks to the presence of a secure communication channel between the token and the crypto provider, part of the cryptographic transformations, including the storage of private keys and digital signature keys in non-removable form, is transferred to a smart card or USB token.
In addition to hardware generation of keys, their secure storage and generation of digital signatures in the microprocessor of the key carrier, the FKN architecture allows you to effectively resist attacks associated with the substitution of a hash value or signature in the communication channel between the software and hardware parts of the CSP.
In “CryptoPro FKN CSP” version 3.9, the key carrier is a specially developed JaCarta CryptoPro token, presented in the form factors of a smart card and a USB token.
Part CIPF "CryptoPro FKN CSP" version 3.9 includes a specially developed JaCarta CryptoPro token with the ability to calculate digital signature using the FKN technology of the CRYPTO-PRO company and produced in the form factors of a USB token (in Nano or XL housing) or a smart card.
![]() | ![]() |
JaCarta CryptoPro securely stores and uses private digital keys, performs mutual authentication of the CSP and the token, as well as strict two-factor authentication of the user-token owner.
Key advantages of JaCarta CryptoPro
- It is the fastest token among FKN devices (it is almost 3 times faster than existing products working with FKN in the speed of electronic signature generation - based on the Protocol for measuring the performance of FKN devices "CRYPTO-PRO" dated December 8, 2014).
- The principle applied Secure by design– uses a secure microcontroller, designed to be secure for security purposes, has built-in protection at both the hardware and software levels against cloning, hacking and all other attacks known to date.
- The generation of ES keys, approval keys, as well as the creation of ES occurs within the JaCarta CryptoPro token.
- Uses a secure data transmission channel with the CryptoPRO FKN CSP software.
Compound
"CryptoPro FKN CSP" version 3.9 consists of two key components.
1. USB token or JaCarta CryptoPro smart card:
- is a functional key carrier (FKN), in which Russian cryptography is implemented in hardware;
- allows you to safely store and use private keys;
- generates an electronic signature “under the mask” - K(h), which allows you to protect the exchange channel between the token (smart card) and the crypto software provider (CSP);
- performs mutual authentication of the CSP and the token and strict two-factor authentication of the user - the owner of the token.
2. Crypto Provider (CSP):
- is a high-level programming interface (MS CAPI) for external applications and provides them with a set of cryptographic functions;
- from the signature “under the mask” received from the hardware token (smart card) - K(h), “removes” the mask K(s) and forms a “normal” signature, understandable for external applications
Architecture of "CryptoPro FKN CSP" version 3.9
![](https://i0.wp.com/aladdin-rd.ru/assets/c9396c05/images/Scheme.png)
Technical characteristics of the JaCarta CryptoPro token
Microcontroller Specifications | Manufacturer | INSIDE Secure |
Model | AT90SC25672RCT | |
EEPROM Memoryс | 72 KB | |
Operating system characteristics | operating system | Athena Smartcard Solutions OS755 |
International certificates | CC EAL4+ | |
Supported crypto algorithms | GOST R 34.10-2001, GOST 28147-89, GOST R 34.11-94 | |
Supported Interfaces | USB | Yes |
Contact interface (ISO7816-3) | T=1 | |
Safety Certificates | FSB of Russia | Certificate of conformity of the Federal Security Service of Russia No. SF/114-2734 Certificate of conformity of the Federal Security Service of Russia No. SF/114-2735 |
Supported OS | Microsoft Windows Server 2003 | (32/64-bit platforms) |
Microsoft Windows Vista | (32/64-bit platforms) | |
Microsoft Windows 7 | (32/64-bit platforms) | |
Microsoft Windows Server 2008 | (32/64-bit platforms) | |
Microsoft Windows Server 2008 R2 | (32/64-bit platforms) | |
CentOS 5/6 | (32/64-bit platforms) | |
Linpus Lite 1.3 | (32/64-bit platforms) | |
Mandriva Server 5 | (32/64-bit platforms) | |
Oracle Enterprise Linux 5/6 | (32/64-bit platforms) | |
Open SUSE 12 | (32/64-bit platforms) | |
Red Hat Enterprise Linux 5/6 | (32/64-bit platforms) | |
SUSE Linux Enterprise 11 | (32/64-bit platforms) | |
Ubuntu 8.04/10.04/11.04/11.10/12.04 | (32/64-bit platforms) | |
ALT Linux 5/6 | (32/64-bit platforms) | |
Debian 6 | (32/64-bit platforms) | |
FreeBSD 7/8/9 | (32/64-bit platforms) | |
Execution time of cryptographic operations | Importing a key | 3.2 op/s (USB token), 2.4 op/s (smart card) |
Creating a signature | 5.8 op/s (USB token), 3.9 op/s (smart card) | |
Available Key Media | Smart card | JaCarta CryptoPro |
USB token | JaCarta CryptoPro |
Safety Certificates
confirming that the cryptographic information protection tool (CIPF) "CryptoPro FKN CSP" Version 3.9 (version 1) complies with the requirements of GOST 28147-89, GOST R 34.11-94, GOST R 34.10-2001, the requirements of the FSB of Russia for encryption (cryptographic) class means KS1, requirements for electronic signature tools, approved by order of the FSB of Russia dated December 27, 2011 No. 796, established for class KS1, and can be used for cryptographic protection (creation and management of key information, encryption of data contained in the RAM area, calculation of the value hash functions for data contained in the RAM area, protection of TLS connections, implementation of electronic signature functions in accordance with Federal Law of April 6, 2011 No. 63-FZ "On Electronic Signature": creation of an electronic signature, verification of an electronic signature, creation of an electronic signature key, creation of a key for verifying an electronic signature) information that does not contain information constituting a state secret.
confirming that the cryptographic information protection tool (CIPF) "CryptoPro FKN CSP" Version 3.9 (version 2) complies with the requirements of GOST 28147-89, GOST R 34.11-94, GOST R 34.10-2001, the requirements of the FSB of Russia for encryption (cryptographic) class means KS2, requirements for electronic signature tools, approved by order of the FSB of Russia dated December 27, 2011 No. 796, established for the KS2 class, and can be used for cryptographic protection (creation and management of key information, encryption of data contained in the RAM area, calculation of the value hash functions for data contained in the RAM area, protection of TLS connections, implementation of electronic signature functions in accordance with Federal Law of April 6, 2011 No. 63-FZ "On Electronic Signature": creation of an electronic signature, verification of an electronic signature, creation of an electronic signature key, creation of a key for verifying an electronic signature) information that does not contain information constituting a state secret.
Software "CryptoPro CSP" designed to monitor the integrity of system and application software, manage key elements of the system in accordance with the regulations on security measures, authorization and ensure the legal significance of electronic documents when exchanging them between users. In addition to the crypto provider itself, CryptoPro CSP includes the products CryptoPro TLS, CryptoPro EAP-TLS, CryptoPro Winlogon and CryptoPro Revocation Provider.
The solution is intended for:
- authorization and ensuring the legal significance of electronic documents when exchanging them between users, through the use of procedures for generating and verifying an electronic signature (ES) in accordance with domestic standards GOST R 34.10-2001 / GOST R 34.10-2012 (using GOST R 34.11-94 / GOST R 34.11-2012);
- ensuring confidentiality and monitoring the integrity of information through its encryption and imitation protection, in accordance with GOST 28147-89;
- ensuring authenticity, confidentiality and imitational protection of connections via the TLS protocol;
- monitoring the integrity of system and application software to protect it from unauthorized changes and violations of correct functioning;
- management of key elements of the system in accordance with the regulations on protective equipment.
Implemented Algorithms
- The algorithm for generating a hash function value is implemented in accordance with the requirements of GOST R 34.11-94 / GOST R 34.11-2012 “Information technology. Cryptographic information protection. Hash function."
- Algorithms for generating and verifying an electronic signature are implemented in accordance with the requirements of GOST R 34.10-2001 / GOST R 34.10-2012 “Information technology. Cryptographic information protection. Processes of formation and verification of electronic digital signatures.”
- The data encryption/decryption algorithm and the calculation of imitative inserts are implemented in accordance with the requirements of GOST 28147-89 “Information processing systems. Cryptographic protection."
When generating private and public keys, it is possible to generate with various parameters in accordance with GOST R 34.10-2001 / GOST R 34.10-2012.
When generating a hash function value and encryption, it is possible to use various replacement nodes in accordance with GOST R 34.11-94 and GOST 28147-89.
Supported key media types
- floppy disks 3.5;
- smart cards using smart card readers that support the PC/SC protocol;
- Touch-Memory tablets DS1993 - DS1996 using Accord 4+ devices, an electronic lock “Sobol”, “Krypton” or a Touch-Memory DALLAS tablet reader (Windows version only);
- electronic keys with a USB interface (USB tokens);
- removable media with USB interface;
- Windows OS registry;
- Solaris/Linux/FreeBSD OS files.
CSP 3.6 | CSP 3.9 | CSP 4.0 | CSP 5.0 | |
---|---|---|---|---|
Windows Server 2016 | x64* | x64** | x64 | |
Windows 10 | x86 / x64* | x86 / x64** | x86/x64 | |
Windows Server 2012 R2 | x64 | x64 | x64 | |
Windows 8.1 | x86/x64 | x86/x64 | x86/x64 | |
Windows Server 2012 | x64 | x64 | x64 | x64 |
Windows 8 | x86/x64 | x86/x64 | x86/x64 | |
Windows Server 2008 R2 | x64 / itanium | x64 | x64 | x64 |
Windows 7 | x86/x64 | x86/x64 | x86/x64 | x86/x64 |
Windows Server 2008 | x86 / x64 / itanium | x86/x64 | x86/x64 | x86/x64 |
Windows Vista | x86/x64 | x86/x64 | ||
Windows Server 2003 R2 | x86 / x64 / itanium | x86/x64 | x86/x64 | x86/x64 |
Windows Server 2003 | x86 / x64 / itanium | x86/x64 | x86/x64 | x86/x64 |
Windows XP | x86/x64 | |||
Windows 2000 | x86 |