Installing and configuring digital signature via CryptoPro CSP on Linux (Ubuntu) - Information for users - Confluence. Installing and configuring digital signature signature via CryptoPro CSP on Linux (Ubuntu) - Information for users - Confluence Installing graphical codes

Downloaded packages must be unzipped:

Then use the command to install packages:

sudo sh install_gui.sh

This will open a terminal with the ability to install via GUI.

It's better to install packages manually:

sudo dpkg -i lsb-cprocsp-devel_4.0.0-5_all.deb

sudo dpkg -i cprocsp-curl-64_4.0.0-4_amd64.deb

sudo apt-get install libpangox-1.0-dev

sudo dpkg -i cprocsp-rdr-gui-gtk-64_4.0.0-4_amd64.deb

sudo dpkg -i cprocsp-rdr-rutoken-64_4.0.0-4_amd64.deb

sudo dpkg -i ifd-rutokens_1.0.1_amd64.deb

sudo dpkg -i lsb-cprocsp-base_4.0.0-4_all.deb

sudo dpkg -i lsb-cprocsp-capilite-64_4.0.0-4_amd64.deb

2. Download the Rutoken administration utility from the link: https://www.rutoken.ru/support/download/drivers-for-nix/

Direct link: https://www.rutoken.ru/support/download/get/rtDrivers-x64-deb.html

In order to install Rutoken drivers for Linux (Ubuntu), download the installation file. After completing the installation process, connect Rutoken to your computer.

2.1 Install into the system.

For deb-based systems (Debian, Ubuntu, Linux Mint, etc.) this is the libccid library no lower than 1.3.11, pcscd and libpcsclite1 packages. To install the specified packages, launch a terminal and run the command:

sudo apt-get install libccid pcscd libpcsclite1

After installing the Rutoken administration utility package:

sudo dpkg -i ifd-rutokens_1.0.4_amd64.deb

Installation information

3.2 Unzip the packages using the command:

3.3 Install packages using the appropriate command:

Information on possible problems:

If problems or errors arise during installation, run: dpkg --force-overwrite -i<имя пакета>.deb

The problem occurred with the package below, it can be resolved by entering the command into the terminal:

dpkg --force-overwrite -i cprocsp-pki-cades_2.0.0_amd64.deb

Install alien package:

sudo apt-get install alien

Perform installation:

sudo alien -kci cprocsp-pki-2.0.0-amd64-cades.rpm

sudo alien -kci cprocsp-pki-2.0.0-amd64-plugin.rpm

If necessary, distribute rights to packages using commands in the terminal:

sudo chmod 777<имя пакета>.deb

For installation packages:

sudo chmod 777 cprocsp-pki-2.0.0-amd64-cades. deb

sudo chmod 777 cprocsp-pki-2.0.0-amd64-plugin. deb

3.4 You also need to do:

sudo dpkg -i cprocsp-pki-2.0.0-amd64-cades .deb

sudo dpkg -i cprocsp-pki-2.0.0-amd64-plugin .deb

It is better to obtain the certificate manually through the terminal, since there is no ActiveX support in UNIX

/opt/cprocsp/bin/amd64/csptest -keyset -enum_cont -fqcn -verifyc

sudo /opt/cprocsp/bin/amd64/csptest -keyset -newkeyset -provtype 80 -cont "\\.\HDIMAGE\Test"

/opt/cprocsp/bin/amd64/cryptcp -creatrqst -dn "INN=007814508921, [email protected], C=RU, CN=Akhunov Azat AAa, SN=Akhunov" -nokeygen -both -ku -cont "Test" cert.req

Contents of the received file cert.req, enter https://www.cryptopro.ru/certsrv/certrqxt.asp and download the resulting certificate. We add it to our container

sudo /opt/cprocsp/bin/amd64/certmgr -inst -store uRoot -file certnew.p7b

4. Certificate of test signature key, which can be obtained on the test center page, at the link: https://www.cryptopro.ru/certsrv/certrqma.asp

4.1 Click the issue button and it is necessary that Rutoken be connected to the device to which the key and certificate are issued.

Select Rutoken device:

Enter the PIN code on the Rutoken device, standard passwords for the container are 87654321 or 12345678.

Generate random numbers by pressing keys and moving the mouse over this window:

4.2 Check the successful installation message.

5. Checking the plugin in the browser

Google Chrome Version 61.0.3163.79 (Official build), (64 bit)

You can check the certificate key using the link: https://www.cryptopro.ru/sites/default/files/products/cades/demopage/simple.html

6. When signing in the RMIS system, a confirmation window appears with the choice of certificate:

6.1 You must select a certificate and press the button. Subscribe.

6.2 A notification about successful signing will be issued: Completed! The report has been successfully signed.

Where possible, use the Upload button to upload the selected signed document.

Uploading file Installing and configuring digital signature via CryptoPro CSP on Linux (Ubuntu) , which needs to be unzipped.

A signed protocol file can be verified through the application tools VipNet CryptoFile (Windows) , click in the Open application and select open the signed file in the format .pdf and select the protocol in the format .sig example:

6.3 Generate a report: Crypto-Pro GOST R 34.10-2001 Cryptographic Service Provider

Electronic signature verification report

Report generation time: 01.03.17 22:54

• Files checked: C:/Users/skygb/Downloads/protocol.sig and C:/Users/skygb/Downloads/protocol.pdf

• EP: TRUE

To ensure work with Rutoken electronic keys in the OS family Linux need to install:

1. CryptoPro CSP

2. Packages from the CryptoPro distribution CSP : cprocsp-rdr-pcsc, cprocsp-rdr-rutoken

3. For Rutoken S an additional driver is needed. Or from the manufacturer's websitehttps://www.rutoken.ru/support/download/nix/ , or from the CryptoPro distribution kit CSP- ifd-rutokens

Important!

For Rutoken electronic identifiers to work, the following must be installed:

INDEB-based system: libccid library no lower than 1.4.2, pcscd and libpcsclite1 packages.

In an RPM-based system:packages ccid, pcscd and pcsc-lite.

Below are examples of installing packages by a user with administrator rights ( root ). Otherwise, at the beginning of the command you should put " sudo" for example:

user@ubuntu:# sudo ./ install . sh

Installing the driver RutokenForDEB- basedAndRPM- basedsystems (only forRUTOKENS):

DEB:

root@ubuntu:# dpkg -i ifd-rutokens

RPM:

root@ubuntu:# rpm -i ifd-rutokens

Install CryptoPro CSP for DEB- basedAndRPM- basedsystems:

For both systems

root@ubuntu:# ./ install . sh

Install the PCSC reader support module for DEB- basedAndRPM- basedsystems (additional package):

DEB:

root@ubuntu:# dpkg -i cprocsp-rdr-pcsc

RPM:

root@ubuntu:# rpm -i cprocsp-rdr-pcsc

Installing the support module RutokenForDEB- basedAndRPM- basedsystems (additional package):

DEB:

root@ubuntu :# dpkg -i cprocsp-rdr-rutoken

RPM:

root@ubuntu:# rpm -i cprocsp-rdr-rutoken

After connecting the reader, let’s check whether the system detects it:

root@ubuntu :# /opt/cprocsp/bin/amd64/csptest -card -enum

Aktiv Rutoken ECP 00 00

Total: SYS: 0.000 sec USR: 0.000 sec UTC: 0.240 sec

[ErrorCode: 0 x 00000000]

View the list of configured readers:

root@ubuntu :# /opt/cprocsp/sbin/amd64/cpconfig -hardware reader -view

Nick name: Aktiv Rutoken ECP 00 00
Connect name:
Reader name: Aktiv Rutoken ECP 00 00

Nick name: FLASH
Connect name:
Reader name: FLASH

Nick name: HDIMAGE
Connect name:
Reader name: HDIMAGE

For testing, let's create a self-signed certificate with a private key:

root@ubuntu :~# /opt/cprocsp/bin/amd64$ ./csptestf -keyset -newkeyset -makecert -cont "\\.\Aktiv Rutoken ECP 00 00\test" -keytype exchange

CSP (Type:80) v4.0.9019 KC1 Release Ver:4.0.9963 OS:Linux CPU:AMD64 FastCode:READY:AVX.

AcquireContext: OK. HCRYPTPROV: 34026883

GetProvParam(PP_NAME): Crypto-Pro GOST R 34.10-2012 KC1 CSP

Container name: "test"

Exchange key is not available.

Attempting to create an exchange key...

Press keys...

[..........................................................................]

an exchange key created.

Subject/Issuer: [email protected] CN=test

Self signed certificate created: [email protected] CN=test

This instruction describes the installation of CIPF CryptoPro CSP 4.0 in ROSA Fresh R7–R10 (RED X2–X3) for working with Rutoken electronic keys. The example is shown for 64-bit AMD64 architecture; for 32-bit i586, the installation is similar, up to the names of installation packages and folders. To install, you need skills in working with a file manager (for the KDE version this is Dolphin) and console (Konsole or F4 when working in Dolphin).

Obtaining installation packages

Before installing CIPF CryptoPro CSP 4.0, you first need to register on the website https://www.cryptopro.ru/ and download version 4.0 for Linux in the rpm package from the download page https://www.cryptopro.ru/products/csp/downloads.

Installation of basic components of CryptoPro

• Unpack the downloaded archive. This can be done by selecting the appropriate menu item in the GUI or by running console commands:

A folder with CryptoPro installation files should appear.

• In the console, go to this folder:

Further installation must be performed with administrator rights (root).

• Run the console command to enter administrator mode (su) and enter the password.
• Run the installation commands:

If the administrator password is unknown, you can use the command sudo ./install.sh, and then - sudo rpm -ivh cprocsp-rdr-pcsc-* lsb-cprocsp-pkcs11-*, while entering the password of the current user (if he has it) rights).

To install in the GUI, launch the file manager Dolphin with administrator rights by running the following command:

Kdesu dolphin

In the window that opens, click on the install.sh file.

Installing Device Support Packs

Support packages for tokens/readers/expansion cards are in the CryptoPro CSP archive; their names begin with cprocsp-rdr- . If you need to use a specific device (for example, Rutoken EDS), install the appropriate package:

Sudo rpm -ivh cprocsp-rdr-rutoken*

The archive also contains packages with drivers (ifd-*). They should also be installed when using the appropriate devices. For example, for Rutoken S:

Sudo rpm -ivh ifd-rutokens*

Installing Graphics Components

If you plan to use (this step is included in the instructions in the link), rosa-crypto-tool or other programs and components with a graphical interface, you need to install two more packages:

Urpmi pangox-compat && rpm -ivh cprocsp-rdr-gui-gtk*

You should not install the cprocsp-rdr-gui package, because in conjunction with cprocsp-rdr-gui-gtk it breaks the operation of graphical components.

Connecting a token to a computer

Now you can connect Rutoken to the USB port of your computer.

To verify that the connection is correct, run the lsusb command.

Example of correct output:

Connection and installation of CryptoPro

• Run the program in a separate console pcscd with administrator rights (root). In the future, this should be done through the console and sudo, although you can also use the su command so as not to enter the password every time. sudo will be an indicator that the command requires administrator rights.

After startup, do not close this console - you will be able to see how the system interacts with the smart card.

• Open another console.

• Run the utility of CryptoPro already installed in the /opt folder:

The utility must also “see” the device:

Installing certificates

After installing the packages, it will be possible to view containers on the Rutoken device. For example, to find out the path to the required container, run:

/opt/cprocsp/bin/amd64/csptest -keyset -enum_cont -verifyc -fq

To work with certificates, you need to install the certificate of the certification authority (in this case, install the root certificate directly) and the Rutoken certificate to the local storage.

• Download a file from the certification authority website containing the root certificate (usually it has a .cer or .p7b extension) and, if necessary, a certificate chain.

• Download the certificate revocation list (file with .crl extension) and install the resulting files using commands similar to the ones below.

Installing the root certificate of the certification authority:

<название файла>.cer -store uRoot

Setting up a certificate revocation list:

/opt/cprocsp/bin/amd64/certmgr -inst -crl -file ~/Downloads/<название файла>.crl

Installing an intermediate certificate chain:

/opt/cprocsp/bin/amd64/certmgr -inst -cert -file ~/Downloads/<название файла>.p7b -store CA

Installing a certificate from a root token:

/opt/cprocsp/bin/amd64/certmgr -inst -cont "<путь к контейнеру, начинающийся на \\.\>" -store uMy

You can find out more about the certmgr program.

Note. Most often, the .cer extension corresponds to a certificate, and .p7b to a container that can contain one or more certificates (for example, their chain).

Installation of CryptoPro Fox

CryptoPro Fox- a version of the Firefox browser that can work with CryptoPro.

• Download the browser from the CryptoPro website by selecting “Download CryptoPro Fox 45 for 64-bit Linux (CentOS 6.6+)”.
• Unzip the received package.
• Run the program cpfox.

To make it easier to work with CryptoPro Fox, you can create a shortcut to launch it on your desktop:

• Right-click on the table.
• Select an item Create → Application link.
• In the window that opens, on the tab Application specify the launch command and the name of the shortcut.

To check the installation is correct, try opening the website https://cpca.cryptopro.ru. If everything is ok, you will see the following:

Regular Firefox will not be able to open this address:

Notes

To work with other media, you need to install support modules for the corresponding devices. Module names: cprocsp-rdr-<название_устройства> . Such modules include (cprocsp-rdr-) emv, esmart, inpaspot, mskey, jacarta, novacard, rutoken.

Downloaded packages must be unzipped:

Then use the command to install packages:

sudo sh install_gui.sh

This will open a terminal with the ability to install via GUI.

It's better to install packages manually:

sudo dpkg -i lsb-cprocsp-devel_4.0.0-5_all.deb

sudo dpkg -i cprocsp-curl-64_4.0.0-4_amd64.deb

sudo apt-get install libpangox-1.0-dev

sudo dpkg -i cprocsp-rdr-gui-gtk-64_4.0.0-4_amd64.deb

sudo dpkg -i cprocsp-rdr-rutoken-64_4.0.0-4_amd64.deb

sudo dpkg -i ifd-rutokens_1.0.1_amd64.deb

sudo dpkg -i lsb-cprocsp-base_4.0.0-4_all.deb

sudo dpkg -i lsb-cprocsp-capilite-64_4.0.0-4_amd64.deb

2. Download the Rutoken administration utility from the link: https://www.rutoken.ru/support/download/drivers-for-nix/

Direct link: https://www.rutoken.ru/support/download/get/rtDrivers-x64-deb.html

In order to install Rutoken drivers for Linux (Ubuntu), download the installation file. After completing the installation process, connect Rutoken to your computer.

2.1 Install into the system.

For deb-based systems (Debian, Ubuntu, Linux Mint, etc.) this is the libccid library no lower than 1.3.11, pcscd and libpcsclite1 packages. To install the specified packages, launch a terminal and run the command:

sudo apt-get install libccid pcscd libpcsclite1

After installing the Rutoken administration utility package:

sudo dpkg -i ifd-rutokens_1.0.4_amd64.deb

Installation information

3.2 Unzip the packages using the command:

3.3 Install packages using the appropriate command:

Information on possible problems:

If problems or errors arise during installation, run: dpkg --force-overwrite -i<имя пакета>.deb

The problem occurred with the package below, it can be resolved by entering the command into the terminal:

dpkg --force-overwrite -i cprocsp-pki-cades_2.0.0_amd64.deb

Install alien package:

sudo apt-get install alien

Perform installation:

sudo alien -kci cprocsp-pki-2.0.0-amd64-cades.rpm

sudo alien -kci cprocsp-pki-2.0.0-amd64-plugin.rpm

If necessary, distribute rights to packages using commands in the terminal:

sudo chmod 777<имя пакета>.deb

For installation packages:

sudo chmod 777 cprocsp-pki-2.0.0-amd64-cades. deb

sudo chmod 777 cprocsp-pki-2.0.0-amd64-plugin. deb

3.4 You also need to do:

sudo dpkg -i cprocsp-pki-2.0.0-amd64-cades .deb

sudo dpkg -i cprocsp-pki-2.0.0-amd64-plugin .deb

It is better to obtain the certificate manually through the terminal, since there is no ActiveX support in UNIX

/opt/cprocsp/bin/amd64/csptest -keyset -enum_cont -fqcn -verifyc

sudo /opt/cprocsp/bin/amd64/csptest -keyset -newkeyset -provtype 80 -cont "\\.\HDIMAGE\Test"

/opt/cprocsp/bin/amd64/cryptcp -creatrqst -dn "INN=007814508921, [email protected], C=RU, CN=Akhunov Azat AAa, SN=Akhunov" -nokeygen -both -ku -cont "Test" cert.req

Contents of the received file cert.req, enter https://www.cryptopro.ru/certsrv/certrqxt.asp and download the resulting certificate. We add it to our container

sudo /opt/cprocsp/bin/amd64/certmgr -inst -store uRoot -file certnew.p7b

4. Certificate of test signature key, which can be obtained on the test center page, at the link: https://www.cryptopro.ru/certsrv/certrqma.asp

4.1 Click the issue button and it is necessary that Rutoken be connected to the device to which the key and certificate are issued.

Select Rutoken device:

Enter the PIN code on the Rutoken device, standard passwords for the container are 87654321 or 12345678.

Generate random numbers by pressing keys and moving the mouse over this window:

4.2 Check the successful installation message.

5. Checking the plugin in the browser

Google Chrome Version 61.0.3163.79 (Official build), (64 bit)

You can check the certificate key using the link: https://www.cryptopro.ru/sites/default/files/products/cades/demopage/simple.html

6. When signing in the RMIS system, a confirmation window appears with the choice of certificate:

6.1 You must select a certificate and press the button. Subscribe.

6.2 A notification about successful signing will be issued: Completed! The report has been successfully signed.

Where possible, use the Upload button to upload the selected signed document.

Uploading file Installing and configuring digital signature via CryptoPro CSP on Linux (Ubuntu) , which needs to be unzipped.

A signed protocol file can be verified through the application tools VipNet CryptoFile (Windows) , click in the Open application and select open the signed file in the format .pdf and select the protocol in the format .sig example:

6.3 Generate a report: Crypto-Pro GOST R 34.10-2001 Cryptographic Service Provider

Electronic signature verification report

Report generation time: 01.03.17 22:54

• Files checked: C:/Users/skygb/Downloads/protocol.sig and C:/Users/skygb/Downloads/protocol.pdf

• EP: TRUE

(KETsP, KEP). CIPF is certified by the FSB and complies with the updated standard for the formation and verification of digital signatures - GOST R 34.10-2012.

Currently there are three current versions of this software - 3.8, 4.0 and 5.0. The v.3.8 certificate expires in September of this year. Release 5.0 with an expanded set of options at the end of July 2019 has not yet been certified and is used in test mode. Version 4.0 is regularly updated and is currently the 4th certified build of this release (R4).

The cryptographic utility operates on a wide range of operating systems, and each of them has its own specific nuances. In this article we will look in detail at the features of using Crypto Pro for Linux, Windows and Mac OS.

We will help you obtain an electronic signature. We will install and configure in 1 hour.

Leave a request and receive a consultation within 5 minutes.

CryptoPro for Windows 10

CIPF for Windows is applicable to most areas of electronic document management that require legally significant certified information (CEDS):

• information state portals (, ESIA, etc.);
• submission of online reports to the Federal Tax Service, Pension Fund, Social Insurance Fund;
• online platforms for government orders, etc.

Adding certificates via CryptoPro

Resume

Based on the analysis of the three most popular systems, we can conclude that Windows is considered the most convenient OS for implementing a CPU in Crypto Pro. To download the crypto provider, you do not need any special knowledge or skills; you just need to follow the instructions from the developer. There is a large selection of products for document certification: special utilities from CryptoPro, for example, Office Signature, separate programs (CryptoArm) or online services (Crypto Contour).