CryptoPro CSP is intended for:

• authorization and ensuring the legal significance of electronic documents when they are exchanged between users, through the use of procedures for generating and verifying an electronic digital signature (EDS) in accordance with domestic standards GOST R 34.10-94, GOST R 34.11-94, GOST R 34.10-2001;
• ensuring confidentiality and integrity control of information through its encryption and imitation protection, in accordance with GOST 28147-89; ensuring the authenticity, confidentiality and spoofing of TLS connections;
• integrity control, system and application software to protect it from unauthorized changes or from violation of the correct functioning;
• management of key elements of the system in accordance with the regulation of protective equipment.

Peculiarities:

• Built-in support for Winlogon
• CryptoPro CSP 3.6 includes a Revocation Provider that works through OCSP responses
• Implemented support for the x64 platform Implemented the EAP/TLS protocol
• The external CIPF interface has been expanded to provide work with a functional key carrier (FKN), key negotiation for use in IPSec protocol implementations, work with other applications
• The possibility of using the GOST R 34.10-94 standard is excluded

Implemented algorithms:

The hash function generation algorithm is implemented in accordance with the requirements of GOST R 34.11 94 "Information technology. Cryptographic information protection. Hashing function".

EDS generation and verification algorithms are implemented in accordance with the requirements:

• GOST R 34.10 94 "Information technology. Cryptographic protection of information. Electronic digital signature system based on an asymmetric cryptographic algorithm";
• GOST R 34.10 94 and GOST R 34.10-2001 "Information technology. Cryptographic protection of information. Processes of formation and verification of electronic digital signature".

The data encryption/decryption algorithm and the calculation of the imitation insert are implemented in accordance with the requirements of GOST 28147 89 "Information processing systems. Cryptographic protection".

When generating private and public keys, it is possible to generate them with different parameters in accordance with GOST R 34.10-94 and GOST R 34.10-2001. When generating a hash function value and encryption, it is possible to use various replacement nodes in accordance with GOST R 34.11-94 and GOST 28147-89.

Main characteristics:

Length of digital signature keys:

• private key - 256 bits;
• public key:
• 512 bits when using the GOST R 34.10-2001 algorithm
• 1024 bits when using the GOST R 34.10-94 algorithm

Length of keys used in encryption:

• private key - 256 bits;

• Public key:

  • 512 bit based on GOST R 34.10-2001 algorithm
  • 1024 bits based on GOST R 34.10-94 algorithm
• symmetric key - 256 bits;

Key media types:

• diskette 3.5";
• MPCOS-EMV processor cards and Russian smart cards (Oscar, RIK) using smart card readers supporting PC/SC protocol (GemPC Twin, Towitoko, Oberthur OCR126, etc.);
• Touch-Memory tablets DS1993 - DS1996 using Accord 4+ devices, Sobol electronic lock or Touch-Memory DALLAS tablet reader (Windows version only);
• electronic key with USB interface;
• removable media with USB interface;
• Windows registry;
• Solaris/Linux/FreeBSD OS files.

Supported UNIX-like operating systems

Supported Algorithms

* - up to CryptoPro CSP 3.6 R2 (build 3.6.6497 dated 2010-08-13) inclusive.

CryptoPro CSP License Terms

When buying CryptoPro CSP, you get a serial number that you need to enter during the installation or program setup process. The key validity period depends on the selected license. CryptoPro CSP can be distributed in two versions: with an annual license or perpetual.

Having bought perpetual license, you will receive a CryptoPro CSP key, the validity of which will not be limited. If you buy an annual license, you will receive a serial number CryptoPro CSP, which will be valid for a year after purchase.

Question from user: Salex007

Does the electronic signature for bidding work on macbook?

Perminov Nikita Alexandrovich Accredited teacher of the "Sberbank-AST" site, specialist in the field of electronic trading.

New versions of software providing cryptographic protection of information (CryptoPro CSP, CryptoPro EDS Browser plug-in, etc.) support MAC OS. We can download them from the developer's site and install them on your computer running MAC OS, which will give you the opportunity to work with an electronic signature, including those intended for bidding. Restrictions in this case are imposed by trading platforms. The system requirements of most sites, both federal and commercial, require the use of Windows OS and Internet Explorer browser to work with their sites. Normal performance when using other operating systems and browsers is not guaranteed by the site developers. The technical support services of sites and certification centers are also guided by these conditions, so it will be difficult to get advice and assistance in case of problems when working with ES. The best solution would be to use a computer running Windows OS to work with electronic trading platforms. If this is not possible, you can install Windows on a virtual machine (for this you can use, for example, the VirtualBox program). This option may be more convenient in certain cases, but it is extremely unreliable.

Introduction

The field of information technology is developing especially rapidly today. To compete with the majority of market participants, you need to correctly allocate your time and resources. With the advent of the electronic signature, this task becomes feasible. Currently, many services can be obtained without leaving your work computer, having only access to the Internet. All this applies equally to electronic document management. To ensure the confidentiality and integrity of files sent via e-mail, users apply an electronic signature.

Electronic signature in Russia and its features

In modern conditions, it is necessary to carefully protect the transmitted information, which may be of a confidential nature and include personal data and trade secrets. It turns out that the users of the electronic signature are primarily business leaders, managers, as well as designers and programmers. In addition, such employees prefer to have powerful and productive devices in their use. As you know, Apple products are considered the best laptops for graphics work, and executives choose MacBooks because they are light, fast and reliable.

Of course, users can use the encryption and electronic signature tools built into the macOS operating system, but in this case it is impossible to take into account the realities of the Russian information security system. Our country has long been using its own data signature and encryption standards, for example, cryptographic standards GOST R 34.11-2012, GOST R 34.11-94, GOST R 34.10-2012, GOST R 34.10-2001, GOST 28147-89. These cryptographic algorithms are not supported by Apple's operating systems, which can greatly complicate the work with electronic signatures on such devices. However, there is an opportunity to fully use the electronic signature: you need to install and configure additional software.

How can I sign documents on macOS according to GOST?

At the moment, the Russian market for products for working with electronic signatures is not as rich as users would like. Finding a convenient and understandable program that would allow you to work with an electronic signature and encrypt according to GOST on macOS is difficult. For this reason, many still need to have an additional Windows computer, and some even hesitate to transfer their work to Apple laptops.

However, the Trusted eSign GOST product from Tsifrovye Tekhnologii can improve the situation. The developers offer users for whom work on a MacBook is critical to install Trusted eSign GOST as additional software. This program for working with an electronic signature allows you not to abandon the familiar macOS and at the same time use Russian cryptographic algorithms.

Figure 1. The interface of the Trusted eSign application is clear and simple

Previously, we already did a review in which we described the capabilities of the product, its system requirements, advantages and disadvantages. Its undoubted advantage is its graphical interface, ease of installation and configuration. It should be noted that the product is included in the register of domestic software. Its functionality:

• Working with an electronic signature: the ability to sign many types of documents, create and verify an electronic signature of the CMS standard.
• Encryption and decryption of files: encrypting data to recipient certificates, archiving files before encryption, deleting source files after encryption, installing keys and certificates according to PKCS#8 and x.509 v3 standards.
• Work with certificates: import of new and export of registered certificates.

Installing Trusted eSign GOST on macOS

The process of installing and initially configuring the Trusted eSign program on the macOS operating system does not require any special knowledge from the user and consists of a few simple steps:

• Installing the CryptoPro CSP application
• Installing the Trusted eSign GOST app
• Adding a license for Trusted eSign GOST
• Installing the certificate and private key to the local store
• Installing a CA certificate

Now let's look at these steps in more detail. First of all, it is recommended install CryptoPro CSP software, as Trusted eSign cannot be launched without it. You can install CryptoPro CSP through the graphical interface, or by using a number of console commands with administrator rights under the root account or using the sudo command. If you install CryptoPro on a MacBook for the first time, the user has 3 months of free use.

Figure 2. List of packages available when installing CryptoPro CSP

The next step is Trusted eSign installation, also with administrative rights, during which you need to follow the instructions of the wizard, and upon completion, you can run the program.

Figure 3. Trusted eSign installation can be run in graphical mode

To perform decryption and file signing operations in Trusted eSign, you must add information about the purchased license. These actions are available from the main menu, on the "License" tab, and there are two ways to do this:

• load license key from file;
• enter the license number manually.

If the certificate and private key are already on the token, then to work with it, you need to install the certificate in the local store. For this:

• We connect the reader to the MacBook.
• Find out the device name using the command: /opt/cprocsp/bin/csptest -card -enum.
• Add the reader using the device name from the previous step: sudo /opt/cprocsp/sbin/cpconfig -hardware reader -add "device_name".
• Run the command to view available containers: /opt/cprocsp/bin/csptest -keyset -enum_cont -fqcn –verifyc.
• Copy the required certificate from the token: /opt/cprocsp/bin/certmgr -inst -cont "\\.\"device_name\<контейнер>".

To work with certificates through the Trusted eSign program, namely to check their status, you need to install a certification authority (CA) certificate, or a chain of certificates, if required, and a list of revoked certificates. To perform these actions, the user will need the following commands:

• To install the CA root certificate: /opt/cprocsp/bin/ /certmgr -inst -cert -file<название файла>.cer -store uRoot.
• To install the chain of intermediate certificates: /opt/cprocsp/bin/ /certmgr -inst -cert -file<название файла>.p7b -store CA.
• To set the list of revoked certificates: /opt/cprocsp/bin/ /certmgr -inst -crl -file<название файла>.crl

Electronic signature Trusted eSign GOST on macOS Sierra

After all the preliminary steps are completed, you can proceed to sign the necessary documents. To do this, in the main menu of the program, select the "Electronic signature" section.

The Trusted eSign interface is divided into three main work areas:

• Field for selecting a signing certificate
• Field with electronic signature settings
• Field for adding files

Thus, in order to sign any document, the user only needs to fill in each field in sequence, namely:

• Add an electronic signature certificate. If documents have already been signed earlier in this program, Trusted eSign will save the certificate data and all that remains is to check whether the correct certificate is selected.
• Enter the necessary signature settings. The user can change the encoding, as well as the ability to add the file signature time and save the signature separately from the document.
• Add files for signing. This can be done both through the program interface by clicking on the "Add" button, or by simply transferring the necessary files to the field for adding documents.
• Click "Sign".

Figure 4. After the files have been added and all changes have been made, you can sign the document

It is noteworthy that when signing a document, you do not need to switch between windows or tabs of one program. For example, complete information about the certificate and the signature algorithm can be viewed in the certificate selection window.

Figure 5. When choosing an electronic signature certificate, you can view information about the certificate and the signature algorithm in the same window

When you need to find out information about the signer certificate of an existing document, the user in the same workspace adds the received file and clicks the "Check" button. At the same time, a field with information about the certificate and a certification chain will be presented on the left side of the Trusted eSign window.

Figure 6. To view information about the signer's certificate in Trusted eSign, you can click the "Check" button

conclusions

Apple devices are most often used in their work by company executives, managers, designers and programmers, for whom reliability and performance are an important aspect when choosing a laptop. Despite this, not all developers of programs for working with electronic signatures can provide a convenient application with a graphical interface. The Trusted eSign program is an exception. Its simplicity, concise and well-thought-out window for the user's work allow us to conclude that the vendor is thinking about its customers and how to reduce the time required to get acquainted with a new product.

In life, everyone has situations when you need to send somewhere far, far away a document with a regular signature (stroke). Usually people drive or mail a paper letter. But it is not necessary to suffer like this - it is quite possible to impose your signature on a digital document without much effort.

How to add a signature (sign as in a passport) to an electronic document on Mac (macOS)

1. Launch the application View.

2. Consistently choose Tools → Add note → Signature → Manage Signatures.

There are two ways to create a signature

Method number 2. trackpad(we immediately warn you - the mouse will not work). Ideally, in order to get a quality signature, it is best to use a stylus.

Many signature options can be added to the system. To remove unnecessary ones, click on the annotation button in the menu or follow the path again Tools → Add note → Signature → Manage Signatures, and then click on the gray cross next to the signature to delete it.

How to add a signature to an electronic document (image, PDF, etc.)

1. Open a PDF file or any other image that needs to be signed.

2. On the toolbar, click on the icon that opens the Markup additional panel (see screenshot below) or select from the menu bar Tools → Add note → Signature.

2. Click on the signature icon.

3. You will see the signature you created earlier. Click on it to insert an image with it into your document.

4. The signature will be inserted as a large picture in the center of the page. You can move it to the desired location and reduce its size (to do this, drag one of the corners).

5. After the document is "signed", you can safely close it - your signature will be saved automatically.

Note: it is no longer possible to remove a signature from a document after it has been closed.