Using CryptoPro TSP. Crypto-Pro CryptoPro TSP Client (certificate for annual technical support), at the workplace EDS validity extension

CryptoPro TSP Client is designed to access time stamp servers using the TSP protocol over HTTP, work with requests for stamps and time stamps themselves.

CryptoPro TSP Client is a software interface (library) for working with time stamps and has no other user interface. Therefore, CryptoPro TSP Client does not have a dedicated distribution kit. Its installation must be done in conjunction with the installation of the product that uses its programming interface. Modules for integrating CryptoPro TSP Client into the installation package of another product are included in the CryptoPro TSP SDK developer toolkit along with the corresponding manual.

OS

CryptoPro TSP Client operates on the following operating systems:
  • Microsoft Windows 2000 / XP / 2003 / Vista / 2008 / W7 / 2008 R2,
  • Linux operating systems complying with LSB 3.1 and higher,
  • FreeBSD 7.x and later,
  • AIX 5.3 and 6.x,
  • Solaris 10 and later.

Main characteristics

CryptoPro TSP Client:
  • Implements the TSP protocol over HTTP according to RFC 3161, taking into account the use of Russian cryptographic algorithms.
  • Supports Microsoft timestamps used in Authenticode technology.
  • Can be configured using group policies. For a list of available policies, see the CryptoPro PKI SDK.
  • Allows you to access the server using the TLS (SSL) protocol, supports various authentication methods and access through a proxy.
  • Compatible with server applications.
  • Works with any Cryptographic Service Provider (CSP).
  • Provides C ++ and COM interfaces. COM interface can be used in scripts.
  • Includes a low-level interface for working with ASN.1 structures of the TSP protocol and Authenticode technology.
  • Installed using Windows Installer.

How to download?

You can download the CryptoPro TSP Client software from the developer's website https://www.cryptopro.ru/downloads, after completing a preliminary registration and agreeing to the User Agreement of the copyright holder.

"CryptoPro TSP Client" is a software library that provides a software interface for embedding this library into specific application systems for working with time stamps. "CryptoPro TSP Client" does not have a dedicated distribution kit, its installation must be done together with the installation of the product that uses its software interface. Modules for integrating CryptoPro TSP Client into the installation package of another product are included in the CryptoPro PKI SDK developer toolkit along with the corresponding developer's guide.

The "CryptoPro TSP" HSS includes the CryptoPro TSPUTIL application designed to work with time stamps in the command line. This application allows you to create requests for time stamps, get time stamps, save requests and stamps to files, process them. CryptoPro TSPUTIL uses "CryptoPro TSP Client" to perform its functions, and contains this software library in its installation package.

What are time stamps for?

  • Fixing the time of creation of an electronic document. The use of a time stamp allows you to fix the time of creation of an electronic document. To do this, after creating a document, you need to generate a request for a time stamp. The resulting time stamp will provide proof of the existence of the electronic document at the point in time indicated in the stamp.
  • Fixing the time of formation of an electronic digital signature (electronic signature) of an electronic document. The time stamp can be used as evidence that determines the moment of signing an electronic document (1-FZ "On EDS", Article 4; 63-FZ "On EDS", Article 11). To do this, after creating an electronic digital signature (electronic signature) of a document, it is necessary to generate a request for a time stamp. The resulting timestamp will provide proof of the timing of the signature of the electronic document.
  • Fixing the time of execution of any operation related to the processing of an electronic document. A time stamp on an electronic document can be obtained when performing any operation related to its processing, if necessary, fix the time of this operation. For example, a time stamp can be obtained when an electronic document is received from a user to an electronic document management server, or when the document is presented to any user.
  • Long-term storage of electronic documents, including after the expiration of the user's signature verification certificates. The use of time stamps makes it possible to provide proof of the time of formation of an electronic digital signature (electronic signature) of an electronic document. If, in addition, at the time of the formation of the EDS (ES), next to the value of the EDS (ES) and the time stamp, you save the proof of the validity of the certificate (for example, receive and save the OCSP response), then verification of the specified EDS (ES) can be provided at the time of its formation (complete analogy with paper workflow). And such a signature can be successfully verified during the validity period of the Timestamp Service Signature Verification Key. What if the Time Stamp Service certificate expires? The answer is simple: before the expiration of this certificate, obtain another time stamp for the specified document (already using the new private key and the Time Stamp Service certificate): this new stamp will record the time for which the old time stamp service certificate was valid, and will ensure the integrity of this electronic document in case of further storage during the validity period of the new time stamp certificate.

CryptoPro TSP Client is intended for accessing time stamp servers using the TSP protocol over HTTP, working with requests for stamps and with the time stamps themselves.

CryptoPro TSP Client is a software interface (library) for working with time stamps and has no other user interface. therefore CryptoPro TSP Client does not have a dedicated distribution. Its installation must be done in conjunction with the installation of the product that uses its programming interface. Integration modules CryptoPro TSP Client included in the installation package of another product are included in the CryptoPro TSP SDK developer toolkit along with the corresponding manual.

OS

CryptoPro TSP Client functions in the following operating systems:

  • Microsoft Windows XP / 2003 / Vista / 2008 / W7 / 2008 R2 / W8 / 2012 / W8.1 / 2012 R2 / W10,
  • Linux operating systems complying with LSB 3.1 and higher,
  • FreeBSD 7.x and later,
  • AIX 5.3 and 6.x,
  • Apple macOS 10.6 and later.

Main characteristics

CryptoPro TSP Client:

  • Implements the TSP protocol over HTTP according to RFC 3161, taking into account the use of Russian cryptographic algorithms.
  • Supports Microsoft timestamps used in Authenticode technology.
  • Can be configured using group policies. For a list of available policies, see the CryptoPro PKI SDK.
  • Allows you to access the server using the TLS (SSL) protocol, supports various authentication methods and access through a proxy.
  • Compatible with server applications.
  • Works with any Cryptographic Service Provider (CSP).
  • Provides C ++ and COM interfaces. COM interface can be used in scripts.
  • Includes a low-level interface for working with ASN.1 structures of the TSP protocol and Authenticode technology.
  • Installed using Windows Installer.

"CryptoPro TSP Client" is a software library that provides a software interface for embedding this library into specific application systems for working with time stamps. "CryptoPro TSP Client" does not have a dedicated distribution kit, its installation must be done together with the installation of the product that uses its software interface. Modules for integrating CryptoPro TSP Client into the installation package of another product are included in the CryptoPro PKI SDK developer toolkit along with the corresponding developer's guide.

The "CryptoPro TSP" HSS includes the CryptoPro TSPUTIL application designed to work with time stamps in the command line. This application allows you to create requests for time stamps, get time stamps, save requests and stamps to files, process them. CryptoPro TSPUTIL uses "CryptoPro TSP Client" to perform its functions, and contains this software library in its installation package.

What are time stamps for?

  • Fixing the time of creation of an electronic document. The use of a time stamp allows you to fix the time of creation of an electronic document. To do this, after creating a document, you need to generate a request for a time stamp. The resulting time stamp will provide proof of the existence of the electronic document at the point in time indicated in the stamp.
  • Fixing the time of formation of an electronic digital signature (electronic signature) of an electronic document. The time stamp can be used as evidence that determines the moment of signing an electronic document (1-FZ "On EDS", Article 4; 63-FZ "On EDS", Article 11). To do this, after creating an electronic digital signature (electronic signature) of a document, it is necessary to generate a request for a time stamp. The resulting timestamp will provide proof of the timing of the signature of the electronic document.
  • Fixing the time of execution of any operation related to the processing of an electronic document. A time stamp on an electronic document can be obtained when performing any operation related to its processing, if necessary, fix the time of this operation. For example, a time stamp can be obtained when an electronic document is received from a user to an electronic document management server, or when the document is presented to any user.
  • Long-term storage of electronic documents, including after the expiration of the user's signature verification certificates. The use of time stamps makes it possible to provide proof of the time of formation of an electronic digital signature (electronic signature) of an electronic document. If, in addition, at the time of the formation of the EDS (ES), next to the value of the EDS (ES) and the time stamp, you save the proof of the validity of the certificate (for example, receive and save the OCSP response), then verification of the specified EDS (ES) can be provided at the time of its formation (complete analogy with paper workflow). And such a signature can be successfully verified during the validity period of the Timestamp Service Signature Verification Key. What if the Time Stamp Service certificate expires? The answer is simple: before the expiration of this certificate, obtain another time stamp for the specified document (already using the new private key and the Time Stamp Service certificate): this new stamp will record the time for which the old time stamp service certificate was valid, and will ensure the integrity of this electronic document in case of further storage during the validity period of the new time stamp certificate.
mob_info