CryptoPro CSP

Product Description

CryptoPro CSP is a cryptographic software package which implements the Russian cryptographic algorithms developed in accordance with the Microsoft - Cryptographic Service Provider (CSP) interface.


CryptoPro CSP has a Federal Security Service certificate of conformance.


The integration of the CryptoPro CSP with MS Windows operating system allows the use of standard products.

The accordance with the Microsoft CSP interface allows for easy integration into applications by different vendors, which support this interface.

Support for  digitally signed  XML documents using XMLdsig for Windows (MSXML5, MSXML6) allows for the use of Russian cryptographic algorithms in the Microsoft Office InfoPath - a component system of Microsoft Office.


For easy and portable integration of cryptographic functions on the Unix platforms, the program interface similar to the Microsoft CryptoAPI 2.0 specifications is provided. This interface allows for the use of the high-level functions to create cryptographic messages (encryption, digital signature), building and verifying the chain of certificates, generating keys and processing the messages and certificates.


  • CryptoPro TLS supports the TLS (SSL) protocol of on all platforms.
  • CryptoPro CSP can be used  with the Oracle E-Business Suite, Oracle Application Server, Java and Apache applications, via the products of the Crypto-Pro company partners.
  • Supports windows domain authentication using smart cards (USB tokens) and X.509 certificates.
  • The usage of CryptoPro CSP in email applications, as well as in MS Word and Excel products.
  • CryptoPro CSP  includes a kernel mode driver for all platforms, which allows for the use of cryptographic functions (encryption/decryption, signing , hashing) in kernel mode applications.
  • The private keys can be stored in various type of mediums, such as HDD, smart cards etc.

Implementation of CryptoPro CSP

The hierarchical architecture of the Cryptographic Functions in the Windows Operating System allows for the use of the Russian cryptographic algorithms implemented in CryptoPro CSP at all possible levels.

Implementation at the Crypto API 2.0 Level

CryptoPro CSP can be used in application software (as can any other cryptoprovider supplied with the Windows operating system) using the Crypto API 2.0 interface, a detailed description of which is provided in the MSDN (Microsoft Developer Network) program documentation. In such cases the method for selecting the algorithm for the application software can be determined by the user’s/sender’s public-key-algorithm identifier which is contained in the X.509 certificate.

Implementation at the Crypto API 2.0 level provides the ability to use a wide range of functions which solve most problems related to the presentation (formats) of various cryptographic communications (signed, encrypted) by means of the presentation of public keys as digital certificates and by means of the storage and retrieval of certificates in various directories including LDAP.

The functions of CryptoPro CSP allow for the full implementation of presentation and exchange of data in compliance with international recommendations and the Public Key Infrastructure.

Implementation at the CSP Level

CryptoPro CSP can be used directly in an application program by loading the module using the Load Library function. With this in mind the package includes a Programmer’s Manual describing the various sets of functions and the test software. With this type of implementation only a limited set of low-level cryptographic functions corresponding to the Microsoft CSP interface are accessible to the software.

Using Com Interfaces

CryptoPro can be used with COM interfaces developed by Microsoft.

  • CAPICOM 2.0
  • Certificate Services
  • Certificate Enrollment Control

Certificate Enrollment Control

The COM interface Certificate Enrollment Control (implemented in the file xenroll.dll) is designed for the use of a limited number of Crypto API 2.0 functions related to key generation, certificate requests and the processing of certificates received from the Certification Authority using the programming languages Visual Basic, C++, Java Script, VBScript and the development environment Delphi.

It is this interface that is used by the various Certification Authorities (Versign, Thawte, ect.) in the producing of user certificates on the Windows platform.


CAPICOM (implemented in the file capicom.dll) offers the COM interface that uses the primary functions of CryptoAPI 2.0 . This component is an extension of the existing COM Certificate Enrollment Control interface (xenroll.dll) which is implemented by the client functions responsible for key generation, certificate requests and interchange with the certification authority.

With the release of this component the use of digital-signature generation and verification functions, functions responsible for the construction and verification of sequences of certificates and functions responsible for interaction with different directories (including the Active Directory) with Visual Basic, C++, JavaScript, VBScript and the development environment Delphi became possible. Using CAPICOM it is possible to implement the operation of the “thin” client within the browser Internet Explorer’s interface.

The component CAPICOM is freeware and is included as part of the Micrsoft Platform SDK Developer’s redistributable toolbox.

More detailed information on the CAPICOM interface is available on the server The distributive for the interface and sample applications are available in the CD in the directory “\REDISTR\CAPICOM 2.0”

Certificate Services

Certificate Services include several COM interfaces which allow the user to alter the functionality of the Certification Authority built-in to the Windows Server operating system. Using these interfaces it is possible to:

  • Process certificate requests from users.
  • Alter the composition of X.509 addendums recorded in certificates issued by the authority.
  • Determine additional means of publication (storage) of certificates issued by the authority.

Using TLS Protocol in Application Software

Aside from its use in the Internet Explorer interface, the TLS protocol can also be used by application software along with CryptoPro CSP for the authentication and protection of data transmitted according to its own private protocols based on TCP/IP and HTTPS.

For the implementation of the TLS protocol WebClient and WebServer sample implementations are included in the set of samples provided with the platform SDK.

Sample Applications of Cryptographic Security Tools

Test software, including sample invocations of the primary functions of Crypto API 2.0 is provided with CryptoPro CSP. These samples are found in the directory (“\SAMPLES\csptest”). A large number of sample applications of Crypto API 2.0, CAPICOM and Certificate Services functions are offered in the Microsoft Docs and in the Platform SDK developer’s toolbox.

A conference on issues surrounding the use of cryptographic functions and public-key certificates is held on the CryptoPro server (


CryptoPro CSP makes possible the use of reliable, certified cryptographic information-security tools as components of the wide range of tools and software of the Microsoft Corporation for the implementation of secure document flow and E-commerce based on the Public-Key infrastructure and in compliance with international recommendations X.509.


User login

Follow us