Is it possible to simultaneously use 2 different GOST crypto-providers on one machine? For example, CryptoPro CSP and SignalCOM CSP or Tumar CSP. If not, what is the reason?

  • I would like to know the status of the problem at the moment? Maybe something has changed for the better? - Simix

2 answers 2

A quick inspection of Google gave me this:

I addressed it to the technical support of Signal-KOM, a response was received that the CryptoPro CSP and Signal-COM CSP crypto-providers did not get along on one operating system, they had already been tested. Each crypt provider must be installed on a separate operating system. (source: http://www.cryptopro.ru/forum2/default.aspx?g=posts&t=7057 )

  • I would like to know the status of the problem at the moment? Maybe something has changed for the better? I know that Crypto Pro and VipNet can work together. Why, in other cases, collaboration is unsuccessful. - Simix
  • IMHO, it’s best to request this information from suppliers or software technical support - TheSpbra1n
  • Suppliers are usually only responsible for their product and are advised to simply remove what disturbs them - Simix
  • I think it’s worth asking anyway, especially in the answer given, I quoted the answer of the technical support and judging by it - they still check compatibility. Try it. - TheSpbra1n

If not, what is the reason?

There is an assumption - the reason for the simplicity of the implementation of client software, which always uses the default implementation of the cryptoalgorithm.

Read the article http://rsdn.ru/article/crypto/cspsecrets.xml

Where there is such text and code:

The following code sets the default provider for a particular type.

#define YOUR_PROV_NAME "MY_PROV" #define YOUR_PROV_TYPE 75 rc = CryptSetProvider( YOUR_PROV_NAME, YOUR_PROV_TYPE );

If two crypto-providers install themselves when they are installed — the default crypto-provider for a particular type, then they will fail.

This is both good and bad:

  • On the one hand, good. In the client software, sometimes the ID of the crypto-provider is set in the code (not configurable) and if the user using CryptoPro installs SignalCOM, his software will not notice the difference and will work as before.
  • On the other hand, bad. If the user uses several CSPs, they conflict, then who is the last one installed is the CSP implementing the GOST.

For example, there is such a constant in WinCryptEx.h: var PROV_GOST_2001_DH = 75 , after installing CryptoPro it corresponds to the Crypto-Pro GOST R 34.10-2001 Cryptographic Service Provider .

There is also a constant PROV_GOST_DH = 2 , after installing VipNet, it corresponds to the ViPNet Cryptographic Service Provider

According to the article http://v8.1c.ru/edi/edi_app/1c-taxcom/faq/?printversion=1 :

  • CryptoPro CSP: "Crypto-Pro GOST R 34.10-2001 Cryptographic Service Provider" (type 75),
  • ViPNet CSP: "Infotecs Cryptographic Service Provider" (type 2),
  • Signal-COM CPGOST Cryptographic Provider (type 75);
  • LISSI-CSP (type 75).

Thus, ViPNet does not conflict with Crypto-Pro. But Signal-COM conflicts with CryptoPro CSP if the client software always uses the default implementation of the algorithm and cannot choose between crypto-providers.

Conclusion - it is necessary to write custom client software or to make such cryptographic providers, whose type will not be 2 and not 75 , but with some other value.