Вот такая вот программка у меня для теста только что собрана.

extern "C" {
#include "CSP_WinCrypt.h"
}

#include <iostream>
#include <string>
#include <string.h>
#include <wchar.h>
#include <cstdlib>


#define CRYPT_FQCN 0x10
#define CALG_GR3411 \
(ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_GR3411)
#define ALG_SID_GR3411 30
#define ALG_SID_GR3411_HASH 39
#define ALG_SID_GR3411_HASH34 40
#define CERT_TYPE (PKCS_7_ASN_ENCODING | X509_ASN_ENCODING)
#define STORE_NAME L"MY"
#define PROV_TYPE 75


PCCERT_CONTEXT pSignerCert;
HCRYPTPROV hProv;
//+------------------------------------------------------------------+
//| Иницализация по имени сертификата
//+------------------------------------------------------------------+
int Initialization(const wchar_t *wcCertName, const char *wcPIN)
{
std::wstring Cert = wcCertName;
std::string CertName(Cert.begin(), Cert.end());
HCERTSTORE hCertStore = NULL;
CRYPT_KEY_PROV_INFO *pKeyInfo = NULL;
DWORD dwKeyInfo;
//открытие хранилища сертификатов
hCertStore = CertOpenStore(CERT_STORE_PROV_SYSTEM, 0, 0, CERT_SYSTEM_STORE_CURRENT_USER, STORE_NAME);
if (!hCertStore)
{
std::cout << "failed to open store '" << STORE_NAME << "' [" << GetLastError() << "]" << std::endl;
return -1;
}
else
std::cout << "successfully opened store '" << STORE_NAME << std::endl;

//поиск нужного сертификата
pSignerCert = CertFindCertificateInStore(hCertStore, CERT_TYPE, 0, CERT_FIND_SUBJECT_STR, wcCertName, NULL);
if (!pSignerCert)
{
CertCloseStore(hCertStore, 0);

std::cout << "failed to open cert '" << wcCertName << "' [" << GetLastError() << "]" << std::endl;
return -2;
}
else
std::cout << "successfully opened cert '" << wcCertName << std::endl;

//полчение длины информации о ключе
if (!CertGetCertificateContextProperty(pSignerCert, CERT_KEY_PROV_INFO_PROP_ID, NULL, &dwKeyInfo))
{
CertCloseStore(hCertStore, 0);
CertFreeCertificateContext(pSignerCert);

std::cout << "failed get key from cert '" << wcCertName << "' [" << GetLastError() << "]" << std::endl;
return -3;
}
else
std::cout << "successfully get key from cert '" << wcCertName << std::endl;

if (pKeyInfo)
delete[] pKeyInfo;

if (!(pKeyInfo = new CRYPT_KEY_PROV_INFO[dwKeyInfo]))
{
CertCloseStore(hCertStore, 0);
CertFreeCertificateContext(pSignerCert);

std::cout << "failed to allocate key info [" << GetLastError() << "]" << std::endl;
return -4;
}
else
std::cout << "successfully allocated key info " << std::endl;

//полчение информации о ключе
if (!CertGetCertificateContextProperty(pSignerCert, CERT_KEY_PROV_INFO_PROP_ID, pKeyInfo, &dwKeyInfo))
{
CertCloseStore(hCertStore, 0);
CertFreeCertificateContext(pSignerCert);

std::cout << "failed get property from container '" << pKeyInfo->pwszContainerName << "' [" << GetLastError() << "]" << std::endl;
return -5;
}
else
std::cout << "successfully get property from container '" << pKeyInfo->pwszContainerName << "'" << std::endl;

char *wcContainerName = new(std::nothrow) char[wcslen(pKeyInfo->pwszContainerName) + 1];
memset(wcContainerName, 0, wcslen(pKeyInfo->pwszContainerName) + 1);
wcstombs(wcContainerName, pKeyInfo->pwszContainerName, wcslen(pKeyInfo->pwszContainerName));
//подключение к криптопровайдеру с нужным контейнером
if (!CryptAcquireContext(&hProv, wcContainerName, 0, pKeyInfo->dwProvType, /*CRYPT_SILENT*/0))
{
CertCloseStore(hCertStore, 0);
CertFreeCertificateContext(pSignerCert);

std::cout << "failed to connect to provider '" << wcContainerName << "' [" << GetLastError() << "]" << std::endl;
return -6;
}
else
std::cout << "successfully connected to provider '" << wcContainerName << "'" << std::endl;

//ввод ПИН кода контейнера
if (!CryptSetProvParam(hProv, PP_KEYEXCHANGE_PIN, reinterpret_cast<const BYTE*> (wcPIN), 0))
{
CertCloseStore(hCertStore, 0);
CertFreeCertificateContext(pSignerCert);

std::cout << "failed set pin code for container '" << wcContainerName << "' [" << GetLastError() << "]";
return -7;
}
else
std::cout << "successfully set pin code for container '" << wcContainerName << "'" << std::endl;

CertCloseStore(hCertStore, 0);
CertFreeCertificateContext(pSignerCert);
delete [] wcContainerName;
delete [] pKeyInfo;

return 0;
}

int GetHashValue(HCRYPTHASH hHash, BYTE* &hashValue, DWORD &hashLength)
{
DWORD dwHashLenSize = sizeof (DWORD);

if (!CryptGetHashParam(hHash, HP_HASHSIZE, (BYTE *) & hashLength, &dwHashLenSize, 0))
{
std::cout << "failed to get hash param length" << std::endl;
return -11;
}

hashValue = new BYTE[hashLength];

if (!CryptGetHashParam(hHash, HP_HASHVAL, hashValue, &hashLength, 0))
{
std::cout << "failed to get hash param" << std::endl;
return -11;
}

return 0;
}

int HashGet(HCRYPTPROV hProv, HCRYPTHASH &hHash, const BYTE *bMessage, DWORD dwMessage)
{
if (!CryptCreateHash(hProv, CALG_GR3411, 0, 0, &hHash))
{
std::cout << "failed to create hash object" << std::endl;
return -11;
}
//вычисление хэша
if (!CryptHashData(hHash, bMessage, dwMessage, 0))
{
std::cout << "failed to calculate hash" << std::endl;
return -11;
}

return 0;
}

int main()
{
Initialization(L"RegistratorCert", "12345678");

HCRYPTHASH hHashData;
HCRYPTHASH hHashPicture;
HCRYPTHASH hHashAll;
DWORD HashDataLength;
DWORD HashPictureLength;
DWORD HashAllLength;
BYTE *pbData = NULL;
BYTE *pbPicture = NULL;
BYTE *pbAll = NULL;

BYTE bMessage[] = "12345";
BYTE bPicture[] = "67890";
BYTE bSign[64] = {0};
DWORD bwSign = sizeof(bSign)/sizeof(bSign[0]);

if (HashGet(hProv, hHashData, bMessage, 5))
{
std::cout << "failed to get hash of message" << std::endl;

CryptDestroyHash(hHashData);
return -11;
}

if (HashGet(hProv, hHashPicture, bPicture, 5))
{
std::cout << "failed to get hash of picture" << std::endl;

CryptDestroyHash(hHashPicture);
return -11;
}

if (GetHashValue(hHashData, pbData, HashDataLength))
{
std::cout << "failed to get length of hash" << std::endl;

CryptDestroyHash(hHashData);
return -11;
}

if (GetHashValue(hHashPicture, pbPicture, HashPictureLength))
{
std::cout << "failed to get hash" << std::endl;

CryptDestroyHash(hHashPicture);
return -11;
}

pbAll = new(std::nothrow) BYTE[HashDataLength + HashPictureLength];
if(pbAll==NULL)
{
std::cout << "failed to allocate bytes" << std::endl;
return -4;
}

memcpy(pbAll, pbData, HashDataLength);
memcpy(pbAll + HashDataLength, pbPicture, HashPictureLength);

HashAllLength = HashDataLength + HashPictureLength;

if(HashGet(hProv, hHashAll, pbAll, HashAllLength))
{
std::cout << "failed to get hash value of message and picture" << std::endl;

CryptDestroyHash(hHashAll);
return -11;
}

CryptSignHash(hHashAll, AT_KEYEXCHANGE, NULL, 0, NULL, &bwSign);

//подписывание хэша
if (!CryptSignHash(hHashAll, AT_KEYEXCHANGE, NULL, 0, bSign, &bwSign))
{
std::cout << "failed to sign hash" << std::endl;

CryptDestroyHash(hHashAll);
return -11;
}
else
{
std::cout << "Successfully signed hash" << std::endl;
}

delete[] pbData;
delete[] pbPicture;
delete[] pbAll;

CryptDestroyHash(hHashData);
CryptDestroyHash(hHashPicture);
CryptDestroyHash(hHashAll);
}

Выводит следующее на Oracle 6.8 x86_64

[root@PROJECT-64 CryptoPro]# ./Crypto
successfully opened store '0x4029ac
successfully opened cert '0x402cf8
successfully get key from cert '0x402cf8
successfully allocated key info
successfully get property from container '0x895160'
successfully connected to provider 'HDIMAGE\\test.000\2EF8'
successfully set pin code for container 'HDIMAGE\\test.000\2EF8'
failed to sign hash

На AltLinux Ceentaurus 6.0 i686

[root@ador150 CryptoPro]# ./Crypto
successfully opened store '0x804a5d4
successfully opened cert '0x804a5e0
successfully get key from cert '0x804a5e0
successfully allocated key info
successfully get property from container '0x806a464'
successfully connected to provider 'HDIMAGE\\test.000\2EF8'
successfully set pin code for container 'HDIMAGE\\test.000\2EF8'
Successfully signed hash


При этом на Oracle:

[root@PROJECT-64 amd64]# ./csptest -keyset -check -cont '\\.\HDIMAGE\test'
CSP (Type:71) v3.6.5359 KC1 Release Ver:3.6.6497 OS:Linux CPU:AMD64 FastCode:NoHardwareSupport.
CSP (Type:75) v3.6.5359 KC1 Release Ver:3.6.6497 OS:Linux CPU:AMD64 FastCode:NoHardwareSupport.
AcquireContext: OK. HCRYPTPROV: 94263720858083
GetProvParam(PP_NAME): Crypto-Pro GOST R 34.10-2001 KC1 CSP
Container name: "test"

Signature key is not available.
Exchange key is available. HCRYPTKEY: 0x55bb7b9a1413
CryptoPro CSP: Type password for container "test"
Password:
Check key passed.
Certificate in container matches AT_KEYEXCHANGE key.

Keys in container:
exchange key
Total:
[ErrorCode: 0x00000000]


./csptest -keyset -enum_cont -verifycontext -fqcn
CSP (Type:71) v3.6.5359 KC1 Release Ver:3.6.6497 OS:Linux CPU:AMD64 FastCode:NoHardwareSupport.
CSP (Type:75) v3.6.5359 KC1 Release Ver:3.6.6497 OS:Linux CPU:AMD64 FastCode:NoHardwareSupport.
AcquireContext: OK. HCRYPTPROV: 94455263683043
\\.\HDIMAGE\test
OK.
Total:
[ErrorCode: 0x00000000]

[root@PROJECT-64 amd64]# ./cryptcp -delcert
CryptCP 3.33 (c) "Crypto-Pro", 2002-2010.
Command prompt Utility for data protection.
-delcert - Deletes certificates from a specified store.

The following certificate will be used:
RDN:RegistratorCert
Valid from 03.05.2017 14:24:11 to 03.08.2017 14:34:11

Certificate chain aren't checked for this certificate:
RDN:RegistratorCert
Valid from 03.05.2017 14:24:11 to 03.08.2017 14:34:11

Certificate chain aren't checked for this certificate (error code 10000):
Do you want to use this certificate ([Y]es, [N]o, [C]ancel)?


На AltLinux:

[root@ador150 CryptoPro]# /opt/cprocsp/bin/ia32/csptest -keyset -check -cont '\\.\HDIMAGE\test'
CSP (Type:71) v3.6.5359 KC1 Release Ver:3.6.6497 OS:Linux CPU:IA32 FastCode:READY,ENABLED.
CSP (Type:75) v3.6.5359 KC1 Release Ver:3.6.6497 OS:Linux CPU:IA32 FastCode:READY,ENABLED.
AcquireContext: OK. HCRYPTPROV: 135929723
GetProvParam(PP_NAME): Crypto-Pro GOST R 34.10-2001 KC1 CSP
Container name: "test"

Signature key is not available.
Exchange key is available. HCRYPTKEY: 0x81b3c2b
CryptoPro CSP: Type password for container "test"
Password:
Check key passed.
Certificate in container matches AT_KEYEXCHANGE key.

Keys in container:
exchange key
Total:
[ErrorCode: 0x00000000]


[root@ador150 CryptoPro]# /opt/cprocsp/bin/ia32/csptest -keyset -enum_cont -verifycontext -fqcn
CSP (Type:71) v3.6.5359 KC1 Release Ver:3.6.6497 OS:Linux CPU:IA32 FastCode:READY,ENABLED.
CSP (Type:75) v3.6.5359 KC1 Release Ver:3.6.6497 OS:Linux CPU:IA32 FastCode:READY,ENABLED.
AcquireContext: OK. HCRYPTPROV: 135929723
\\.\HDIMAGE\test
OK.
Total:
[ErrorCode: 0x00000000]

[root@ador150 CryptoPro]# /opt/cprocsp/bin/ia32/cryptcp -delcert
CryptCP 3.33 (c) "Crypto-Pro", 2002-2010.
Command prompt Utility for data protection.
-delcert - Deletes certificates from a specified store.

The following certificate will be used:
RDN:RegistratorCert
Valid from 21.08.2013 11:18:17 to 04.10.2014 07:09:41

Certificate chain aren't checked for this certificate:
RDN:RegistratorCert
Valid from 21.08.2013 11:18:17 to 04.10.2014 07:09:41

Certificate chain aren't checked for this certificate (error code 10000):





Выводы абсолютно идентичные! При установке по нашей инструкции! Если поможет - могу дать доступ к машине, только помогите разобраться в чертовщине


p.s. на рабочей машине просроченный сертификат, как вы видите!