TVs. Consoles. Projectors and accessories. Technologies. Digital TV

Cryptopro copy the key to the registry and end the session. Copying using CryptoPro CSP. How to copy digital signature from the registry to a flash drive

Hi all! Since I work in the government. institution, I could not avoid using the program for working with cryptokeys “CryptoPro”. Now everything seems simple and quite logical to me, but at the beginning of my career I had many questions about using this program.

Read about how to copy the Crypto Pro key container and install personal certificate user

I think many people know about the well-known sites zakupki.gov and bus.gov... the first is used for posting applications for electronic trading, and the second is for posting information about the organization, however, both require the user’s electronic signature, and it can only work if you have Crypto Pro.

When you generate an electronic signature, it is MANDATORY! should be saved to external media, but this may not always be convenient and not always reliable. Unfortunately, many organizations refuse to keep up with the times and still use floppy disks as a digital signature carrier. I don’t think it’s worth explaining that a floppy disk is a very unreliable option for storing information. Therefore, it is better to have a copy of the key, so that if the media fails, you can recover, rather than generate a new one, because if a new one is generated, you will have to wait for the certificate (At least one day).

When else might this be needed? For example, your chapter. boom a bunch of electronic signatures (ours has 4 of them) and constantly sticking one by one is not always convenient, and the confusion is constant, so all these keys can be copied to the registry of your computer, and the real keys can be hidden away in a safe. Of course, you need to understand that having the keys in the registry, you don’t need the key itself to sign a document - you only need access to the computer where they are installed, so it’s a must! when copying, set a password key container

Let's begin. Launching CryptoPros CSP (issued by your local treasury office) and go to the “Service” tab, click the “Copy…” button

In the next window we should click “Browse” and select the location of our key container, in my case it is a USB flash drive that has the letter F in the system (Drive F)

Now that the container has been selected, we proceed to the process of copying it, make sure that you have selected the correct key and click “Next”

Enter his name

And indicate where to copy it, in my case I copied it to the registry so as not to paste it every time...

If you copied the key to the registry like I did, be sure to create a password!

That’s all, a copy of the key container has been created on the media specified by you 😉 now let’s move on to the next step...

Unlike regular certificates, our certificate must be associated with a private key, so simply clicking the “Install Certificate” button will not work; installing a certificate in CryptoPro differs from the usual procedure.

Open the program, go to the “Service” tab and click “Install personal certificate...”

Click “Browse” and select the user certificate

...and indicate where our key is located (in my case I selected the key copied to the registry)

Checking that everything is selected correctly

Select the certificate storage “Personal”

We check whether we have done everything correctly and click “Finish”, this completes the installation of the cryptopro certificate.

Electronic document management is entering our lives more and more tightly.
Today this question This concerns not only office employees of enterprises and individual entrepreneurs; working with electronic documents increasingly makes it easier for ordinary citizens to solve everyday problems in everyday life. Of course, with the increasing applicability of electronic documents, the distribution of electronic digital signature, abbreviated as EDS.
It is about increasing the convenience of working with digital signatures that we will discuss further, namely, we will consider how to add EDS key to the CryptoPro registry on the computer.

What is digital signature and private key certificate

Electronic digital signature used in many software products: 1C: Enterprise (and other programs for business or accounting), VLSI++ , Contour.Extern (and other solutions for working with accounting and tax reporting) and others. EDS has also found application in service individuals when resolving issues with government agencies.

EDS- this is a kind of guarantor in the world electronic document management, similar to a regular signature and seals on paper

As with signing paper documents, the signing process electronic media information related to " editing"primary source.

Electronic digital signature of documents carried out by transformation electronic document by using private key owner, this process is called signing the document

To date private key certificates most often distributed either on regular USB flash drives or on special protected media with the same USB interface ( Rutoken , eToken and so on).
At the same time, every time there is a need to sign documents (or identify a user), we need to insert the media with the key into the computer, and then manipulate the certificate. Accordingly, after completing the work, we simply need to remove the media from the computer so that no one else can use our signature. This method is quite safe, but not always convenient.

If you use digital signature at home, then every time connect/disconnect token gets boring quickly. In addition, the carrier will occupy one USB port, which are not always enough to connect all the necessary peripherals.
If you use digital signature at work, then it happens that the certification center issued only one key, and different people must sign documents. Carrying a container back and forth is also not convenient, and there are also cases when Several specialists work with a certificate at the same time.
In addition, both at home and, especially, at work, it happens that on one computer it is necessary to perform actions using immediately multiple digital signature keys.

It is precisely in cases where the use of a physical certificate medium is inconvenient that you can register the digital signature key in the CryptoPro registry(you can read more about the Windows registry in a general sense in the corresponding article: Changing Windows registry settings) And use the certificate without connecting the media to the computer's USB port.

Adding a Registry reader to CryptoPro CSP

First of all, in order for our CryptoPro to be able to work with locally registered keys, we need to add the very version of such a reader.

In order to set the new media type in the CSP utility, run the program as an administrator with the right mouse button or from the menu of the utility itself on the General tab

Now go to the Hardware tab and click on the button Configure readers...
If there is no option in the window that opens Registry, then to display it here, click on the Add button...

  1. Click the Next button in the first window.
  2. From the list of readers from all manufacturers, select the option Registry and click Next again.
  3. Enter a custom reader name, you can leave the default name. Click Next.
  4. In the last window we see a notification that after completing the reader setup, it is recommended to restart the computer. Click the Finish button and reboot the machine yourself.

The first stage is completed. Registry reader added , as evidenced by the corresponding item in the window Reader management (We remind you that this window is called up along the path CryptoPro - Equipment - Configure readers...)

Copying the key to the CryptoPro CSP Registry

To register the key container in local storage, connect the physical media with the key to the computer.

Now run the CryptoPro utility again, open the Service tab and click on the Copy button...
Next in the window Copy Private Key Container Wizards Click the Browse button (or According to the certificate...) and select our key media, confirming the selection with the OK button, then proceed to the next window with the Next button.

In the new window, set an arbitrary friendly name for the key container being created and click the Finish button. Then, to record the key, select the reader type we created earlier Registry, confirming your choice with the OK button.
After confirmation, we need to set a Password for the created key container; by default, most often, a password is used 12345678 , but for more secure operation the password can be set more complex. After entering the password, click on the OK button.

All, key container added to the CryptoPro Registry .

Installing a CryptoPro CSP private key certificate

To complete the setup of signing documents without connecting the key carrier to the computer, all we have to do is install private key certificate from the created media container.

To install a certificate in CryptoPro you need to do the following:

  1. In the CSP utility, on the Service tab, click on the button View certificates in container...
  2. In the window that opens, click on the Browse button, where we select the desired media using the name we specified, confirming the selection with the OK button. Click Next.
  3. In the final window, we check that the certificate has been selected correctly and confirm the decision with the Install button.

Now we have installed Private key certificate from local storage Registry .

Setting up CryptoPro is complete, but you should remember that for many software products will also be required re-register new key in system settings.
After these steps we can sign documents without connecting a key, be it Rutoken, eToken or some other physical medium.

Installing the certificate and private key

We will describe the installation of the certificate electronic signature and private key for OS Windows family. During the setup process, we will need Administrator rights (so we may need a system administrator if you have one).

If you have not yet figured out what an Electronic Signature is, then please read Or if you have not yet received an electronic signature, contact the Certification Center, we recommend SKB-Kontur.

Well, suppose you already have an electronic signature (token or flash drive), but OpenSRO reports that your certificate is not installed, this situation may arise if you decide to configure your second or third computer (of course, the signature does not “grow” to only one computer and it can be used on multiple computers). Usually initial setup carried out with the help of technical support of the Certification Center, but let’s say this is not our case, so let’s go.

1. Make sure that CryptoPro CSP 4 is installed on your computer

To do this, go to the menu Start CRYPTO-PRO CryptoPro CSP run it and make sure that the program version is not lower than 4.

If it is not there, then download, install and restart the browser.

2. If you have a token (Rutoken for example)

Before the system can work with it, you will need to install the necessary driver.

  • Drivers Rutoken: https://www.rutoken.ru/support/download/drivers-for-windows/
  • Drivers eToken: https://www.aladdin-rd.ru/support/downloads/etoken
  • Drivers JaCarta: https://www.aladdin-rd.ru/support/downloads/jacarta

The algorithm is as follows: (1) Download; (2) Install.

3. If the private key is in the form of files

The private key can be in the form of 6 files: header.key, masks.key, masks2.key, name.key, primary.key, primary2.key

There is a subtlety here if these files are written to hard drive your computer, then CryptoPro CSP will not be able to read them, so all actions must be performed by first recording them on a flash drive ( removable media), and you need to place them in a first-level folder, for example: E:\Andrey\(files), if placed in E:\Andrey\ keys\(files), then it will not work.

(If you're not afraid command line, then the removable storage device can be emulated something like this: subst x: C:\tmp will appear new disk(X:), it will contain the contents of the C:\tmp folder, it will disappear after reboot. This method can be used if you plan to install keys in the registry)

We found the files, recorded them on a flash drive, and move on to the next step.

4. Installing a certificate from a private key

Now we need to get a certificate, we can do this as follows:

  1. Opening CryptoPro CSP
  2. Go to the tab Service
  3. Press the button View certificates in a container, press Review and here (if we did everything correctly in the previous steps) we will have our container. Press the button Next, information about the certificate will appear and then click the button Install(the program may ask whether to provide a link to the private key, answer “Yes”)
  4. After this, the certificate will be installed in the storage and it will be possible to sign documents (at the same time, at the time of signing the document, it will be necessary for the flash drive or token to be inserted into the computer)

5. Using an electronic signature without a token or flash drive (installation in the registry)

If speed and ease of use are a little higher for you than security, then you can set your private key to Windows registry. To do this you need to do a few simple steps:

  1. Perform private key preparation described in steps (2) or (3)
  2. Next we open CryptoPro CSP
  3. Go to the tab Service
  4. Press the button Copy
  5. Using a button Review choose our key
  6. Press the button Next, then we’ll come up with some name, for example “Pupkin, LLC Romashka” and press the button Ready
  7. A window will appear in which you will be asked to select the media, select Registry, click OK
  8. The system will ask Set password for the container, come up with a password, click OK

Important Note: the OpenSRO portal will not “see” the certificate if its validity period has expired.

If none of the solutions suggested below fix the problem, the key media may have been damaged and requires recovery (see). It is impossible to recover data from a damaged smart card or registry.

If there is a copy of the key container on another medium, then you must use it for work, having first installed the certificate.

Diskette

If you are using a floppy disk as the key container, you must complete the following steps:

1. Make sure that in the root of the floppy disk there is a folder containing the files: header, masks, masks2, name, primary, primary2. Files must have a .key extension and the folder name format must be xxxxxx.000.

the private key container has been corrupted or deleted

2. Make sure that the “Disk drive X” reader is configured in CryptoPro CSP (for CryptoPro CSP 3.6 - “All removable drives"), where X is the drive letter. To do this:

  • Select the “Start” menu > “Control Panel” > “CryptoPro CSP”;

?).

3. In the CryptoPro CSP window “Selecting a key container”, select the “Unique names” radio button.

4.

  • Select the “Start” menu > “Control Panel” > “CryptoPro CSP”;
  • Go to the “Service” tab and click on the “Remove remembered passwords” button;

5. How to copy a container with a certificate to another medium?).

Flash drive

If as key carrier If you are using a flash drive, you must complete the following steps:

1. Make sure that in the root of the media there is a folder containing the files: header, masks, masks2, name, primary, primary2 . Files must have a .key extension and the folder name format must be as follows: xxxxxx.000 .

If any files are missing or their format is incorrect, then the private key container may have been damaged or deleted. You also need to check whether this folder contains six files on other media.

2. Make sure that the “Disk drive X” reader is configured in CryptoPro CSP (for CryptoPro CSP 3.6 - “All removable drives”), where X is the drive letter. To do this:

  • Select the “Start” menu > “Control Panel” > “CryptoPro CSP”;
  • Go to the “Equipment” tab and click on the “Configure readers” button.

If the reader is missing, you need to add it (see How to configure readers in CryptoPro CSP?).

3.

4. Remove remembered passwords. To do this:

  • Select the “Start” menu > “Control Panel” > “CryptoPro CSP”;
  • Select the “User” item and click the “OK” button.

5. Make a copy of the key container and use it for work (see How to copy a container with a certificate to another medium?).

6. If CryptoPro is installed at your workplace CSP versions 2.0 or 3.0, and Drive A (B) is present in the list of key media, then it must be removed. To do this:

  • Select the “Start” menu > “Control Panel” > “CryptoPro CSP”;
  • Go to the “Equipment” tab and click on the “Configure readers;” button
  • Select the reader “Disk Drive A” or “Disk Drive B” and click on the “Delete” button.

After removing this reader, working with the floppy disk will be impossible.

Rutoken

If a Rutoken smart card is used as a key carrier, you must complete the following steps:

1. Make sure that the light on the rutoken is on. If the light does not light, then you should use the following recommendations.

2. Make sure that the “Rutoken” reader is configured in CryptoPro CSP (for CryptoPro CSP 3.6 - “All smart card readers”). To do this:

  • Select the “Start” menu > “Control Panel” > “CryptoPro CSP”;
  • Go to the “Equipment” tab and click on the “Configure readers” button.

If the reader is missing, you need to add it (see How to configure readers in CryptoPro CSP?).

3. In the “Select a key container” window, select the “Unique names” radio button.

4. Remove remembered passwords. To do this:

  • Select the “Start” menu > “Control Panel” > “CryptoPro CSP” ;
  • Go to the “Service” tab and click on the “Remove remembered passwords” button;
  • Select the “User” item and click the “OK” button.

5. Update support modules required for works by Rutoken. To do this:

  • Disconnect the smart card from the computer;
  • Select the “Start” menu > “Control Panel” > “Add or Remove Programs” (for Windows Vista\Seven “Start” > “Control Panel” > “Programs and Features”);
  • Select “Rutoken Support Modules” from the list that opens and click on the “Delete” button.

After removing modules you need to restart your computer .

  • Download and install latest version support modules. The distribution is available for download on the Aktiv website.

After installing the modules, you must restart your computer.

6. The number displayed in CryptoPro should be increased CSP containers on Rutoken using the following instructions .

7. Update the Rutoken driver (see How to update the Rutoken driver?).

8. You should make sure that Rutoken contains key containers. To do this, you need to check the amount of free memory on the media by following these steps:

  • Open “Start” (“Settings”) > “Control Panel” > “Rutoken Control Panel” (if this item is missing, you should update the Rutoken driver).
  • In the “Rutoken Control Panel” window that opens, in the “Readers” item, select “Activ Co. ruToken 0 (1,2)" and click on the "Information" button.

If the rutoken is not visible in the “Readers” item or when you click on the “Information” button, the message “ruToken memory status has not changed” appears, then the media has been damaged, you need to contact the service center for an unscheduled key replacement.

  • Check what value is indicated in the line “Free memory (bytes)”.

As a key carrier in service centers root tokens with a memory capacity of about 30,000 bytes are issued. One container takes up about 4 KB. The amount of free memory of a rootken containing one container is about 26,000 bytes, two containers - 22,000 bytes, etc.

If the free memory of a root token is more than 29-30,000 bytes, then there are no key containers on it. Therefore, the certificate is contained on a different medium.

Registry

If the Registry reader is used as a key medium, you must perform the following steps:

1. Make sure that the “Register” reader is configured in CryptoPro CSP. To do this:

  • Select the “Start” menu > “Control Panel” > “CryptoPro CSP”;
  • Go to the “Equipment” tab and click on the “Configure readers” button.

If the reader is missing, you need to add it (see How to configure readers in CryptoPro CSP?).

2. In the “Select a key container” window, select the “Unique names” radio button.

3. Remove remembered passwords. To do this:

  • Select the “Start” menu > “Control Panel” > “CryptoPro CSP”;
  • Go to tab « Service" and click on the "Delete remembered passwords" button;
  • Select the “User” item and click the “OK” button.

To install, you will need a certificate file (a file with the .cer extension). To install a certificate, just follow these steps: Select “Start” / “Control Panel” / “CryptoPro CSP”. In the window “Properties of CryptoPro CSP” go to tab "Service" and click on the button "Install personal certificate"(see Fig. 1). Rice. 1. “CryptoPro CSP Properties” window In the window "Certificate Import Wizard" press the button "Next". In the next window, click on the button "Review" to select the certificate file (see Figure 2).
Rice. 2. Window for selecting a certificate file You must specify the path to the certificate and click on the button "Open"(see Fig. 3).
Rice. 3. Selecting a certificate file In the next window, click on the button "Next", in the window "Certificate for viewing" click on the button "Next". Choose "Review" to indicate the corresponding private key container (see Figure 4).
Rice. 4. Window for selecting a private key container Specify the container corresponding to the certificate and confirm the selection using the button "OK"(see Fig. 5).
Rice. 5. Window for selecting a key container After selecting a container, click on the button "Next", check the box next to the inscription “Install certificate into container”(see Fig. 6). In the window "Selecting a certificate store" click on the button "Review"(see Fig. 6).
Rice. 6. Selecting a certificate store You must select a store "Personal" And



Share with friends:
Related publications