Internet Windows Android
Expand
home

Copying the EDS key. How to copy keys from a floppy disk or flash drive to the registry

Electronic document management more and more densely enters our life.
Today, this issue concerns not only office employees of enterprises and individual entrepreneurs, work with electronic documents increasingly facilitates the solution of everyday problems for ordinary citizens and in everyday life. Of course, with the expansion of the use of electronic documents, the distribution of electronic digital signature, in abbreviated form - EDS.
It is about increasing the convenience in working with EDS that will be discussed further, namely, we will consider, how to add an EDS key to the CryptoPro registry on the computer.

What is EDS and private key certificate

Electronic digital signature is used in many software products: 1C: Enterprise (and other programs for conducting business or accounting), VLSI ++ , Contour.extern (and other solutions for working with accounting and tax reporting) and others. Also, EDS has found application in servicing individuals when resolving issues with government agencies.

EDS is, in a way, a guarantor in the world of electronic document management, similar to conventional signatures and seals on paper

As with the signing of paper documents, the process of signing electronic media is associated with " editing"primary source.

Electronic digital signature of documents carried out by converting an electronic document using the owner's private key, this process is called document signing

Today private key certificates most often they are distributed either on ordinary USB sticks, or on special protected media with the same USB interface ( Rutoken , eToken etc).
At the same time, every time when there is a need to sign documents (or user identification), we need to insert the medium with the key into the computer, and then manipulate the certificate. Accordingly, after the completion of the work, it is enough for us to simply remove the medium from the computer so that no one else can use our signature. This method is quite safe, but not always convenient.

If you use EDS at home, then every time connect / disconnect token gets bored quickly. In addition, the carrier will occupy one USB port, which are not always enough to connect all the necessary peripherals.
If you use an EDS at work, then it happens that the key is issued by the certification center alone, and different people must sign documents... It is also not convenient to carry the container back and forth, and there are also cases when several specialists work with the certificate at the same time.
In addition, at home, and especially at work, it happens that on one computer it is necessary to perform actions using immediately multiple digital signature keys.

It is in those cases where the use of the physical medium of the certificate is inconvenient, you can register the EDS key in the CryptoPro registry(you can read more about the Windows registry in general terms in the corresponding article: Changing Windows Registry Settings) and use the certificate without connecting the media to a USB port on your computer.

Adding Registry reader to CryptoPro CSP

First of all, in order for our CryptoPro to be able to work with locally registered keys, it is necessary to add the version of such a reader itself.

To install a new media type in the CSP utility, run the program as administrator with the right mouse button or from the utility menu on the General tab

Now go to the Hardware tab and click on the button Configure Readers ...
If there is no option in the window that opens Registry, then to display it here, click on the Add button ...

  1. Click the Next button in the first window.
  2. From the list of readers from all manufacturers, select the option Registry and click Next again.
  3. Enter an arbitrary name for the reader, you can leave the default name. Click Next.
  4. In the last window, we see a notification that after completing the configuration of the reader, it is recommended to restart the computer. Click the Finish button and reboot the machine yourself.

The first stage has been completed. Reader Registry added , as evidenced by the corresponding item in the window Reader management (we remind you that this window is called along the path CryptoPro - Equipment - Configure readers ...)

Copying the key to the CryptoPro CSP Registry

To register the key container in local storage, we connect the physical medium with the key to the computer.

Now run the CryptoPro utility again, open the Service tab and click on the Copy button ...
Next in the window Copy Private Key Container Wizard click the Browse button (or By certificate ...) and select our key carrier, confirming the selection with the OK button, and then proceed to the next window with the Next button.

In a new window, set an arbitrary friendly name for the key container being created and click the Finish button. Then, to write the key, select the reader type we created earlier. Registry, confirming the selection with the OK button.
After confirmation, we need to set a Password for the created key container, by default, most often they use a password 12345678 , but for a more secure operation, the password can be set more difficult. After entering the password, click on the OK button.

Everything, key container has been added to the CryptoPro Registry .

Installing the CryptoPro CSP private key certificate

At the end of setting up the signing of documents without connecting the key carrier to the computer, we only have to install private key certificate from the container of the created media.

To install a certificate in CryptoPro, you need to do the following:

  1. In the CSP utility on the Service tab, click on the button View certificates in container ...
  2. In the window that opens, click on the Browse button, where, by the name we specified, select the desired medium, confirming the selection with the OK button. Click Next.
  3. In the final window, we check the correctness of the certificate selection and confirm the decision with the Install button.

Now we have installed Private key certificate from local media Registry .

Configuring CryptoPro is complete, but you should remember that many software products will also require overwrite a new key in the system settings.
After the actions taken, we can sign documents without connecting a key, be it Rutoken, eToken or some other physical medium.

To copy a key container:

If the media you want is not available:

Important! To use the created key media, reinstall the certificate from the copied container:

  • Open the menu "Start" - "Control Panel" - "CryptoPro CSP" - "Service" - "View certificates in the container".
  • Click "Browse", mark the desired container, click "OK" and "Next".
  • Click Install.
  • To the question about replacing the certificate, you must answer in the affirmative.
  • Click "Finish" and "Ok".

The installed certificate is now bound to the container it was installed from.

Video tutorial on creating a copy of a key container.

taxcom.ru

How to copy an EDS to a USB flash drive

Copying an EDS from Rutoken or other media to a USB flash drive may be needed to ensure the safety of the signature, for ease of use, or to transfer a copy to a trusted person.

EDS copying from a protected medium is carried out by means of the CryptoPRO CSP program (current version 3.9).

We need:

Copying EDS from Rutoken to a USB flash drive

1. We insert into the computer at the same time a carrier with an EDS (Rutoken) and a USB flash drive.

2. Launch the CryptoPRO CSP program. (all pictures in the instructions are clickable)

3. Open the Service tab

4. Click the Copy ... button.

5. In the window that opens, click the Browse ... button.

6. In the window that opens, click on our certificate (EDS key)

9. Enter the name of the new copy of the EDS, for example - myetsp (copy)

10. Click Finish

11. In the window that opens, select our flash drive by clicking

12. Click OK

13. Enter a new password for the copy, for example, the same 12345678 in both lines

14. Click OK

After that, the window will close, and a folder with a name similar to myetspoc.000 should appear on the USB flash drive - this is a copy of our digital signature. Now this file can be copied to an unlimited number of media or sent by e-mail if necessary.

Be careful and attentive, an electronic digital signature is an analogue of your handwritten signature and seal!

You can set up a workplace for working with digital signatures on trading platforms in automatic mode for free. For more details, follow the link: automatic EDS configuration

good-tender.ru

How to copy certificates in the CryptoPro program

My new post will be devoted to the Crypto Pro program, nothing seems to be complicated, but all the time there are troubles with this software, either because you have to deal with it once or twice a year, or such software, but in general I decided to make a memo for myself and for you.

Task: Provide access to the Kontur Extern program on two machines, well, OK, let's start.

What we have: One already working key on the SD card.

What you need: We need any SD card, a USB flash drive can also be uploaded to the registry, or you can use the so-called RUtoken. I will install on RUtoken, and you can use any of the options.

Yes, one more little remark, if you have a domain computer, then it is better to do all this under an administrator account.

And so let's get started

We find the program in the start menu or control panel,

We launch the program.

Go to the Service tab and click on the Copy button.

Next, we press the Browse button and select the key we need to copy it from me in the Description format. Select it and click Next.

You will need to enter a password of any 8 characters. We type the password and click Next.

In the next window, we need to set the name of the container, (I always use the 2 organizations convenient for me and I use the labeling name-01 and 02, you can also use the organization's TIN for separation.) And then press the Finish button.

Here you will once again need to enter the password for the new container, do the same and click OK.

In the next dialog box, you need to select the medium where to copy our container, I choose RUtoken and you need to select the medium where you are going to install the container.

In general, that's almost all, the key is copied. It remains only to install it for a specific user.

There are two options here:

Option 1.

Go to CryptoPro again, open the service tab and click on the View certificates in container button.

In the dialog box that opens, open the container we need and click the OK button. then click the Next button.

In the next window, click the Install button, if it is not there, then click the Properties button.

In the window that opens, click the Install certificate button. The Certificate Import Wizard will open where you need to click Next.

In the window that opens, leave everything as it is and click Next.

If the certificate is installed successfully, you should see the following dialog box.

Option 2.

Installation through the menu to install a personal certificate.

To install the certificate, we need the certificate file itself, (file with the .cer extension) it is located on the media where we copied it, in my case it is rutokin.

And so, open CryptoPro again, go to the Service tab and click the Install personal certificate button.

In the window that opens, we find this certificate by clicking on the Browse button.

In the next dialog box, check the box next to Find container automatically, after which the program will automatically find the container you need. Then click the Next button.

Then a window may appear with a choice of the location for storing the certificate, you need to select Personal and click OK.

Then a dialog box may appear where you need to click the Yes button.

Then wait for the message about successful installation.

After that, you need to remove your device to which the container with keys refers and insert it back, after the device is found, you can try.

If you have any questions, because in different versions of CryptoPro there may be different changes, then ask leave your comments, I will always be happy to help you.

nn-lab.ru

How to copy a certificate to CryptoPro CSP - Programs and Applications

Programs and Applications

Sometimes there are situations when you need to install a certificate with a key on another computer or make a backup copy of it. When working with USB flash drives, you can make a working copy of the private key using the available Windows tools, the main condition is that CryptoPro CSP 3.0 is installed.

Next, you need to follow the proposed instructions step by step, but at the same time it is worth remembering that a copy can only be made through the cryptographic protection of information (cryptographic information protection tool), otherwise, for example, if you copy through Explorer, you will not be able to run the key on another computer.

Instructions for copying a certificate through CryptoPro CSP

1. Click on the CryptoPro CSP 3.0 shortcut or open it via Start - Control Panel.

2. In the system window, go to the "Hardware" tab and configure the readers by selecting from the list of installed readers, then - "Add". Use "All removable drives" and "Registry" in case they were not in the list.

4. In the next window that opens, run the "Browse" command in order to enter a name in an empty field. When choosing a name, first confirm the operation, then click on the "Next" button. In some cases, when working with a rootken, you may need to enter a password (pin code) - enter the sequence 12345678.

5. Create a name for the container where the data is copied. The keyboard layout can be both Russian and Latin. Spaces are also allowed in the name. After defining with a name, click Finish.

6. Then the system will ask you to insert a blank key medium to which the container will be copied. Do this and click "OK".

7. You can set a password for the created copy - this is an optional step, so you can simply click "OK", leaving the field blank. If the copy is made to a rutoken, then you need to enter the standard security combination again - 12345678.

The copying process will be completed when the system returns to the screen the "Service" tab.

tdblog.ru

How to copy a private key container to CryptoPro?

Copying the container of the private key is a mandatory step when reinstalling an SIS on another computer. You can also copy the certificate if you want to create a spare electronic signature key.

Copying the container of a private key to a USB flash drive, floppy disk or token is a rather complicated process; in order to avoid mistakes, it is important to follow our instructions carefully.

CryptoPro: copying a certificate

Step 1. Opening the CryptoPro program

To open the program, do the following:

Click the Start menu, then go to Programs ⇒ CryptoPro ⇒ CryptoPro CSP and enable the Tools tab.

In the open Service window, click the Copy container button.

Step 2. Copying the private key container

After clicking the Copy container button, the system will display the Copy private key container window.

In the open window, fill in the Key container name field.

Step 3. Entering the key container

There are 3 ways to fill in the Key container name field:

    Manual input

    Select from the list by clicking the Browse button

    Search by EDS certificate

In addition to filling in the Key container name field, you must fill in the remaining search options:

  • The entered name sets the key container - the switch is set to User or Computer, depending on which storage the container is located in;
  • Select CSP to search for key containers - the required Crypto Service Provider (CSP) is selected from the list provided.

After all the fields are filled in, click the Next button.

If a password is set for access to the private key, the system will ask you to enter it. Enter your password and click OK.

Step 4. Entering a new key container

The system will again display the Copy private key container window, in which you must enter the name of the new key container and select the check box The entered name sets the key container to User or Computer, depending on which storage you want to place the copied container in.

Click on the image to enlarge

After entering, click the Finish button.

Step 5. Selecting the media for the copied container

A window will appear on your screen in which you need to select the medium for the copied container.

Copy using Windows

If a floppy disk or flash drive is used for work, you can copy the container with the certificate using Windows tools (this method is suitable for CryptoPro CSP versions of at least 3.0). Place the folder with the private key (and, if there is, the certificate file - the public key) in the root of the floppy / flash drive (if it is not placed in the root, then work with the certificate will be impossible). It is recommended not to change the folder name when copying.

The folder with the private key should contain 6 files with the extension .key. As a rule, the private key contains the public key (the header.key file in this case will weigh more than 1 KB). In this case, copying the public key is optional. An example of a private key is a folder with six files and a public key is a .cer file.

Private key Public key

Copy on Diagnostic Profile

1. Go to the "Copy" Diagnostics profile using the link.

2. Insert the media to which you want to copy the certificate.

3. Press the "Copy" button on the required certificate.

If a password has been set for the container, the message "Enter the password for the device from which the certificate will be copied" will appear.

4. Select the medium where you want to copy the certificate and click "Next".

5. Give a name to the new container and click the Next button.

6. A message should appear stating that the certificate was copied successfully.

Bulk copy

  1. Download and run the utility. Wait until the entire list of containers / certificates is loaded and tick the necessary boxes.
  2. Select the "Bulk Actions" menu and click on the "Copy Containers" button.

3. Select the storage medium for the container copy and click OK. When copying to the registry, you can check the box "Copy to the key container of the computer", then after copying the container will be available to all users of this computer.


4. After copying, click the "Update" button at the bottom left.
If you want to work with copied containers, you must.

Copying with CryptoPro CSP

Please select Start> Control Panel> CryptoPro CSP. Go to the "Service" tab and click on the "Copy" button.

In the window "Copy the private key container" click on the "Browse" button .

Select the container you want to copy and click on the "Ok" button, then "Next". If you copy from a rootken, an input window will appear, in which you should enter a pin-code. If you haven't changed the pincode on the carrier, the standard pincode is 12345678.

Create and manually specify a name for the new container. In the name of the container, Russian layout and spaces are allowed. Then click Finish.

In the "Insert blank key media" window, select the media on which the new container will be placed.


The new container will be prompted to set a password. We recommend that you set a password so that it is easy for you to remember it, but outsiders could not guess or guess it. If you do not want to set a password, you can leave the field blank and click "OK".

Do not store your password / pin code in places where unauthorized persons have access. If you lose your password / pin-code, you will not be able to use the container.


If you copy the container to the ruToken, the message sounds different. Enter the pin code in the input window. If you haven't changed the pincode on the carrier, the standard pincode is 12345678.

After copying, the system will return to the "Service" tab of CryptoPro CSP. Copying completed. If you plan to use a new key container for work in the Extern,.

If the electronic signature was issued in the register of the PC, then you can copy it to the medium according to the following instructions.

Step 1. Open CryptoPro and go to the "Service" tab, then click on the "Copy" button as shown in the instructions.

Step 2. In the window that appears, click the "Browse" button in order to select the electronic signature container you need to copy.

Step 3. In the list of existing containers that appears, select the container you need, which you need to copy to the media and click the "OK" button.

Step 4. Confirm the action by clicking the "Next" button in the window that appears

Step 5. In the window that appears, specify the name of the new container that will be created on the media. The name in the field is filled in automatically, so you can simply leave it alone. Click the Finish button.

Step 6. The media selection window will appear. Select the required medium from the list to which you want to copy the electronic signature. In order to understand which media to choose from the list, look at the field "Inserted media": it will either say "There is no media", which means you have selected a non-existent media, or a media name similar to the name in the screenshot will appear. Select and click OK.

Step 7. After you select the medium, a window for entering the pin code for the new electronic signature container will appear. We recommend entering the standard pin-code "12345678", because customers often forget or lose their PIN codes, after which the electronic signature has to be reissued. You can ask your (different) PIN code if you are sure that you will not lose it. After entering the pin code, click the "OK" button.

Ready. Now the electronic signature container is copied to the selected medium and you can use it.

If there is no desire to understand these details, we will help. You can even call our engineer to your office.

Did not find an answer to your question? Look at here
Checking secure connections in Mozilla FirefoxChecking secure connections in Mozilla Firefox
How to copy a certificate from a rootken to a computer, from a cryptopro to a USB flash drive - KonturHow to copy a certificate from a rootken to a computer, from a cryptopro to a USB flash drive - Kontur
An authentication error has occurredAn authentication error has occurred