Copying the private key to the linux rootken. How to copy a certificate from a rootken to a computer, from a cryptopro to a USB flash drive - Kontur.Extern

Copy using Windows

If a floppy disk or flash drive is used for work, you can copy the container with the certificate using Windows tools (this method is suitable for CryptoPro CSP versions of at least 3.0). Place the folder with the private key (and, if there is, the certificate file - the public key) in the root of the floppy / flash drive (if it is not placed in the root, then work with the certificate will be impossible). It is recommended not to change the folder name when copying.

The folder with the private key should contain 6 files with the extension .key. As a rule, the private key contains the public key (the header.key file in this case will weigh more than 1 KB). In this case, copying the public key is optional. An example of a private key is a folder with six files and a public key is a .cer file.

Private key Public key

Copy on Diagnostic Profile

1. Go to the "Copy" Diagnostics profile using the link.

2. Insert the media to which you want to copy the certificate.

3. Press the "Copy" button on the required certificate.

If a password has been set for the container, the message "Enter the password for the device from which the certificate will be copied" will appear.

4. Select the medium where you want to copy the certificate and click "Next".

5. Give a name to the new container and click the Next button.

6. A message should appear stating that the certificate was copied successfully.

Bulk copy

1. Download and run the utility. Wait until the entire list of containers / certificates is loaded and tick the necessary boxes.
2. Select the "Bulk Actions" menu and click on the "Copy Containers" button.

3. Select the storage medium for the container copy and click OK. When copying to the registry, you can check the box "Copy to the key container of the computer", then after copying the container will be available to all users of this computer.

4. After copying, click the "Update" button at the bottom left.
If you want to work with copied containers, you must.

Copying with CryptoPro CSP

Please select Start> Control Panel> CryptoPro CSP. Go to the "Service" tab and click on the "Copy" button.

In the window "Copy the private key container" click on the "Browse" button .

Select the container you want to copy and click on the "Ok" button, then "Next". If you copy from a rootken, an input window will appear, in which you should enter a pin-code. If you haven't changed the pincode on the carrier, the standard pincode is 12345678.

Create and manually specify a name for the new container. In the name of the container, Russian layout and spaces are allowed. Then click Finish.

In the "Insert blank key media" window, select the media on which the new container will be placed.

The new container will be prompted to set a password. We recommend that you set a password so that it is easy for you to remember it, but outsiders could not guess or guess it. If you do not want to set a password, you can leave the field blank and click "OK".

Do not store your password / pin code in places where unauthorized persons have access. If you lose your password / pin-code, you will not be able to use the container.

If you copy the container to the ruToken, the message sounds different. Enter the pin code in the input window. If you haven't changed the pincode on the carrier, the standard pincode is 12345678.

After copying, the system will return to the "Service" tab of CryptoPro CSP. Copying completed. If you plan to use a new key container for work in the Extern,.

Initially, an electronic signature (ES) is issued on a physical medium called RuToken or EToken. It stores a certificate (aka a public key, as I understand it) and a secret (aka private) key. This key pair is combined by a key container. There can be several key containers on one physical medium. After the expiration of the certificate, it is reissued together with the secret key, that is, a pair of keys is created anew: private and public.

So, what I mean, there is a Rutoken with electronic signature in the office, at the same time several employees may need it to sign documents and here conflicts begin. But in fact, not everything is so sad, if the key container allows itself to be exported, then it can be placed from Rutoken to the Registry! By placing the container in the registry and indicating to the certificate that the private key is stored in the registry at such and such an address, the presence of Rutoken in the USB port disappears.

How it's done

Naturally, the first thing we do is insert Rutoken into the USB port. We launch CryptoPro CSP on behalf of the ADMINISTRATOR and check what media are available:
If a reader is available in the list Registry, then everything is fine, otherwise we press the button Add and using the reader installation wizard, add Registry.

Next, you should test the key container:
If key export is allowed, then proceed to copying the key! Go to the key copy interface Service -> Copy, select the name of the key container, which is stored on Rutoken... Pay attention to the setting if you set User, then the browser will display the key containers from the registry exported earlier for the current OS user, if you install Computer then the containers exported earlier for the computer will be displayed. Let's copy for the user:

Selecting the container to copy

Click on Further, and specify the name of the key container under which it will be stored in the registry. You should also pay attention to the property The name entered specifies the key container... If you install User, then the container will be copied to the registry and will be available to the current OS user if you install Computer, then the container will be copied to the registry and will be available to everyone. Install for the user:
After selecting the reader, set a new password for the new copied key container, this completes the export. In order for the certificate to refer to the secret key that is stored in the registry, simply reinstall the certificate. Initially, an electronic signature (ES) is issued on a physical medium called RuToken or EToken. It stores a certificate (aka a public key, as I understand it) and a secret (aka private) key. This key pair is combined by a key container. There can be several key containers on one physical medium. After the expiration of the certificate, it is reissued together with the secret key, that is, a pair of keys is created again: private and public.

So, what I mean, there is a Rutoken with electronic signature in the office, at the same time several employees may need it to sign documents and here conflicts begin. But in fact, not everything is so sad, if the key container allows itself to be exported, then it can be placed from Rutoken to the Registry! By placing the container in the registry and indicating to the certificate that the private key is stored in the registry at such and such an address, the presence of Rutoken in the USB port disappears.

How it's done

Naturally, the first thing we do is insert Rutoken into the USB port. We launch CryptoPro CSP on behalf of the ADMINISTRATOR and check what media are available:
If a reader is available in the list Registry, then everything is fine, otherwise we press the button Add and using the reader installation wizard, add Registry.

Next, you should test the key container:
If key export is allowed, then proceed to copying the key! Go to the key copy interface Service -> Copy, select the name of the key container, which is stored on Rutoken... Pay attention to the setting if you set User, then the browser will display the key containers from the registry exported earlier for the current OS user, if you install Computer then the containers exported earlier for the computer will be displayed. Let's copy for the user:

Selecting the container to copy

Click on Further, and specify the name of the key container under which it will be stored in the registry. You should also pay attention to the property The name entered specifies the key container... If you install User, then the container will be copied to the registry and will be available to the current OS user if you install Computer, then the container will be copied to the registry and will be available to everyone. Install for the user:
After selecting the reader, set a new password for the new copied key container, this completes the export. In order for the certificate to refer to the secret key that is stored in the registry, simply reinstall the certificate.