Cryptographic storage of keys in the registry. Key containers in the registry

There are often situations when, after reinstalling Windows, it turns out that some of the settings of the newly installed programs, including registration, remained in the old system. Moreover, re-setting will take a lot of time - this option is not suitable.

All settings and registrations are stored in the Windows registry. However, it is not always possible to boot into the old system. It is either infected with viruses, or the ability to download is simply impossible, which is the reason for the reinstallation. And in this article I will tell you how to transfer the data of a specific program from the old registry to the new one.

A little about the structure of the registry

First, run the registry editor Start - Run - Type "regedit" and click "OK"... As you can see from the figure, all data is stored in the main sections:

HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_ USERS
HKEY_CURRENT_CONFIG

First, you need to decide in which part of the registry the old data was stored.

We will be interested in the first place HKEY_LOCAL_MACHINE and HKEY_CURRENT_USER sections... The first stores the settings of the computer programs, the second stores the settings of the current user. It happens that the program stores data in both branches of the registry. Therefore, the parameters and registration of programs are most likely stored in the following sections:

HKEY_CURRENT_USER \ Software
HKEY_LOCAL_MACHINE \ Software

In them you need to find the manufacturer of the software and then the name of the program itself

Where to look for files with the contents of the old Windows registry

HKEY_CURRENT_USER is generated from a file
% USERPROFILE% \ ntuser.dat, where% USERPROFILE% is the current user's folder in C: \ Documents and Settings
HKEY_LOCAL_MACHINE \ Software is stored in the file
% SystemRoot% \ system32 \ config \ software
HKEY_LOCAL_MACHINE \ System \ is stored in file
% SystemRoot% \ system32 \ config \ system
HKEY_LOCAL_MACHINE \ SAM \ is stored in a file
% SystemRoot% \ system32 \ config \ SAM
HKEY_LOCAL_MACHINE \ SECURITY \ is stored in file
% SystemRoot% \ system32 \ config \ SECURITY
HKEY_LOCAL_MACHINE \ HARDWARE \ "is generated depending on the equipment (dynamically).
HKEY_USERS \ DEFAULT is stored in the file
% SystemRoot% \ system32 \ config \ default

Transfer method on the example of The Bat program

Let's try to transfer data The Bat email client from the old registry. If this is not done, the program will not "remember" either the old mailboxes, or settings, or registration. This program stores data in the wind of the registry HKEY_CURRENT_USER \ Software, which means that physically the data is in the file ntuser.dat... Where to find it is indicated above.

If a flash drive or a floppy disk is used for work, copying can be performed using Windows tools (this method is suitable for CryptoPro CSP versions not lower than 3.0). The folder with the private key (and the certificate file, if any) must be placed in the root of the flash drive (floppy disk). It is recommended not to change the folder name when copying.

The private key folder must contain 6 files with the extension .key. Below is an example of the contents of such a folder.

Copying of the container can also be performed using the CryptoPro CSP encryption provider. To do this, follow these steps:

1. Select Start / Control Panel / CryptoPro CSP.

2. Go to the Service tab and click on the Copy button. (see fig. 1).

Rice. 1. Window "Properties of CryptoPro CSP"

3. In the window Copying the private key container push the button Overview(see fig. 2).

Rice. 2. Copying the private key container

4. Select a container from the list, click on the button OK, then Further.

Rice. 3. The name of the key container

6. In the "Insert and select the storage medium for the private key container" window, you must select the medium on which the new container will be placed (see Figure 4).

Rice. 4. Choosing a clean key carrier

7. The new container will be prompted to set a password. Setting a password is optional, you can leave the field empty and click on the button OK(see fig. 5).

Rice. 5. Setting a password for the container

When copying to media Rutoken, the message will sound differently (see fig. 6)

Rice. 6. Pin code for the container

Please note: if you lose your password / pin-code, you will not be able to use the container.

8. After copying is complete, the system will return to the Service in the window CryptoPro CSP... Copying completed. If you plan to use a new key container to work in the Kontur-Extern system, you must install a personal certificate (see How to install a personal certificate?).

For bulk copying, download and run the Certfix utility.

The Windows operating system has died and there is no way to recover. The system contained key containers written to the registry and they do not exist on other media. Let's move the key containers from the old registry to the new system.

Of course, it is better to always keep backup copies of all received keys, but this is done only by those who have already had problems with the loss and subsequently a long and painful process of restoring the necessary keys. The biggest problem is that not every container in the registry contains a public key. State institutions are issued, as a rule, on a flash drive, a key container and a personal certificate that work in the system only in conjunction. Some carefully store this bundle, but most install the container in the system registry and use the flash drive for personal purposes without hesitation, deleting everything unnecessary if necessary. Data security is everyone's business, my business is to solve the problem from the prevailing realities, which I will tell you about. The option is also suitable for the case when there is no desire to transfer each key, but you want to transfer everything to a new computer at once.

Key containers in the registry how to work with them?

To work with old registries, you need rights to open the necessary data, otherwise a warning will come out:

To work with the old registry, we will perform the following actions:

Download the PsTools program and unpack it to any folder;
Copy the required file PsExec.exe to folder C: \ Windows \ System32;
Run the command line cmd as administrator;
Insert the command psexec -i -d -s c: \ windows \ regedit.exe and press Enter.

This is how it should look in cmd:

Now you can safely work with the registry and not receive warnings about the impossibility of viewing the data.

Required data in the old registry

The registry files are located along the path Windows / system32 / config the file we are interested in is called SOFTWARE... In our case, it was working properly, otherwise it will not be possible to restore the necessary data.

We connect the old registry to the new

To connect, you need to do the following:

Select the required registry branch HKEY_LOCAL_MACHINE;
Go to the menu File -> Load Bush;
Select the required file SOFTWARE;
Assign a name to the loaded hive (in my case old).

After a successful connection, you will see a hive with the name entered earlier.

Serial number of CryptoPro in the registry

You can determine which version and serial number were by looking at the entries on the screen below (below is the path where to look):

Where key containers are stored in the registry

You can find all containers along the path (for 64): HKEY_LOCAL_MACHINE \ SOFTWARE \ Wow6432Node \ Crypto Pro \ Settings
\ USERS \ (user ID) \ Keys \ (Container name)

Keeping key containers

Now we need to export the key section to make the necessary changes and load it into the working registry. After exporting, I got a file called reestr.reg.

Adding containers to a new registry

Before adding containers to the new registry, we need to change the user uid and edit the path by removing the name of the loaded hive.

We look at the UID of the required user

In the command line cmd, enter the command WHOAMI / USER and we see the required user sid:

To copy text from the Windows command line, you must right-click on the title of the console window and in the Properties menu on the General tab enable the Mouse selection option. The text is inserted by pressing the right mouse button!

Change the data in the file

Open the file in notepad and make a replacement:

Do not forget to remove the name where the bush was added! You need to load into the working part of the registry!

Exports containers to a new registry

Unloading the old registry

Don't look for the possibility of removing the old bush that we added! Any unnecessary bush can only be unloaded!

Checking the addition of key containers

Open the Crypto Pro program and see what we have in the registry:

Everything went well and all the key containers are present.

Transferring personal user certificates

Adding a certificate through Crypto PRO

We take the open certificate that we need and install it through Crypto Pro by specifying the automatic search for the container. If you installed containers without entering a password, just press Enter (if you did, then look for where you wrote it down).

Perform all actions with the keys through the Crypto Pro program!

Transfer of all certificates

All certificates in Windows system are on the path C: \ Users \ REQUIRED USER \ AppData \ Roaming \ Microsoft \ SystemCertificates \ My. It is enough to copy this folder to a similar location on the new computer and the keys will be transferred.

Output

There is only one conclusion - keep backup copies of the keys. In my case, I was able to recover the private key containers and personal certificates. I always try to either transfer the keys to the registry and keep the originals, if possible. Don't be lazy to make backups.