EDS transfer to another medium. How to copy the certificate and private key from the registry

The owner" href="/text/category/vladeletc/" rel="bookmark">the owner of the EDS private key is personally responsible for its storage!

Why are keys distributed on floppy disks?

The floppy disk was and still remains the most accessible and cheapest medium on which a sufficiently long key combination of characters can be written. It is precisely because of their cheapness and ease of use that many companies continue to distribute key information, including EDS keys, on floppy disks, despite the fact that the reliability of floppy disks is below satisfactory by modern standards, and disk drives are almost never found.

Why do we need a token, why copy keys to a token

USB tokens are much more reliable than floppy disks, they are protected from physical factors. In addition, tokens provide cryptographic protection of stored information. Unlike floppy disks, to access information in the token's memory, you need to know a special pin code. Another significant difference between USB tokens and floppy disks is the installation of a special driver in the system.

So why copy the EDS key from a familiar floppy disk to an unusual token?

There are several reasons. Firstly, this is the absence of a disk drive on the computer on which the owner of the EDS key will work. If you can still find a computer equipped with a disk drive left over from ancient times, then expecting serious work to be done on such antediluvian equipment will already be too bold an assumption.

Secondly, anyone who has come across floppy disks in their life knows that it is better to immediately duplicate the information on a diskette, due to the extreme unreliability of these same diskettes!

And, thirdly, even a schoolboy can steal an EDS key from a floppy disk from a careless user, while reading information from the memory of a token without knowing the secret pin code is almost impossible.

Conclusion: the most correct way would be to purchase a USB token (Rutoken), copy the EDS key to it, put the floppy disk in the safe, and hang the token with the EDS key on the keychain. This will allow you to use your EDS key at any time, while eliminating the risks of both losing it and getting the secret key into the wrong hands!

What do we need for this

To copy an EDS key from a floppy disk to a token, a disk drive and a usb port must be present on the computer. Was established operating system Windows XP, Vista, 7. It is also necessary that the CryptoPro CSP.

How to find out the version of CryptoPro CSP

First you need to determine the version of the installed CryptoPro CSP. To do this, go to the Control Panel and run the CryptoPro CSP plugin. Bookmark Are common the product version will be listed.

0 "style="border-collapse:collapse;border:none">

ATTENTION!!!

1. It is very important to correctly determine the CryptoPro CSP version!

Depending on which version of CryptoPro CSP (3.0 or 3.6) the user has installed, further steps to configure the system will differ significantly!

2. When working with CryptoPro CSP containers on any type of media during operations with the contents of containers, it is FORBIDDEN to disconnect the media from the computer until the operation is completed! Otherwise, irreversible damage to the contents of the container is possible!

The first step depends on the CryptoPro CSP version

a) For CryptoPro 3.6 you need to install Rutoken drivers: (http://**/hotline/instruction/drivers/).

b) For CryptoPro 3.0 need to install solution Rutoken for CryptoPro CSP:

(http://**/download/software/rtSup_CryptoPro.exe.zip).

Further steps of the instruction do not depend on the version of CryptoPro CSP

Copy the container from a floppy disk to Rutoken using CryptoPro CSP:

· Wait until the container is copied to the token (during copying, the indicator on the token will flicker).

Register the certificate in the local certificate store

· The certificate installation wizard opens, in which you need to specify the store where your certificate will be placed. Typically, this is Personal Vault. Select the desired options and click the button Ready:

Almost every organization has some kind of electronic key. They are widespread and without them it is almost impossible to conduct any activity. They are needed for signing reporting documents and for many other things. Therefore, those who serve the IT sector in the organization need to know what it is. For example, today we'll talk about how to copy a certificate from the registry and transfer it to another computer.

How to copy a certificate from the registry to a USB flash drive

Let's imagine you came to the organization and you need to set up access to a portal for a new employee. Electronic key you don't have it and you don't know where to get it. In this case, the easiest way is to copy it from the computer on which it is installed. To do this, we take a clean flash drive and launch Crypto Pro. Start - All Programs - Crypto Pro - Certificates. In general, it is better to store copies of the keys on a separate flash drive in your closet.

In the window that opens, go to the Composition tab and click Copy to File from the bottom.

The certificate export wizard will open on the first tab, click next. Need to copy private key or not. We do not need it yet, so we leave everything as it is.

Now we mark the required certificate format in most cases, everything should be left here by default.

How to copy the private key from the registry

Some certificates require a private key. It can also be copied from the registry to a USB flash drive. This is also done simply by launching Crypto Pro. Go to the Services tab and select Copy.

Enter a new name and click Finish.

In the window that opens, select the flash drive.

Usually, digital signature written to a USB stick. However, if you need to install an EDS from a USB flash drive to a computer, that is, copy an EDS to a computer, find out in this article how to do it quickly and easily.

Copy digital signature to computer

Of course, it is not always convenient to carry a flash drive with you all the time. It can either become unusable, or it simply may not be at hand at the right time. In this case, a method will come to the rescue in which we copy EDS certificate to the computer itself, which will subsequently eliminate the need for a USB-drive.

In order to copy EDS to computer please follow the further instructions:

Insert the USB-drive with the digital signature into the computer and run the program CryptoPro CSP, go to tab Service and press Copy….

In the window that opens, select the key container by clicking the button Overview.

In the list of key user containers that opens, select a container and click OK.

After selecting a container, its name will appear in the line Key container name. In the next window just click Further.

In the next step, you need to specify information about the new container, for which enter Certificate Name (think of any name for the key certificate). After that press the button Ready.

For a newly created container, it is possible to set New password. If you wish to set a password, enter it twice in the corresponding fields. If you do not plan to use a password, leave the fields blank and click OK.

So, we have selected an object for copying, indicated the location for storing the certificate. Now you need to install this certificate.

In the tab Service click View certificates in container...

Clicking on the button Overview, in the window that opens, if you noticed, another key container has appeared. Select the newly created container and click OK.

After selecting a new container, click Further.

The window that opens will list the certificate to view. Click Install.

As a result, after the actions you have taken, a message will appear about the successful installation of the certificate. Click OK.

Ready. EDS is installed on the computer.

To perform any action on the EDS, copy the EDS, delete or install, you need the CryptoPro program installed on the computer.

1. In order to copy the digital signature, you need to go to Start-All Programs-CryptoPro and run the CryptoPro CSP file.
2. Next, go to the Services tab.

1. Click on the "Browse" button.

1. Select the required container and click the OK button.

Note:

In the image above, you can see the presence of two columns: On the left is the “Reader” column and on the right is the “Container Name” column. This information will help you figure out which EDS to copy.

The inscription "Registry" in the reader column means that the digital signature is located on the computer. Otherwise, the digital signature is located on some medium (flash drive, floppy disk or secure medium). In the case shown in the image, there are three digital signatures recorded on the computer and one signature is recorded on Rutoken.

You can understand which certificate you need to copy by looking at the “Container Name”. "Container name" is made up of serial number, the date of issue of the certificate and the name of the organization.

In the case we are considering, we choose an EDS located on a secure Rutoken carrier.

1. Select and copy the container name, click next.

1. Paste the container name copied in step 5 into the “Key container name” field, add any few characters or spaces and click the “Finish” button.

1. Next, you need to select the place where we want to copy the digital signature. It can be a computer, flash drive or secure media. And press ok.

Note:

In the case we are considering, we copy the digital signature to a USB flash drive by selecting its name in the list of devices. If you need to copy the digital signature to a computer, then select “Registry” from the list of devices.

1. Next, the system will ask you to create a password for the container. If you do not want to create a password, then leave the fields blank, as shown in the image. And just click OK.

This completes the copying of the EDS.

If the electronic signature was issued to the PC registry, then you can copy it to the media according to the following instructions.

Step 1. Open CryptoPro and go to the "Service" tab, then click on the "Copy" button as shown in the instructions.

Step 2. In the window that appears, click the "Browse" button to select the container you want to copy electronic signature.

Step 3. In the list of existing containers that appears, select the container you need that you need to copy to the media and click the "OK" button.

Step 4. Confirm the action by clicking the "Next" button in the window that appears

Step 5. In the window that appears, specify the name of the new container that will be created on the media. The name in the field is entered automatically, so you can just not change it. Click the Done button.

Step 6. A media selection window will appear. Select the required medium from the list to which you want to copy the electronic signature. In order to understand which media to choose from the list, look at the "Inserted media" field: it will either say "Media is missing", which means you have selected a non-existent media, or a media name will appear similar to the name in the screenshot. Select and click OK.

Step 7. After you select the media, a window for entering a pin code for a new electronic signature container will appear. We recommend entering the standard pin code "12345678", as customers often forget or lose their pin codes, after which the electronic signature has to be reissued. You can set your own (different) pin code if you are sure that you will not lose it. After entering the pin code, click the "OK" button.

Ready. Now the electronic signature container has been copied to the selected medium and you can use it.

If there is no desire to understand these details, we will help. You can even call our engineer to your office.