Hardware and software setup

home Mobile
Mobile

Make an exact copy of the flash drive with an electronic signature. How to copy an electronic signature from the registry to a media? Copying from CryptoPro CSP

If a flash drive or floppy disk is used for work, copying can be performed Windows tools(this method is suitable for versions CryptoPro CSP not lower than 3.0). The folder with the private key (and the certificate file, if any) must be placed in the root of the flash drive (floppy disk). It is recommended not to change the name of the folder when copying.

The folder with the private key must contain 6 files with the .key extension. Below is an example of the contents of such a folder.

Copying a container can also be done using the CryptoPro CSP. To do this, follow these steps:

1. Select Start / Control Panel / CryptoPro CSP.

2. Go to the Service tab and click the Copy button. (see fig. 1).

Rice. 1. “CryptoPro CSP Properties” window

3. In the window Copying the private key container click on the button Overview(see Fig. 2).

Rice. 2. Copying the private key container

4. Select a container from the list, click on the button OK, then Further.

Rice. 3. Key container name

6. In the "Insert and select media to store the private key container" window, select the media on which the new container will be placed (see Figure 4).

Rice. 4. Choosing a clean key carrier

7. You will be prompted to set a password for the new container. Setting a password is optional, you can leave the field blank and click on the button OK(See Fig. 5).

Rice. 5. Setting a password on the container

If copying to media Rutoken, the message will sound different (see Fig. 6)

Rice. 6. Pin code for the container

Please note that if you lose your password/pin code, you will no longer be able to use the container.

8. After copying, the system will return to the tab Service in the window CryptoPro CSP. Copying completed. If you plan to use a new key container for work in the Kontur-Extern system, you must install personal certificate(See How do I install a personal certificate?).

For bulk copy, download and run the Certfix utility.

I already described earlier: How to install an EDS on a computer. Today I want to supplement the topic of working with digital signature and tell how to copy an EDS from a USB flash drive to the registry.

Any article can be conditionally divided into two questions: Why and How.

What for? EDS is issued on a flash drive or, in a simple way, on a flash drive.

Firstly: a flash drive is not an eternal thing, it can break, get lost.

Secondly: we are surrounded by a lot of computers. A computer at home, a computer in the office, and on a trip we take a laptop with us. And as it is not difficult to guess, you have to wear a signature around, which can break and get lost. Maybe I'm exaggerating, but it's much easier to copy it.

How? Go to Start/Control Panel/CryptoPro CSP and click on the subheading: Service and click: Copy.

In the next window, click: Overview, choose a key container and OK.

Here we click on Registry and OK.

Now let's install the copied certificate.
Tab: Service, click on the button: View certificates in a container.

We select, as shown in the image, Reader: Registry, Container name: Your certificate (the name you gave). We press OK and in the next window Further.

The copying of the certificate is finished, there is no more need to insert a flash drive for signing.

How to copy the key?

VLSI uses CryptoPro to work with keys. The container with the key is on the carrier. In my work I use media: Rutoken, Jacarta, registry and flash drive. You can place many keys on one carrier, as long as there is enough space.

CryptoPro does not see HDD computer as media, so I can't copy the container to it!

You can copy the key different ways. I know four.

  1. CryptoPro - Service - Copy. Figure 2. This is the main and universal way. I can copy from the registry to a flash drive or Rutoken, i.e. I can take on any available medium and copy to any.
  2. VLSI Program - Taxpayer Creation Wizard - Make backup EP. This method requires installed program VLSI. You can choose any key and send a copy to any available media.
  3. If the key is on a flash drive, you can copy a directory with the extension .000, in which there are 6 files.
  4. If the key is in the registry, you can copy the registry branch to a file, replace the user code and download. At first glance it is difficult. But when there are many keys, then this is the most fast way. When copying, the container names are preserved. Search Yandex for words for 32 or for 64.

Figure 1. Open CryptoPro

Figure 2. CryptoPro - Service

Transfer with CryptoPro

The Windows Registry is located at system drive, and all other media can be removed from the first PC and plugged into the second. Therefore, the difficulty with the transfer arises only with the keys in the registry.

Suppose I have 5 keys in the registry, and I want to transfer them to the registry on the second computer.

First of all, I look through all the containers in CryptoPro (Tools - View certificates in a container) and write it down on a piece of paper. I make a list: the first 3 letters of the container and the name that I understand.

Then I copy it to a USB flash drive (Tools - Copy). When copying, I set a new name in Russian so that in the future it would be convenient for me to use it. Example, 1601 Dandelion, where 16 is 2016, 01 is January, Dandelion is Dandelion LLC.

I carry a flash drive to a second computer and copy from a flash drive to the registry in the same way. I add a dot at the end of the container name so that the names are different.

How to copy a container with a certificate to another medium

Copying using Windows

If a floppy disk or a flash drive is used for work, you can copy the container with the certificate using Windows tools (this method is suitable for CryptoPro CSP versions not lower than 3.0). Place the folder with the private key (and, if available, the certificate file - the public key) in the root of the floppy disk / flash drive (if it is not placed in the root, then working with the certificate will be impossible). It is recommended not to change the name of the folder when copying.

There should be 6 files with the .key extension in the folder with the private key. As a rule, the public key is present in the private key (the header.key file in this case will weigh more than 1 KB). In this case, copying the public key is optional. An example of a private key is a folder with six files and a public key is a file with the .cer extension.

Private key Public key

Copy on Diagnostics Profile

1. Go to the "Copy" Diagnostics profile via the link.

2. Insert the media to which you want to copy the certificate.

3. On the required certificate, click the "Copy" button.

If a password has been set for the container, the message “Enter the password for the device from which the certificate will be copied” will appear.

4. Select the media where you want to copy the certificate and click "Next".

5. Specify a name for the new container and click the "Next" button.

6. A message should appear indicating that the certificate was copied successfully.

Bulk Copy

  1. Download and run the utility. Wait for the entire list of containers/certificates to be downloaded and tick the ones you need.
  2. Select the "Bulk Actions" menu and click on the "Copy Containers" button.

    3. 3. Select the media to store the copy of the container and click OK. When copying to the registry, you can check the box "Copy to the computer's key container", then after copying the container will be available to all users of this computer.


    4. After copying, click on the "Update" button at the bottom left.
    If you want to work with copied containers, you need to install certificates.

    Copying with CryptoPro CSP

    Select "Start" > "Control Panel" > "CryptoPro CSP". Go to the "Tools" tab and click on the "Copy" button.

    In the "Copy Private Key Container" window, click on the "Browse" button .

    Select the container you want to copy and click on the "OK" button, then "Next" . If you are copying from a rutoken, a pin code entry window will appear, in which you must specify the standard pin code - 12345678.

    Come up with and manually specify a name for the new container. Russian layout and spaces are allowed in the container name. Then click " Done " .

    In the Insert Blank key carrier» select the media on which the new container will be placed.

    You will be prompted to set a password for the new container. Setting a password is optional, you can leave the field blank and click on the "OK" button . If the password/pin-code is lost, the use of the container will become impossible.

    If you copy the container to a ruToken smart card, the message will sound different. Enter the standard pin code - 12345678.

    After copying, the system will return to the “Service” tab of the CryptoPro CSP. Copying completed. If you plan to use a new key container for working in Extern, install it via Crypto Pro.

    www.kontur-extern.ru

    How to copy a container?

    If a flash drive or floppy disk is used for work, copying can be done using Windows tools (this method is suitable for CryptoPro CSP versions not lower than 3.0). The folder with the private key (and the certificate file, if any) must be placed in the root of the flash drive (floppy disk). It is recommended not to change the name of the folder when copying.

    The folder with the private key must contain 6 files with the .key extension. Below is an example of the contents of such a folder.

    Copying a container can also be done using the CryptoPro CSP. To do this, follow these steps:

    1. Select Start / Control Panel / CryptoPro CSP.

    2. Go to the Service tab and click the Copy button. (see fig. 1).

    Rice. 1. “CryptoPro CSP Properties” window

    3. In the window Copying the private key container click on the button Overview(see Fig. 2).

    Rice. 2. Copying the private key container

    4. Select a container from the list, click on the button OK, then Further.

    Rice. 3. Key container name

    6. In the "Insert and select media to store the private key container" window, select the media on which the new container will be placed (see Figure 4).

    Rice. 4. Choosing a clean key carrier

    7. You will be prompted to set a password for the new container. Setting a password is optional, you can leave the field blank and click on the button OK(See Fig. 5).

    Rice. 5. Setting a password on the container

    If copying to media Rutoken, the message will sound different (see Fig. 6)

    Rice. 6. Pin code for the container

    Please note that if you lose your password/pin code, you will no longer be able to use the container.

    8. After copying, the system will return to the tab Service in the window CryptoPro CSP. Copying completed. If you plan to use a new key container for working in the Kontur-Extern system, you must install a personal certificate (see How to install a personal certificate?).

    How to copy the CryptoPro private key container?

    To copy the private key container, run Start → Programs → CryptoPro → CryptoPro CSP and go to the tab Service.

    Click the button Copy.

    Clicking on the button Overview select the key container you need to copy and click OK.


    Enter a name for the new key container and click the button Ready.

    After entering, press the button Ready. The system will display a window in which you need to select the media for the copied container.

    A window for setting a password for access to the private key will open. Enter a password, confirm it, and click the button OK. CIPF "CryptoPro CSP" will copy the private key container.

    Minutes of the parent meeting on the rules of the road with the participation of a traffic police officer Svetlana Shigapova Minutes of the parent meeting on the rules of the road with […]

  3. How to get the full pension for the deceased husband? the pension of the deceased is 17 thousand, mine is 11,200 Added 2 thousand to the furnace and 1 thousand for a non-working daughter I suspect unauthorized actions of an official […]

This article was created for EDS users who have difficulty transferring keys from a 3.5A floppy disk to other more reliable media.

The article also describes the process of installing new certificates. This operation should be started in the following order: Points 1-3 (instead of " Copy" select " Install") and then continue from point 15.

  • This can result in two certificates being used.
  • Once copied, the files can also be encrypted on the floppy disk.
By itself, a wonderful thing, but not in all desired situations.

So that there are no difficulties in determining in the program CryptoProCSP USB media exists free utility maintaining funds CryptoPro and Rutoken up to date. This check can be launched from the site: http://help.kontur.ru (you need to enter using Internet Explorer browser). On this page, you will need to perform preliminary preparation (download and install a small program) and then click " Start diagnostics«.

This write protection is set as follows . To make changes to the registry, you must open the Registry Editor. After confirming the login, the registration editor opens. In the left half of the window, click on the following path. It should look like the following screenshot. However, creating this entry is not enough, you still need to assign the value 1.

Command line tools

The value can be easily changed by double-clicking on the entry. The changes took effect after a restart. Lower security: Credentials and keys can be copied on an insecure computer. With the help of a cryptographic card, they could not be copied, although they were used illegally. Possibility of duplication: you lose the security and uniqueness of the identification document. Capacity: Hundreds or thousands of certificates and passwords can be stored on the smallest device. Duplication: Doubling can be an advantage to not necessarily carry over.

Password authentication

Authentication with credentials without a password. Authentication for device ownership. Certificates for citizens in Catalonia.
  • Advantages.
  • If it doesn't, prompt for a user and password as before.
  • If it's not a secure website, it also uses a challenge.
If you haven't completed the certificate request process, now is the time.

All components will be checked:

Select " Fix identified issues» and in the next window select those programs that need to be updated.

Transferring the certificate and EDS keys from the 3.5A Disk toUSBflash (This operation works for EDMS keys, Continent AP, Contour-tax reporting, Purchases)

What does a certificate export and what is it for?

Exporting a certificate consists of making a copy of the certificate. As a result, we will have a file that can help us. It is advisable to keep it in a safe place, with some support outside of our computer. In order to transfer our certificate to another browser, we have the Import Certificate operation, which we will explain in another post. To ensure your safety, please obtain a copy of our certificate. . Attention: it is important that our copy is under our control, and not without the need to copy our certificate.

In a few minutes, your new set of keys will be ready. Save yourself by creating a password to access cryptographic keys. This is an extremely important step that you should not skip: the revocation certificate is a simple file. Once you have your key pair and revocation certificate, it's time to let the public know that you can receive and send encrypted emails. The best way to do this is to upload your public key to a dedicated server where other users can find it - the server in question is for people with higher information security requirements.

Next, you need to follow the proposed instructions step by step, but it is worth remembering that a copy can only be made through the CIPF (tool cryptographic protection information), otherwise, for example, if you copy through Explorer, you will not be able to run the key on another computer.

Instructions for copying a certificate through CryptoPro CSP

1. Click on the CryptoPro CSP 3.0 shortcut or open it via Start - Control Panel.

Uploading the public key to key server- a good way to reveal that you are working with encrypted mail. There is nothing wrong with this, because this resource is not a key server, but rather a database containing information from many such servers. If you still want to change your destination, you can do so by clicking on the dropdown menu and choosing something else from the list.

Installing an electronic signature in the registry

You can also publish your public key on your personal website or blog. To play it back, go back to the key management window, make sure the "Show all keys by default" option is checked, then highlight your email when it appears. Then click it right click mouse and select the "Copy public keys to clipboard" option.

2. In the system window, go to the "Hardware" tab and configure the readers by selecting from the list of installed readers, after that - "Add". Use "All removable drives" and "Registry" in case they were not in the list.

4. In the next window that opens, run the "Browse" command in order to enter a name in the empty field. When choosing a name, first confirm the operation, then click on the "Next" button. In some cases, when working with a rutoken, you may need to enter a password (pin code) - enter the sequence 12345678.

5. Create a name for the container where the data is copied. The keyboard layout can be both Russian and Latin. Spaces are also allowed in the name. Once defined with a name, click Finish.

6. Then the system will ask you to insert a blank key medium to which the container will be copied. Do this and click OK.

7. You can set a password for the copy being created - this is an optional step, so you can simply click "OK", leaving the field blank. If the copy is made to a rootken, then again you need to enter the standard security combination - 12345678.

The copying process will be completed when the system returns to the "Service" tab on the screen.

My new post will be devoted to the Crypto Pro program, it seems nothing complicated, but all the time there are troubles with this software, either because you have to deal with it once or twice a year, or such software, but in general I decided to make a memo for myself and for you.

Task: Grant access to the Contour Extern program on two machines, OK, let's get started.

What we have: One already working key on the SD card.

What will be required: We need any media SD card, USB flash drive can also be uploaded to the registry or you can use the so-called RUtoken. I will install on RUtoken, and you can use any of the options.

Yes, another small remark, if you have a domain computer, then it's better to do all this under the admin account.

And so let's get started

Find the program in the start menu or control panel,

We start the program.

Go to tab Service and press the button Copy.

You will need to enter a password of 8 any characters. We type the password and press Further.

In the next window, we need to set the name of the container, (I always use the 2 organizations that are convenient for me and I use the name-01 and 02 markings, you can also use the TIN of the organization to separate.) after which we press the button The finish.

Here you will once again need to enter the password for the new container, do the same and press OK.

In the next dialog box, you need to select the media where to copy our container, I choose RUtoken and you need to select the media where you are going to install the container.

After you have chosen, press the button Further. Then The finish.

That's basically it, almost everything, the key is copied. It remains only to install it for a specific user.

There are two options here:

Option 1.

Again we go to CryptoPro, open the service tab and click on the button View the certificates in the container.

In the dialog box that opens, open the container we need and click the button OK. then press the button Further.

In the next window, click the Y button. become, if it is not there, then press the C button properties.

In the window that opens, press the button become a certificate. The certificate import wizard will open where you need to click Further.

In the window that opens, leave everything as it is and click Further.

If the certificate is installed successfully, you should see the following dialog box.

Option 2.

Installation through the menu to install a personal certificate.

To install the certificate, we need the certificate file itself, (a file with the .cer extension) it is located on the medium where we copied it, in my case it is rutokin.

And so, open CryptoPro again, go to the tab Service and press the button Install a personal certificate.

In the window that opens, find this certificate by clicking on the buttons Overview.

In the next dialog box, check the box next to Find container automatically, after which the program will automatically find the container you need. Then press the button Further.

Then a window may appear with a choice of the certificate storage location, you need to select Personal and click the button OK.

Then a dialog box may appear where you need to click the button Yes.

Then wait for a message about successful installation.

After that, you need to remove your device to which the container with keys refers and insert it back, after the device is found, you can try.

If you have any questions as different versions CryptoPro may be different changes then ask leave your comments, I will always be happy to help you.

Almost every organization has some kind of electronic key. They are widespread and without them it is almost impossible to conduct any activity. They are needed for signing reporting documents and for many other things. Therefore, those who serve the IT sector in the organization need to know what it is. For example, today we'll talk about how to copy a certificate from the registry and transfer it to another computer.

How to copy a certificate from the registry to a USB flash drive

Let's imagine you came to the organization and you need to set up access to a portal for a new employee. Electronic key you don't have it and you don't know where to get it. In this case, the easiest way is to copy it from the computer on which it is installed. To do this, we take a clean flash drive and launch Crypto Pro. Start - All Programs - Crypto Pro - Certificates. In general, it is better to store copies of the keys on a separate flash drive in your closet.

In the window that opens, go to the Composition tab and click Copy to File from the bottom.

The certificate export wizard will open on the first tab, click next. Need to copy private key or not. We do not need it yet, so we leave everything as it is.

Now we mark the required certificate format in most cases, everything should be left here by default.

How to copy the private key from the registry

Some certificates require a private key. It can also be copied from the registry to a USB flash drive. This is also done simply by launching Crypto Pro. Go to the Services tab and select Copy.

Enter a new name and click Finish.

In the window that opens, select the flash drive.

Liked the article? Share with friends!
Twitter
print
Was this article helpful?
Yes
Not
Thanks for your feedback!
Something went wrong and your vote was not counted.
Thank you. Your message has been sent
Did you find an error in the text?
Select it, click Ctrl+Enter and we'll fix it!
Related Tips
First look at the iPhone SE Video reviews iPhone SE
First look at the iPhone SE Video reviews iPhone SE
Samsung A9 processor is more voracious than TSMC iPhone SE in hand
Samsung A9 processor is more voracious than TSMC iPhone SE in hand
Sharp has created the world's first completely frameless smartphone
Sharp has created the world's first completely frameless smartphone
Sharp Aquos S2 is the new smartphone with the smallest bezels
Sharp Aquos S2 is the new smartphone with the smallest bezels
Proper charging of iPhone, iPad, MacBook batteries
Proper charging of iPhone, iPad, MacBook batteries
Why do photographers choose RAW format for photography?
Why do photographers choose RAW format for photography?