My new post will be dedicated to the Crypto Pro program, it seems to be nothing complicated, but all the time I have problems with this software, either because I have to deal with it once or twice a year or because the software is like that, but in general I decided to make a reminder for myself and for you.

Task: Provide access to the Kontur Extern program on two machines, OK, let's get started.

What we have: One already working key on the SD card.

What you will need: We need any media SD card, a USB flash drive can also be uploaded to the registry, or you can use the so-called RUtoken. I will install on RUtoken, and you can use any of the options.

Yes, one more small remark, if you have domain computer then it’s better to do all this under the admin panel account.

And so let's get started

Find the program in the start menu or control panel,

Let's launch the program.

Go to the tab Service and press the button Copy.

You will be required to enter a password of any 8 characters. Enter the password and press Further.

In the next window, we need to set the name of the container (I always use the one that is convenient for me; we have 2 organizations and I use the name-01 and 02 markings; you can also use the organization’s TIN for separation.) and then click the button Finish.

Here you will once again need to enter the password for the new container, make the same one and click OK.

In the next dialog box, you need to select the media where to copy our container, I select RUtoken and you need to select the media where you are going to install the container.

Once you have chosen, click the button Further. Then Finish.

That's basically it, the key has been copied. All that remains is to install it for a specific user.

There are two options here:

Option 1.

Go to CryptoPro again, open the service tab and click on the button View the certificates in the container.

In the dialog box that opens, open the container we need and click the button OK. then press the button Further.

In the next window, click the U button become, if it is not there, press button C troops.

In the window that opens, click the U button install a certificate. The certificate import wizard will open where you need to click Further.

In the window that opens, you need to leave everything as it is and click Further.

If the certificate is installed successfully you should see the following dialog box.

Option 2.

Installation via install menu personal certificate.

To install the certificate, we need the certificate file itself (a file with the extension .cer) it is located on the media where we copied it, in my case it is rutokin.

And so, open CryptoPro again and go to the tab Service and press the button Install a personal certificate.

In the window that opens, find this certificate by clicking on the button Review.

In the next dialog box, check the box next to Find container automatically, after which the program will automatically find the container you need. Then click the button Further.

Then a window may appear asking you to select the storage location for the certificate; you need to select Private and click the button OK.

Then a dialog box may appear where you need to click a button Yes.

Then wait for a message about successful installation.

Then you need to remove your device to which the container with keys refers and insert it back, after the device is found you can try.

If you have any questions because different versions CryptoPro may undergo various changes, so if you ask, leave your comments, I will always be happy to help you.

To do this, you need to do the following: Select menu "Start" / "Control Panel" / " CryptoPro CSP» . Go to tab "Service" and press the button "View certificates in container"(see Fig. 1). Rice. 1. “CryptoPro CSP Properties” window. In the window that opens, click on the button "Review" to select a container to view. After selecting the container, click on the button
"OK" (see Fig. 2). Rice. 2. Window for selecting a container to view. In the next window, click on the button"Further" . In the window
"Certificate for installation" you need to press a button"Properties" (see Fig. 3). Rice. 3. Certificate viewing window In the certificate file that opens, go to the tab "Compound" and press the button"Copy to file" (see Fig. 2).(see Fig. 4). Rice. 4. “Composition” tab. In the window that opens» "Certificate Export Wizard" (see Fig. 2). press the button
. Then mark the item "No, don't export private key and choose and press the button (see Fig. 2).(see Fig. 5).
Rice. 5. Private key export options. Rice. 1. “CryptoPro CSP Properties” window. In the window "Export file format" choose
"X.509 (.CER) files encoded with DER" (see Fig. 2).(see Fig. 6). Rice. 6. Exported file format. In the next window you need to click on the button

If you use a floppy disk or flash drive for work, copying can be done using Windows(this method is suitable for CryptoPro CSP versions not lower than 3.0). The folder with the private key (and the certificate file - the public key, if any) must be placed in the root of the floppy disk (flash drive). It is recommended not to change the folder name when copying. The private key folder should contain 6 files with the extension .key.

An example of a private key is a folder with six files, and a public key is a file with the .cer extension.

Private key Public key

As a rule, the private key contains a public key (the header.key file in this case will weigh more than 1 KB). In this case, copying the public key is not necessary.

Container copying can also be done using CryptoPro CSP. To do this you need to follow these steps:

1. Select Start / Control Panel / CryptoPro CSP.

2. Go to tab Service and click on the button Copy container(see Fig. 1).

Rice. 1. “CryptoPro CSP Properties” window

3. In the window Copying a private key container"Copy to file" Review(see Fig. 2).

Rice. 2. Copying the private key container

4. Select a container from the list, click on the button OK(see Fig. 6). Further(see Fig. 3).

Rice. 3. Container selection

If copying is made from a root token, a pin code entry window will appear in which you should specify a standard pin code - 12345678 .

Rice. 4. Key container name

6. In the window Insert clean key carrier you need to select the media on which the new container will be placed (see Fig. 5).

Rice. 5. Selecting a blank key media

7. You will be prompted to set a password for the new container. Setting a password is optional, you can leave the field blank and click on the button OK(see Fig. 6).

Rice. 6. Setting a password for the container

When copying to a smart card ruToken, the message will sound different (see Fig. 7). You must specify a standard pin code - 12345678 .

Rice. 7. Pin code for container

Please note: if you lose your password/pin code, using the container will become impossible.

8. After copying is completed, the system will return to the tab Service in the window CryptoPro CSP. Copying is complete. If you plan to use a new one to work in the Kontur.Extern system key container, you need to install a personal certificate (see.

To copy a key container:

If the required media is not available:

Important! To use the generated key media, reinstall the certificate from the copied container:

• Open the “Start” menu - “Control Panel” - “CryptoPro CSP” - “Tools” - “View certificates in the container.”
• Click "Browse", select the desired container, click "Ok" and "Next".
• Click Install.
• When asked about replacing the certificate, please answer in the affirmative.
• Click "Finish" and "Ok".

Now installed certificate bound to the container from which it was installed.

Video instructions for creating a copy of a key container.

taxcom.ru

How to copy digital signature to a flash drive

Copying digital signature from Rutoken or other media to a USB flash drive may be needed to ensure the safety of the signature, for ease of use, or to transfer a copy to a trusted person.

Copying digital signatures from protected media is carried out using the CryptoPRO CSP program (current version 3.9).

We will need:

Copying digital signature from Rutoken to a flash drive

1. We insert into the computer at the same time a medium with an electronic signature (Rutoken) and a flash drive.

2. Launch the CryptoPRO CSP program. (all pictures in the instructions are clickable)

3. Open the Service tab

4. Click the Copy button...

5. In the window that opens, click the Browse... button.

6. In the window that opens, click on our certificate ( EDS key)

9. Enter the name of the new copy of the digital signature, for example - myetsp(copy)

10. Click Finish

11. In the window that opens, click on our flash drive

12. Click OK

13. Enter New Password for a copy, for example the same 12345678 in both lines

14. Click OK

After which the window will close, and a folder with a name similar to myetspoc.000 should appear on the flash drive - this is a copy of our digital signature. Now this file can be copied to an unlimited number of media or transferred if necessary via e-mail.

Be careful and attentive, electronic digital signature– this is an analogue of your own signature and seal!

Tune workplace for working with digital signature on trading platforms can be done automatically for free. More details at the link: automatic setting EDS

good-tender.ru

How to copy certificates in the CryptoPro program

My new post will be devoted to the Crypto Pro program, it seems to be nothing complicated, but all the time I have problems with this software, either because I have to deal with it once or twice a year or because the software is like that, but in general I decided to make a reminder for myself and for you.

Task: Provide access to the Kontur Extern program on two machines, OK, let's get started.

What we have: One already working key on the SD card.

What you need: We need any SD card, a USB flash drive can also be uploaded to the registry, or you can use the so-called RUtoken. I will install on RUtoken, and you can use any of the options.

Yes, just a small note, if you have a domain computer, it is better to do all this under the administrator account.

And so let's get started

Find the program in the start menu or control panel,

Let's launch the program.

Go to the Tools tab and click on the Copy button.

Next, click the Browse button and select the key we need to copy; I have it in the Description format. Select it and click Next.

You will be required to enter a password of any 8 characters. Enter the password and click Next.

In the next window, we need to set the name of the container (I always use the one that is convenient for me; we have 2 organizations and I use the name-01 and 02 markings; you can also use the organization’s INN for separation.) and then click the Finish button.

Here you will once again need to enter the password for the new container, make the same one and click OK.

In the next dialog box, you need to select the media where to copy our container, I select RUtoken and you need to select the media where you are going to install the container.

That's basically it, the key has been copied. All that remains is to install it for a specific user.

There are two options here:

Option 1.

Go to CryptoPro again, open the service tab and click on the View certificates in the container button.

In the dialog box that opens, open the container we need and click OK. then click the Next button.

In the next window, click the Install button; if it is not there, click the Properties button.

In the window that opens, click the Install certificate button. The Certificate Import Wizard will open where you need to click Next.

In the window that opens, you need to leave everything as is and click Next.

If the certificate is installed successfully you should see the following dialog box.

Option 2.

Installation via the menu install a personal certificate.

To install the certificate, we need the certificate file itself (a file with the extension .cer) it is located on the media where we copied it, in my case it is rutokin.

And so, open CryptoPro again, go to the Service tab and click the Install personal certificate button.

In the window that opens, find this certificate by clicking on the Browse button.

In the next dialog box, check the box next to Find container automatically, after which the program will automatically find the container you need. Then click Next.

Then a window may appear asking you to select the storage location for the certificate; you need to select Personal and click OK.

Then a dialog box may appear where you need to click Yes.

Then wait for a message about successful installation.

Then you need to remove your device to which the container with keys refers and insert it back, after the device is found you can try.

If you have any questions because there may be various changes in different versions of CryptoPro, please leave your comments, I will always be happy to help you.

nn-lab.ru

How to copy a certificate to CryptoPro CSP - Programs and Applications

Sometimes situations arise when you need to install a certificate with a key on another computer or make it backup copy. When working with USB flash drives You can make a working copy of the private key using available Windows tools, the main condition is that you have CryptoPro CSP 3.0 installed.

Next, you need to follow the proposed instructions step by step, but it is worth remembering that a copy can only be made through cryptographic information protection (the tool cryptographic protection information), otherwise, for example, if you copy it through Explorer, you will not be able to run the key on another computer.

Instructions for copying a certificate via CryptoPro CSP

1. Click on the CryptoPro CSP 3.0 shortcut or open it through Start – Control Panel.

2. In the system window, go to the “Equipment” tab and configure readers by selecting from the list of installed readers, then “Add”. Use "All removable drives" and "Register" if they were not on the list.

4. In the next window that opens, run the “Browse” command in order to enter a name in the empty field. When choosing a name, first confirm the operation, and then click on the “Next” button. In some cases, when working with a root token, you may need to enter a password (PIN code) - enter the sequence 12345678.

5. Create a name for the container where the data is copied. The keyboard layout can be either Russian or Latin. Spaces are also allowed in the name. After defining the name, click "Done".

6. The system will then ask you to insert a blank key media onto which the container will be copied. Do this and click “OK”.

7. You can set a password for the created copy - this is an optional step, so you can simply click “OK” and leave the field empty. If the copy is made to a root token, then again you need to enter the standard security combination - 12345678.

The copying process will be completed when the system returns to the “Service” tab on the screen.

tdblog.ru

How to copy a private key container in CryptoPro?

Copying the private key container is a mandatory action when reinstalling the SBS on another computer. You can also copy the certificate if you want to create a spare key electronic signature.

Copying a private key container to a flash drive, floppy disk or token is a rather complex process; in order to avoid errors, it is important to strictly follow our instructions.

CryptoPro: certificate copying

Step 1. Opening the CryptoPro program

To open the program follow this path:

Click the Start menu, then go to Programs ⇒ CryptoPro ⇒ CryptoPro CSP and turn on the Tools tab.

In the open Tools window, click the Copy container button.

Step 2: Copy the private key container

After clicking the Copy Container button, the system will display the Copy Private Key Container window.

In the open window, you must fill in the Key container name field.

Step 3. Entering the key container

There are 3 ways to fill in the Key Container Name field:

Manual input

Select from the list by clicking the Browse button

Search by digital signature certificate

In addition to filling out the Key Container Name field, you must fill in the remaining search options:

• The entered name specifies the key container - the switch is set to User or Computer, depending on which storage the container is located in;

• Select CSP to search for key containers - the required crypto provider (CSP) is selected from the list provided.

Once all fields are completed, click Next.

If a password is set for access to the private key, the system will ask you to enter it. Enter your password and click OK.

Step 4. Entering a new key container

The system will again display the Copy Private Key Container window, in which you must enter the name of the new key container and select the Entered name radio button sets the key container to the User or Computer position, depending on the storage in which you want to place the copied container.

Click on image to enlarge

After entering, click Finish.

Step 5: Select media for the copied container

A window will appear on your screen in which you need to select the media for the copied container.

To use the certificate on your or another computer under Windows control, it needs to be imported or exported, respectively.

Importing a certificate and private key

If someone sent you a certificate or you transferred it from one computer to another, the certificate and private key are necessary import before using them. Import a certificate involves placing it in the appropriate certificates folder.

1. Open Certificate Manager.
2. Select the folder where you want to import the certificate. On the menu Action select item All tasks and select the Import command.
3. Click Next and follow the instructions.

Note Note: If the Certificate Import Wizard searches for a certificate using the Browse button, notice that the dialog box Open by default Only X.509 certificates are displayed. If you need to import a different type of certificate, select the type in the dialog box Open.

Export certificate and private key

To back up a certificate or use it on another computer, the certificate must first be export.

Export certificate involves converting the certificate into a file, which can then be transferred from one computer to another or placed in a secure location. It is recommended to export certificates to removable media, such as a disk or USB flash memory.

1. Open Certificate Manager.
2. Click right click mouse over the certificate you want to export, select All tasks and select a team Export.
3. In the Certificate Export Wizard, click Next.
4. If the certificate is used on another computer, click Yes, export the private key (if not, select No, do not export the private key) and click Next. (This option appears only if you are allowed to export the private key and you have access to it.)
5. Select the format you want and click Next.

   Note: Choice required format will depend on how the certificate will be used. For example, for a certificate with a private key, you should choose a format for exchanging personal information. If you need to move multiple certificates from one computer to another in one file, you should choose the Cryptographic Message Syntax standard. If the certificate will be used in several operating systems, you should select a format in the X.509 DER encoding.

6. To export the private key, enter the password to encrypt the key, confirm and click the button.
7. A file will be created in which the certificate is stored. Enter the file name and location (full path), or click the Browse button to navigate to the desired location and enter the file name.
8. Click the Finish button.