Cryptopro does not see the flash drive as a container. Correct installation of the key in CryptoPro and installation of the CryptoPro EDS Browser plug-in. CryptoPro does not see the container on the flash drive. Prompts you to select another media

If none of the solutions below resolve the issue, you may key carrier was damaged and requires restoration (see). It is impossible to recover data from a damaged smart card or registry.

If there is a copy of the key container on another medium, then you must use it for work, having first installed the certificate.

Diskette

If you are using a floppy disk as the key container, you must complete the following steps:

1. Make sure that in the root of the floppy disk there is a folder containing the files: header, masks, masks2, name, primary, primary2. Files must have a .key extension and the folder name format must be xxxxxx.000.

the private key container has been corrupted or deleted

2. Make sure that in CryptoPro CSP the "Disk Drive X" reader is configured (for CryptoPro CSP 3.6 - "All removable drives"), where X is the drive letter. To do this:

  • Select the “Start” menu > “Control Panel” > “CryptoPro CSP”;

?).

3. In the CryptoPro CSP window “Selecting a key container”, select the “Unique names” radio button.

4.

  • Select the “Start” menu > “Control Panel” > “CryptoPro CSP”;
  • Go to the “Service” tab and click on the “Remove remembered passwords” button;

5. How to copy a container with a certificate to another medium?).

Flash drive

If a flash drive is used as the key media, you must perform the following steps:

1. Make sure that in the root of the media there is a folder containing the files: header, masks, masks2, name, primary, primary2 . Files must have a .key extension and the folder name format must be as follows: xxxxxx.000 .

If any files are missing or their format is incorrect, then the private key container may have been damaged or deleted. It is also necessary to check whether it contains this folder with six files on other media.

2. Make sure that the “Disk drive X” reader is configured in CryptoPro CSP (for CryptoPro CSP 3.6 - “All removable drives”), where X is the drive letter. To do this:

  • Select the “Start” menu > “Control Panel” > “CryptoPro CSP”;
  • Go to the “Equipment” tab and click on the “Configure readers” button.

If the reader is missing, you need to add it (see How to configure readers in CryptoPro CSP?).

3.

4. Remove remembered passwords. For this:

  • Select the “Start” menu > “Control Panel” > “CryptoPro CSP”;
  • Select the “User” item and click the “OK” button.

5. Make a copy of the key container and use it for work (see How to copy a container with a certificate to another medium?).

6. If CryptoPro is installed at your workplace CSP versions 2.0 or 3.0, and Drive A (B) is present in the list of key media, then it must be removed. For this:

  • Select the “Start” menu > “Control Panel” > “CryptoPro CSP”;
  • Go to the “Equipment” tab and click on the “Configure readers;” button
  • Select the reader “Disk Drive A” or “Disk Drive B” and click on the “Delete” button.

After removing this reader, working with the floppy disk will be impossible.

Rutoken

If a Rutoken smart card is used as a key carrier, you must complete the following steps:

1. Make sure that the light on the rutoken is on. If the light does not light, then you should use the following recommendations.

2. Make sure that the “Rutoken” reader is configured in CryptoPro CSP (for CryptoPro CSP 3.6 - “All smart card readers”). To do this:

  • Select the “Start” menu > “Control Panel” > “CryptoPro CSP”;
  • Go to the “Equipment” tab and click on the “Configure readers” button.

If the reader is missing, you need to add it (see How to configure readers in CryptoPro CSP?).

3. In the “Select a key container” window, select the “Unique names” radio button.

4. Remove remembered passwords. For this:

  • Select the “Start” menu > “Control Panel” > “CryptoPro CSP” ;
  • Go to the “Service” tab and click on the “Remove remembered passwords” button;
  • Select the “User” item and click the “OK” button.

5. Update the support modules required for Rutoken to work. For this:

  • Disconnect the smart card from the computer;
  • Select the Start menu > Control Panel > Add or Remove Programs (for Windows Vista\ Seven "Start" > "Control Panel" > "Programs and Features");
  • Select “Rutoken Support Modules” from the list that opens and click on the “Delete” button.

After removing modules you need to restart your computer .

  • Download and install latest version support modules. The distribution is available for download on the Active company website.

After installing the modules, you must restart your computer.

6. The number displayed in CryptoPro should be increased CSP containers on Rutoken using the following instructions .

7. Update the Rutoken driver (see How to update the Rutoken driver?).

8. You should make sure that Rutoken contains key containers. To do this, you need to check the amount of free memory on the media by following these steps:

  • Open “Start” (“Settings”) > “Control Panel” > “Rutoken Control Panel” (if this item is missing, you should update the Rutoken driver).
  • In the “Rutoken Control Panel” window that opens, in the “Readers” item, select “Activ Co. ruToken 0 (1,2)" and click on the "Information" button.

If the rutoken is not visible in the “Readers” item or when you click on the “Information” button, the message “ruToken memory status has not changed” appears, then the media has been damaged, you need to contact the service center for an unscheduled key replacement.

  • Check what value is indicated in the line “Free memory (bytes)”.

As a key carrier in service centers root tokens with a memory capacity of about 30,000 bytes are issued. One container takes up about 4 KB. The amount of free memory of a rootken containing one container is about 26,000 bytes, two containers - 22,000 bytes, etc.

If the free memory of a root token is more than 29-30,000 bytes, then there are no key containers on it. Therefore, the certificate is contained on a different medium.

Registry

If the Registry reader is used as a key medium, you must perform the following steps:

1. Make sure that the “Register” reader is configured in CryptoPro CSP. For this:

  • Select the “Start” menu > “Control Panel” > “CryptoPro CSP”;
  • Go to the “Equipment” tab and click on the “Configure readers” button.

If the reader is missing, you need to add it (see How to configure readers in CryptoPro CSP?).

2. In the “Select a key container” window, select the “Unique names” radio button.

3. Remove remembered passwords. For this:

  • Select the “Start” menu > “Control Panel” > “CryptoPro CSP”;
  • Go to tab « Service" and click on the "Delete remembered passwords" button;
  • Select the “User” item and click the “OK” button.

To install, you will need a certificate file (a file with the .cer extension). To install a certificate, just follow these steps: Select “Start” / “Control Panel” / “CryptoPro CSP”. In the window “Properties of CryptoPro CSP” go to tab "Service" and click on the button "Install personal certificate"(see Fig. 1). Rice. 1. “CryptoPro CSP Properties” window In the window"Certificate Import Wizard" press the button"Further" . In the next window, click on the button"Review"
to select the certificate file (see Figure 2). Rice. 2. Window for selecting a certificate file You must specify the path to the certificate and click on the button"Open"
(see Fig. 3). press the button Rice. 3. Selecting a certificate file In the next window, click on the button , in the window"Certificate for viewing" press the button click on the button . In the next window, click on the button. Choose
to indicate the corresponding private key container (see Figure 4). Rice. 4. Window for selecting a private key container Specify the container corresponding to the certificate and confirm the selection using the button"OK"
(see Fig. 5). press the button Rice. 5. Window for selecting a key container After selecting a container, click on the button , check the box next to the inscription“Install certificate into container” (see Fig. 6). In the window"Certificate for viewing" . In the next window, click on the button"Selecting a certificate store"
(see Fig. 6). Rice. 6. Selecting a certificate store You must select a store"Personal"

And Are you a user? and want to reliably protect your personal data? In order for EDS information to be reliably protected, you need to create a Cryptopro private key container. This question requires detailed consideration of each point.

What is a Cryptopro private key container

The private key container is a repository of digital signature authorization. Protection method cryptographic means storing licenses, certificates, passwords and other personal data.

A container with a key allows you to guarantee the safety and confidentiality of the information necessary to activate the digital analogue of the signature.

Creating a container

Forming a storage facility is a complex and responsible process that must be performed with the utmost care. You can install the container yourself as follows:

  1. When creating a data storage block, a window will appear with options for selecting media. A similar form is displayed on the user's monitor when there are multiple readers. If there is one, it will be selected automatically.
  2. The RNG window will be displayed, except in cases where the RNG is a hardware component of the PC.
    Biological RNG allows the generation of initial symbols that are components of a regular RNG. For the formation process to be completed successfully, you must move the mouse cursor across the screen and press buttons on the keyboard.
  3. When the BDSH completes its work, the system will automatically launch a dialog box where you will be required to enter a password that provides access to the container being created.
    The user has the opportunity to independently enter an identification combination that opens access to the security deposit. The PIN code is entered in two fields - “ New Password” and “confirmation”. The created cipher will take effect after clicking “Ok”. If you are generating numbers and letters on a medium that provides the function of entering a hardware password or PIN code, you will have to enter data that corresponds to providing access to the drive.
  4. Entering a password into the cryptographic information protection system is far from the only measure to ensure secure access to the security key. To select the optimal security mechanism in the password creation menu, click on the “Details” item. The screen will display options for measures to prevent unauthorized use of the container key. A way to protect a file and provide access only to its owner, in the case of password-supported media, is a PIN code.
    The monitor will display password entry parameters (combinations of characters in text format), key master (performing cryptography of a file stored on another container), as well as partitioning files onto multiple media. To return to the selection of security systems, click on “Details” again.
  5. By selecting the “Set a new password” item, you should understand that the created PIN will become a security measure installed in accordance with the requirements of provision No. 3 of the current instructions.
  6. Having decided that the master key will be integrated, it should be understood that the encrypted data will be transferred to another cryptographic destination. The action can be performed after the storage value is entered or its location is determined using the “Select” button.
    A list of available containers will be displayed.
  7. The system will encrypt the key based on the selected storage. operating system software opens up broad opportunities in the field of security cryptography. You can create a new container by clicking on the corresponding item in the menu.
  8. When you select the “Partition into several elements” value, access to the key will be evenly distributed among a certain number of media. Each of the physical repositories is a self-contained database with individual identification information within the scope of the project in question.
  9. For the system to operate correctly, you will need to enter the number of media that can be loaded.
  10. You will need to enter the total number of digital custodians among whom the objects will be distributed.

At the next stage, new digital containers will be formed, which are the subject of distribution of initial information. The sum of the generated blocks is proportional to the value indicated in the column for the total number of media:

  • when forming each section, you need to select a personal identification element;
  • when a physical location is programmed for each fragment, the ODSCH menu will be displayed, where the generation of special sequences will start;
  • the system will prompt you to enter passwords for each generated object. Protective files can be changed by clicking the “Details” button;
  • the final configuration will be completed after each storage principal has been successfully configured.

How to register your key

The key will become available after the program user can perform the following actions:

  1. Go to the Start menu.
  2. Opening the “Crypto-Pro” folder.
  3. Detecting the “Cryptopro CSP” file.
  4. Run the file as administrator.
  5. Open the “Hardware” tab, go to the “Key media types” section, go to the “Media types” tab and click “Configure media types...”.
  6. The Manage Personalization Information dialog box appears.
  7. Choose best option and make it active by clicking on “Add”.
  8. The installation menu will be displayed on the screen, where it is recommended to click “Next”.
  9. Select the appropriate item.
  10. Enter the name of the selected media and continue with the activity.
  11. Additional identification information may be displayed. For MPCOS/EMV, it is important to fill out the markup, after which you can continue with the installation.
  12. The wizard will ask you to click “Finish” to complete the required operation.

In the Cryptopro program, you can create your own storage, distribute it to the required number of storage media, and also add keys.

Thanks to the detailed step by step instructions using software that allows you to use digital signatures becomes a simple and comfortable event.

Electronic document management is entering our lives more and more tightly.
Today this question This concerns not only office employees of enterprises and individual entrepreneurs; working with electronic documents increasingly makes it easier for ordinary citizens to solve everyday problems in everyday life. Of course, with the increasing applicability of electronic documents, the distribution of electronic digital signature, abbreviated as EDS.
It is about increasing the convenience of working with digital signatures that we will discuss further, namely, we will consider how to add EDS key to the CryptoPro registry on the computer.

What is digital signature and private key certificate

Electronic digital signature used in many software products: 1C: Enterprise (and other programs for business or accounting), VLSI++ , Contour.Extern (and other solutions for working with accounting and tax reporting) and others. EDS has also found application in servicing individuals when resolving issues with government agencies.

EDS- this is a kind of guarantor in the world of electronic document management, similar to a regular signature and seals on paper

As with signing paper documents, the process of signing electronic media involves " editing"primary source.

Electronic digital signature of documents carried out by transformation electronic document using the owner's private key, this process is called document signing

To date private key certificates most often distributed either on regular USB flash drives or on special protected media with the same USB interface (Rutoken , eToken and so on).
At the same time, every time there is a need to sign documents (or identify a user), we need to insert the media with the key into the computer, and then manipulate the certificate. Accordingly, after completing the work, we simply need to remove the media from the computer so that no one else can use our signature. This method is quite safe, but not always convenient.

If you use digital signature at home, then every time connect/disconnect token gets boring quickly. In addition, the carrier will occupy one USB port, which are not always enough to connect all the necessary peripherals.
If you use digital signature at work, it happens that the certification center issued only one key, and different people must sign documents. Carrying a container back and forth is also not convenient, and there are also cases when Several specialists work with a certificate at the same time.
In addition, both at home and, especially, at work, it happens that on one computer it is necessary to perform actions using immediately multiple digital signature keys.

It is in cases where the use of a physical certificate medium is inconvenient that you can register the digital signature key in the CryptoPro registry(you can read more about the Windows registry in a general sense in the corresponding article: Changing Windows registry settings) And use the certificate without connecting the media to the computer's USB port.

Adding a Registry reader to CryptoPro CSP

First of all, in order for our CryptoPro to be able to work with locally registered keys, we need to add a version of such a reader.

In order to set the new media type in the CSP utility, run the program as administrator right click mouse or from the utility menu on the General tab

Now go to the Hardware tab and click on the button Configure readers...
If there is no option in the window that opens Registry, then to display it here, click on the Add button...

  1. Click the Next button in the first window.
  2. From the list of readers from all manufacturers, select the option Registry and click Next again.
  3. Enter a custom reader name, you can leave the default name. Click Next.
  4. In the last window we see a notification that after completing the reader setup, it is recommended to restart the computer. Click the Finish button and reboot the machine yourself.

The first stage is completed. Registry reader added , as evidenced by the corresponding item in the window Reader management (We remind you that this window is called up along the path CryptoPro - Equipment - Configure readers...)

Copying the key to the CryptoPro CSP Registry

To register key container V local storage , connect physical media with a key to the computer.

Now run the CryptoPro utility again, open the Service tab and click on the Copy button...
Next in the window Copy Private Key Container Wizards Click the Browse button (or According to the certificate...) and select our key media, confirming the selection with the OK button, then proceed to the next window with the Next button.

In the new window, set an arbitrary friendly name for the key container being created and click the Finish button. Then, to record the key, select the reader type we created earlier Registry, confirming your choice with the OK button.
After confirmation, we need to set a Password for the created key container; by default, most often, a password is used 12345678 , but for more secure operation the password can be set more complex. After entering the password, click on the OK button.

All, key container added to the CryptoPro Registry .

Installing a CryptoPro CSP private key certificate

To complete the setup of signing documents without connecting the key carrier to the computer, all we have to do is install private key certificate from the created media container.

To install a certificate in CryptoPro you need to do the following:

  1. In the CSP utility, on the Service tab, click on the button View certificates in container...
  2. In the window that opens, click on the Browse button, where we select the desired media using the name we specified, confirming the selection with the OK button. Click Next.
  3. In the final window, we check that the certificate has been selected correctly and confirm the decision with the Install button.

Now we have installed Private key certificate from local storage Registry .

Setting up CryptoPro is complete, but you should remember that for many software products will also be required re-register new key in system settings.
After these steps we can sign documents without connecting a key, be it Rutoken, eToken or some other physical medium.

We are often asked the question: how to install a certificate via CryptoPpo CSP. There are different situations: the director or chief accountant has changed, they have received a new certificate from a certification center, etc. Everything worked before, but now it doesn't. We tell you what you need to do to install a personal digital certificate on your computer.

You can install a personal certificate in two ways:

1. Through the CryptoPro CSP menu “View certificates in container”

2. Through the CryptoPro CSP menu “Install personal certificate”

If the workplace uses an operating room Windows system 7 without SP1, then the certificate should be installed according to the recommendations of option No. 2.

Option No. 1. Install through the “View certificates in container” menu

To install a certificate:

1. Select Start -> Control Panel -> CryptoPro CSP -> Tools tab and click the “View certificates in the container” button.

2. In the window that opens, click on the “Browse” button. Select a container and confirm your choice with the OK button.


If the message “There is no private key in the container” appears public key encryption”, proceed to installing a digital certificate using option No. 2.

4. If the version of “CryptoPro CSP” 3.6 R2 (product version 3.6.6497) or higher is installed on your computer, then in the window that opens, click on the “Install” button. After this, agree to the proposal to replace the certificate.

If the “Install” button is missing, in the “Certificate for viewing” window, click the “Properties” button.


5. In the “Certificate” window -> “General” tab, click on the “Install certificate” button.


6. In the “Certificate Import Wizard” window, select “Next”.

7. If you have installed version “CryptoPro CSP” 3.6, then in the next window just leave the switch on the “Automatically select storage based on certificate type” item and click “Next”. The certificate will be automatically installed in the “Personal” storage.



Option 2. Install through the “Install personal certificate” menu

To install, you will need, in fact, the certificate file itself (with the .cer extension). It can be located, for example, on a floppy disk, on a token, or on the computer's hard drive.

To install a certificate:

1. Select Start -> Control Panel -> CryptoPro CSP -> Tools tab and click the “Install personal certificate” button.


2. In the “Installation Wizard” window personal certificate” click on the “Next” button. In the next window, to select the certificate file, click “Browse”.


3. Specify the path to the certificate and click on the “Open” button, then “Next”.


4. In the next window, you can view the certificate information. Click “Next”.


5. In the next step, enter or specify the private key container that corresponds to the selected certificate. To do this, use the “Browse” button.



If you have installed CryptoPro CSP 3.6 R2 (product version 3.6.6497) or higher, check the “Install certificate into container” checkbox.


8. Select the “Personal” storage and click OK.


9. The storage you have chosen. Now click “Next”, then “Finish”. After this, a message may appear:


In this case, click “Yes”.

10. Wait for a message that the personal certificate has been successfully installed on your computer.

That's it, you can sign documents using the new certificate.

Read Also

Safety

AirDrop - how to use?

2024-02-21 03:53:31

Liked? Like us on Facebook