Nowadays, in almost every organization, an accountant’s computer has CIPF- system cryptographic protection information. We use it as such. In our case, CryptoPro is necessary for the operation of the Client-Bank and the VLSI++ program (through this program, the accounting department prepares and submits reports to the tax office, Pension Fund, Rosstat).

The main functions of CryptoPro CIPF are:
— checking the payer’s secret keys when sending electronic documents via communication channels;
— encryption of payer documents when sending reports;
— deciphering the responses received from inspections.

When working with both Client-Bank and VLSI++, key media are used on which secret keys and certificates are stored. Such media can be a floppy disk, a flash drive, a secure flash drive (Rutoken, eToken), as well as a registry.

So, one day our accountant got tired of inserting a floppy disk into the computer every time he sent reports. In addition, this media is quite unreliable and has failed a couple of times (it happened). Therefore it was decided copy the keys from the floppy disk to the registry.

Storing keys in the registry is of course convenient. But keep this point in mind: when reinstalling operating system on your computer, information about your keys will be irretrievably lost. So after you copy the keys to the registry, be sure to save the media with the original of these keys.

So, how can you copy keys from a floppy disk to the registry in CryptoPro CSP 3.6?
1. Go to “Start” – “Control Panel” – “CryptoPro CSP”.
2. In the window that opens, go to the “Service” tab.
3. Insert the key floppy disk into the floppy drive of the computer and click the “Copy container” button. 4. Next, click “Browse” and in the window that appears, select the container that you want to copy (click on it once with the mouse and click “OK”).
The name of the selected container will appear in the “Key container name” field. Click “Next”.
5. In the next window, write any name - this will be the name of the copy. Click “Done.”
6. Next, select the “Registry” media and click “OK”.
A window will appear asking you to set a password. If you don’t need this, don’t enter anything, just click “OK” here. That's all - we copied the key to the registry. To check this, in the “Service” tab, click the “View certificates in the container” button – “Browse” - here the registry and the container name that you specified will be displayed in the list of key containers.

A copy of the EPC will be useful for:

• signature security guarantees
• ease of use

Some certification authorities provide the service - backup.

Copying an electronic signature from a secure medium is carried out using the CryptoPRO CSP program.

A copy of the digital signature is made onto a secure medium, such as Rutoken/Etoken. A regular USB flash drive will not work.

Copying from CryptoPro CSP

First of all, download and install the CryptoPRO CSP program from the licensed website. Insert the digital signature media into the computer. Launch earlier installed program. Open the section - Tools → “Copy”.

In the window that appears, select - Review. Select the media you plan to copy → “Ok” → “Next”. In the PIN code entry line, insert the PIN code from your digital signature carrier

Give the new container a name using the Russian layout and spaces. Click → “Done”.

In the line - “Insert blank key carrier”, specify empty media. The program will prompt you to set a password. This action is optional. Click → “Ok”. It is worth noting that if you lose your PIN code, you will not be able to use the container. When recording an electronic signature on Rutoken, use the PIN code issued by the certification center.

When the operation is completed, the window will close. A new container will appear on the media, which will be a copy of the digital signature.

If at self-creation If there are any problems with the duplicate, you can contact our CA. Our managers will be happy to answer your questions. Contact us!

If a flash drive or floppy disk is used for work, copying can be performed using Windows(this method is suitable for CryptoPro CSP versions not lower than 3.0). The folder with the private key (and the certificate file, if any) must be placed in the root of the flash drive (floppy disk). It is recommended not to change the folder name when copying.

The private key folder should contain 6 files with the extension .key. Below is an example of the contents of such a folder.

Container copying can also be done using the CryptoPro CSP crypto provider. To do this you need to follow these steps:

1. Select Start / Control Panel / CryptoPro CSP.

2. Go to the Tools tab and click on the Copy button. (see Fig. 1).

Rice. 1. “CryptoPro CSP Properties” window

3. In the window Copying a private key container press the button Review(see Fig. 2).

Rice. 2. Copying the private key container

4. Select a container from the list, click on the button OK, then Further.

Rice. 3. Key container name

6. In the “Insert and select media to store the private key container” window, you must select the media on which the new container will be placed (see Figure 4).

Rice. 4. Selecting a blank key media

7. You will be prompted to set a password for the new container. Setting a password is optional, you can leave the field blank and click on the button OK(see Fig. 5).

Rice. 5. Setting a password for the container

If copying to media Rutoken, the message will sound different (see Fig. 6)

Rice. 6. Pin code for container

Please note: if you lose your password/pin code, using the container will become impossible.

8. After copying is completed, the system will return to the tab Service in the window CryptoPro CSP. Copying is complete. If you plan to use a new one to work in the Kontur-Extern system key container, you need to install personal certificate(see How to install a personal certificate?).

For bulk copying, download and run the Certfix utility.

This article was created for digital signature users who have difficulty transferring keys from a 3.5A floppy disk to other more reliable media.

The article also describes the process of installing new certificates. This operation should be started in the following order: Steps 1-3 (instead of “ Copy" choose " Install") and then continue from point 15.

• This may result in two certificates being used.
• Once copied, files can also be encrypted on the floppy disk.

A wonderful thing in itself, but not in all desired situations.

To avoid any difficulties in defining in the program CryptoProCSP USB media exists free utility to maintain funds CryptoPro And Rutoken up to date. This check can be started from the website: http://help.kontur.ru (you must log in using Internet Explorer browser). On this page you will need to perform preliminary preparations (download and install a small program) and then click “ Start diagnostics«.

This write protection is set as follows. To make changes to the registry, you must open Registry Editor. After confirming your login, the registration editor opens. In the left half of the window, click on the following path. It should look like the following screenshot. However, creating this entry is not enough, you still need to assign the value 1.

Command Line Tools

The value can be easily changed by double clicking on the entry. The changes took effect after a restart. Lower security: On an insecure computer, credentials and keys can be copied. With a cryptographic card they could not be copied, although they were used illegally. Possibility of duplication: you lose the security and uniqueness of the identification document. Capacity: Hundreds or thousands of certificates and passwords can be stored on the smallest of devices. Duplication: Doubling can be an advantage to not necessarily carry over.

Password Authentication

Authentication using credentials without a password. Authentication for device ownership. Certificates for citizens in Catalonia.

• Advantages.
• If this is not the case, request the user and password as before.
• If it is not a secure website, it also uses a challenge.

If you haven't completed the certificate request process, now is the time.

All components will be checked:

Choose " Fix identified problems"and in the next window select those programs that need updating.

Certificate transfer and EDS keys from Disk 3.5A toUSBflash (This operation works for EDMS keys, Continent AP, Circuit-tax reporting, Purchasing)

What does the certificate export and what is it for?

Exporting a certificate consists of creating a copy of the certificate. As a result, we will have a file that can help us. It is advisable to store it in a safe place, in some support outside of our computer. To pass our certificate to another browser, we have an Import Certificate operation, which we will explain in another post. To ensure your safety, please obtain a copy of our certificate. . Attention: It is important that our copy is under our control and not copy our certificate unnecessarily.

In a few minutes your new set the keys will be ready. Save yourself by creating a password to access your cryptographic keys. This is an extremely important step that you should not skip: the revocation certificate is a simple file. Once you have your key pair and cancellation certificate, it's time to let the public know that you can receive and send encrypted emails. The best way to do this is to upload your public key to a dedicated server where other users can find it - the server in question is for people with higher security requirements.

Next, you need to follow the proposed instructions step by step, but it is worth remembering that a copy can only be made through a cryptographic information protection tool (cryptographic information protection tool), otherwise, for example, if you copy through Explorer, you will not be able to run the key on another computer.

Instructions for copying a certificate via CryptoPro CSP

1. Click on the CryptoPro CSP 3.0 shortcut or open it through Start - Control Panel.

Uploading your public key to a key server is a good way to reveal that you are handling encrypted mail. There is nothing wrong with this, because this resource is not a key server, but rather a database containing information from many such servers. If you still want to change your destination, you can do so by clicking on the drop-down menu and choosing something else from the list.

Installing an electronic signature in the register

You can also publish your public key on your personal website or blog. To reproduce it, go back to the Key Management window, make sure the "Show all keys by default" option is checked, and then highlight your email when it appears. Then click it right click mouse and select the “Copy public keys to clipboard” option.

2. In the system window, go to the “Equipment” tab and configure readers by selecting from the list of installed readers, then “Add”. Use "All removable drives" and "Register" if they were not on the list.

4. In the next window that opens, run the “Browse” command to enter a name in the empty field. When choosing a name, first confirm the operation, and then click on the “Next” button. In some cases, when working with a root token, you may need to enter a password (PIN code) - enter the sequence 12345678.

5. Create a name for the container where the data is copied. The keyboard layout can be either Russian or Latin. Spaces are also allowed in the name. After defining the name, click "Done".

6. The system will then ask you to insert a blank key media onto which the container will be copied. Do this and click “OK”.

7. You can set a password for the created copy - this is an optional step, so you can simply click “OK” and leave the field empty. If the copy is made to a root token, then again you need to enter the standard security combination - 12345678.

The copying process will be completed when the system returns to the “Service” tab on the screen.

Almost every organization has some kind of electronic key. They are widespread and without them it is almost impossible to conduct any activity. They are needed for signing reporting documents and for many other things. Therefore, those who serve the IT sector in the organization need to know what it is. For example, today we’ll talk about how to copy a certificate from the registry and transfer it to another computer.

How to copy a certificate from the registry to a flash drive

Let's imagine you come to an organization and you need to set up access to a portal for a new employee. Electronic key You don’t have it and you don’t know where to get it. In this case, the easiest way is to copy it from the computer on which it is installed. To do this, take a clean flash drive and launch Crypto Pro. Start - All programs - Crypto Pro - Certificates. In general, it is better to store copies of the keys on a separate flash drive in your closet.

In the window that opens, go to the Composition tab and click Copy to file at the bottom.

The certificate export wizard will open on the first tab, click next. You need to specify copy private key or not. We don’t need it yet, so we’ll leave everything as it is.

Now we mark the required certificate format; in most cases, you need to leave everything here by default.

How to copy a private key from the registry

Some certificates require a private key. It can also be copied from the registry to a flash drive. This can also be done simply by launching Crypto Pro. Go to the service tab and select Copy.

Enter a new name and click Finish.

In the window that opens, select the flash drive.