How to install a personal certificate in crypto pro. How to install a personal certificate in crypto pro What is a private key container

Install Rutoken in CryptoPro

Thanks to the use of Rutoken, you can reliably protect information from unauthorized access. Protected file system will keep your data safe thanks to cryptographic encryption. Specially created software that combines the capabilities of two programs - CryptoPro Rutoken CSP. Combining the identifier and CIPF we got reliable module, where you can safely store data.

Since all actions are performed within the identifier key and the data exchange protocol is protected by a unique technology, it is rational to use such a distribution kit when working with electronic documents of high importance. If you use Rutoken separately, you must first install drivers for the software. You cannot connect the identifier before installing the drivers. After installation, you will need to install support modules for CryptoPro. After going through the preparation stages, you can connect the Rutoken key. Then you should launch the CryptoPro program and configure the readers in the Equipment tab. For the identifier to work, you need to select “All smart card readers” and click “Next”.

To install, you will need a certificate file (a file with the .cer extension). To install a certificate, just follow these steps: Select "Start" / "Control Panel" / " CryptoPro CSP» . In the window “Properties of CryptoPro CSP” go to tab "Service" and click on the button "Install personal certificate"(see Fig. 1). Rice. 1. “CryptoPro CSP Properties” window In the window"Certificate Import Wizard" press the button"Further" . In the next window, click on the button"Review"
to select the certificate file (see Figure 2). Rice. 2. Window for selecting a certificate file You must specify the path to the certificate and click on the button"Open"
(see Fig. 3). press the button Rice. 3. Selecting a certificate file In the next window, click on the button , in the window"Certificate for viewing" press the button click on the button . In the next window, click on the button. Choose to indicate the corresponding container private key
(see Fig. 4). Rice. 4. Window for selecting a private key container Specify the container corresponding to the certificate and confirm the selection using the button"OK"
(see Fig. 5). press the button Rice. 5. Window for selecting a key container After selecting a container, click on the button , check the box next to the inscription“Install certificate into container” "Selecting a certificate store""Certificate for viewing" . In the next window, click on the button(see Fig. 6).
Rice. 6. Selecting a certificate store You must select a store "Personal" And

If none of the solutions below resolve the issue, you may key carrier was damaged and requires restoration (see). It is impossible to recover data from a damaged smart card or registry.

If there is a copy of the key container on another medium, then you must use it for work, having first installed the certificate.

Diskette

If you are using a floppy disk as the key container, you must complete the following steps:

1. Make sure that in the root of the floppy disk there is a folder containing the files: header, masks, masks2, name, primary, primary2. Files must have a .key extension and the folder name format must be xxxxxx.000.

the private key container has been corrupted or deleted

2. Make sure that the “Disk drive X” reader is configured in CryptoPro CSP (for CryptoPro CSP 3.6 - “All removable drives"), where X is the drive letter. To do this:

  • Select the “Start” menu > “Control Panel” > “CryptoPro CSP”;

?).

3. In the CryptoPro CSP window “Selecting a key container”, select the “Unique names” radio button.

4.

  • Select the “Start” menu > “Control Panel” > “CryptoPro CSP”;
  • Go to the “Service” tab and click on the “Remove remembered passwords” button;

5. How to copy a container with a certificate to another medium?).

Flash drive

If a flash drive is used as the key media, you must complete the following steps:

1. Make sure that in the root of the media there is a folder containing the files: header, masks, masks2, name, primary, primary2 . Files must have a .key extension and the folder name format must be as follows: xxxxxx.000 .

If any files are missing or their format is incorrect, then the private key container may have been damaged or deleted. It is also necessary to check whether it contains this folder with six files on other media.

2. Make sure that the “Disk drive X” reader is configured in CryptoPro CSP (for CryptoPro CSP 3.6 - “All removable drives”), where X is the drive letter. To do this:

  • Select the “Start” menu > “Control Panel” > “CryptoPro CSP”;
  • Go to the “Equipment” tab and click on the “Configure readers” button.

If the reader is missing, you need to add it (see How to configure readers in CryptoPro CSP?).

3.

4. Remove remembered passwords. For this:

  • Select the “Start” menu > “Control Panel” > “CryptoPro CSP”;
  • Select the “User” item and click the “OK” button.

5. Make a copy of the key container and use it for work (see How to copy a container with a certificate to another medium?).

6. If CryptoPro is installed at your workplace CSP versions 2.0 or 3.0, and Drive A (B) is present in the list of key media, then it must be removed. For this:

  • Select the “Start” menu > “Control Panel” > “CryptoPro CSP”;
  • Go to the “Equipment” tab and click on the “Configure readers;” button
  • Select the reader “Disk Drive A” or “Disk Drive B” and click on the “Delete” button.

After removing this reader, working with the floppy disk will be impossible.

Rutoken

If a Rutoken smart card is used as a key carrier, you must complete the following steps:

1. Make sure that the light on the rutoken is on. If the light does not light, then you should use the following recommendations.

2. Make sure that the “Rutoken” reader is configured in CryptoPro CSP (for CryptoPro CSP 3.6 - “All smart card readers”). To do this:

  • Select the “Start” menu > “Control Panel” > “CryptoPro CSP”;
  • Go to the “Equipment” tab and click on the “Configure readers” button.

If the reader is missing, you need to add it (see How to configure readers in CryptoPro CSP?).

3. In the “Select a key container” window, select the “Unique names” radio button.

4. Remove remembered passwords. For this:

  • Select the “Start” menu > “Control Panel” > “CryptoPro CSP” ;
  • Go to the “Service” tab and click on the “Remove remembered passwords” button;
  • Select the “User” item and click the “OK” button.

5. Update the support modules required for Rutoken to work. For this:

  • Disconnect the smart card from the computer;
  • Select the Start menu > Control Panel > Add or Remove Programs (for Windows Vista\ Seven "Start" > "Control Panel" > "Programs and Features");
  • Select “Rutoken Support Modules” from the list that opens and click on the “Delete” button.

After removing modules you need to restart your computer .

  • Download and install latest version support modules. The distribution is available for download on the Aktiv website.

After installing the modules, you must restart your computer.

6. You should increase the number of Rutoken containers displayed in CryptoPro CSP using the following instructions .

7. Update the Rutoken driver (see How to update the Rutoken driver?).

8. You should make sure that Rutoken contains key containers. To do this, you need to check the amount of free memory on the media by following these steps:

  • Open “Start” (“Settings”) > “Control Panel” > “Rutoken Control Panel” (if this item is missing, you should update the Rutoken driver).
  • In the “Rutoken Control Panel” window that opens, in the “Readers” item, select “Activ Co. ruToken 0 (1,2)" and click on the "Information" button.

If the rutoken is not visible in the “Readers” item or when you click on the “Information” button, the message “ruToken memory status has not changed” appears, then the media has been damaged, you need to contact the service center for an unscheduled key replacement.

  • Check what value is indicated in the line “Free memory (bytes)”.

As a key carrier in service centers root tokens with a memory capacity of about 30,000 bytes are issued. One container takes up about 4 KB. The amount of free memory of a rootken containing one container is about 26,000 bytes, two containers - 22,000 bytes, etc.

If the free memory of a root token is more than 29-30,000 bytes, then there are no key containers on it. Therefore, the certificate is contained on a different medium.

Registry

If the Registry reader is used as a key medium, you must perform the following steps:

1. Make sure that the “Register” reader is configured in CryptoPro CSP. For this:

  • Select the “Start” menu > “Control Panel” > “CryptoPro CSP”;
  • Go to the “Equipment” tab and click on the “Configure readers” button.

If the reader is missing, you need to add it (see How to configure readers in CryptoPro CSP?).

2. In the “Select a key container” window, select the “Unique names” radio button.

3. Remove remembered passwords. For this:

  • Select the “Start” menu > “Control Panel” > “CryptoPro CSP”;
  • Go to tab « Service" and click on the "Delete remembered passwords" button;
  • Select the “User” item and click the “OK” button.

Electronic document management is entering our lives more and more tightly.
Today, this issue concerns not only office employees of enterprises and individual entrepreneurs; working with electronic documents increasingly makes it easier for ordinary citizens to solve everyday problems in everyday life. Of course, with the increasing applicability of electronic documents, the distribution of electronic digital signature, abbreviated as EDS.
It is about increasing the convenience of working with digital signatures that we will discuss further, namely, we will consider how to add EDS key to the CryptoPro registry on the computer.

What is digital signature and private key certificate

Electronic digital signature used in many software products: 1C: Enterprise (and other programs for business or accounting), VLSI++ , Contour.Extern (and other solutions for working with accounting and tax reporting) and others. EDS has also found application in service individuals when resolving issues with government agencies.

EDS- this is a kind of guarantor in the world of electronic document management, similar to a regular signature and seals on paper

As with signing paper documents, the process of signing electronic media involves " editing"primary source.

Electronic digital signature of documents carried out by transformation electronic document using the owner's private key, this process is called document signing

To date private key certificates most often distributed either on regular USB flash drives or on special protected media with the same USB interface ( Rutoken , eToken and so on).
At the same time, every time there is a need to sign documents (or identify a user), we need to insert the media with the key into the computer, and then manipulate the certificate. Accordingly, after completing the work, we simply need to remove the media from the computer so that no one else can use our signature. This method is quite safe, but not always convenient.

If you use digital signature at home, then every time connect/disconnect token gets boring quickly. In addition, the carrier will occupy one USB port, which are not always enough to connect all the necessary peripherals.
If you use digital signature at work, it happens that the certification center issued only one key, and must sign documents different people . Carrying a container back and forth is also not convenient, and there are also cases when Several specialists work with a certificate at the same time.
In addition, both at home and, especially, at work, it happens that on one computer it is necessary to perform actions using immediately multiple digital signature keys.

It is in cases where the use of a physical certificate medium is inconvenient that you can register the digital signature key in the CryptoPro registry(more about the Windows Registry in general understanding You can read the corresponding article: Changing Windows registry settings) And use the certificate without connecting the media to the computer's USB port.

Adding a Registry reader to CryptoPro CSP

First of all, in order for our CryptoPro to be able to work with locally registered keys, we need to add the very version of such a reader.

In order to set the new media type in the CSP utility, run the program as an administrator with the right mouse button or from the menu of the utility itself on the General tab

Now go to the Hardware tab and click on the button Configure readers...
If there is no option in the window that opens Registry, then to display it here, click on the Add button...

  1. Click the Next button in the first window.
  2. From the list of readers from all manufacturers, select the option Registry and click Next again.
  3. Enter a custom reader name, you can leave the default name. Click Next.
  4. In the last window we see a notification that after completing the reader setup, it is recommended to restart the computer. Click the Finish button and reboot the machine yourself.

The first stage is completed. Registry reader added , as evidenced by the corresponding item in the window Reader management (We remind you that this window is called up along the path CryptoPro - Equipment - Configure readers...)

Copying the key to the CryptoPro CSP Registry

To register key container to local storage, connect the physical media with the key to the computer.

Now run the CryptoPro utility again, open the Service tab and click on the Copy button...
Next in the window Copy Private Key Container Wizards Click the Browse button (or According to the certificate...) and select our key media, confirming the selection with the OK button, then proceed to the next window with the Next button.

In the new window, set an arbitrary friendly name for the key container being created and click the Finish button. Then, to record the key, select the reader type we created earlier Registry, confirming your choice with the OK button.
After confirmation, we need to set a Password for the created key container; by default, most often, a password is used 12345678 , but for more safe work The password can be set more difficult. After entering the password, click on the OK button.

All, key container added to the CryptoPro Registry .

Installing a CryptoPro CSP private key certificate

To complete the setup of signing documents without connecting the key carrier to the computer, all we have to do is install private key certificate from the created media container.

To install a certificate in CryptoPro you need to do the following:

  1. In the CSP utility, on the Service tab, click on the button View certificates in container...
  2. In the window that opens, click on the Browse button, where we select the desired media using the name we specified, confirming the selection with the OK button. Click Next.
  3. In the final window, we check that the certificate has been selected correctly and confirm the decision with the Install button.

Now we have installed Private key certificate from local storage Registry .

Setting up CryptoPro is complete, but you should remember that many software products will also require re-register a new key in the system settings.
After these steps we can sign documents without connecting a key, be it Rutoken, eToken or some other physical medium.

Installing the certificate and private key

We will describe the installation of the certificate electronic signature and a private key for Windows operating systems. During the setup process we will need Administrator rights (so we may need a system administrator if you have one).

If you have not yet figured out what an Electronic Signature is, then please read Or if you have not yet received an electronic signature, contact the Certification Center, we recommend SKB-Kontur.

Well, suppose you already have an electronic signature (token or flash drive), but OpenSRO reports that your certificate is not installed, this situation may arise if you decide to configure your second or third computer (of course, the signature does not “grow” to only one computer and it can be used on multiple computers). Usually initial setup carried out with the help of technical support of the Certification Center, but let’s say this is not our case, so let’s go.

1. Make sure that CryptoPro CSP 4 is installed on your computer

To do this, go to the menu Start CRYPTO-PRO CryptoPro CSP run it and make sure that the program version is not lower than 4.

If it is not there, then download, install and restart the browser.

2. If you have a token (Rutoken for example)

Before the system can work with it, you will need to install the necessary driver.

  • Drivers Rutoken: https://www.rutoken.ru/support/download/drivers-for-windows/
  • Drivers eToken: https://www.aladdin-rd.ru/support/downloads/etoken
  • Drivers JaCarta: https://www.aladdin-rd.ru/support/downloads/jacarta

The algorithm is as follows: (1) Download; (2) Install.

3. If the private key is in the form of files

The private key can be in the form of 6 files: header.key, masks.key, masks2.key, name.key, primary.key, primary2.key

There is a subtlety here if these files are written to HDD your computer, then CryptoPro CSP will not be able to read them, so all actions must be performed by first writing them to a flash drive (removable media), and you need to place them in a first-level folder, for example: E:\Andrey\(files), if placed in E :\Andrey\ keys\(files), then it will not work.

(If you're not afraid command line, then the removable storage device can be emulated something like this: subst x: C:\tmp will appear new disk(X:), it will contain the contents of the C:\tmp folder, it will disappear after reboot. This method can be used if you plan to install keys in the registry)

We found the files, recorded them on a flash drive, and move on to the next step.

4. Installing a certificate from a private key

Now we need to get a certificate, we can do this as follows:

  1. Opening CryptoPro CSP
  2. Go to the tab Service
  3. Press the button View certificates in a container, press Review and here (if we did everything correctly in the previous steps) we will have our container. Press the button Further, information about the certificate will appear and then click the button Install(the program may ask whether to provide a link to the private key, answer “Yes”)
  4. After this, the certificate will be installed in the storage and it will be possible to sign documents (at the same time, at the time of signing the document, it will be necessary for the flash drive or token to be inserted into the computer)

5. Using an electronic signature without a token or flash drive (installation in the registry)

If speed and ease of use are a little higher for you than security, then you can set your private key to Windows registry. To do this you need to do a few simple steps:

  1. Perform the private key preparation described in steps (2) or (3)
  2. Next we open CryptoPro CSP
  3. Go to the tab Service
  4. Press the button Copy
  5. Using the button Review choose our key
  6. Press the button Further, then we’ll come up with some name, for example “Pupkin, LLC Romashka” and press the button Ready
  7. A window will appear in which you will be asked to select the media, select Registry, click OK
  8. The system will ask Set password for the container, come up with a password, click OK

Important Note: the OpenSRO portal will not “see” the certificate if its validity period has expired.

Similar articles
How to fix a SMART error on a hard drive or SSD. What does Smart status bad backup and replace mean?How to fix a SMART error on a hard drive or SSD. What does Smart status bad backup and replace mean? Download The Bat email client!Download The Bat email client! Operating time or how long does an iPhone charge?Operating time or how long does an iPhone charge? View, create, and edit diagrams in Visio for the web Read vsd filesView, create, and edit diagrams in Visio for the web Read vsd files