Installing certificates in cryptopro from flash drives. How to copy an electronic signature from the registry to a medium? How to open a USB flash drive with an electronic signature

If the electronic signature was issued in the register of the PC, then you can copy it to the medium according to the following instructions.

Step 1. Open CryptoPro and go to the "Service" tab, then click on the "Copy" button as shown in the instructions.

Step 2. In the window that appears, click the "Browse" button in order to select the electronic signature container you need to copy.

Step 3. In the list of existing containers that appears, select the container you need, which you need to copy to the media and click the "OK" button.

Step 4. Confirm the action by clicking the "Next" button in the window that appears

Step 5. In the window that appears, specify the name of the new container that will be created on the media. The name in the field is filled in automatically, so you can simply leave it alone. Click the Finish button.

Step 6. The media selection window will appear. Select the required medium from the list to which you want to copy the electronic signature. In order to understand which media to choose from the list, look at the field "Inserted media": it will either say "There is no media", which means you have selected a non-existent media, or a media name similar to the name in the screenshot will appear. Select and click OK.

Step 7. After you select the medium, a window for entering the pin code for the new electronic signature container will appear. We recommend entering the standard pin-code "12345678", because customers often forget or lose their PIN codes, after which the electronic signature has to be reissued. You can ask your (different) PIN code if you are sure that you will not lose it. After entering the pin code, click the "OK" button.

Ready. Now the electronic signature container is copied to the selected medium and you can use it.

If there is no desire to understand these details, we will help. You can even call our engineer to your office.

A copy of the EPC will be useful for:

guarantees of signature safety
usability

Some certification authorities provide the service - backup.

Copying of an electronic signature from a secure medium is performed using the CryptoPRO CSP program.

A copy of the EDS is made on a secure medium, such as Rutoken / Etoken. A regular USB stick will not work.

Copy from CryptoPro CSP

First of all, download and install the CryptoPRO CSP program from the licensed site. Insert the EDS carrier into the computer. Start earlier installed program... Open the section - Service → “Copy”.

In the window that appears, select Browse. Select the medium you want to copy → “Ok“ → “Next”. In the line for entering the pin code, insert the pin code from your ES carrier

Give a name to the new container using Russian layout and spaces. Click → “Finish”.

In the line - "Insert blank key media", specify empty media. The program will prompt you to set a password. This action is optional. Click → “Ok”. It should be noted that if you lose your PIN, you will not be able to use the container. When registering electronic signature on Rutoken, use the pin-code issued by the certification center.

Upon completion of the operation, the window will close. A new container will appear on the carrier, which will be a copy of the EDS.

If you encounter problems while creating a duplicate yourself, you can contact our CA. Our managers will be happy to answer your questions. Contact us!

head of the VLSI group

Often people who use electronic digital signatures, you need to copy the CryptoPro certificate to a USB flash drive. In this lesson, we will look at various options for performing this procedure.

By and large, the procedure for copying a certificate to a USB drive can be organized in two groups of ways: using internal tools operating system and using the program functions CryptoPro CSP... Next, we'll take a closer look at both options.

Method 1: CryptoPro CSP

First of all, we will consider a copy method using the CryptoPro CSP application itself. All actions will be described using the example of the Windows 7 operating system, but in general the presented algorithm can be used for other operating systems of the Windows family.

The main condition under which a container with a key can be copied is the need for it to be marked as exported when created on the CryptoPro website. Otherwise, the transfer will fail.

Before starting the manipulations, connect the USB flash drive to the computer and go to "Control Panel" systems.

Open the section "System and safety".

In the specified directory, find the item "CryptoPro CSP" and click on it.

A small window will open where you want to move to the section "Service".

Then press the button "Copy ...".

The window for copying the container will be displayed, where you need to click on the button "Overview…".

The container selection window will open. Highlight the name of the one from the list, the certificate from which you want to copy to the USB-drive, and press "OK".

Then the authentication window will be displayed, where in the field "Enter password" it is required to enter a key expression with which the selected container is password protected. After filling in the specified field, click "OK".

After that, there is a return to the main window for copying the container of the private key. Note that in the key container name field, the expression will automatically be added to the original name "- Copy"... But if you wish, you can change the name to any other, although this is not necessary. Then click on the button "Ready".

Next, a window for selecting a new key medium will open. In the list provided, select the drive with the letter corresponding to the desired flash drive. After that press "OK".

In the displayed authentication window, you will need to enter the same arbitrary password for the container twice. It can either match the key expression of the source, or be completely new. There are no restrictions on this. After entering press "OK".

After that, an information window will be displayed with a message that the container with the key has been successfully copied to the selected medium, that is, in this case, to the USB flash drive.

Method 2: Windows Tools

You can also transfer the CryptoPro certificate to a USB flash drive only by means of the operating room Windows systems by simply copying through "Conductor"... This method is only suitable when the header.key file contains a public certificate. Moreover, as a rule, its weight is at least 1 Kb.

As in the previous method, descriptions will be given on the example of actions in the operating room. Windows system 7, but in general they are suitable for other operating systems in this line.

At first glance, transferring a CryptoPro certificate to a USB flash drive using operating system tools is much easier and more intuitive than actions through CryptoPro CSP. But it should be noted that this method is only suitable when copying a public certificate. Otherwise, you will have to use the program for this purpose.

As a rule, the digital signature is recorded on a USB-stick. However, if you need to install an EDS from a USB flash drive to a computer, that is, copy the EDS to a computer, find out in this article how to quickly and easily do this.

Copy EDS to computer

Of course, it is not always convenient to carry a USB flash drive with you all the time. It can either become unusable, or it simply may not be at hand at the right time. In this case, a method will come to the rescue, in which we copy the EDS certificate to the computer itself, which later will make it possible to do without a USB drive.

To copy EDS to computer please follow further instructions:

Insert the USB-drive with EDS into the computer and run the program CryptoPro CSP, go to the tab Service and press Copy ....

In the window that opens, select the key container, for this click the button Overview.

In the list of key user containers that opens, select a container and click OK.

After selecting a container, its name will appear in the line Key container name... In the next window, just click Further.

In the next step, you need to specify information about the new container, for which enter Certificate name (come up with any name for the key certificate). Then press the button Ready.

For a newly created container, it is possible to set New Password... If you want to set a password, enter it twice in the appropriate fields. If you do not plan to use a password, leave the fields blank and click OK.

So, we have selected an object for copying, indicated the storage location of the certificate. Now you need to install this certificate.

In the tab Service click View certificates in a container ...

By pressing the button Overview, in the window that opens, if you paid attention, another key container appeared. Select the newly created container and click OK.

After selecting a new container, click Further.

In the window that opens, the certificate for viewing will be indicated. Click on Install.

As a result, after the actions you have taken, a message will appear about the successful installation of the certificate. Click on OK.

Ready. EDS is installed on the computer.

Can be used when it comes to reinforced unqualified signatures.

Views EDS with the highest degree of protection are recorded exclusively on dedicated USB devices. Their release is provided in all valid points of the certificate.

Consider the options for flash drives that are most often used for storage means of cryptographic protection of information:

Unprotected USB flash drive. Unsuitable for storage confidential information due to open access to it by third parties.
USB flash drive with built-in encryption function. The device restricts, but does not completely prevent, unauthorized access to keys. The danger arises at the time of transfer EDS to the computer when signing the document.
(token) with a built-in crypto processor. More suitable option for storage EDS... Contains two levels of information protection that are used at the time of recording EDS and referring to it during the signing process. Signature recorded on such a storage medium cannot be illegally altered, but the likelihood of its theft at the time of transfer to the computer software remains.
USB device with embedded shaping EDS... This type flash drives is a kind of minicomputer - the document to be signed is submitted to the "input" of the device and is signed already inside it. Such a token is maximally protected from unauthorized access, since signature is not extracted from it. loading signatures no external devices are required to use it.

How to write an EDS to a USB flash drive from another storage medium? Take advantage of the opportunities special program CryptoPRO CSP.

Here's a quick guide to rewriting a certificate:

A clean USB stick for EDS and carrier signatures.
The CryptoPRO CSP program is launched.
In the opened menu of the program, select the "Service" tab, then press the button " Copy».
The path to the certificate is specified EDS in the "Overview" tab of the menu, the selection is confirmed by pressing the "OK" button.
If the system asks for a password, you must enter it. By default, the number sequence is 12345678.
Assigned a name to the new copy signatures and pressing the "Finish" button completes the preparation for copying.
In the dialog box that opens, a new flash drive is selected and after clicking the "OK" button, the password for the copy is entered EDS... You can keep the old password to avoid confusion with access codes or choose a new combination of characters.

How to transfer an EDS from a USB flash drive to a USB flash drive? By simply copying the certificate folder and pasting it onto a new medium. Take precautions when carrying EDS to a new device!

Using a USB flash drive as an electronic key

The key is the most accessible method of protecting your computer from unauthorized access. A USB device is the modern equivalent of a dongle. How to make electronic key from a flash drive?

One of the ways is to use the PAM module, the task of which is to test each inserted into the computer. flash drives for the correspondence of the information put into the system and, depending on the result of the check, open the entrance to the system or block it.

Electronic key flash drive works as follows: every successful login to the system, the information stored in its backup part is overwritten.

The next time you try to log in, the system will compare the credentials flash drives- her serial number, brand, manufacturer, and data from the backup USB device.

The module is configured as follows:

The libpam_usb.so library and the utilities necessary to control the module are installed.
A USB flash drive is inserted into the USB port - a future key. With the help of a special command, the module collects all information about flash drive and recording service information on it for subsequent identification of the user.
Enter the command attaching the name flash drives to a specific account.
The system starts checking the correctness of the data entered into the system.
The pam_usb module is given the right to manage the system until the key is used. In case of failure to find a suitable flash drives, the system may ask you to enter a username and password, or, according to the settings, block the entrance to it.

Usage flash drives as a key, it does not provide for the placement of logins and passwords on it, means of cryptographic protection of information.

Select EDS

Such a key, besides convenience storage provides the user with the following benefits:

No need to memorize a large amount of information.
Possibility to use flash drives as a means storage information.
Providing fast login.
Console auto-protection. When removed from the USB port flash drives work on the computer is automatically blocked.