How to copy a digital signature to a computer. How to copy an electronic signature from the registry to a medium? How to copy a container with a certificate to another medium

My new post will be devoted to the Crypto Pro program, it seems to be nothing complicated, but all the time I have problems with this software, either because I have to deal with it once or twice a year or because the software is like that, but in general I decided to make a reminder for myself and for you.

Task: Provide access to the Kontur Extern program on two machines, OK, let's get started.

What we have: One already working key on the SD card.

What you will need: We need any SD card, USB flash drive You can also upload it to the registry or you can use the so-called RUtoken. I will install on RUtoken, and you can use any of the options.

Yes, just a small note, if you have a domain computer, it is better to do all this under the administrator account.

And so let's get started

Find the program in the start menu or control panel,

Let's launch the program.

Go to the tab Service and press the button Copy.

You will be required to enter a password of any 8 characters. Enter the password and press Further.

In the next window, we need to set the name of the container (I always use the one that is convenient for me; we have 2 organizations and I use the name-01 and 02 markings; you can also use the organization’s TIN for separation.) and then click the button Finish.

Here you will once again need to enter the password for the new container, make the same one and click OK.

In the next dialog box, you need to select the media where to copy our container, I select RUtoken and you need to select the media where you are going to install the container.

Once you have chosen, click the button Further. Then Finish.

That's basically it, the key has been copied. All that remains is to install it for a specific user.

There are two options here:

Option 1.

Go to CryptoPro again, open the service tab and click on the button View the certificates in the container.

In the dialog box that opens, open the container we need and click the button OK. then press the button Further.

In the next window, click the U button become, if it is not there, press button C troops.

In the window that opens, click the U button install a certificate. The certificate import wizard will open where you need to click Further.

In the window that opens, you need to leave everything as it is and click Further.

If the certificate is installed successfully you should see the following dialog box.

Option 2.

Installation via install menu personal certificate.

To install the certificate, we need the certificate file itself (a file with the extension .cer) it is located on the media where we copied it, in my case it is rutokin.

And so, open CryptoPro again and go to the tab Service and press the button Install a personal certificate.

In the window that opens, find this certificate by clicking on the button Review.

In the next dialog box, check the box next to Find container automatically, after which the program will automatically find the container you need. Then click the button Further.

Then a window may appear asking you to select the storage location for the certificate; you need to select Private and click the button OK.

Then a dialog box may appear where you need to click a button Yes.

Then wait for a message about successful installation.

Then you need to remove your device to which the container with keys refers and insert it back, after the device is found you can try.

If you have any questions because different versions CryptoPro may undergo various changes, so if you ask, leave your comments, I will always be happy to help you.

If a flash drive or floppy disk is used for work, copying can be performed using Windows(this method is suitable for versions CryptoPro CSP not lower than 3.0). The folder with the private key (and the certificate file, if any) must be placed in the root of the flash drive (floppy disk). It is recommended not to change the folder name when copying.

The private key folder should contain 6 files with the extension .key. Below is an example of the contents of such a folder.

Container copying can also be done using the CryptoPro CSP crypto provider. To do this you need to complete the following steps:

1. Select Start / Control Panel / CryptoPro CSP.

2. Go to the Tools tab and click on the Copy button. (see Fig. 1).

Rice. 1. “CryptoPro CSP Properties” window

3. In the window Copying a private key container press the button Review(see Fig. 2).

Rice. 2. Copying the private key container

4. Select a container from the list, click on the button OK, then Further.

Rice. 3. Key container name

6. In the “Insert and select media to store the private key container” window, you must select the media on which the new container will be placed (see Figure 4).

Rice. 4. Selecting a blank key media

7. You will be prompted to set a password for the new container. Setting a password is optional, you can leave the field blank and click on the button OK(see Fig. 5).

Rice. 5. Setting a password for the container

If copying to media Rutoken, the message will sound different (see Fig. 6)

Rice. 6. Pin code for container

Please note: if you lose your password/pin code, using the container will become impossible.

8. After copying is completed, the system will return to the tab Service in the window CryptoPro CSP. Copying is complete. If you plan to use a new one to work in the Kontur-Extern system key container, you need to install a personal certificate (see How to install a personal certificate?).

For bulk copying, download and run the Certfix utility.

In order to transfer the private key container ( key) and user certificate ( certificate) you will need:
- key floppy disk with key and certificate
- a computer with a floppy drive ( computer 1)
- a computer without a floppy drive ( computer 2), from which tax reporting will be sent
- regular flash drive ( flash drive)
- CryptoPro distribution kit of any version and reader Registry for him

First stage: preparing the computer and copying the key

Install the distribution CryptoPro on computer 1

Launch the snap-in CryptoPro CSP from Control panels.
Paste into computer 1 flash drive.

In the new window, click the "Add..." button



Check Drive?:, as shown in the pictures.


Click "Next >", "Finish" and "Ok".

Now insert the key floppy.

Go to the "Service" tab, click on the "Copy container" button.
In the new window, click the "Browse" button and specify "Drive A:" as the key container to be copied.


Now specify the name of the new key container and click "Finish", after which the program will ask you to specify a device for recording the key. In this case, this is our flash drive (Disk drive?). Select it and click "Ok", when prompted for a password, click "OK" again.


After this, you need to copy the certificate file (file with *.cer extension) from the floppy disk to a flash drive via Explorer or in any other way.

Stage two: preparing computer 2 and installing the key

Install the distribution CryptoPro on computer 2(skip this item if Crypto-Pro is already installed on it).

Launch the snap-in CryptoPro CSP from Control panels.
Paste into computer 2 flash drive.

Go to the "Hardware" tab, click the "Configure readers" button.

In the new window, click the "Add..." button, now "Next >", check Drive?:, as shown in the pictures.



The drive letter must match the letter assigned to the flash drive by the operating system.
Click "Next >", "Finish" and "Ok".

Now add the reader Registry in a similar way and through the "Service" tab, copy the private key container from Drive?: to the reader Registry(specify Drive?: as the source when copying, and Registry as the destination).

Copy from flash drive to computer 2 certificate.

In CryptoPro CSP, on the "Service" tab, click the "Install personal certificate" button, follow the instructions of the installation wizard. When selecting a key container, specify Registry.

Connect to the Internet and try using the Kontur-Extern system.

If the Kontur-Extern system is installed on your computer for the first time, be sure to download and run

Copying using Windows

If you use a floppy disk or flash drive for work, you can copy the container with the certificate using Windows (this method is suitable for versions of CryptoPro CSP no lower than 3.0). Place the folder with the private key (and, if there is one, the certificate file - the public key) in the root of the floppy disk / flash drive (if you do not place it in the root, then working with the certificate will be impossible). It is recommended not to change the folder name when copying.

The folder with the private key should contain 6 files with the extension .key. As a rule, the private key contains a public key (the header.key file in this case will weigh more than 1 KB). In this case, it is not necessary to copy the public key. An example of a private key is a folder with six files and a public key is a file with the .cer extension.

Private key Public key

Copy to Diagnostics profile

1. Go to the “Copying” Diagnostics profile using the link.

2. Insert the media to which you want to copy the certificate.

3. On the desired certificate, click on the “Copy” button.

If a password has been set for the container, the message “Enter the password for the device from which the certificate will be copied” will appear.

4. Select the media where you want to copy the certificate and click “Next”.

5. Give the new container a name and click on the “Next” button.

6. A message indicating that the certificate was successfully copied should appear.

Bulk copy

  1. Download and run the utility. Wait for the entire list of containers/certificates to load and select the required checkboxes.
  2. Select the Bulk Actions menu and click on the Copy Containers button.

3. Select the storage media for the container copy and click OK. When copying to the registry, you can check the box “Copy to the key container of the computer”, then after copying the container will be available to all users of this computer.


4. After copying, click the “Update” button at the bottom left.
If you want to work with copied containers, you need .

Copying using CryptoPro CSP

Select “Start” > “Control Panel” > “CryptoPro CSP”. Go to the “Service” tab and click on the “Copy” button.

In the Copy Private Key Container window, click on the Browse button .

Select the container you want to copy and click on the “Ok” button, then “Next”. If you are copying from a root token, an input window will appear in which you should enter a pin code. If you have not changed the pin code on the media, the standard pin code is 12345678.

Create and manually specify a name for the new container. Russian layout and spaces are allowed in the container name. Then click "Done".

In the Insert Blank Key Media window, select the media on which the new container will be placed.


You will be prompted to set a password for the new container. We recommend that you set a password that is easy for you to remember, but that others cannot guess or guess. If you do not want to set a password, you can leave the field blank and click OK.

Do not store your password/pin code in places where others have access. If you lose your password/pin code, using the container will become impossible.


If you copy the container to a ruToken smart card, the message will sound different. In the input window, enter your pin code. If you have not changed the pin code on the media, the standard pin code is 12345678.

After copying, the system will return to the “Service” tab of CryptoPro CSP. Copying is complete. If you plan to use a new key container to work in Externa, .

The most popular option for using digital signatures is this moment is a rutoken - this is a special flash drive on which it is written private key. The main difference between such a storage medium is that it contains a cryptoprocessor, with the help of which a public key is generated that is used to sign documents. How to use it electronic signature from a flash drive, what software is needed for this? Is a root token always necessary to sign the same documents?

On which flash drives can digital signatures be stored?

EDS can be recorded on the following flash drive options:

  1. Regular USB drive. This method Using an electronic signature is not recommended, since stealing the certificate will not be a problem. Nowadays, practically no certification center provides services for issuing digital signatures and recording them on a regular USB drive.
  2. USB drive with secure storage. In fact, this is the same regular drive, but its internal memory is divided into several sections. And access to one of them, where the digital signature is stored, is password protected. This is enough convenient option, but the protection is moderate; stealing a signature will not be a problem for an experienced fraudster.
  3. USB tokens with a crypto processor. They are often called “Rutoken 1.0”. Their main drawback is that when installing a certificate into the system, it is the private key that is used, which can subsequently be stolen from the hard drive.
  4. USB tokens with digital signature generation function. Currently, this is the most advanced option for storing an electronic signature. They are often referred to as “Rutoken 2.0”. They have everything benefits of USB tokens with cryptoprocessors, but at the same time they are able to generate public keys “on the fly”, which are subsequently installed on the computer. In this case, it will not be possible to steal the certificate, since access to internal memory limited by hardware (data from a flash drive is accessible only to the cryptoprocessor), and is also protected by a secret key.

And when they now talk about flash drives on which digital signatures are stored, 95% of them mean USB tokens with the function of generating an open signature.

These are the ones that are now issued in all certification centers that offer an enhanced qualified signature.

How USB tokens work

  1. To understand how documents are signed, you need to understand the digital signature technology itself. So, The private key is recorded on the Rutoken , accessed through secret code
  2. – it is available only to the owner of the digital signature. Using specialized software (for example, CryptoPro CSP) public key is generated
  3. – a copy of it is also stored in the certification center (in case of disputes regarding the authenticity of the certificate). When placing a signature on an electronic document, a small piece of information is added to the end of the file - open certificate data (can also be added as separate file

). And when installing a certificate on a computer, a public key is generated (this is done through CryptoPro CSP).

How to work with a USB token

Expert opinion

Alexandra Stepanova

Digital signature selection consultant How to use an EDS key on a flash drive? All operations are performed through a crypto provider, that is, special software that checks the relevance of the electronic signature used via the Internet. The only accredited program in the territory Russian Federation

– this is CryptoPro CSP (currently it is allowed to use version 3.0 or higher). is a special plugin for browsers. With the help of this program, for example, access is provided to the electronic trading system (where government tenders are presented on accredited platforms).

The recommended operating system for working with digital signatures is Windows, edition 7 or older. To work with electronic documents should be used Microsoft Office version 2007 or older (works in version 2003, but with certain limitations in functionality). As for the browser, the CryptoARM plugin works with all current web browsers, but experts recommend using Google Chrome latest version or Internet Explorer versions 9.0 or older.

Installing a certificate on your computer

Rutoken is a physical device that cannot be damaged mechanically. If you use a flash drive every time you need to sign a document, the likelihood of its failure increases. There is an alternative to this - installing an open certificate in operating system. After this, you can sign the document without a root token.

So, to install a digital signature on a computer you need to:

  • install CryptoPro CSP current version;
  • run the program, go to the “Service” tab, click on “View certificates in the container”;
  • at the bottom of the window, select the certificate provider (CryptoPro);
  • insert the token into the USB port;
  • select “Find certificate automatically”;
  • Follow the instructions on the screen (you will need to enter a secret key).

After installing the certificate on the system, it is strongly recommended to restart the operating system for all changes to take effect. Afterwards, a new, just installed key will appear in the “View certificates in container” list.

Using a certificate from a drive

If in the future you do not plan to use a PC for periodic use of digital signatures, then you can sign a document without installing a certificate in the system. But you will still need the current version of CryptoPro CSP (3.0 or older).

How to use an electronic signature from a flash drive? If you just need to sign digital document, then this is done as follows:

  • select “File”, then “Document Protection”, click on “Add” digital signature»;
  • then select the required certificate in the dialog box (indicate Rutoken as the source at the bottom);
  • complete encryption and save the signed document on your hard drive.

It must be taken into account that for correct operation CryptoPro CSP in combination with Microsoft Office must have the CryptoPro Office Signature plugin installed on the system (you can download it on the CryptoPro website for free).

There is no need to install the public key in the OS - it will be generated automatically by the CryptoPro program, after use the certificate is deleted, and a copy of it is not saved on the hard drive. In the same way, you can sign XML or PDF files from a flash drive (in the latter case, you will need a pre-installed Adobe Reader current version).

Using digital signature for trading

To work with digital signatures in a browser window, you need to install the CryptoARM plugin. It comes as separate program(when installed, the plugin is integrated into all compatible web browsers installed in the OS) and as a plugin for a specific browser. After installing CryptoARM, you must restart your browser!

In electronic trading, digital signature is required to confirm applications for participation in auctions or to submit a request for bidding. Here everything happens automatically - the site independently turns to CryptoARM when it needs to verify a user request using an electronic signature. Next, the CryptoPro dialog box appears (the browser may prompt you to launch third-party software), where you should select the root token inserted into the USB as the signature source. Further generation of the public certificate and identification of the individual is performed automatically.

In a similar way, you can work with digital signatures on a flash drive and on other sites that use identification or login to the portal through electronic signature verification. These, for example, include sites from the list of State Services, the Federal Tax Service portal for submitting financial statements in electronic form.

So, how to use digital signature from a flash drive? All that is required for this is an installed and activated version CryptoPro CSP versions 3 and older, as well as plugins for Microsoft Office or browsers (depending on the purpose for which the root token is used). However, it is still recommended to install the certificate in the OS so that you do not have to use a USB token every time. But even if it is disabled, it can be replaced through a certification center (in this case, a new digital signature is issued, the old one is canceled.



2024 wisemotors.ru. How it works. Iron. Mining. Cryptocurrency.