home-Good to know-How to copy cer file. Copying a flash drive with private keys

How to copy cer file. Copying a flash drive with private keys

To copy a key container:

If the required media is not available:

Important! To use the generated key media, reinstall the certificate from the copied container:

  • Open the “Start” menu - “Control Panel” - “CryptoPro CSP” - “Tools” - “View certificates in the container”.
  • Click "Browse", select the desired container, click "Ok" and "Next".
  • Click Install.
  • When asked about replacing the certificate, please answer in the affirmative.
  • Click "Finish" and "Ok".

The installed certificate is now bound to the container from which it was installed.

Video instructions for creating a copy of a key container.

taxcom.ru

How to copy digital signature to a flash drive

Copying an electronic signature from Rutoken or other media to a USB flash drive may be necessary to ensure the safety of the signature, for ease of use, or to transfer a copy to an authorized person.

Copying digital signatures from protected media is carried out using the CryptoPRO CSP program (current version 3.9).

We will need:

Copying digital signature from Rutoken to a flash drive

1. We insert into the computer at the same time a medium with an electronic signature (Rutoken) and a flash drive.

2. Launch the CryptoPRO CSP program. (all pictures in the instructions are clickable)

3. Open the Service tab

4. Click the Copy button...

5. In the window that opens, click the Browse... button.

6. In the window that opens, click on our certificate (digital signature key)

9. Enter the name of the new copy of the digital signature, for example - myetsp(copy)

10. Click Finish

11. In the window that opens, click on our flash drive

12. Click OK

13. Enter a new password for the copy, for example the same 12345678 in both lines

14. Click OK

After which the window will close, and a folder with a name similar to myetspoc.000 should appear on the flash drive - this is a copy of our digital signature. Now this file can be copied to an unlimited number of media or transmitted, if necessary, by email.

Be careful and attentive, an electronic digital signature is an analogue of your handwritten signature and seal!

You can set up a workplace for working with digital signatures on trading platforms for free in automatic mode. More details at the link: automatic digital signature setup

good-tender.ru

How to copy certificates in the CryptoPro program

My new post will be devoted to the Crypto Pro program, it seems to be nothing complicated, but all the time I have problems with this software, either because I have to deal with it once or twice a year or because the software is like that, but in general I decided to make a reminder for myself and for you.

Task: Provide access to the Kontur Extern program on two machines, OK, let's get started.

What we have: One already working key on the SD card.

What you need: We need any SD card, a USB flash drive can also be uploaded to the registry, or you can use the so-called RUtoken. I will install on RUtoken, and you can use any of the options.

Yes, just a small note, if you have a domain computer, it is better to do all this under the administrator account.

And so let's get started

Find the program in the start menu or control panel,

Let's launch the program.

Go to the Tools tab and click on the Copy button.

Next, click the Browse button and select the key we need to copy; I have it in the Description format. Select it and click Next.

You will be required to enter a password of any 8 characters. Enter the password and click Next.

In the next window, we need to set the name of the container (I always use the one that is convenient for me; we have 2 organizations and I use the name-01 and 02 markings; you can also use the organization’s TIN for separation.) and then click the Finish button.

Here you will once again need to enter the password for the new container, make the same one and click OK.

In the next dialog box, you need to select the media where to copy our container, I select RUtoken and you need to select the media where you are going to install the container.

That's basically it, the key has been copied. All that remains is to install it for a specific user.

There are two options here:

Option 1.

Go to CryptoPro again, open the service tab and click on the View certificates in the container button.

In the dialog box that opens, open the container we need and click OK. then click the Next button.

In the next window, click the Install button; if it is not there, click the Properties button.

In the window that opens, click the Install certificate button. The Certificate Import Wizard will open where you need to click Next.

In the window that opens, you need to leave everything as is and click Next.

If the certificate is installed successfully you should see the following dialog box.

Option 2.

Installation via the menu install a personal certificate.

To install the certificate, we need the certificate file itself (a file with the extension .cer) it is located on the media where we copied it, in my case it is rutokin.

And so, open CryptoPro again, go to the Service tab and click the Install personal certificate button.

In the window that opens, find this certificate by clicking on the Browse button.

In the next dialog box, check the box next to Find container automatically, after which the program will automatically find the container you need. Then click Next.

Then a window may appear asking you to select the storage location for the certificate; you need to select Personal and click OK.

Then a dialog box may appear where you need to click Yes.

Then wait for a message about successful installation.

Then you need to remove your device to which the container with keys refers and insert it back, after the device is found you can try.

If you have any questions because there may be various changes in different versions of CryptoPro, please leave your comments, I will always be happy to help you.

nn-lab.ru

How to copy a certificate to CryptoPro CSP - Programs and Applications

Programs and applications

Sometimes situations arise when you need to install a certificate with a key on another computer or make a backup copy of it. When working with USB flash drives, you can make a working copy of the private key using available Windows tools, the main condition is that you have CryptoPro CSP 3.0 installed.

Next, you need to follow the proposed instructions step by step, but it is worth remembering that a copy can only be made through a cryptographic information protection tool (cryptographic information protection tool), otherwise, for example, if you copy through Explorer, you will not be able to run the key on another computer.

Instructions for copying a certificate via CryptoPro CSP

1. Click on the CryptoPro CSP 3.0 shortcut or open it through Start – Control Panel.

2. In the system window, go to the “Equipment” tab and configure readers by selecting from the list of installed readers, then “Add”. Use “All removable drives” and “Registry” if they were not in the list.

4. In the next window that opens, run the “Browse” command in order to enter a name in the empty field. When choosing a name, first confirm the operation, and then click on the “Next” button. In some cases, when working with a root token, you may need to enter a password (PIN code) - enter the sequence 12345678.

5. Create a name for the container where the data is copied. The keyboard layout can be either Russian or Latin. Spaces are also allowed in the name. After defining the name, click "Done".

6. The system will then ask you to insert a blank key media onto which the container will be copied. Do this and click “OK”.

7. You can set a password for the created copy - this is an optional step, so you can simply click “OK” and leave the field empty. If the copy is made to a root token, then again you need to enter the standard security combination - 12345678.

The copying process will be completed when the system returns to the “Service” tab on the screen.

tdblog.ru

How to copy a private key container in CryptoPro?

Copying the private key container is a mandatory action when reinstalling the SBS on another computer. You can also copy the certificate if you want to create a spare digital signature key.

Copying a private key container to a flash drive, floppy disk or token is a rather complex process; in order to avoid errors, it is important to strictly follow our instructions.

CryptoPro: certificate copying

Step 1. Opening the CryptoPro program

To open the program follow this path:

Click the Start menu, then go to Programs ⇒ CryptoPro ⇒ CryptoPro CSP and turn on the Tools tab.

In the open Tools window, click the Copy container button.

Step 2: Copy the private key container

After clicking the Copy Container button, the system will display the Copy Private Key Container window.

In the open window, you must fill in the Key container name field.

Step 3. Entering the key container

There are 3 ways to fill in the Key Container Name field:

    Manual input

    Select from the list by clicking the Browse button

    Search by digital signature certificate

In addition to filling out the Key Container Name field, you must fill in the remaining search options:

  • The entered name specifies the key container - the switch is set to User or Computer, depending on which storage the container is located in;
  • Select CSP to search for key containers - the required crypto provider (CSP) is selected from the list provided.

Once all fields are completed, click Next.

If a password is set for access to the private key, the system will ask you to enter it. Enter your password and click OK.

Step 4. Entering a new key container

The system will again display the Copy Private Key Container window, in which you must enter the name of the new key container and select the Entered name radio button sets the key container to the User or Computer position, depending on the storage in which you want to place the copied container.

Click on image to enlarge

After entering, click Finish.

Step 5: Select media for the copied container

A window will appear on your screen in which you need to select the media for the copied container.

The most popular option for using digital signatures at the moment is a root token - this is a special flash drive on which the private key is written. The main difference between such a storage medium is that it contains a cryptoprocessor, with the help of which a public key is generated that is used to sign documents. How to use an electronic signature from a flash drive, what software will you need for this? Is a root token always necessary to sign the same documents?

On which flash drives can digital signatures be stored?

EDS can be recorded on the following flash drive options:

  1. Regular USB drive. This method of using an electronic signature is not recommended, since stealing the certificate will not be a problem. Nowadays, practically no certification center provides services for issuing digital signatures and recording them on a regular USB drive.
  2. USB drive with secure storage. In fact, this is the same regular drive, but its internal memory is divided into several sections. And access to one of them, where the digital signature is stored, is password protected. This is a fairly convenient option, but the protection is moderate; stealing a signature will not be a problem for an experienced fraudster.
  3. USB tokens with a crypto processor. They are often called “Rutoken 1.0”. Their main drawback is that when installing a certificate into the system, it is the private key that is used, which can subsequently be stolen from the hard drive.
  4. USB tokens with digital signature generation function. Currently, this is the most advanced option for storing an electronic signature. They are often referred to as “Rutoken 2.0”. They have all the advantages of USB tokens with cryptoprocessors, but at the same time they are able to generate public keys “on the fly”, which are subsequently installed on the computer. In this case, it will not be possible to steal the certificate, since access to the internal memory is limited by hardware (data from the flash drive is accessible only to the cryptoprocessor) and is also protected by a secret key.

And when they now talk about flash drives on which digital signatures are stored, 95% of them mean USB tokens with the function of generating an open signature. These are the ones that are now issued in all certification centers that offer an enhanced qualified signature.

How USB tokens work

To understand how documents are signed, you need to understand the digital signature technology itself.

  1. So, The private key is recorded on the Rutoken, access to which is provided through a secret code - it is available only to the owner of the digital signature.
  2. Using specialized software (for example, CryptoPro CSP) public key is generated– a copy of it is also stored in the certification center (in case of disputes regarding the authenticity of the certificate).
  3. When placing a signature on an electronic document, a small piece of information is added to the end of the file - open certificate data (can also be added as a separate file). And when installing a certificate on a computer, a public key is generated (this is done through CryptoPro CSP).

How to work with a USB token

Expert opinion

Alexandra Stepanova

Digital signature selection consultant

How to use an EDS key on a flash drive? All operations are performed through a crypto provider, that is, special software that checks the relevance of the electronic signature used via the Internet. The only program accredited for this in the Russian Federation is CryptoPro CSP (currently it is allowed to use version 3.0 or higher).

Some operations with electronic signature are also performed through CryptoARM is a special plugin for browsers. With the help of this program, for example, access is provided to the electronic trading system (where government tenders are presented on accredited platforms).

The recommended operating system for working with digital signatures is Windows, edition 7 or older. To work with electronic documents, you should use Microsoft Office version 2007 or older (it also works in version 2003, but with certain limitations in functionality). As for the browser, the CryptoARM plugin works with all current web browsers, but experts recommend using the latest version of Google Chrome or Internet Explorer version 9.0 or older.

Installing a certificate on your computer

Rutoken is a physical device that cannot be damaged mechanically. If you use a flash drive every time you need to sign a document, the likelihood of its failure increases. There is an alternative to this - installing an open certificate in the operating system. After this, you can sign the document without a root token.

So, to install a digital signature on a computer you need to:

  • install the current version of CryptoPro CSP;
  • run the program, go to the “Service” tab, click on “View certificates in the container”;
  • at the bottom of the window, select the certificate provider (CryptoPro);
  • insert the token into the USB port;
  • select “Find certificate automatically”;
  • Follow the instructions on the screen (you will need to enter a secret key).

After installing the certificate on the system, it is strongly recommended to restart the operating system for all changes to take effect. Afterwards, a new, just installed key will appear in the “View certificates in container” list.

Using a certificate from a drive

If in the future you do not plan to use a PC for periodic use of digital signatures, then you can sign a document without installing a certificate in the system. But you will still need the current version of CryptoPro CSP (3.0 or older).

How to use an electronic signature from a flash drive? If you just need to sign a digital document, then this is done as follows:

  • select “File”, then “Document Protection”, click on “Add Digital Signature”;
  • then select the required certificate in the dialog box (indicate Rutoken as the source at the bottom);
  • complete encryption and save the signed document on your hard drive.

Please note that for CryptoPro CSP to work correctly in combination with Microsoft Office, the CryptoPro Office Signature plugin must be installed in the system (you can download it on the CryptoPro website for free).

There is no need to install the public key in the OS - it will be generated automatically by the CryptoPro program, after use the certificate is deleted, and a copy of it is not saved on the hard drive. In the same way, you can sign XML or PDF files from a flash drive (in the latter case, you will need a pre-installed Adobe Reader of the current version).

Using digital signature for trading

To work with digital signatures in a browser window, you need to install the CryptoARM plugin. It is supplied as a separate program (when installed, the plugin is integrated into all compatible web browsers installed in the OS) and as a plugin for a specific browser. After installing CryptoARM, you must restart your browser!

In electronic trading, digital signature is required to confirm applications for participation in auctions or to submit a request for bidding. Here everything happens automatically - the site independently turns to CryptoARM when it needs to verify a user request using an electronic signature. Next, the CryptoPro dialog box appears (the browser may prompt you to launch third-party software), where you should select the root token inserted into the USB as the signature source. Further generation of the public certificate and identification of the individual is performed automatically.

In a similar way, you can work with digital signatures on a flash drive and on other sites that use identification or login to the portal through electronic signature verification. These, for example, include sites from the list of State Services, the Federal Tax Service portal for submitting financial statements in electronic form.

So, how to use digital signature from a flash drive? All that is required for this is an installed and activated version of CryptoPro CSP version 3 and older, as well as plugins for Microsoft Office or browsers (depending on the purpose for which the root token is used). However, it is still recommended to install the certificate in the OS so that you do not have to use a USB token every time. But even if it is disabled, it can be replaced through a certification center (in this case, a new digital signature is issued, the old one is canceled.

If a flash drive or floppy disk is used for work, copying can be done using Windows (this method is suitable for versions of CryptoPro CSP no lower than 3.0). The folder with the private key (and the certificate file, if any) must be placed in the root of the flash drive (floppy disk). It is recommended not to change the folder name when copying.

The private key folder should contain 6 files with the extension .key. Below is an example of the contents of such a folder.

Container copying can also be done using the CryptoPro CSP crypto provider. To do this you need to follow these steps:

1. Select Start / Control Panel / CryptoPro CSP.

2. Go to the Tools tab and click on the Copy button. (see Fig. 1).

Rice. 1. “CryptoPro CSP Properties” window

3. In the window Copying a private key container press the button Review(see Fig. 2).

Rice. 2. Copying the private key container

4. Select a container from the list, click on the button OK, then Further.

Rice. 3. Key container name

6. In the “Insert and select media to store the private key container” window, you must select the media on which the new container will be placed (see Figure 4).

Rice. 4. Selecting a blank key media

7. You will be prompted to set a password for the new container. Setting a password is optional, you can leave the field blank and click on the button OK(see Fig. 5).

Rice. 5. Setting a password for the container

If copying to media Rutoken, the message will sound different (see Fig. 6)

Rice. 6. Pin code for container

Please note: if you lose your password/pin code, using the container will become impossible.

8. After copying is completed, the system will return to the tab Service in the window CryptoPro CSP. Copying is complete. If you plan to use a new key container to work in the Kontur-Extern system, you must install a personal certificate (see How to install a personal certificate?).

For bulk copying, download and run the Certfix utility.


A copy of the EPC will be useful for:

  • signature security guarantees
  • ease of use

Some certification authorities provide a backup service.

Copying an electronic signature from a secure medium is carried out using the CryptoPRO CSP program.

A copy of the digital signature is made onto a secure medium, such as Rutoken/Etoken. A regular USB flash drive will not work.

Copying from CryptoPro CSP

First of all, download and install the CryptoPRO CSP program from the licensed website. Insert the digital signature media into the computer. Launch the previously installed program. Open the section - Tools → “Copy”.

In the window that appears, select - Review. Select the media you plan to copy → “Ok” → “Next”. In the PIN code entry line, insert the PIN code from your digital signature carrier

Give the new container a name using the Russian layout and spaces. Click → “Done”.

In the line - “Insert a blank key media”, indicate an empty key media. The program will prompt you to set a password. This action is optional. Click → “Ok”. It is worth noting that if you lose your PIN code, you will not be able to use the container. When recording an electronic signature on Rutoken, use the PIN code issued by the certification center.

When the operation is completed, the window will close. A new container will appear on the media, which will be a copy of the digital signature.

If problems arise when creating a duplicate yourself, you can contact our CA. Our managers will be happy to answer your questions. Contact us!

To perform any actions on the digital signature, copy the digital signature, delete or install it, you need the CryptoPro program installed on your computer.

  1. In order to copy the digital signature, you need to go to Start-All Programs-CryptoPro and run the CryptoPro CSP file.
  2. Next, go to the Service tab.

  1. Click on the “Browse” button.

  1. Select the required container and click “OK”.

Note:

In the image above, you can see the presence of two columns: On the left is the “Reader” column and on the right is the “Container Name” column. This information will help you decide which digital signature to copy.

The inscription “Register” in the reader column means that the digital signature is on the computer. Otherwise, the digital signature is located on some medium (flash drive, floppy disk or secure media). In the case shown in the image, there are three digital signatures recorded on the computer and one signature recorded on Rutoken.

You can understand which certificate you need to copy by looking at the “Container Name”. The “container name” is made up of the serial number, the date of issue of the certificate and the name of the organization.

In the case we are considering, we choose the digital signature located on the protected Rutoken media.

  1. Select and copy the container name, click “next”.

  1. Paste the container name copied in step 5 into the “Key container name” field, add any few characters or spaces and click the “Finish” button.

  1. Next, we need to select the location where we want to copy the digital signature. This could be a computer, flash drive or secure media. And click ok.

Note:

In the case we are considering, we copy the digital signature to a flash drive by selecting its name in the list of devices. If you need to copy your digital signature to your computer, you should select “Register” from the list of devices.

  1. Next, the system will ask you to create a password for the container. If you do not want to create a password, then leave the fields blank, as shown in the image. And just click “OK”.

This completes the digital signature copying.

Related publications: