My new post will be devoted to the Crypto Pro program, nothing seems to be complicated, but all the time there are troubles with this software, either because you have to deal with it once or twice a year, or such software, but in general I decided to make a memo for myself and for you.
Task: Provide access to the Kontur Extern program on two machines, well, OK, let's get started.
What we have: One already working key on the SD card.
What you need: We need any media SD card, a USB flash drive can also be uploaded to the registry, or you can use the so-called RUtoken. I will install on RUtoken, but you can use any of the options.
Yes, one more little remark, if you have a domain computer, then it is better to do all this under an administrator account.
And so let's get started
We find the program in the start menu or control panel,
We launch the program.
Go to the tab Service and click on the button Copy.
You will need to enter a password of any 8 characters. We enter the password and press Further.
In the next window, we need to set the name of the container, (I always use the 2 organizations convenient for me and I use the labeling name-01 and 02, you can also use the TIN of the organization for separation.) And then press the button The finish.
Here you will again need to enter the password for the new container, do the same and click OK.
In the next dialog box, you need to select the medium where to copy our container, I choose RUtoken and you need to select the medium where you are going to install the container.
After you have selected, press the button Further... Then The finish.
In general, that's almost all, the key is copied. It remains only to install it for a specific user.
There are two options here:
Option 1.
Go to CryptoPro again, open the service tab and click on the button View certificates in the container.
In the dialog box that opens, open the container we need and press the button OK. then press the button Further.
In the next window, press the button У become, if it is not there, then press the button C properties.
In the window that opens, press the button У get a certificate... The certificate import wizard will open where you need to click Further.
In the window that opens, you need to leave everything as it is and click Further.
If the certificate is installed successfully, you should see the following dialog box.
Option 2.
Installation through the menu to install a personal certificate.
To install the certificate, we need the certificate file itself, (file with the .cer extension) it is located on the media where we copied it, in my case it is rutokin.
And so, open CryptoPro again, go to the tab Service and press the button Install personal certificate.
In the window that opens, we find this certificate by clicking on the button Overview.
In the next dialog box, check the box next to Find container automatically, after which the program will automatically find the container you need. Then press the button Further.
Then a window may appear with a choice of the storage location for the certificate, you need to select Personal and click the button OK.
Then a dialog box may appear where you need to click the button Yes.
Then wait for the message about successful installation.
After that, you need to remove your device to which the container with keys refers and insert it back, after the device is found, you can try.
If you have any questions, because in different versions of CryptoPro there may be different changes, then ask leave your comments, I will always be happy to help you.
A copy of the EPC will be useful for:
- guarantees of signature safety
- usability
Some certification centers provide a backup service.
Copying of an electronic signature from a secure medium is performed using the CryptoPRO CSP program.
A copy of the EDS is made on a secure medium, such as Rutoken / Etoken. A regular USB stick will not work.
Copy from CryptoPro CSP
First of all, download and install the CryptoPRO CSP program from the licensed site. Insert the EDS carrier into the computer. Run the previously installed program. Open the section - Service → “Copy”.
In the window that appears, select Browse. Select the medium you want to copy → “Ok“ → “Next”. In the line for entering the pin code, insert the pin code from your ES carrier
Give a name to the new container using Russian layout and spaces. Click → “Finish”.
In the line - "Insert blank key media", specify empty media. The program will prompt you to set a password. This action is optional. Click → “Ok”. It is worth noting that if you lose your PIN code, you will not be able to use the container. When registering electronic signature on Rutoken, use the pin-code issued by the certification center.
Upon completion of the operation, the window will close. A new container will appear on the carrier, which will be a copy of the EDS.
If you encounter problems while creating a duplicate yourself, you can contact our CA. Our managers will be happy to answer your questions. Contact us!
head of the VLSI group
Copy using Windows
If a floppy disk or flash drive is used for work, you can copy the container with the certificate using Windows tools (this method is suitable for versions of CryptoPro CSP at least 3.0). Place the folder with the private key (and, if there is, the certificate file - the public key) in the root of the floppy / flash drive (if it is not placed in the root, then work with the certificate will be impossible). It is recommended not to change the folder name when copying.
The folder with the private key should contain 6 files with the extension .key. As a rule, the private key contains the public key (the header.key file in this case will weigh more than 1 KB). In this case, copying the public key is optional. An example of a private key is a folder with six files and a public key is a .cer file.
Private key Public key
Copy on Diagnostic Profile
1. Go to the "Copy" Diagnostics profile using the link.
2. Insert the media to which you want to copy the certificate.
3. Press the "Copy" button on the required certificate.
If a password has been set for the container, the message "Enter the password for the device from which the certificate will be copied" will appear.
4. Select the medium where you want to copy the certificate and click "Next".
5. Give a name to the new container and click the Next button.
6. A message should appear stating that the certificate was copied successfully.
Bulk copy
- Download and run the utility. Wait until the entire list of containers / certificates is loaded and tick the necessary boxes.
- Select the "Bulk Actions" menu and click on the "Copy Containers" button.
3. Select the storage medium for the container copy and click OK. When copying to the registry, you can tick the box "Copy to the key container of the computer", then after copying the container will be available to all users of this computer.
4. After copying, click the "Update" button at the bottom left.
If you want to work with copied containers, you must.
Copying with CryptoPro CSP
Please select Start> Control Panel> CryptoPro CSP. Go to the "Service" tab and click on the "Copy" button.
In the window "Copy the private key container" click on the "Browse" button .
Select the container you want to copy and click on the "Ok" button, then "Next". If you copy from a rootken, an input window will appear, in which you should enter a pin-code. If you haven't changed the pincode on the carrier, the standard pincode is 12345678.
Create and manually specify a name for the new container. In the name of the container, Russian layout and spaces are allowed. Then click Finish.
In the "Insert blank key media" window, select the medium on which the new container will be placed.
The new container will be prompted to set a password. We recommend that you set a password so that it is easy for you to remember it, but outsiders could not guess or guess it. If you do not want to set a password, you can leave the field blank and click "OK".
Do not store your password / pin code in places where unauthorized persons have access. If you lose your password / pin-code, you will not be able to use the container.
If you copy the container to the ruToken, the message sounds different. Enter the pin code in the input window. If you haven't changed the pincode on the carrier, the standard pincode is 12345678.
After copying, the system will return to the "Service" tab of CryptoPro CSP. Copying completed. If you plan to use a new key container for work in the Extern,.
In order to transfer the private key container ( key) and user certificate ( certificate) you will need:
- key diskette with key and certificate
- a computer with a floppy drive ( computer 1)
- a computer without a floppy drive ( computer 2) from which tax reports will be sent
- regular flash drive ( flash drive)
- CryptoPro distribution kit of any version and reader Registry for him
First step: preparing the computer and copying the key
Install the distribution CryptoPro on computer 1
Run the snap CryptoPro CSP from Control panels.
Insert into computer 1 USB flash drive.
In the new window, click the "Add ..."
Check it out Drive?: as shown in the pictures.
Click Next>, Finish and Ok.
Now insert the key diskette.
Go to the "Service" tab, click on the "Copy container" button.
In the new window, click the "Browse" button and specify "Drive A:" as the key container to be copied.
Now specify the name of the new key container and click "Finish", after which the program will ask you to specify the device for recording the key. In this case, this is our USB flash drive (Disk drive?). Select it and click "OK", when prompted for a password, click "OK" again.
After that, from the floppy disk, you need to copy the certificate file (file with the * .cer extension) to the USB flash drive through the explorer or in any other way.
Second step: preparing computer 2 and installing the key
Install the distribution CryptoPro on computer 2(skip this point if Crypto-Pro is already installed on it).
Run the snap CryptoPro CSP from Control panels.
Insert into computer 2 USB flash drive.
Go to the Hardware tab, click the Configure Readers button.
In the new window, click the "Add ..." button, now "Next>", check Drive?: as shown in the pictures.
The drive letter must match the drive letter assigned by the operating system.
Click Next>, Finish and Ok.
Now add the reader Registry in the same way and through the "Service" tab, copy the container of the private key from Disk Drive ?: into the reader Registry(specify Drive?: as the source when copying, and the destination: Registry).
Copy from USB to computer 2 certificate.
In CryptoPro CSP, on the "Service" tab, click the "Install personal certificate" button, follow the instructions of the installation wizard. When choosing a key container, specify Registry.
Connect to the Internet and try using the Kontur-Extern system.
If the Kontur-Extern system is installed on a computer for the first time, be sure to download and run
Almost every organization has some kind of electronic key. They are widespread and without them it is practically impossible to conduct any activity. They are needed to sign documents for submission of reports and for many other things. Therefore, those who serve the IT sphere in the organization need to know what it is. For example, today we'll talk about how to copy a certificate from the registry and transfer it to another computer.
How to copy a certificate from the registry to a USB flash drive
Let's imagine you came to an organization and you need to configure access to a portal for a new employee. You do not have an electronic key and you do not know where to get it. In this case, the easiest way is to copy it from the computer on which it is installed. To do this, take a clean flash drive and launch Crypto Pro. Start - All Programs - Crypto Pro - Certificates. In general, it is better to keep copies of the keys on a separate flash drive in your closet.
In the window that opens, go to the Composition tab and click Copy to file from the bottom.
The certificate export wizard will open on the first tab, click next. You need to specify whether to copy the private key or not. We do not need it yet, so we leave everything as it is.
Now we mark the required format of the certificate in most cases, here you need to leave everything by default.
How to copy a private key from the registry
Some certificates require a private key. It can also be copied from the registry to a USB flash drive. This is also done by simply launching Crypto Pro. Go to the service tab and select the Copy item.
Enter a new name and click Finish.
