Why cryptopro 3 6 does not see the digital signature. The required container is not displayed - Contour.Extern

If none of the solutions below resolves the problem, the key media may have been damaged and needs to be restored (see ). It is not possible to recover data from a damaged smart card or registry.

If there is a copy key container on another medium, then you need to use it for work, after installing the certificate.

Diskette

If a floppy disk is used as the key container, the following steps must be performed:

1. Make sure that there is a folder at the root of the floppy disk containing the files: header, masks, masks2, name, primary, primary2. The files must have the .key extension and the folder name format must be xxxxxx.000.

the private key container has been corrupted or removed

2. Make sure in CryptoPro CSP configured reader "Drive X" (for CryptoPro CSP 3.6 - "All removable drives"), where X is the drive letter. To do this:

  • Select the menu "Start" > "Control Panel" > "CryptoPro CSP";

?).

3. In the CryptoPro CSP window "Selecting a key container", set the "Unique names" radio button.

4.

  • Select the menu "Start" > "Control Panel" > "CryptoPro CSP";
  • Go to the "Service" tab and click on the "Delete remembered passwords" button;

5. How to copy a container with a certificate to another medium?).

Flash drive

If a flash drive is used as a key medium, the following steps must be performed:

1. Make sure that in the root of the media there is a folder containing the files: header, masks, masks2, name, primary, primary2 . The files must have a .key extension and the folder name format must be: xxxxxx.000 .

If any files are missing or not in the correct format, then the private key container may have been corrupted or deleted. You also need to check if this folder with six files is contained on other media.

2. Make sure that the “Drive X” reader is configured in CryptoPro CSP (for CryptoPro CSP 3.6 — “All removable drives”), where X is the drive letter. To do this:

  • Select the menu "Start" > "Control Panel" > "CryptoPro CSP";
  • Go to the "Hardware" tab and click on the "Configure readers" button.

If the reader is missing, it must be added (see How to configure readers in CryptoPro CSP?).

3.

4. Delete remembered passwords. For this:

  • Select the menu "Start" > "Control Panel" > "CryptoPro CSP";
  • Mark the "User" item and click on the "OK" button.

5. Make a copy of the key container and use it for work (see How to copy a container with a certificate to another medium?).

6. If CryptoPro is installed at the workplace CSP versions 2.0 or 3.0, and there is Drive A (B) in the list of key media, then it must be removed. For this:

  • Select the menu "Start" > "Control Panel" > "CryptoPro CSP";
  • Go to the "Hardware" tab and click on the "Configure readers" button;
  • Select the reader "Drive A" or "Drive B" and click on the "Delete" button.

After removing this reader, work with the floppy disk will be impossible.

Rutoken

If a Rutoken smart card is used as a key carrier, the following steps must be taken:

1. Make sure the light on the rutoken is on. If the lamp does not light, then the following recommendations should be used.

2. Make sure that the "Rutoken" reader is configured in CryptoPro CSP (for CryptoPro CSP 3.6 - "All smart card readers"). To do this:

  • Select the menu "Start" > "Control Panel" > "CryptoPro CSP";
  • Go to the "Hardware" tab and click on the "Configure readers" button.

If the reader is missing, it must be added (see How to configure readers in CryptoPro CSP?).

3. In the "Select key container" window, select the "Unique names" radio button.

4. Delete remembered passwords. For this:

  • Select "Start" menu > "Control Panel" > "CryptoPro CSP" ;
  • Go to the "Service" tab and click on the "Delete remembered passwords" button;
  • Mark the "User" item and click on the "OK" button.

5. Update support modules required for Rutoken to work. For this:

  • Disconnect the smart card from the computer;
  • Select Start Menu > Control Panel > Add or Remove Programs (for Windows Vista\ Seven "Start" > "Control Panel" > "Programs and Features");
  • Select "Rutoken Support Modules" from the list that opens and click on the "Delete" button.

After removing the modules, you must restart the computer .

  • Download and install the latest support modules. The distribution kit is available for download on the Aktiv website.

After installing the modules, you must restart your computer.

6. You should increase the number of Rutoken containers displayed in CryptoPro CSP using the following instruction .

7. Refresh Rutoken driver(see How to update the Rutoken driver?).

8. You should make sure that Rutoken contains key containers. To do this, check the number free memory media by following these steps:

  • Open "Start" ("Settings") > "Control Panel" > "Rutoken Control Panel" (if this item is missing, then update the Rutoken driver).
  • In the "Rutoken Control Panel" window that opens, in the "Readers" item, select "Activ Co. ruToken 0 (1,2)" and click on the "Information" button.

If the root token is not visible in the “Readers” item or when you click on the “Information” button, the message “ruToken memory status has not changed” appears, which means that the media has been damaged, you need to contact the service center for an unscheduled replacement of the key.

  • Check what value is indicated in the line "Free memory (bytes)".

As a key carrier in service centers rutokens are issued with a memory capacity of about 30,000 bytes. One container occupies about 4 KB. The amount of free memory of a rutoken containing one container is about 26,000 bytes, two containers - 22,000 bytes, etc.

If the amount of free memory of the rutoken is more than 29-30,000 bytes, then there are no key containers on it. Therefore, the certificate is contained on a different medium.

Registry

If the Registry reader is used as a key carrier, the following steps must be performed:

1. Make sure that the "Register" reader is configured in CryptoPro CSP. For this:

  • Select the menu "Start" > "Control Panel" > "CryptoPro CSP";
  • Go to the "Hardware" tab and click on the "Configure readers" button.

If the reader is missing, it must be added (see How to configure readers in CryptoPro CSP?).

2. In the "Select key container" window, select the "Unique names" radio button.

3. Delete remembered passwords. For this:

  • Select the menu "Start" > "Control Panel" > "CryptoPro CSP";
  • Go to tab « Service" and click on the "Delete remembered passwords" button;
  • Mark the "User" item and click on the "OK" button.

List of documents for a legal entity:

1. Extract from the Unified State Register legal entities(Unified State Register of Legal Entities) not older than 30 days.

2. Passport

3. Company details

4. SNILS (Insurance Certificate of State Pension Insurance)

5. TIN certificate

List of documents for an individual entrepreneur (IP):

1. Extract from the Unified State Register of Individual Entrepreneurs (EGRIP)

2. Passport

3. SNILS (Insurance certificate of state pension insurance)

4. TIN certificate

List of documents for an individual:

1. Passport

2. TIN certificate

2. SNILS (Insurance Certificate of State Pension Insurance)

2. A window pops up: "Error! The CAPICOM library cannot be loaded, possibly due to low access rights on this local machine."

If you get a window "Error! The CAPICOM library cannot be loaded, possibly due to low access rights on this local machine" pops up while working on the roseltorg.ru website, you need to:

1. Click on the yellow bar under the site address with the text "This website is trying to install the following add-on: "CAPICOM User Download v2.1.0.2" from "Microsoft Corporation". If you trust this website and add-on and want to install it , click here...";

2. Select "Install ActiveX Control";

3. Click on the "Install" button; this procedure must be performed until the window with this message stops popping up (this is individual for each computer). This is a one time setting.

3. How to install a personal certificate?

Installing a personal certificate (your organization's certificate) can be done in the following way:

Through the menu "View certificates in the container"

1. Select Start / Control Panel / CryptoPro CSP, go to the Service tab and click on the button View certificates in a container(see fig. 1).

Rice. 1. “CryptoPro CSP Properties” window

2. In the window that opens, click the Browse button to select a container to view. After selecting the container, click on the OK button (see Fig. 2).

Rice. 2. Window for selecting a container for viewing

3. In the next window, click on the Next button.

Rice. 3. Window "Selected container private key»

4. If the version of CryptoPro CSP 3.6 R2 (product version 3.6.6497) or higher is installed, then in the window that opens, click the Install button, and then respond in the affirmative to the certificate replacement notification (if it appears).

Rice. 4. Certificate view window

5. In the window that appears about the successful installation of the certificate, click OK

Rice. 5. The window "Message about the successful installation of the certificate"

6. then press the button ready

Rice. 6. View window for the selected certificate

5. Close the CryptoPro CSP window by pressing the OK button

Detailed information on installing the certificate is available at the following link.

4. How to set up email.

Configuring security settings Outlook Express carried out according to the following scheme:

1. Select the menu item Tools -> Accounts and open the Mail tab.

2. In the displayed list of accounts, select the one you want to configure and click the Properties button.

3. In the displayed dialog, select the Security tab, which allows the user to specify their personal certificates that will be used when selecting the user's private keys to generate an electronic digital signature and decrypt incoming messages. The certificate selection dialog only displays certificates that have a matching address Email and allowed for email protection

5. In the displayed dialog, select the Security tab:

6. In the displayed dialog, set the following modes:

a. Enable user when sending encrypted mail / Always encrypt messages when sending encrypted mail . Setting the enable mode allows the sender to decrypt messages sent to them.

b. Include my digital ID when sending singed messages. Setting this mode will automatically add the sender's certificate to all messages. This mode allows you to exchange certificates using a signed message, and then use the received certificates for subsequent encryption of messages between recipients.

c. Send messages with an opaque signature/ Encode message before signing. When message mode is enabled, all attachments will be merged into a single attachment with a digital signature included. If the mode is disabled, the signature is generated as one separate attachment for all attachments.

d. Add senders certificates to my address book automatically. When this mode is enabled, certificates transmitted as part of a signed message will be automatically added to the address book.

e. Check for revoked Digital Ds:

i. only when online / Only when online. Setting a verification token causes each operation to generate or verify an electronic digital signature to be accompanied by a certificate revocation check. To check for revocation, a Certificate Revocation List (CRL) is used, the location of which is recorded as an appendix in each user's certificate. By default, this option is not enabled, and Outlook Express does not track if user keys have been compromised.

ii. Never / Never.

Revocation check is not performed.

5. How to sign a document.

There are 2 types of sending a signed document.

The first way is to sign the document itself and the second way is to sign the entire letter.

To create and send a signed message:

1. Click the Create Mail button or select the menu item File -> New -> Mail message.

3. To send a signed message, check the status of the Sign button. It should be pressed and the sign of the signed message should be visible on the right side of the screen.

4. After the message is prepared for sending, click the Send button:

The second way is when the file itself is signed. Microsoft package Office allows you to attach digital signatures to a specific document. For this you need:

1. On the Tools menu, select Options, and then click the Security tab.

2. Click the Digital Signatures button.

3. Click the Add button.

4. Select the desired certificate, and then click the OK button.

For other data formats, you must use the CryptoArm program.

6. CryptoPro expires.

Was not entered during installation serial number product under the license you purchased.

7. Mail does not see the certificate.

When setting up e-mail, at the stage of signing a document, the mail does not find the required certificate. This happens when the e-mail address, which is indicated during the production of the EDS, does not match the valid e-mail box.

8. When installing CryptoPro, at the last step, the system displays a message about the incorrect installation of the program and rolls back. How to be?

The problem occurs due to incomplete (or incorrect) removal previous version Crypto Pro from a computer. To remove the files remaining from the previous version, you must use the CryptoPro trace cleanup program clear.bat. You can download the program from here: ftp://ftp.cryptopro.ru/pub/CSP_3_6/clearing.zip

9. Where can I find the EDS signing public key?

All signatures issued by our company have the public key inside a container on a secure medium. In order to extract it from the container, you must:

When included in system unit via the CryptoPro program Start à Control Panel à CryptoPro à Tools à View certificates in the container. In the dialog box that appears, select the desired container via the browse à Next. In the data view window of the open EDS key select properties à Contents tab à Copy to file and specify the path to save the certificate.

10. CryptoPro does not see the container on the flash drive. Prompts you to select another medium.

Depending on what type of media you are using, the solutions are different. If you use smart cards such as Rutoken, MsKey, Etoken, then most likely you do not have drivers installed to work correctly with the key.

If your key is on a USB 2.0 flash drive, then you need to look at the version of the CryptoPro core. If you are using CryptoPro 3.0, then you have gone astray. In order to set it up you need to:

When the media is included in the system unit Via CryptoPro Start à Control Panel à CryptoPro àHardware Configure readers Add. In the reader installation wizard window that appears, select Drive on the right side of the screen (since in CryptoPro all USB media are defined as floppy disks). In the next window, select the correct name for the flash drive, that is, the name under which the flash drive was defined in "My Computer".

If you are using CryptoPro 3.6 and the container is not visible, then the medium is damaged. It should be submitted to the office to determine the status of the key.

11. We received an EDS, what to do next? How to register on the trading platform?

The entire procedure for accreditation, filing an application for participation in the auction and holding the auction itself is described in the regulations of a particular electronic trading platform, which can be found on the website of this site. There are also various auxiliary video materials, instructions for working in the system. Or you can contact us to purchase our service of assistance in accreditation on any electronic platform.

12. To check which operating system is installed on your computer

- Go to the explorer in My Computer.

- Click right click mouse on the display and select "Properties" from the menu that appears.

— The window that appears contains information about your system.

13. To find out which version of Internet Explorer is installed on your computer

- Run Internet Explorer.

- Select "Help" from the horizontal menu at the top of the browser.

— The window that appears contains information about the current version of the browser.

- Possible option

14. To install a newer version of Internet Explorer 8

— Specify in command line following address:

- In the presented window, click "Download for free".

- Click "Run" in the window that appears.

- Then click "Run" again.

- When installation is complete, you must restart your computer.

Good afternoon!. The last two days I had an interesting task of finding a solution to such a situation, is there a physical or virtual server, it probably has the well-known CryptoPRO installed on it. Connected to the server , which is used to sign documents for VTB24 DBO. Locally on Windows 10 everything works, but on the server Windows platform Server 2016 and 2012 R2, Cryptopro does not see the JaCarta key. Let's figure out what the problem is and how to fix it.

Description of the environment

There is a virtual machine on Vmware ESXi 6.5, as operating system installed Windows Server 2012 R2. The server is running CryptoPRO 4.0.9944, the latest version at the moment. A JaCarta key is connected from the network USB hub using USB over ip technology. Key in the system sees, but not in CryptoPRO.

Algorithm for solving problems with JaCarta

CryptoPRO very often causes various errors in Windows, a simple example (Windows installer service could not be accessed). This is how the situation looks when the CryptoPRO utility does not see the certificate in the container.

As seen in the UTN utility manager key connected, it is seen in the system in smart cards as a Microsoft Usbccid (WUDF) device, but CryptoPRO, this container does not detect and you do not have the opportunity to install a certificate. Locally, the token was connected, everything was the same. Began to think what to do.

Possible causes with container definition

  1. Firstly, this is a problem with drivers, for example, in Windows Server 2012 R2, JaCarta should ideally be listed as JaCarta Usbccid Smartcard in the smart card list, not Microsoft Usbccid (WUDF)
  2. Secondly, if the device is seen as Microsoft Usbccid (WUDF), then the driver version may be outdated, and because of which your utilities will not detect the protected USB drive.
  3. Legacy version of CryptoPRO

How to solve the problem that the cryptopro does not see the USB key?

We created a new virtual machine and began to install the software all in sequence.

Before installing any software working with USB media containing certificates and private keys. Need to NECESSARILY disable the token, if stuck locally, then disable it, if over the network, break the session

  • First of all, we update your operating system with all available updates, as Microsoft fixes many errors and bugs, including drivers.
  • The second point is, in the case of a physical server, install all the latest drivers on the motherboard and all peripheral equipment.
  • Next, install the JaCarta Unified Client.
  • Install the latest version of CryptoPRO

Installing a single JaCarta PKI client

Single Client JaCarta- This special utility from the Aladdin company, for proper work with JaCarta tokens. Download the latest version given software product, you can from the official site, or from my cloud, if suddenly it doesn’t work out from the manufacturer’s website.

Next, you unpack the resulting archive and run the installation file for your Windows architecture, I have it 64-bit. Let's start installing the Jacarta driver. Single client Jacarta, very easy to install (REMINDER your token at the time of installation, must be disabled). On the first window of the installation wizard, just click next.

Accept license agreement and click "Next"

In order for JaCarta token drivers to work correctly for you, it is enough to perform a standard installation.

If you choose "Custom installation", then be sure to check the boxes:

  • Drivers
  • Support modules
  • Support module for CryptoPRO

After a couple of seconds, the Jacarta Unified Client is successfully installed.

Be sure to restart the server or computer so that the system sees the latest drivers.

After installing JaCarta PKI, you need to install CryptoPRO, for this go to the official website.

https://www.cryptopro.ru/downloads

At the moment the most latest version CryptoPro CSP 4.0.9944. Run the installer, check "Install root certificates" and click "Install (Recommended)"

CryptoPRO installation will be performed in background, after which you will see a suggestion to restart the browser, but I advise you to completely restart.

After reboot connect your JaCarta USB token. I have a network connection, from a DIGI device, via . In the Anywhere View client, my Jacarta USB drive is successfully defined, but as Microsoft Usbccid (WUDF), and ideally it should be defined as JaCarta Usbccid Smartcard, but you need to check anyway, since everything can work like that.

By opening the utility "Single client Jacarta PKI", the connected token was not detected, which means something with the drivers.

Microsoft Usbccid (WUDF) is a standard Microsoft driver that is installed by default on various tokens, and it happens that everything works, but not always. The Windows operating system, by default, puts them in mind for its architecture and settings, for me, personally, in this moment this is not necessary. What we do is we need to uninstall the Microsoft Usbccid (WUDF) drivers and install the drivers for the Jacarta media.

Open the dispatcher Windows devices, find Smart card readers, click Microsoft Usbccid (WUDF) and select Properties. Click the Drivers tab and click Uninstall

Agree to remove the Microsoft Usbccid (WUDF) driver.

You will be notified that for the changes to take effect, you need to restart the system, be sure to agree.

After rebooting the system, you can see the installation of the ARDS Jacarta device and drivers.

Open the device manager, you should see that now your device is defined as JaCarta Usbccid Smartcar and if you go to its properties, you will see that the jacarta smart card now uses the driver version 6.1.7601 from ALADDIN R.D.ZAO, as it should be .

If you open the Jacarta single client, you will see your electronic signature, this means that the smart card was detected normally.

We open CryptoPRO, and we see that the cryptopro does not see the certificate in the container, although all the drivers are defined as needed. There is one more feature.

  1. In the RDP session, you will not see your token, only locally, this is how the token works, or I did not find how to fix it. You can try the suggestions to resolve the error "Unable to connect to the smart card management service".
  2. You need to uncheck one checkbox in CryptoPRO

MUST uncheck "Do not use outdated cipher suites" and reboot.

After these manipulations, CryptoPRO saw my certificate and the jacarta smart card became working, you can sign documents.

You can also see your JaCarta device in Devices and Printers,

If you, like me, have the jacarta token installed in the virtual machine, then you will have to install the certificate via console virtual machine, and also give rights to it to the responsible person. If this physical server, then there you will have to give rights to the control port, which also has a virtual console.

When you have installed all the drivers for Jacarta tokens, you may see the following error message when connecting via RDP and opening the Jacarta PKI Unified Client utility:

  1. The smart card service is not running on the local machine. The architecture of the RDP session developed by Microsoft does not provide for the use of key media connected to the remote computer, therefore, in the RDP session, the remote computer uses the local computer's smart card service. It follows from this that starting the smart card service inside an RDP session is not enough to normal operation.
  2. Smart Card Management Service on local computer started, but not available to the program inside the RDP session due to Windows settings and/or RDP client.\

How to fix "Unable to connect to smart card management service" error.

  • Start the smart card service on the local machine you are initiating the session with remote access. Customize it automatic start when starting the computer.
  • Allow the use of local devices and resources during the remote session (in particular, smart cards). To do this, in the "Remote Desktop Connection" dialog in the settings, select the "Local Resources" tab, then in the "Local Devices and Resources" group, click the "Details ..." button, and in the dialog that opens, select the "Smart cards" item and click "OK", then "Connect".

  • Make sure the RDP connection settings are saved. By default, they are saved in the Default.rdp file in the My Documents directory. given file there was a line "redirectsmartcards: i: 1".
  • Make sure on remote computer to which you are making an RDP connection is not activated group policy
    -[Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection\Do not allow smart card reader redirection]. If it is enabled (Enabled), then disable it and restart the computer.
  • If you have Windows 7 SP1 or Windows 2008 R2 SP1 installed and you are using RDC 8.1 to connect to computers running Windows control 8 and above, then you need to install the update for the operating system https://support.microsoft.com/en-us/kb/2913751

Here was such a trouble shooting on setting up the Jacarta token, CryptoPRO on terminal server, for signing documents in VTB24 RBS. If you have comments or corrections, then write them in the comments.

Implementation modern means personal identification is a huge step in the development of electronic document management. Many believe that the development of such a direction does not make practical sense, that the use of such tools is necessary only for a small number of users and nothing will exceed a simple signature in reliability and convenience, but this is far from the case.

An electronic digital signature allows you to determine the authenticity of a person in a digital workflow, which significantly increases its efficiency and saves time and money.

An electronic digital signature (or EDS) is, in fact, electronic props, which allows you to protect the digital version of any document from forgery. The legislator defines an EDS as an analogue of a handwritten signature, which is used to identify a person when electronic document management.

In practice, several variants of EDS are used.

Contains no elements cryptographic protection. Security is ensured by using a login, password and connection codes.

In general, it is used only for the actual identification of the user, and is not used to protect a specific document.

Such a signature can still certify documents, however, this requires execution certain conditions:

  • adding to a specific document;
  • use complies with the internal rules of workflow;
  • the presence of information about the identity of the sender of the file.

Unskilled refers to an enhanced signature, but the degree of its protection is less than that of a qualified one. However, in this case already used cryptographic methods protection. Using such a signature allows not only to sign a document, but also to make changes to it with their subsequent confirmation.

Qualified i is considered the most secure option. Cryptographic protection methods are used, the confirmation of which is carried out by special authorities. It is difficult to use in practice, but there is a definite plus - reliability. You can connect such a signature only in a special certification center.

When signed with such a seal, the document is equated to a paper counterpart signed by an official, with a special seal.

Methods, services and test results

The use of EDS is undoubtedly practical and convenient. However, each user must have the skills to check its validity, which protect against possible violations by counterparties.

Checking is not difficult. To do this, just use one of several services. So, you can check the authenticity of a document signed with EDS, by uploading it to the site crypto.kontur.ru.

This service will allow you to quickly analyze the document and get the result. To use it, you need to properly configure your computer, but it's not difficult, you just need to follow the instructions on the site.

If you can’t install the ES on your computer on your own, you should contact the certification centers. At the end of their work, an act of installing an electronic signature means is drawn up.

The second service provided by the State Services Portal is also not difficult to use. Using the link www.gosuslugi.ru/pgu/eds, you can download a file signed with an EDS, and the service will verify its authenticity.

Using the www.iecp.ru/ep/ep-verification service, you can verify not the document, but the signature itself. It is necessary to upload a file of the appropriate format, the system will check:

  1. Certificate validity period.
  2. Whether the signature is on the revoked list.
  3. Whether the EDS belongs to the number issued by accredited centers.

The most popular way to check is to check through the State Services portal. However, there are many more services that are approximately the same in terms of their effectiveness.

In general, verification methods can be divided into two types:

  1. Verification of a document signed with an EDS.
  2. Checking the EDS itself.

Both methods are recommended for best performance. In addition, it is periodically necessary to check the EDS itself in order to exclude its invalidity.

Another way to check the EDS is to install the appropriate program on a PC. Typically used CryptoPro because of the many full-fledged functions for working with EDS.

The result of any verification is confirmation or non-confirmation of the authenticity of the digital signature or the document signed by it. Such services simply need to be used for work, as they fully allow you to ensure the security of electronic document management.

In the event that work through is carried out on an ongoing basis, then the use of software from CryptoPro is recommended.

How to install an EDS

To install an ES on a PC, you will need to download the appropriate software and follow the instructions.

Programs

First of all, you need to install on your computer CryptoPro CSP program. Further:

  1. Run the program in any of the ways. As an option - open the Control Panel, the "Programs" menu and find the one you need there, or find it through the search if the location is not known. The launch is performed on behalf of the administrator.
  2. After starting the program, a window will appear in which you need to find the "Service" tab.
  3. Next, look for the menu "View certificates in the container."
  4. The "Browse" window appears, in which you can see information about the name of the container and the reader. Press OK.
  5. In the next window, "Certificates in the Private Key Container", no action is required. Just skip it by clicking Next.
  6. A window with user data will appear. You need to select "Properties".
  7. We install a new Certificate, for this we select "Install Certificate".
  8. In the next window, do nothing and just click "Next".
  9. Next, you need to select the item "Place all certificates in one store", for this we click "Browse" and select the "Personal" folder.
  10. The last step is to click Finish.

Plugins

There is also a useful plugin from CryptoPro that allows you to create and verify signatures on web pages. CryptoPro EDS Browser plug-in can work with any modern browser, including Chrome and Yandex.

Many people think that it is necessary to use Internet Explorer to work with EDS, but this is not so. It is enough that the Internet browser supports Java.

This plugin allows:

  1. Sign documents for electronic document management.
  2. Validate web form data.
  3. Notarize any files sent from the user's computer.
  4. Sign messages.

Using the plug-in, you can check both a regular ES and an improved one. An important plus is that it is distributed completely free of charge.

No special skills are required to install the plugin, everything happens in automatic mode. You just need to run the installer file, then select "Run", "Next" and "OK". The program will do everything itself.

If you encounter any difficulties with installing or operating the program, you can always contact the company where the signature was purchased for help. In most cases they give detailed instructions and provide assistance over the phone.

Setup and activation

For the full operation of the EDS, it is required correct setting and activation. For this, it is necessary, in addition to installing the CryptoPro program and the corresponding plug-in, to install row system programs and drivers which will ensure stable operation.

  1. First of all, the Rutoken drivers are installed. To do this, you need to run the installer file, before that, remove the electronic identifier from the USB. After starting, follow the instructions of the program.
  2. After installation, you should restart your computer and connect the ID. The system will automatically detect it.
  3. Next, CryptoPro CSP is installed. This step was described in the previous section.
  4. After these manipulations, you need to install the root certificate. It must be downloaded from the certification center website. Then you need to find the cacer.p7b file among the downloaded files, click on it with the mouse, right-click, and select "Install certificate". Click next, then select "Place certificates in one store", then "Browse" and select "Trusted root centers certification". Then "Next" and "Finish".
  5. If a pop-up window appears, you will need to click "Yes" several times, then "OK".
  6. The next step is to install a personal certificate. Click on Start and look for CryptoPro CSP. Select "Service" and "View certificates ...", then "Overview". We choose and accept. After acceptance, a pop-up window will appear in which you must enter the pin code electronic media, then click "Install".
  7. The next important step is to bind the key to the certificate. As a rule, it occurs automatically, if not, then you should be guided by the instructions of the certification center.
  8. You should also install CAPICOM, which is distributed free of charge on the Microsoft website. You need to run the installer file and follow the instructions.

Proper configuration of the electronic signature will avoid many problems. Therefore, all steps must be done very carefully. If you have any questions, it is better to once again contact the certification center.

Detailed instructions for installing and activating the CryptoPro program can be found below.

FAQ

How reliable is the use of EDS?

The reliability of the use of electronic signature is at a sufficient level. high level, a regular digital signature is equivalent to a handwritten signature. It is almost impossible to hack the system, and the chance of forging it is much lower than the chance of forging a handwritten signature.

Is it relevant to obtain an EP for an individual?

Federal Law can use a signature for any electronic document management. In addition, the use of such a signature significantly expands the capabilities of the public services portal.

How much does an ECP cost?

The cost of an electronic signature is not very high. For an individual it will cost about 1,000 rubles, the maximum cost for a legal entity is up to 2,500 rubles.

How to install and configure Rutoken, you will learn from this video.

As paper workflow is being replaced by electronic, such a tool as an electronic signature is becoming increasingly important and becoming more widespread. Already, many departments exchange documents exclusively in electronic form, with each legally significant document signed by an electronic signature. It is used when working on electronic trading platforms, when interacting with government information systems(such as GIS GMP, GIS housing and communal services and others) and can even be used for authorization on government portals (such as gosuslugi.ru). There is no doubt that in the future the expansion of the scope of electronic signatures will continue, and therefore specialists in the field information technologies it is extremely important to understand the principle of operation of an electronic signature and be able to take the necessary measures to install and configure software for working with an electronic signature.

Of course, study this issue it would be worth starting with the federal law "On Electronic Signature" ( http://www.consultant.ru/document/cons_doc_LAW_112701/ ), which provides definitions of concepts, the legal status of an electronic signature, the procedure for its use, and other helpful information. However, the purpose of this article is to show how quickly, without going into details, to install an electronic signature, which in some cases, in cases where there is no time for proper study, will be very useful.
We will install on a computer running an operating system. Windows systems 7 Professional, the private key of the electronic signature on the eToken carrier, and we will use CryptoPro CSP as a crypto provider.
Let's start by installing the required software:
- CryptoPro CSP version 3.6 or higher;
- Media driver (when using eToken or Rutoken).
The driver for eToken can be downloaded free of charge from the following link http://www.aladdin-rd.ru/support/downloads/etoken/ , the driver for Rutoken is available for download from the link http://www.rutoken.ru/support/download/drivers-for-windows/ .
Other devices, such as a flash drive, smart card or registry, can also be used as a carrier of key information, however, it is not recommended to use them because they do not provide a sufficient level of protection of key information from unauthorized access.

Installation of the electronic signature key certificate.

After the eToken driver (Rutoken) and the CryptoPro CSP crypto provider are installed, we can begin installing the certificate of the electronic signature verification key.
We launch the CryptoPro CSP program, go to the "Service" tab and click the "View certificates in the container" button.

In the window that opens, click "Browse", select the desired owner and click "OK".

In the next window, do not change anything, click "Next".


A window will open in which we can see brief information about the user certificate (information about the owner, the validity period of the certificate and its serial number).


To view detailed information, click "Properties". If the root certificate of the certification authority has not yet been installed (as in our case), then in the general tab we will see a message as in the figure below. The current root certificate of the certification authority, as a rule, is available for download on the website of the certification authority (the organization that issued the electronic signature).

We return to the previous window and click "Install" to continue installing the user certificate. A message appears stating that a certificate installation is in progress. Confirm the installation by clicking the "Yes" button.


There will also be a message from eToken PKI, with a suggestion to write the certificate to eToken. We refuse, we press "Cansel".


The certificate is installed in the certificate store. Click "Finish" to complete the installation.

Installing the root certificate of the certification authority.

File root certificate certifying authority (with the .cer extension) open by double-clicking and clicking the "Install certificate" button.

The Certificate Import Wizard opens. Click "Next". Then check the "Place the certificate in the following store" checkbox.


Through the "Browse" we specify the folder "Trusted Root Certification Authorities".

Click "OK" and complete the installation. A message will appear indicating that the operation was successful.

Now, having opened the properties of the user certificate, we will not see the previous error.

We just need to test the private key container.

Testing.

Open CryptoPro CSP, and in the "Service" tab, click "Test".

We find the key container through "Browse" or by the corresponding certificate and click "Next". You will be prompted to enter a pin code for the container. Enter the password and click "OK". If you check the "Remember pin-code" checkbox, the system will not ask for it every time you access the key container (including when signing a document), which is not recommended in order to protect against unauthorized access.
Next, a window will open with information about the presence or absence of errors.

Installing an electronic signature in the registry.

It is possible that the private key of the electronic signature needs to be multiplied in order to be used on several computers. In such cases optimal solution will install the private key of the electronic signature in the registry. For the container created in the registry, it will be possible to set a password and thereby restrict access to the private key of the electronic signature stored in the container. Removable media, after installation, can be transferred to another user. I note that such a measure is justified in cases where, for example, several employees of the same organization (department) use the same signature (for example, the signature of an authority). In other cases, resorting to such measures is not recommended.

Installing the "Register" reader.

The first thing to do is to install the reader. This is quite easy to do using the reader installation wizard (adding and removing readers is done under account with administrator rights). If, when installing CryptoPro CSP, you checked the “Register the “Registry” reader” box, as in the figure below, and it is present in the list of readers, you can immediately proceed to copying the private key container to the registry.


We launch CryptoPro CSP, in the "Hardware" tab, click the "Configure readers" button.

In the window that opens, click "Add".

The reader installation wizard will start, click "Next".


From the list in the window on the right, select "Registry" and click "Next".


Then we set the name of the reader, or leave it unchanged as in our example and click "Next".


We complete the wizard, click "Finish".

Copying the private key container to the registry.

The reader has been prepared, now you need to copy the container with key information from the eToken removable media to the registry. To do this, go to the main menu of CryptoPro CSP and in the "Service" tab, click the "Copy" button. Through the "Overview" we specify the container that we want to copy to the registry.


Then the system will ask for a password to access the container on removable media (eToken). We enter the password, and in the next window we set the name for the key container that will be created in the registry.


In the next window, the program will prompt you to select the media on which you want to burn the container. Select "Registry" and click "OK".


Now you need to set a password for the container, which we placed in the registry.

Enter the password, confirm and click OK.
Now, having launched the function of testing the private key container, except for the container on removable media, we will see the created container on the "Registry" reader.
We complete the procedure for testing the container. If no errors are found, proceed to the installation of the electronic signature key certificate (if it has not been done earlier). The procedure for installing a certificate from the registry is similar to the procedure for installing from removable media, and if the certificate of the given owner has already been installed from removable media, then it will not be required to install it again after copying the container to the registry.



Loading...
Top