Often people who use electronic devices for their needs digital signatures, you need to copy the CryptoPro certificate to a flash drive. In this lesson we will look at various options performing this procedure.
By and large, the procedure for copying a certificate to a USB drive can be organized in two groups of ways: using internal tools operating system and using program functions CryptoPro CSP. Next we will look at both options in detail.
Method 1: CryptoPro CSP
First of all, let's look at the copying method using the CryptoPro CSP application itself. All actions will be described using the Windows 7 operating system as an example, but in general the presented algorithm can be used for other operating systems of the Windows family.
The main condition under which it is possible to copy a container with a key is the need for it to be marked as exportable when created on the CryptoPro website. Otherwise, the transfer will not be possible.
- Before you begin, connect the USB flash drive to your computer and go to "Control Panel" systems.
- Open section "System and safety".
- In the specified directory, find the item "CryptoPro CSP" and click on it.
- A small window will open where you need to move to the section "Service".
- Next, click the button "Copy...".
- A window for copying the container will appear, where you need to click on the button "Review…".
- A container selection window will open. Select from the list the name of the one from which you want to copy the certificate to a USB drive, and click "OK".
- The authentication window will then be displayed, where in the field "Enter password" you need to enter a key expression that is used to password the selected container. After filling out the specified field, click "OK".
- After this, you return to the main window for copying the private key container. Please note that in the key container name field the expression will be automatically added to the original name "-Copy". But if you wish, you can change the name to any other, although this is not necessary. Then click the button "Ready".
- Next, a window for selecting a new key media will open. In the list presented, select the drive with the letter that corresponds to the desired flash drive. After that press "OK".
- In the authentication window that appears, you will need to enter the same random password for the container twice. It can either correspond to the key expression of the source code or be completely new. There are no restrictions on this. After entering, click "OK".
- After this, an information window will be displayed with a message that the container with the key was successfully copied to the selected media, that is, in this case, to a flash drive.
Method 2: Windows Tools
You can also transfer the CryptoPro certificate to a flash drive only using the operating system. Windows systems by simple copying through "Conductor". This method This will only work if the header.key file contains a public certificate. However, as a rule, its weight is at least 1 KB.
As in the previous method, descriptions will be given using the example of actions in the operating room Windows system 7, but in general they are also suitable for other OSes in this line.
At first glance, transferring a CryptoPro certificate to a flash drive using operating system tools is much simpler and more intuitive than actions through CryptoPro CSP. But it should be noted that this method is only suitable when copying an open certificate. Otherwise, you will have to use the program for this purpose.
To transfer the key of the cryptoprovider CryptoPro CSP from one computer to another, you must:
- Create a copy of the private key on the previous workplace (computer) where the 1C-Reporting service was initially connected and configured.
- Install the cryptoprovider program CryptoPro CSP on the new workplace from which you plan to use the 1C-Reporting service.
- Transfer a copy of the key and restore the private key on a new workplace from which you plan to use the 1C-Reporting service.
This article discusses creating a copy of the private key, transferring it, and restoring the private key at a new workplace where you plan to use the old one. account 1C-Reporting.
Creating a backup copy of the CryptoPro CSP private key
If a copy of the private key is created on a computer where information base If you have an application to connect to 1C-Reporting, then to find out where the private key container is stored, do the following (Fig. 1):
- Go to the "Settings" section in the 1C-Reporting window.
- Follow the "List of Applications" hyperlink.
If the information base does not contain an application to connect to 1C-Reporting, then follow the instructions starting with.
This will open the application list form. Double-click on the line with the application to open it and go to the “Service Information” tab (Fig. 2).
The "Path to private key container" field specifies the path where the key is stored. At the end of the path line is the name of the private key container file that will need to be transferred to another computer.
In our example: REGISTRY\\ 1cmastersystem_2017
Remember the name of the container file so that you can select it from the list if you have multiple keys installed on your computer.
To copy the private key container file, you need to open the CryptoPro CSP program (the "Start" button - All programs - "CRYPTO-PRO" - "CryptoPro CSP") (Fig. 3, 4).
Go to the "Service" tab and click the "Copy" button (Fig. 5).
A window for copying the private key container will appear (Fig. 6).
Click Browse, select a container name, and click OK. If there are several key containers, then to see the full path to the container file, select the "Unique names" radio button.
The name of the key container will appear in the selection line (Fig. 7). Click Next.
Enter a name for the key container to be created and click “Finish” (Fig. 8).
Insert the flash drive to which the key container will be copied, select it in the “Devices” section and click “OK” (Fig. 9).
Set a password for the container being created and click "OK" (Fig. 10).
The key container will be copied to the flash drive.
Restoring the CryptoPro CSP private key from a backup copy
To restore a private key from a copy on a new workstation (computer), you must first install the CryptoPro CSP program.
You can then copy the container file to disk or keep it on a flash drive.
If you decide to store the private key on disk, then you need to install it in a special registry.
To do this:
The name of the key container will appear in the selection line (Fig. 12). Click Next.
If a password has been set for the container, enter it in the password entry window and click "OK".
Enter a name for the key container to be created (you can leave the same name) and click “Finish” (Fig. 13).
Select Registry under Devices and click OK.
Set a password for the container being created and click "OK" (Fig. 14).
Open the CryptoPro CSP program (the "Start" button - All programs - "CRYPTO-PRO" - "CryptoPro CSP") (see).
Go to the "Service" tab and click the "View certificates in container" button (Fig. 15).
Click the "Browse" button in the "Certificates in a private key container" window and select the container name from the list (Figure 16).
If you copied the private key container to the registry as described above, then select the container name from the registry (listed in the "Reader" column). If you did not copy and are working from a flash drive, select the name of the container that is located on the flash drive.
Click OK.
The name of the selected key container will be inserted into the "Certificates in the private key container" window (Fig. 17). Click Next.
A certificate window will appear for viewing (Fig. 18). Click the "Install" button.
A message will appear indicating that the certificate was successfully installed in the storage (Fig. 19).
If a flash drive or floppy disk is used for work, copying can be performed using Windows(this method is suitable for CryptoPro CSP versions not lower than 3.0). The folder with the private key (and the certificate file, if any) must be placed in the root of the flash drive (floppy disk). It is recommended not to change the folder name when copying.
The private key folder should contain 6 files with the extension .key. Below is an example of the contents of such a folder.
Container copying can also be done using the CryptoPro CSP crypto provider. To do this you need to follow these steps:
1. Select Start / Control Panel / CryptoPro CSP.
2. Go to the Tools tab and click on the Copy button. (see Fig. 1).
Rice. 1. “CryptoPro CSP Properties” window
3. In the window Copying a private key container press the button Review(see Fig. 2).
Rice. 2. Copying the private key container
4. Select a container from the list, click on the button OK, then Further.
Rice. 3. Key container name
6. In the “Insert and select media to store the private key container” window, you must select the media on which the new container will be placed (see Figure 4).
Rice. 4. Selecting a blank key media
7. You will be prompted to set a password for the new container. Setting a password is optional, you can leave the field blank and click on the button OK(see Fig. 5).
Rice. 5. Setting a password for the container
If copying to media Rutoken, the message will sound different (see Fig. 6)
Rice. 6. Pin code for container
Please note: if you lose your password/pin code, using the container will become impossible.
8. After copying is completed, the system will return to the tab Service in the window CryptoPro CSP. Copying is complete. If you plan to use a new key container to work in the Kontur-Extern system, you must install personal certificate(see How to install a personal certificate?).
For bulk copying, download and run the Certfix utility.
Copying the private key container is a mandatory action when reinstalling the SBS on another computer. You can also copy the certificate if you want to create a spare digital signature key.
Copying a private key container to a flash drive, floppy disk or token is a rather complicated process to avoid errors it is important to strictly follow our instructions.
CryptoPro: certificate copying
Step 1. Opening the CryptoPro program
To open the program follow this path:
Click menu Start, then go to Programs⇒ CryptoPro⇒ CryptoPro CSP and enable the tab Service.
IN open window Service click the button Copy container.
Rice. 1.
Step 2: Copy the private key container
After pressing the button Copy container, the system will display the window Copying the private key container.
Rice. 2
In the open window you need to fill in the field Key container name.
Step 3. Entering the key container
There are 3 ways to fill out the field Key container name:
Manual input
Select from the list by clicking the Browse button
Search by digital signature certificate
In addition to filling out the Key container name field, you must fill in the remaining search options:
- - the switch is set to position User or Computer, depending on what storage the container is located in;
- Select CSP to search for key containers - the required crypto provider (CSP) is selected from the proposed list.
Once all fields are filled in, click the button Further.
If a password is set for access to the private key, the system will ask you to enter it. Enter your password and click the button OK.
Step 4. Entering a new key container
The system will display the window again Copying a private key container, in which you need to enter the name of the new key container and set the switch The name entered specifies the key container to position User or Computer, depending on in which storage you want to place the copied container.
After entering, click the button Ready.
Step 5: Select media for the copied container
A window will appear on your screen in which you need to select the media for the copied container.
Insert the media (token, flash drive, floppy disk) into the reader and press the button OK.
Step 6. Set a password
The system will display a window for setting a password to access the private key.
Enter your password, confirm it, and check the box if necessary Remember your password.
If this box is checked, the password will be saved in a special storage on local computer, and when accessing the private key, the password will be automatically read from this store rather than being entered by the user.
After entering the required data, click the button OK. The CryptoPro CSP cryptographic information protection tool will copy the private key container.
If you still have questions, you can order a consultation with a specialist.
If you use a floppy disk or flash drive for work, copying can be done using Windows (this method is suitable for versions of CryptoPro CSP no lower than 3.0). The folder with the private key (and the certificate file - the public key, if any) must be placed in the root of the floppy disk (flash drive). It is recommended not to change the folder name when copying. The private key folder should contain 6 files with the extension .key.
An example of a private key is a folder with six files, and a public key is a file with the .cer extension.
Private key Public key
As a rule, the private key contains a public key (the header.key file in this case will weigh more than 1 KB). In this case, copying the public key is not necessary.
Container copying can also be done using CryptoPro CSP. To do this you need to follow these steps:
1. Select Start / Control Panel / CryptoPro CSP.
2. Go to tab Service and click on the button Copy container(see Fig. 1).
Rice. 1. “CryptoPro CSP Properties” window
3. In the window Copying a private key container press the button Review(see Fig. 2).
Rice. 2. Copying the private key container
4. Select a container from the list, click on the button OK, then Further(see Fig. 3).
Rice. 3. Container selection
If copying is made from a root token, a pin code entry window will appear in which you should specify a standard pin code - 12345678 .
Rice. 4. Key container name
6. In the window Insert blank key media you must select the media on which the new container will be placed (see Fig. 5).
Rice. 5. Selecting a blank key media
7. You will be prompted to set a password for the new container. Setting a password is optional, you can leave the field blank and click on the button OK(see Fig. 6).
Rice. 6. Setting a password for the container
When copying to a smart card ruToken, the message will sound different (see Fig. 7). You must specify a standard pin code - 12345678 .
Rice. 7. Pin code for container
Please note: if you lose your password/pin code, using the container will become impossible.
8. After copying is completed, the system will return to the tab Service in the window CryptoPro CSP. Copying is complete. If you plan to use a new key container to work in the Kontur.Extern system, you must install a personal certificate (see.
Loading...