How to copy keys from a floppy or flash drive to the registry. Copying with CryptoPro CSP How to add a key container to cryptopro

When working with EDS key carriers, both in the form of RuToken and in the form of ordinary flash drives, situations can often arise when there is a need to copy the key to registry, as, for example, if too many electronic digital signatures are used at one workplace. In general, the whole procedure boils down to the fact that you connect the "Registry" media to CryptoPro and copy your container there for further work without the participation of a portable media. Let's take a closer look at all the necessary steps.

Firstly, you need to install the reader we need, for this we open CryptoPro through the "Start" menu - "Control Panel":

Click "Configure readers" and if you do not see the "Registry" field in the reader management window that appears, click "Add". Otherwise, you can skip this paragraph and proceed to the procedure for copying the container:

In the reader installation wizard, select the proposed option "Registry" and click "Next":

We set the name of the reader, where we write "registry" so as not to get confused, click "next" and see that the media has been added. Click "OK":

Now we need to copy the EDS key, for this we open the "Service" tab in CryptoPro and click "Copy ...". We make sure that your media is connected to the computer and select it in the key container selection window through the "Browse" button. In our case, this is drive G:

Select Registry in the left list, click "OK" and set a new password for the newly copied container:

The container is copied, it remains to install a personal certificate and you can get to work. To do this, in the "Service" tab, select "Install a personal certificate", using the "Browse" button, select the public certificate of the copied private key, click "Next" - "Next" - specify the container "registry" as a key, click "OK", enter the password which indicated above when copying the container, in the certificate store name, use the "Browse" button to select the "Personal" - "OK" - "Next" - "Finish" folder. Now you can sign using EDS without using a physical medium.

When installing a personal certificate through the "Install Personal Certificate" menu, after selecting a key container, an error message "The private key in the container does not match the public key" appears.

To solve this problem, you must perform the following steps (after completing each step, repeat the installation of the certificate)

1. If a floppy disk is used as a key medium, you should check whether it is write-protected (on a write-protected disk, both slots located at the corners of the medium are open).

3. Make a copy of the key container and install the certificate from the duplicate (see How to copy a container with a certificate to another medium?).

4. If Crypto Pro CSP 3.6 R2 or R3 is used at the workplace (product version 3.6.6497 and higher), then you need to install the certificate through the Install personal certificate menu and in the "Private key container" window (point 5 of the instruction) check the "Find container automatically" fields.

The version of the installed crypto provider is indicated on the "General" tab (menu "Start" > "Control Panel" > "CryptoPro CSP").

5. Key containers generated on CryptoPro CSP 3.0 or 3.6 will not work on CryptoPro CSP 2.0.

If CryptoPro CSP 2.0 is installed, and the certificate request was made at the workplace with CryptoPro CSP 3.0 or 3.6, then the following solutions are possible:

Otherwise, go to step 6.

6. The public key certificate (file with .cer extension) may be damaged. You need to contact technical support at [email protected] to get a copy. When applying, be sure to indicate the TIN and KPP of the organization.

7. The private key container may be damaged. If a floppy disk or flash card is used as a key medium, it is recommended to perform data recovery (see

If none of the solutions below resolves the problem, the key media may have been damaged and needs to be restored (see ). It is not possible to recover data from a damaged smart card or registry.

If there is a copy of the key container on another medium, then you must use it for work, after installing the certificate.

Diskette

If a floppy disk is used as the key container, the following steps must be performed:

1. Make sure that there is a folder at the root of the floppy disk containing the files: header, masks, masks2, name, primary, primary2. The files must have the .key extension and the folder name format must be xxxxxx.000.

the private key container has been corrupted or removed

2. Make sure that the “Drive X” reader is configured in CryptoPro CSP (for CryptoPro CSP 3.6 — “All removable drives”), where X is the drive letter. To do this:

Select the menu "Start" > "Control Panel" > "CryptoPro CSP";

?).

3. In the CryptoPro CSP window "Selecting a key container", set the "Unique names" radio button.

Select the menu "Start" > "Control Panel" > "CryptoPro CSP";
Go to the "Service" tab and click on the "Delete remembered passwords" button;

5. How to copy a container with a certificate to another medium?).

Flash drive

If a flash drive is used as a key medium, the following steps must be performed:

1. Make sure that in the root of the media there is a folder containing the files: header, masks, masks2, name, primary, primary2 . The files must have a .key extension and the folder name format must be: xxxxxx.000 .

If any files are missing or not in the correct format, then the private key container may have been corrupted or deleted. You also need to check if this folder with six files is contained on other media.

2. Make sure that the “Drive X” reader is configured in CryptoPro CSP (for CryptoPro CSP 3.6 — “All removable drives”), where X is the drive letter. To do this:

Select the menu "Start" > "Control Panel" > "CryptoPro CSP";
Go to the "Hardware" tab and click on the "Configure readers" button.

If the reader is missing, it must be added (see How to configure readers in CryptoPro CSP?).

4. Delete remembered passwords. For this:

Select the menu "Start" > "Control Panel" > "CryptoPro CSP";
Mark the "User" item and click on the "OK" button.

5. Make a copy of the key container and use it for work (see How to copy a container with a certificate to another medium?).

6. If CryptoPro CSP version 2.0 or 3.0 is installed at the workplace, and Drive A (B) is present in the list of key media, then it must be removed. For this:

Select the menu "Start" > "Control Panel" > "CryptoPro CSP";
Go to the "Hardware" tab and click on the "Configure readers" button;
Select the reader "Drive A" or "Drive B" and click on the "Delete" button.

After removing this reader, work with the floppy disk will be impossible.

Rutoken

If a Rutoken smart card is used as a key carrier, the following steps must be taken:

1. Make sure the light on the rutoken is on. If the lamp does not light, then the following recommendations should be used.

2. Make sure that the "Rutoken" reader is configured in CryptoPro CSP (for CryptoPro CSP 3.6 - "All smart card readers"). To do this:

Select the menu "Start" > "Control Panel" > "CryptoPro CSP";
Go to the "Hardware" tab and click on the "Configure readers" button.

If the reader is missing, it must be added (see How to configure readers in CryptoPro CSP?).

3. In the "Select key container" window, select the "Unique names" radio button.

4. Delete remembered passwords. For this:

Select "Start" menu > "Control Panel" > "CryptoPro CSP" ;
Go to the "Service" tab and click on the "Delete remembered passwords" button;
Mark the "User" item and click on the "OK" button.

5. Update support modules required for Rutoken to work. For this:

Disconnect the smart card from the computer;
Select the menu "Start" > "Control Panel" > "Add or Remove Programs" (for Windows Vista \ Seven "Start" > "Control Panel" > "Programs and Features");
Select "Rutoken Support Modules" from the list that opens and click on the "Delete" button.

After removing the modules, you must restart the computer .

Download and install the latest support modules. The distribution kit is available for download on the Aktiv website.

After installing the modules, you must restart your computer.

6. You should increase the number of Rutoken containers displayed in CryptoPro CSP using the following instruction .

7. Update the Rutoken driver (see How to update the Rutoken driver?).

8. You should make sure that Rutoken contains key containers. To do this, you need to check the amount of free memory on the media by following these steps:

Open "Start" ("Settings") > "Control Panel" > "Rutoken Control Panel" (if this item is missing, then update the Rutoken driver).
In the "Rutoken Control Panel" window that opens, in the "Readers" item, select "Activ Co. ruToken 0 (1,2)" and click on the "Information" button.

If the rutoken is not visible in the “Readers” item or when you click on the “Information” button, the message “ruToken memory status has not changed” appears, which means that the media has been damaged, you must contact the service center for an unscheduled replacement of the key.

Check what value is indicated in the line "Free memory (bytes)".

As a key carrier, service centers issue rutokens with a memory capacity of about 30,000 bytes. One container occupies about 4 KB. The amount of free memory of a rutoken containing one container is about 26,000 bytes, two containers - 22,000 bytes, etc.

If the amount of free memory of the rutoken is more than 29-30,000 bytes, then there are no key containers on it. Therefore, the certificate is contained on a different medium.

Registry

If the Registry reader is used as a key carrier, the following steps must be performed:

1. Make sure that the "Register" reader is configured in CryptoPro CSP. For this:

Select the menu "Start" > "Control Panel" > "CryptoPro CSP";
Go to the "Hardware" tab and click on the "Configure readers" button.

If the reader is missing, it must be added (see How to configure readers in CryptoPro CSP?).

2. In the "Select key container" window, select the "Unique names" radio button.

3. Delete remembered passwords. For this:

Select the menu "Start" > "Control Panel" > "CryptoPro CSP";
Go to tab « Service" and click on the "Delete remembered passwords" button;
Mark the "User" item and click on the "OK" button.

Now almost every organization has installed on the computer of an accountant CIPF– cryptographic information protection system. As such, we use . In our case, CryptoPro is necessary for the operation of the Client-Bank and the VLIS ++ program (through this program, the accounting department prepares and submits reports to the tax, pension fund, and Rosstat).

The main functions of CIPF CryptoPro are:
— verification of the secret keys of the payer when sending electronic documents via communication channels;
— encryption of documents of the payer when sending reports;
- decoding of received responses from inspections.

When working with both the Client-Bank and VLIS++, key carriers are used, on which secret keys and certificates are stored. A floppy disk, a flash drive, a secure flash drive (Rutoken, eToken), as well as a registry can act as such a medium.

So, once our accountant got tired of inserting a floppy disk into the computer every time he sent reports. In addition, this media is rather unreliable and failed a couple of times (I had to). Therefore, the decision was made copy keys from floppy to registry.

Storing keys in the registry is, of course, convenient. But keep in mind this point: when you reinstall the operating system on your computer, information about your keys will be irretrievably lost. So after you copy the keys to the registry, be sure to save the media with the original of these keys.

So, how to copy the keys from a floppy disk to the registry in CryptoPro CSP 3.6?
1. Go to "Start" - "Control Panel" - "CryptoPro CSP".
2. In the window that opens, go to the “Service” tab.
3. Insert the key floppy into the floppy drive of the computer and click the "Copy container" button. 4. Next, click “Browse” and in the window that appears, select the container you want to copy (click on it once with the mouse and click “OK”).
The name of the selected container will appear in the Key Container Name field. Click "Next".
5. In the next window, write any name - this will be the name of the copy. Click Finish.
6. Next, select the “Registry” media and click “OK”.
A window will appear asking you to set a password. If you do not need it, do not enter anything, but simply click “OK” here. That's all - we copied the key to the registry. To check this - in the same place in the "Service" tab, click the "View certificates in the container" - "Browse" button - here in the list of key containers the registry and the name of the container that you specified will be displayed.

Hello! Since I work in the state. institution, I could not avoid using the CryptoPro program for working with crypto keys. Now everything seems simple and quite logical to me, but at the dawn of my career I had many questions in using this program.

Read how to copy the Crypto Pro key container and install a personal user certificate

I think many people know about the well-known sites zakupki.gov and bus.gov… the first serves to place applications for electronic trading, and the second to place information about the organization, however, both require a user’s electronic signature, and it can only work with Crypto Pro.

When you generate an electronic signature, it is MANDATORY! must be saved to external media, but this may not always be convenient and not always reliable. Unfortunately, many organizations refuse to keep up with the times and still use a floppy disk as a digital signature carrier. I think it is not necessary to explain that a floppy disk is a very unreliable option for storing information. Therefore, it is better to have a copy of the key so that in the event of a media failure, you can recover, and not generate a new one, because if you generate a new one, you will have to wait for the certificate (At least one day).

When else might it be needed? For example, your heads. booze a bunch of electronic signatures (ours already has 4 of them) and constantly sticking in turn is not always convenient, and the confusion is constant, so all these keys can be copied to the registry of your computer, and the real keys can be hidden away in a safe. Of course, you need to understand that having keys in the registry, in order to sign a document, the key itself is not needed - you only need access to the computer where they are installed, so be sure! when copying, set the password of the key container

Let's start. Launch CryptoPros CSP (issued by your local treasury) and go to the "Service" tab, click the "Copy ..." button

In the next window, we should click "Browse" and select the location of our key container, in my case it is a USB flash drive that has the letter F in the system (Drive F)

Now that the container is selected, we proceed to the process of copying it, make sure that you have selected the correct key and click "Next"

Give him a name

And indicate where to copy it, in my case, I copied it to the registry so as not to insert it every time ...

If you copied the key to the registry like I did, be sure to create a password!

That's all, a copy of the key container has been created on the media you specified 😉 now let's move on to the next step...

Unlike ordinary certificates, our certificate must be mapped to a private key, so simply clicking the "Install Certificate" button will not work, installing a certificate in cryptopro is different from the usual procedure.

Open the program, go to the "Service" tab and click "Install personal certificate ..."