Copy using Windows

If you use a floppy disk or flash drive for work, you can copy the container with the certificate using Windows (this method is suitable for versions of CryptoPro CSP no lower than 3.0). Place the folder with the private key (and, if there is one, the certificate file - the public key) in the root of the floppy disk / flash drive (if you do not place it in the root, then working with the certificate will be impossible). It is recommended not to change the folder name when copying.

The folder with the private key should contain 6 files with the extension .key. As a rule, the private key contains a public key (the header.key file in this case will weigh more than 1 KB). In this case, it is not necessary to copy the public key. An example of a private key is a folder with six files and a public key is a file with the .cer extension.

Private key Public key

Copy to Diagnostics profile

1. Go to the “Copying” Diagnostics profile using the link.

2. Insert the media to which you want to copy the certificate.

3. On the desired certificate, click on the “Copy” button.

If a password has been set for the container, the message “Enter the password for the device from which the certificate will be copied” will appear.

4. Select the media where you want to copy the certificate and click “Next”.

5. Give the new container a name and click on the “Next” button.

6. A message indicating that the certificate was successfully copied should appear.

Bulk copy

1. Download and run the utility. Wait for the entire list of containers/certificates to load and select the required checkboxes.
2. Select the Bulk Actions menu and click on the Copy Containers button.

3. Select the storage media for the container copy and click OK. When copying to the registry, you can check the box “Copy to the key container of the computer”, then after copying the container will be available to all users of this computer.

4. After copying, click the “Update” button at the bottom left.
If you want to work with copied containers, you need .

Copying using CryptoPro CSP

Select “Start” > “Control Panel” > “CryptoPro CSP”. Go to the “Service” tab and click on the “Copy” button.

In the Copy Private Key Container window, click on the Browse button .

Select the container you want to copy and click on the “Ok” button, then “Next”. If you are copying from a root token, an input window will appear in which you should enter a pin code. If you have not changed the pin code on the media, the standard pin code is 12345678.

Create and manually specify a name for the new container. Russian layout and spaces are allowed in the container name. Then click "Done".

In the Insert Blank Key Media window, select the media on which the new container will be placed.

You will be prompted to set a password for the new container. We recommend that you set a password that is easy for you to remember, but that others cannot guess or guess. If you do not want to set a password, you can leave the field blank and click OK.

Do not store your password/pin code in places where others have access. If you lose your password/pin code, using the container will become impossible.

If you copy the container to a ruToken smart card, the message will sound different. In the input window, enter your pin code. If you have not changed the pin code on the media, the standard pin code is 12345678.

After copying, the system will return to the “Service” tab of CryptoPro CSP. Copying is complete. If you plan to use a new key container to work in Externa, .

A copy of the EPC will be useful for:

• signature security guarantees
• ease of use

Some certification authorities provide the service - backup.

Copying an electronic signature from a secure medium is carried out using the CryptoPRO CSP program.

A copy of the digital signature is made onto a secure medium, such as Rutoken/Etoken. A regular USB flash drive will not work.

Copying from CryptoPro CSP

First of all, download and install the CryptoPRO CSP program from the licensed website. Insert the digital signature media into the computer. Launch earlier installed program. Open the section - Tools → “Copy”.

In the window that appears, select - Review. Select the media you plan to copy → “Ok” → “Next”. In the PIN code entry line, insert the PIN code from your digital signature carrier

Give the new container a name using the Russian layout and spaces. Click → “Done”.

In the line - “Insert a blank key media”, indicate an empty key media. The program will prompt you to set a password. This action is optional. Click → “Ok”. It is worth noting that if you lose your PIN code, you will not be able to use the container. When recording an electronic signature on Rutoken, use the PIN code issued by the certification center.

When the operation is completed, the window will close. A new container will appear on the media, which will be a copy of the digital signature.

If problems arise when creating a duplicate yourself, you can contact our CA. Our managers will be happy to answer your questions. Contact us!

head of the VLSI group

An electronic signature is usually issued either on a flash drive, or on a token, or on a floppy disk. Working with props is easy, regardless of the selected media type: the software interface is clear, and problems in use rarely arise. Convenience and ease of use make electronic signature accessible even to people who do not have technical skills or experience working with complex programs.

Before starting to use the digital signature, the user must make sure that he has all the necessary tools and tools on his PC. These include:

• crypto provider;
• private key and digital signature certificate;
• configured workplace.

A crypto provider is a special software, responsible for cryptographic algorithms. It is necessary to create, verify, encrypt and decrypt digital signatures. The data is stored on an encrypted flash drive, which the crypto provider accesses when performing operations.

Setting up a workplace is one of the most important processes in the preparatory work for using an electronic digital signature. This includes installing a certification authority certificate, as well as setting up and installing a key certificate and a cross-certificate of the Ministry of Telecom and Mass Communications. You also need to configure the browser so that it allows you to carry out all the required operations. This involves installing the necessary plugins and add-ons.

How to use digital signature from a flash drive

Learn to work with digital signature not difficult: the process takes only a few minutes and consists of sequentially performing simple steps.

Digital signature setup

Using an electronic signature from a flash drive is not difficult: first, the media must be connected to the computer. When the flash drive is displayed in the system, you need to select “CryptoPro” - “Equipment” - “Configure readers”:

The new window should have menu items such as “All smart card readers” and “All removable drives”:

If for some reason they are missing, then you must:

• in the “Configure readers” tab, click “Add” and “Next”;

• in the new window select “All manufacturers”;

• then select “All smart card readers” and click “Finish”.

The signature is ready to use, and the signing process depends on the type of document.

Signing MS Word documents

In the required file, the user opens:

• “Information” - “Add digital signature”;

• selects the generated signature, adds a comment if necessary, and clicks “Sign”;

• if there are no errors, the system displays the message:

Signing a document through the CryptoPro plugin using a digital signature from a flash drive is similar to the previous method:

• the user opens the desired document, selects the menu item “File” - “Add digital signature”;

• then selects the desired signature and adds it to the document, completing the action by clicking “Sign”.

If there are no errors, the plugin will display a message indicating that the document was successfully signed.

Generating a signature for PDF documents also takes place in several stages. On the first one, the user opens the required file, and through the “Tools” panel goes to the “Certificates” section:

Then click on “Sign” and select the area where it will be located:

After this, in the window with a set of digital details, the user selects the required one and clicks “Continue”:

A new window will open with preview image electronic signature:

If everything is correct, then the user completes the action through the “Sign” button. After signing the document, if there are no errors, a message indicating the successful completion of the process is displayed.

Using a flash drive as an electronic key

A flash drive can be used as an analogue of an electronic digital signature using a RAM module. Its task is to test each electronic media for compliance with the stored data. Blocking of data or access to the system depends on the results of the scan.

A flash drive used as an electronic key works like this: each successful login to the system starts the process of overwriting the data stored in the backup part. During the next login, the system compares the brand, serial number, backup storage and manufacturer data.

To configure the RAM module you need to:

• install the libpam_usb.so library and utilities needed to manage the module;
• insert a flash drive into the USB port, collect and record all information about the media for subsequent user identification;
• enter a command assigning the name of the flash drive to account user;
• run a data validation check;
• give the pam_usb module the right to control the system. If no suitable media is found, the system must prompt you to enter a password and login, or block the login.

The advantages of using this type of media include the ability to store information on a flash drive and quickly log into the system, auto-protection, and no need to remember a large number of information.

How to copy digital signature from a flash drive

Despite the fact that the flash drive is reliable, it is recommended to copy the electronic signature from it to the PC registry. You need this in order to have backup copy in case of media failure. This will also save the user from having to carry a flash drive with him everywhere, which will reduce the risk of theft or loss.

How to copy digital signature:

• via Start/Control Panel/CryptoPro select “Service” and “Copy”;

• in the window that opens, click “Browse”, select the key container and confirm the action “OK”;

• Click “Next” and proceed to copying the private key container. In the “Key container name” window, enter the name of the electronic signature. Click “Finish”;

• In the new window, click “Registry” and “OK”.

Install the copied certificate. For this:

• in the “Service” tab, select “View certificates”;

• Go through “Browse” to select a certificate;

• select the required certificate and confirm the action using “OK” and “Next”;

• complete the process by successively clicking “Install”, “Yes”, “OK”.

EDS installation is complete. Now you can use the signature both from a flash drive and from a PC.

Why might EP not work?

Typically, working with an electronic signature does not cause problems, however, there are a number of cases when the key certificate stops responding to user actions.

If the private key does not match the public key, then you need to check all closed containers on the PC you are using. The problem may be that the wrong port is selected. If the closed container is selected correctly, and the error repeats, you need to contact the CA to re-issue the electronic signature.

Sometimes, when starting, the system displays an error: certificate isn’t valid. To eliminate it, the digital signature is reinstalled according to the instructions of the CA. Also, sometimes a message appears stating that the electronic signature certificate is not trusted. In this case, the root certificate is reinstalled.

Often the problem in the operation of the electronic signature is related to the expired validity period of CryptoPro. To renew your license, you need to contact CA representatives and get a new key.

If no valid certificate is found on the PC, then you need to reinstall the digital signature and check the validity periods of the keys.

CryptoPro may not see the electronic signature due to the lack of a stable Internet connection, as well as due to an incorrectly installed program.

Less often, a case arises when the plugin does not see the installed and added certificate even after reinstallation. The problem may lie in the CA's certificate revocation list. If a user accesses the Internet through a proxy server, then in online mode the software does not see the installed certificate in the reviews directory. To troubleshoot the problem, you just need to add this reference book to your PC.

To work with an electronic signature from a flash drive, special tools must be installed on your PC. These include a crypto provider and a customized browser. Documents are signed using CryptoPro plugins, which are released both for MS Office and for PDF files. Flash media can also be used to store the electronic signature key. This is convenient because the user does not need to remember all the data, and login occurs automatically when connecting and checking the flash drive. If there is a need to travel frequently and work with digital signature certificates outside the office or at home, then it is advisable to copy the digital signature certificate from a flash drive to a PC. This will protect against damage, loss or theft of the media, and subsequent restoration of the digital signature.

When transferring electronic reporting to another computer or reinstalling an encryption program, you need to copy electronic signatures. IN step by step instructions We show how to correctly copy electronic signatures through the ViPNet CSP program.

Step-by-step instructions on how to copy an EDS certificate

Step 1. Open VipNet program

Most likely you won't find the shortcut on your desktop. To open the program follow four steps:

1. Go to menu "Start"
2. Open item "All programs"
3. Find the folder named "ViPNet"
4. Click on the icon with the name "ViPNet CSP"

The VipNet encryption program will open.

Step 2. Open the electronic signature for copying

On the left side of the window that opens, go to the tab "Containers". A list of electronic signatures that are on your computer will appear.

Select the electronic signature to copy from the list. Click on the button "Copy".

Step 3. Choose a location to copy the electronic signature

The system will prompt you to select the directory into which the signature will be copied. Click on the button "Review".

In the window "Browse folders" indicate the location for copying the electronic signature. Then click "OK".

Attention! The directory into which signatures are copied must not be named infotecs or containers, if you plan further complete removal ViPNet CSP.

Step 4. Copy the electronic signature

In some cases, the system will ask for an electronic signature password. Enter it and click "OK".

The electronic signature has been copied.

Can be used if we are talking about reinforced unskilled signatures.

Kinds EDS, which have the maximum degree of protection, are recorded exclusively on specialized USB devices. Their issuance is provided at all existing certificate points.

Let's look at the flash drive options that people most often try to use for storage means of cryptographic information protection:

• Unprotected flash drive. Not suitable for storage confidential information due to open access third parties to it.
• Flash drive with built-in encryption function. The device limits, but does not completely prevent, unauthorized access to keys. The danger arises at the moment of transfer EDS to the computer when signing the document.
• (token) with a built-in crypto processor. More suitable option for storage EDS. Contains two levels of information protection that are activated at the time of recording EDS and contacting her during the signing process. Signature, recorded on such a storage medium cannot be illegally changed, but the possibility of its theft at the time of transfer to computer software remains.
• USB device with built-in shaping function EDS. This type flash drives is a kind of minicomputer - the document to be signed is submitted to the “input” of the device and signed inside it. Such a token is maximally protected from unauthorized access, because signature is not extracted from it. Loading signatures on external devices is not required for its use.

How to write digital signature to a flash drive from another storage medium? Use the capabilities of the special CryptoPRO CSP program.

Here are brief instructions on how to rewrite a certificate:

• A clean one is inserted into the computer flash drive for digital signature and carrier signatures.
• The CryptoPRO CSP program is being launched.
• In the program menu that opens, select the “Service” tab, then press the “ Copy».
• Specifies the path to the certificate EDS in the “Overview” menu tab, the selection is confirmed by pressing the “OK” button.
• If the system asks for a password, you must enter it. The default number sequence is 12345678.
• Assigns a name to the new copy signatures and by clicking the “Finish” button, preparation for copying is completed.
• In the dialog box that opens, select a new flash drive and after clicking the “OK” button, enter the password for the copy EDS. You can leave the same password to avoid confusion with access codes or choose a new combination of characters.

How to transfer digital signature from flash drive to flash drive? Simply copy the certificate folder and paste it onto the new media. Take precautions when carrying EDS to a new device!

Using a flash drive as an electronic key

A key is the most accessible method of protecting a computer from access by unauthorized persons. A USB device is a modern analogue of a dongle. How to make an electronic key from a flash drive?

One way is to use a RAM module, whose task is to test each device inserted into the computer. flash drives for compliance with the information stored in the system and, depending on the result of the check, open the login to the system or block it.

Electronic key flash drive works as follows: with each successful login to the system, the information stored in its backup part is overwritten.

The next time you try to log in, the system will compare the credentials flash drives- its serial number, brand, manufacturer and data from the backup part of the USB device.

The module is configured as follows:

• The libpam_usb.so library and the utilities necessary to manage the module are installed.
• A flash drive is inserted into the USB port - the future key. Using a special command, the module collects all information about flash drive and recording service information on it for subsequent identification of the user.
• Enter a command attaching a name flash drives to a specific account.
• A check is started to check the correctness of the data entered into the system.
• The pam_usb module is given the right to control the system until the key is used. If no suitable flash drives, the system may prompt you to enter your login and password or, according to established settings, block the entrance to it.

Usage flash drives as a key, it does not provide for placing logins and passwords on it, or means of cryptoprotection of information.

Select digital signature

In addition to convenience, such a key storage provides the user with the following benefits:

• No need to remember a large amount of information.
• Possibility of use flash drives as a means storage information.
• Ensuring quick login.
• Console auto-protection. When removed from the USB port flash drives work on the computer is automatically blocked.