Copying digital signature. How to copy a certificate and private key from the registry. Command Line Tools
If the electronic signature was issued to the PC registry, then you can copy it to a medium using the following instructions.
Step 1. Open CryptoPro and go to the “Service” tab, then click on the “Copy” button as shown in the instructions.
Step 2. In the window that appears, click the “Browse” button to select the electronic signature container you need to copy.
Step 3. In the list of existing containers that appears, select the container you need, which you need to copy to the media and click the “OK” button.
Step 4. Confirm the action by clicking the “Next” button in the window that appears
Step 5. In the window that appears, specify the name of the new container that will be created on the media. The name in the field is entered automatically, so you can simply leave it unchanged. Click the "Done" button.
Step 6. A media selection window will appear. Select the desired medium from the list to which you want to copy the electronic signature. In order to understand which media to select from the list, look at the “Inserted media” field: it will either say “Media is missing,” which means you have selected a non-existent media, or a media name similar to the name in the screenshot will appear. Select and click OK.
Step 7. After you select the media, a window will appear to enter the PIN code for the new electronic signature container. We recommend entering the standard PIN code “12345678”, because... clients often forget or lose their PIN codes, after which the electronic signature has to be reissued. You can set your (different) PIN if you are sure that you will not lose it. After entering the PIN code, click the "OK" button.
Ready. Now the electronic signature container has been copied to the selected medium and you can use it.
If you don’t want to understand these details, we will help. You can even call our engineer to your office.
In order to transfer the private key container ( key) and user certificate ( certificate) you will need:
- key floppy disk with key and certificate
- a computer with a floppy drive ( computer 1)
- a computer without a floppy drive ( computer 2), from which tax reporting will be sent
- regular flash drive ( flash drive)
- CryptoPro distribution kit of any version and reader Registry for him
First stage: preparing the computer and copying the key
Install the distribution CryptoPro on computer 1
Launch the snap-in CryptoPro CSP from Control panels.
Paste into computer 1 flash drive.
In the new window, click the "Add..." button
Check Drive?:, as shown in the pictures.
Click "Next >", "Finish" and "Ok".
Now insert the key floppy.
Go to the "Service" tab, click on the "Copy container" button.
In the new window, click the "Browse" button and specify "Drive A:" as the key container to be copied.
Now specify the name of the new key container and click "Finish", after which the program will ask you to specify a device for recording the key. In this case, this is our flash drive (Disk drive?). Select it and click "Ok", when prompted for a password, click "OK" again.
After this, you need to copy the certificate file (file with *.cer extension) from the floppy disk to a flash drive via Explorer or in any other way.
Stage two: preparing computer 2 and installing the key
Install the distribution CryptoPro on computer 2(skip this item if Crypto-Pro is already installed on it).
Launch the snap-in CryptoPro CSP from Control panels.
Paste into computer 2 flash drive.
Go to the "Hardware" tab, click the "Configure readers" button.
In the new window, click the "Add..." button, now "Next >", check Drive?:, as shown in the pictures.
The drive letter must match the letter assigned to the flash drive by the operating system.
Click "Next >", "Finish" and "Ok".
Now add the reader Registry in a similar way and through the "Service" tab, copy the private key container from Drive?: to the reader Registry(specify Drive?: as the source when copying, and Registry as the destination).
Copy from flash drive to computer 2 certificate.
In CryptoPro CSP, on the "Service" tab, click the "Install personal certificate" button, follow the instructions of the installation wizard. When selecting a key container, specify Registry.
Connect to the Internet and try using the Kontur-Extern system.
If the Kontur-Extern system is installed on your computer for the first time, be sure to download and run
According to Wikipedia public key certificate aka public key file, electronic digital signature, signature key certificate, electronic signature verification key certificate (according to Article 2 of the Federal Law of 04/06/2011 “On Electronic Signature” No. 63-FZ) - a digital or paper document confirming the correspondence between open key and information identifying the owner of the key. Contains information about the owner of the key, information about the public key, its purpose and scope, and the name of the certification authority.
A public key can be used to organize a secure communication channel with the owner in two ways:
In order to exchange encrypted messages, you must first exchange public key certificates. The message is encrypted using the recipient's public key and decrypted with its private key.
How to export a public key file?
You can export a public key file in the following ways:
1. Export from Personal storage:
- To do this, select in the browser settings (for example Internet Explorer) Settings/Internet Options/ Content and press the button Certificates.
- Find the required certificate and click Export.
If the required certificate is not in the list, you must go to step 2.
- In the window Certificate Export Wizard press the button Further. Then mark the item and select Further.
- In the window Export file format select and press the button Further.
- In the next window you need to click Review Save.
- Further, then Ready.Wait for a message about successful export.
2. Export a public key file using CryptoPro CSP:
- Select menu Start / Control Panel / CryptoPro CSP. Go to tab Service and press the button View certificates in a container.
- In the window that opens, click on the button Review to select a container to view. After selecting the container, click on the button OK.
- In the next window, click on the button Further.
- In the window Certificate for viewing you need to press a button Properties in the certificate file that opens, go to the tab Compound and press the button Copy to file.
- Next we follow the instructions Certificate Export Wizards pressing Further - No, do not export the private key - Further choose X.509 (.CER) files encoded in DER and again Further.
- In the next window you need to click on the button Review, specify the name and directory to save the file. Then click on the button Save.
- In the next window click on the button Further, then Ready.
- Wait for a message about successful export. Close all Crypto Pro program windows.
3.
If the certificate export fails
neither the first nor the second method, then to obtain a public key file you should contact the technical support service of the certification center where your certificate was received. Information about the certification authority can be found in the certificate itself.
After exporting the public key file, we can forward it to the person with whom we plan to exchange encrypted messages.
In order to encrypt a document you will need and . As a rule, no additional settings other than placing the public key certificate file in the Certificates of Other Users store are required.
If you found the instructions useful, share them, you will find buttons for this right below the article.
If a flash drive or floppy disk is used for work, copying can be done using Windows (this method is suitable for versions of CryptoPro CSP no lower than 3.0). The folder with the private key (and the certificate file, if any) must be placed in the root of the flash drive (floppy disk). It is recommended not to change the folder name when copying.
The private key folder should contain 6 files with the extension .key. Below is an example of the contents of such a folder.
Container copying can also be done using the CryptoPro CSP crypto provider. To do this you need to follow these steps:
1. Select Start / Control Panel / CryptoPro CSP.
2. Go to the Tools tab and click on the Copy button. (see Fig. 1).
Rice. 1. “CryptoPro CSP Properties” window
3. In the window Copying a private key container press the button Review(see Fig. 2).
Rice. 2. Copying the private key container
4. Select a container from the list, click on the button OK, then Further.
Rice. 3. Key container name
6. In the “Insert and select media to store the private key container” window, you must select the media on which the new container will be placed (see Figure 4).
Rice. 4. Selecting a blank key media
7. You will be prompted to set a password for the new container. Setting a password is optional, you can leave the field blank and click on the button OK(see Fig. 5).
Rice. 5. Setting a password for the container
If copying to media Rutoken, the message will sound different (see Fig. 6)
Rice. 6. Pin code for container
Please note: if you lose your password/pin code, using the container will become impossible.
8. After copying is completed, the system will return to the tab Service in the window CryptoPro CSP. Copying is complete. If you plan to use a new key container to work in the Kontur-Extern system, you must install a personal certificate (see How to install a personal certificate?).
For bulk copying, download and run the Certfix utility.
As a rule, an electronic digital signature is recorded on a USB drive. However, if you need to install a digital signature from a flash drive to a computer, that is, copy the digital signature to a computer, find out in this article how to do it quickly and easily.
Copy digital signature to computer
Of course, carrying a flash drive with you all the time is not always convenient. It may either become unusable, or it may simply not be available at the right time. In this case, a method will come to the rescue in which we copy the digital signature certificate to the computer itself, which will subsequently allow us to do without a USB drive.
In order to copy digital signature to computer, please follow the following instructions:
Insert the USB drive with digital signature into the computer and run the program CryptoPro CSP, go to the tab Service and press Copy….
In the window that opens, select the key container by clicking the button Review.
In the list of user key containers that opens, select a container and click OK.
After selecting a container, its name will appear in the line Key container name. In the next window just click Further.
In the next step, you need to specify information about the new container, for which enter Certificate name (think of any name for the key certificate). After that, click the button Ready.
For a newly created container, it is possible to set a new password. If you want to set a password, enter it twice in the appropriate fields. If you do not plan to use a password, leave the fields blank and click OK.
So, we have selected the object to copy and indicated the location where the certificate will be stored. Now you need to install this certificate.
In the tab Service click View certificates in container...
Clicking the button Review, in the window that opens, if you noticed, another key container has appeared. Select the newly created container and click OK.
After selecting a new container, click Further.
The window that opens will indicate the certificate to view. Click Install.
As a result, after your actions, a message about the successful installation of the certificate will appear. Click OK.
Ready. The digital signature is installed on the computer.
