Copying the container of the private key is a mandatory step when reinstalling the security system on another computer. You can also copy the certificate if you want to create a spare electronic signature key.
Copying a container of a private key to a USB flash drive, floppy disk or token is a rather complicated process to avoid errors it is important to follow our instructions clearly.
CryptoPro: copying a certificate
Step 1. Opening the CryptoPro program
To open the program do the following:
Click the menu Startthen go to Programs⇒ CryptoPro⇒ CryptoPro CSPand enable the tab Service.
In an open window Service press the button Copy container.
Figure: 1.
Step 2. Copying the private key container
After pressing the button Copy container, the system will display the window Copying the private key container.
Figure: 2
In the open window, you must fill in the field Key container name.
Step 3. Entering the key container
There are 3 ways to fill in the field Key container name:
Manual input
Select from the list by clicking the Browse button
Search by EDS certificate
In addition to filling in the Key container name field, you must fill in the remaining search options:
- - the switch is set to position Useror A computer,depending on which storage the container is located in;
- Select CSP to find key containers - the required encryption provider (CSP) is selected from the proposed list.
After all the fields are filled in, click the button Further.
If a password is set for access to the private key, the system will ask you to enter it. Enter your password and click the button OK.
Step 4. Entering a new key container
The system will display the window again Copying the private key container, in which you must enter the name of the new key container and set the radio button The name entered specifies the key containerinto position Useror A computer,depending on which storage you want to place the copied container.
After entering, press the button Done.
Step 5. Selecting the media for the copied container
A window will appear on your screen in which you need to select the medium for the copied container.
Insert the medium (token, flash drive, floppy disk) into the reader and press the button OK.
Step 6. Setting the password
The system will display a window for setting a password to access the private key.
Enter the password, confirm it, check the box if necessary Remember password.
If this check box is selected, the password will be saved in a special storage on the local computer, and when accessing the private key, the password will be automatically read from this storage, and not entered by the user.
After entering the required data, click the button OK... The CryptoPro CSP cryptographic protection tool will copy the container of the private key.
If you have any questions, you can order a specialist consultation.
To perform any action on the EDS, copy the EDS, delete or install, the CryptoPro program installed on the computer is required.
- In order to copy the EDS, you need to go to Start-All Programs-CryptoPro and run the CryptoPro CSP file.
- Then go to the Service tab.
- Click on the "Browse" button.
- Select the required container and click the "OK" button.
Note:
In the image above, you can see the presence of two columns: on the left is the “Reader” column and on the right is the “Container Name” column. This information will help you navigate which EDS to copy.
The inscription “Register” in the reader column means that the EDS is on the computer. Otherwise, the EDS is on some medium (flash drive, floppy disk or protected media). In the case shown in the image, there are three EDSs recorded on the computer and one signature is recorded on Rutoken.
You can understand which certificate you need to copy by looking at “Container name”. The “container name” is composed of the serial number, the date of issue of the certificate and the name of the organization.
In the case we are considering, we choose the EDS located on the protected Rutoken medium.
- Select and copy the name of the container, click "next".
- Paste the container name, copied in step 5, into the "Key container name" field, add any few characters or spaces and click the "Finish" button.
- Next, you need to select the place where we want to copy the EDS. It can be a computer, flash drive or protected media. And press ok.
Note:
In the case we are considering, we copy the EDS to the USB flash drive by selecting its name in the list of devices. If you need to copy the EDS to your computer, you should select “Registry” from the list of devices.
- Next, the system will ask you to create a password for the container. If you do not want to create a password, then leave the fields blank, as shown in the image. And just click “Ok”.
This completes the copying of the EDS.
A copy of the EPC will be useful for:
- guarantees of signature safety
- usability
Some certification centers provide a backup service.
Copying an electronic signature from a secure medium is performed using the CryptoPRO CSP program.
A copy of the EDS is made on a secure medium, such as Rutoken / Etoken. A regular USB stick will not work.
Copy from CryptoPro CSP
First of all, download and install the CryptoPRO CSP program from the licensed site. Insert the EDS carrier into the computer. Run the previously installed program. Open the section - Service → “Copy”.
In the window that appears, select Browse. Select the medium you want to copy → “Ok” → “Next”. In the line for entering the pin code, insert the pin code from your ES carrier
Give a name to the new container using Russian layout and spaces. Click → Finish.
In the line - "Insert blank key media", specify empty media. The program will prompt you to set a password. This action is optional. Click → “Ok”. It should be noted that if you lose your PIN, you will not be able to use the container. When registering an electronic signature on Rutoken, use the pin-code issued by the certification center.
Upon completion of the operation, the window will close. A new container will appear on the carrier, which will be a copy of the EDS.
If you encounter problems while creating a duplicate yourself, you can contact our CA. Our managers will be happy to answer your questions. Contact us!
Windows copying
If a floppy disk or flash drive is used for work, you can copy the container with the certificate using Windows tools (this method is suitable for CryptoPro CSP versions of at least 3.0). Place the folder with the private key (and, if there is, the certificate file - the public key) in the root of the floppy / flash drive (if it is not placed in the root, then work with the certificate will be impossible). It is recommended not to change the folder name when copying.
The folder with the private key should contain 6 files with the extension .key. As a rule, the private key contains the public key (the header.key file in this case will weigh more than 1 KB). In this case, copying the public key is optional.An example of a private key is a folder with six files and a public key is a .cer file.
Private key Public key
Copy on Diagnostic Profile
1. Go to the "Copy" Diagnostics profile using the link.
2. Insert the media to which you want to copy the certificate.
3. Press the "Copy" button on the required certificate.
If a password has been set for the container, the message “Enter the password for the device from which the certificate will be copied” will appear.
4. Select the medium where you want to copy the certificate and click "Next".
5. Give a name to the new container and click on the "Next" button.
6. A message about successful certificate copying should appear.
Bulk copy
- Download and run the utility. Wait for the entire list of containers / certificates to load and mark the necessary ones.
- Select the "Bulk Actions" menu and click on the "Copy containers" button.
3. Select the storage medium for the container copy and click OK. When copying to the registry, you can tick the box "Copy to the key container of the computer", then after copying the container will be available to all users of this computer.
4. After copying, click the Update button at the bottom left.
If you want to work with copied containers, you must.
Copying with CryptoPro CSP
Please select "Start"\u003e "Control Panel"\u003e "CryptoPro CSP".Go to the "Service" tab and click on the "Copy" button.
In the "Copy the private key container" window, click the "Browse" button .
Select the container you want to copy and click on the "Ok" button, then "Next". If you copy from a rutoken, an input window will appear, in which you should enter a pin-code. If you have not changed the pincode on the carrier, the standard pincode is 12345678.
Create and manually specify a name for the new container. Russian layout and spaces are allowed in the container name. Then click Finish.
In the "Insert Blank Key Media" window, select the media on which the new container will be placed.
The new container will be prompted to set a password. We recommend that you set a password so that it is easy for you to remember it, but outsiders could not guess or guess it. If you do not want to set a password, you can leave the field blank and click "OK".
Do not store your password / pin code in places where unauthorized persons have access. If you lose your password / pin-code, the use of the container will become impossible.
If you copy the container to the ruToken smart card, the message sounds different. Enter the pin code in the input window. If you have not changed the pincode on the carrier, the standard pincode is 12345678.
After copying, the system will return to the "Service" tab of CryptoPro CSP. Copying completed. If you plan to use a new key container for work in the Extern,.
The owner of "href \u003d" / text / category / vladeletc / "rel \u003d" bookmark "\u003e the owner of the private EDS key is personally responsible for its storage!
Why keys are handed out on floppy disks
The floppy disk was and still remains the most accessible and cheapest medium on which you can write a sufficiently long key combination of characters. It is because of their low cost and ease of use that many companies continue to distribute key information, including EDS keys, on floppy disks, despite the fact that the reliability of floppy disks is lower than satisfactory by modern standards, and disk drives are almost never found.
Why do you need a token, why copy keys to a token
USB tokens are much more reliable than floppy disks, they are protected from physical factors. In addition, tokens provide cryptographic protection of stored information. Unlike floppy disks, you need to know a special pin-code to access information in the token's memory. Another significant difference between USB tokens and floppy disks is the installation of a special driver in the system.
So why copy the EDS key from a familiar floppy disk to an unusual token?
There are several reasons. Firstly, there is no disk drive on the computer on which the holder of the EDS key will work. If it is still possible to find a computer with a floppy drive left over from ancient times, then it would be too daring to expect that serious work is being carried out on such antediluvian equipment.
Secondly, anyone who has come across floppy disks in his life knows that it is better to duplicate the information on a diskette immediately, due to the extreme unreliability of these same diskettes!
And, thirdly, even a schoolboy can steal the EDS key from a floppy disk from an unwary user, while it is almost impossible to read information from the token memory without knowing the secret pin-code.
Conclusion: the most correct way would be to purchase a USB token (Rutoken), copy the EDS key to it, put the floppy disk in the safe, and hang the token with the EDS key on a bunch of keys. This will allow you to use your EDS key at any time, while eliminating the risks of both its loss and the secret key falling into the wrong hands!
What do we need for this
To copy the EDS key from a floppy disk to a token, it is necessary that a floppy drive and a USB port are present on the computer. The operating system Windows XP, Vista, 7 was installed. It is also necessary that CryptoPro CSP be installed.
How to find out the version of CryptoPro CSP
First, you need to determine the version of installed CryptoPro CSP. To do this, go to the Control Panel and run the CryptoPro CSP plugin. On a bookmark Are commonthe product version will be indicated.
0 "style \u003d" border-collapse: collapse; border: none "\u003e
ATTENTION!!!
1. It is very important to correctly identify the version of CryptoPro CSP!
Depending on which version of CryptoPro CSP (3.0 or 3.6) the user has installed, further steps to configure the system will differ significantly!
2. When working with CryptoPro CSP containers on any kind of media during operations with the contents of the containers, it is FORBIDDEN to disconnect the media from the computer until the operation is completed! Otherwise, irreversible damage to the contents of the container is possible!
The first step depends on the version of CryptoPro CSP
a) For CryptoPro 3.6you need to install the Rutoken drivers: (http: // ** / hotline / instruction / drivers /).
b) For CryptoPro 3.0need to install a solution Rutoken for CryptoPro CSP:
(http: // ** / download / software / rtSup_CryptoPro. exe. zip).
Further steps of the instruction do not depend on the version of CryptoPro CSP
Copy container from floppy disk to Rutoken using CryptoPro CSP:
· In the list of containers, specify the one that is on a floppy disk or flash drive. Click the button OK: |
|
· In the prompt window that appears, enter the password for the selected container, if it has been assigned. Click the button OK: |
|
· Enter the name of the container that will be created when copying your data to Rutoken. Click the button OK: |
|
· Connect Rutoken to your computer. In the appeared reader selection window, you must specify the one to which Rutoken is connected and click on the button OK: |
|
· In the prompt window that appears, enter the Pin-code of the connected Rutoken device (by default :). Click the button OK: |
|
· Wait until the container is copied to the token (during copying, the indicator on the token will flicker).
Register the certificate in the local certificate store
In the form that appears, click on the button Overviewand select the container on Rutoken, copied there earlier, as described in the previous section, click on the button OK: |
|
|
|
In the certificate window that opens, make sure that the data is correct and click on the button Properties: |
|
· A certificate installation wizard will open, in which you must specify the store where your certificate will be placed. Typically, this is Personal Vault. Select the required parameters and click the button Done:
|
|
