Almost every organization has some kind of electronic key. They are widespread and without them it is almost impossible to conduct any activity. They are needed for signing reporting documents and for many other things. Therefore, those who serve the IT sector in the organization need to know what it is. For example, today we’ll talk about how to copy a certificate from the registry and transfer it to another computer.
How to copy a certificate from the registry to a flash drive
Let's imagine you come to an organization and you need to set up access to a portal for a new employee. You don’t have an electronic key and you don’t know where to get one. In this case, the easiest way is to copy it from the computer on which it is installed. To do this, take a clean flash drive and launch Crypto Pro. Start - All programs - Crypto Pro - Certificates. In general, it is better to store copies of the keys on a separate flash drive in your closet.
In the window that opens, go to the Composition tab and click Copy to file at the bottom.
The certificate export wizard will open on the first tab, click next. You need to specify whether to copy the private key or not. We don’t need it yet, so we’ll leave everything as it is.
Now we mark the required certificate format; in most cases, you need to leave everything here by default.
How to copy a private key from the registry
Some certificates require a private key. It can also be copied from the registry to a flash drive. This can also be done simply by launching Crypto Pro. Go to the service tab and select Copy.
Enter a new name and click Finish.
Often people who use electronic digital signatures for their needs need to copy the CryptoPro certificate to a flash drive. In this lesson we will look at various options for performing this procedure.
By and large, the procedure for copying a certificate to a USB drive can be organized in two groups of ways: using the internal tools of the operating system and using the functions of the CryptoPro CSP program. Next we will look at both options in detail.
Method 1: CryptoPro CSP
First of all, let's look at the copying method using the CryptoPro CSP application itself. All actions will be described using the Windows 7 operating system as an example, but in general the presented algorithm can be used for other operating systems of the Windows family.
The main condition under which it is possible to copy a container with a key is the need for it to be marked as exportable when created on the CryptoPro website. Otherwise, the transfer will not be possible.
- Before you begin, connect the USB flash drive to your computer and go to "Control Panel" systems.
- Open section "System and safety".
- In the specified directory, find the item "CryptoPro CSP" and click on it.
- A small window will open where you need to move to the section "Service".
- Next, click the button "Copy...".
- A window for copying the container will appear, where you need to click on the button "Review…".
- A container selection window will open. Select from the list the name of the one from which you want to copy the certificate to a USB drive, and click "OK".
- The authentication window will then be displayed, where in the field "Enter password" you need to enter a key expression that is used to password the selected container. After filling out the specified field, click "OK".
- After this, you return to the main window for copying the private key container. Please note that in the key container name field the expression will be automatically added to the original name "-Copy". But if you wish, you can change the name to any other, although this is not necessary. Then click the button "Ready".
- Next, a window for selecting a new key media will open. In the list presented, select the drive with the letter that corresponds to the desired flash drive. After that press "OK".
- In the authentication window that appears, you will need to enter the same random password for the container twice. It can either correspond to the key expression of the source code or be completely new. There are no restrictions on this. After entering, click "OK".
- After this, an information window will be displayed with a message that the container with the key was successfully copied to the selected media, that is, in this case, to a flash drive.
Method 2: Windows Tools
You can also transfer the CryptoPro certificate to a flash drive exclusively using the Windows operating system by simply copying it via "Conductor". This method is only suitable when the header.key file contains an open certificate. However, as a rule, its weight is at least 1 KB.
As in the previous method, the descriptions will be given using the example of actions in the Windows 7 operating system, but in general they will be suitable for other operating systems of this line.
At first glance, transferring a CryptoPro certificate to a flash drive using operating system tools is much simpler and more intuitive than actions through CryptoPro CSP. But it should be noted that this method is only suitable when copying an open certificate. Otherwise, you will have to use the program for this purpose.
To do this, you need to do the following: Select menu “Start” / “Control Panel” / “CryptoPro CSP”. Go to tab "Service" and press the button "View certificates in container"(see Fig. 1). Rice. 1. “CryptoPro CSP Properties” window. In the window that opens, click on the button "Review" to select a container to view. After selecting the container, click on the button "OK"(see Fig. 2). 
Rice. 2. Window for selecting a container to view. In the next window, click on the button "Further". In the window "Certificate for installation" you need to press a button "Properties"(see Fig. 3). 
Rice. 3. Certificate viewing window In the certificate file that opens, go to the tab "Compound" and press the button "Copy to file"(see Fig. 4). 
Rice. 4. “Composition” tab. In the window that opens "Certificate Export Wizard" press the button "Further". Then mark the item "No, do not export the private key" and choose "Further"(see Fig. 5). 
Rice. 5. Private key export options. In the window "Export file format" choose "X.509 (.CER) files encoded with DER" and press the button "Further"(see Fig. 6). 
Rice. 6. Exported file format. In the next window you need to click on the button "Review", manually specify the name (full name of the certificate owner) and directory to save the file. Then click on the button "Save"(see Fig. 7). 
Rice. 7. Save the file. In the next window click on the button "Further", then "Ready". Wait for a message about successful export. Close all CryptoPro program windows.
According to Wikipedia public key certificate aka public key file, electronic digital signature, signature key certificate, electronic signature verification key certificate (according to Article 2 of the Federal Law of 04/06/2011 “On Electronic Signature” No. 63-FZ) - a digital or paper document confirming the correspondence between open key and information identifying the owner of the key. Contains information about the owner of the key, information about the public key, its purpose and scope, and the name of the certification authority.
A public key can be used to organize a secure communication channel with the owner in two ways:
In order to exchange encrypted messages, you must first exchange public key certificates. The message is encrypted using the recipient's public key and decrypted with its private key.
How to export a public key file?
You can export a public key file in the following ways:
1. Export from Personal storage:
- To do this, select in the browser settings (for example Internet Explorer) Settings/Internet Options/ Content and press the button Certificates.
- Find the required certificate and click Export.
If the required certificate is not in the list, you must go to step 2.
- In the window Certificate Export Wizard press the button Further. Then mark the item and select Further.
- In the window Export file format select and press the button Further.
- In the next window you need to click Review Save.
- Further, then Ready.Wait for a message about successful export.
2. Export a public key file using CryptoPro CSP:
- Select menu Start / Control Panel / CryptoPro CSP. Go to tab Service and press the button View certificates in a container.
- In the window that opens, click on the button Review to select a container to view. After selecting the container, click on the button OK.
- In the next window, click on the button Further.
- In the window Certificate for viewing you need to press a button Properties in the certificate file that opens, go to the tab Compound and press the button Copy to file.
- Next we follow the instructions Certificate Export Wizards pressing Further - No, do not export the private key - Further choose X.509 (.CER) files encoded in DER and again Further.
- In the next window you need to click on the button Review, specify the name and directory to save the file. Then click on the button Save.
- In the next window click on the button Further, then Ready.
- Wait for a message about successful export. Close all Crypto Pro program windows.
3.
If the certificate export fails
neither the first nor the second method, then to obtain a public key file you should contact the technical support service of the certification center where your certificate was received. Information about the certification authority can be found in the certificate itself.
After exporting the public key file, we can forward it to the person with whom we plan to exchange encrypted messages.
In order to encrypt a document you will need and . As a rule, no additional settings other than placing the public key certificate file in the Certificates of Other Users store are required.
If you found the instructions useful, share them, you will find buttons for this right below the article.
This article was created for digital signature users who have difficulty transferring keys from a 3.5A floppy disk to other more reliable media.
The article also describes the process of installing new certificates. This operation should be started in the following order: Steps 1-3 (instead of “ Copy" choose " Install") and then continue from point 15.
- This may result in two certificates being used.
- Once copied, files can also be encrypted on the floppy disk.
To avoid any difficulties in defining in the program CryptoProCSP USB drives, there is a free utility for maintaining the media CryptoPro And Rutoken up to date. This check can be started from the website: http://help.kontur.ru (you must log in using Internet Explorer browser). On this page you will need to perform preliminary preparations (download and install a small program) and then click “ Start diagnostics«.
This write protection is set as follows. To make changes to the registry, you must open Registry Editor. After confirming your login, the registration editor opens. In the left half of the window, click on the following path. It should look like the following screenshot. However, creating this entry is not enough, you still need to assign the value 1.
Command Line Tools
The value can be easily changed by double clicking on the entry. The changes took effect after a restart. Lower security: On an insecure computer, credentials and keys can be copied. With a cryptographic card they could not be copied, although they were used illegally. Possibility of duplication: you lose the security and uniqueness of the identification document. Capacity: Hundreds or thousands of certificates and passwords can be stored on the smallest of devices. Duplication: Doubling can be an advantage to not necessarily carry over.
Password Authentication
Authentication using credentials without a password. Authentication for device ownership. Certificates for citizens in Catalonia.- Advantages.
- If this is not the case, request the user and password as before.
- If it is not a secure website, it also uses a challenge.
All components will be checked:
Choose " Fix identified problems"and in the next window select those programs that need updating.
Transferring the certificate and digital signature keys from Disk 3.5A toUSBflash (This operation works for EDMS keys, Continent AP, Circuit-tax reporting, Purchasing)
What does the certificate export and what is it for?
Exporting a certificate consists of creating a copy of the certificate. As a result, we will have a file that can help us. It is advisable to store it in a safe place, in some support outside of our computer. To pass our certificate to another browser, we have an Import Certificate operation, which we will explain in another post. To ensure your safety, please obtain a copy of our certificate. . Attention: It is important that our copy is under our control and not copy our certificate unnecessarily.
In a few minutes your new set of keys will be ready. Save yourself by creating a password to access your cryptographic keys. This is an extremely important step that you should not skip: the revocation certificate is a simple file. Once you have your key pair and cancellation certificate, it's time to let the public know that you can receive and send encrypted emails. The best way to do this is to upload your public key to a dedicated server where other users can find it - the server in question is for people with higher security requirements.
Next, you need to follow the proposed instructions step by step, but it is worth remembering that a copy can only be made through a cryptographic information protection tool (cryptographic information protection tool), otherwise, for example, if you copy through Explorer, you will not be able to run the key on another computer.
Instructions for copying a certificate via CryptoPro CSP
1. Click on the CryptoPro CSP 3.0 shortcut or open it through Start - Control Panel.
Uploading your public key to a key server is a good way to reveal that you are handling encrypted mail. There is nothing wrong with this, because this resource is not a key server, but rather a database containing information from many such servers. If you still want to change your destination, you can do so by clicking on the drop-down menu and choosing something else from the list.
Installing an electronic signature in the register
You can also publish your public key on your personal website or blog. To reproduce it, go back to the Key Management window, make sure the "Show all keys by default" option is checked, and then highlight your email when it appears. Then right-click on it and select the “Copy public keys to clipboard” option.
2. In the system window, go to the “Equipment” tab and configure readers by selecting from the list of installed readers, then “Add”. Use “All removable drives” and “Registry” if they were not in the list.
4. In the next window that opens, run the “Browse” command in order to enter a name in the empty field. When choosing a name, first confirm the operation, and then click on the “Next” button. In some cases, when working with a root token, you may need to enter a password (PIN code) - enter the sequence 12345678.
5. Create a name for the container where the data is copied. The keyboard layout can be either Russian or Latin. Spaces are also allowed in the name. After defining the name, click "Done".
6. The system will then ask you to insert a blank key media onto which the container will be copied. Do this and click “OK”.
7. You can set a password for the created copy - this is an optional step, so you can simply click “OK” and leave the field empty. If the copy is made to a root token, then again you need to enter the standard security combination - 12345678.
The copying process will be completed when the system returns to the “Service” tab on the screen.
