What is an electronic signature - in simple language for beginners in the world of the digital economy. Copying using CryptoPro CSP EDS from cryptopro on a flash drive

When transferring electronic reporting to another computer or reinstalling the encryption program, you need to copy electronic signatures. In the step-by-step instructions, we show how to correctly copy electronic signatures through the program ViPNet CSP.

Step-by-step instructions on how to copy an EDS certificate

Step 1. Open the VipNet program

Most likely you will not find a shortcut on the desktop. To open the program, follow four steps:

1. Go to menu "Start"
2. Open item "All programs"
3. Find a folder named VIPNet
4. Click on the icon with the name "ViPNet CSP"

The VipNet encryption program will open.

Step 2. Open the electronic signature for copying

In the left part of the window that opens, go to the tab "Containers". A list of electronic signatures that are on your computer will appear.

Select an electronic signature to copy from the list. Click on the button "Copy".

Step 3. Choose a place to copy the electronic signature

The system will prompt you to select a directory to which the signature will be copied. Click on the button "Overview".

In the window "Browse folders" Specify the location for copying the electronic signature. Then click "OK".

Attention! The directory to which signatures are copied should not be named infotecs or containers, if you are planning to completely uninstall ViPNet CSP.

Step 4. Copy the electronic signature

In some cases, the system will ask for an electronic signature password. Enter it and click OK.

The electronic signature has been copied.

Often people who use electronic digital signatures for their needs need to copy the CryptoPro certificate to a USB flash drive. In this lesson, we will look at various options for performing this procedure.

By and large, the procedure for copying a certificate to a USB drive can be organized in two groups of ways: using the internal tools of the operating system and using the program functions CryptoPro CSP. Next, we will look at both options in detail.

Method 1: CryptoPro CSP

First of all, let's consider the method of copying using the CryptoPro CSP application itself. All actions will be described using the example of the Windows 7 operating system, but in general, the presented algorithm can also be used for other operating systems of the Windows family.

The main condition under which it is possible to copy a container with a key is the need for it to be marked as exportable when it is created on the CryptoPro website. Otherwise, the transfer will fail.

1. Before starting manipulations, connect the USB flash drive to the computer and go to "Control Panel" systems.



2. Open section "System and safety".



3. In the specified directory, find the item "CryptoPro CSP" and click on it.



4. A small window will open where you need to move to the section "Service".



5. Next click the button "Copy...".



6. A window for copying the container will be displayed, where you need to click on the button "Overview…".



7. The container selection window will open. Select from the list the name of the certificate from which you want to copy to a USB drive, and click OK.



8. Then the authentication window will be displayed, where in the field "Enter password" it is required to enter a key expression with which the selected container is password-protected. After filling in the specified field, click OK.



9. After that, you return to the main window for copying the private key container. Please note that in the field of the name of the key container, the expression will be automatically added to the original name "-Copy". But if you wish, you can change the name to any other, although this is not necessary. Then click on the button "Ready".



10. Next, a window for selecting a new key carrier. In the presented list, select the drive with the letter that corresponds to the desired flash drive. After that press OK.



11. In the authentication window that appears, you will need to enter the same arbitrary password to the container twice. It can either match the key expression of the source, or be completely new. There are no restrictions on this. After entering, press OK.



12. After that, an information window will be displayed with a message that the container with the key was successfully copied to the selected media, that is, in this case, to a USB flash drive.

Method 2: Windows Tools

You can also transfer the CryptoPro certificate to a USB flash drive only using the operating system. Windows systems by simply copying "Conductor". This method is only suitable when the header.key file contains a public certificate. In this case, as a rule, its weight is at least 1 Kb.

As in the previous method, descriptions will be given using the example of actions in the Windows 7 operating system, but in general they are also suitable for other operating systems of this line.

At first glance, transferring a CryptoPro certificate to a USB flash drive using the operating system tools is much easier and more intuitive than actions through the CryptoPro CSP. But it should be noted that this method is only suitable when copying a public certificate. Otherwise, you will have to use the program for this purpose.

As a rule, the digital signature is written to a USB-drive. However, if you need to install an EDS from a USB flash drive to a computer, that is, copy an EDS to a computer, find out in this article how to do it quickly and easily.

Copy digital signature to computer

Of course, it is not always convenient to carry a flash drive with you all the time. It can either become unusable, or it simply may not be at hand at the right time. In this case, a method will come to the rescue in which we copy the EDS certificate to the computer itself, which will subsequently make it possible to do without a USB drive.

In order to copy EDS to computer please follow the further instructions:

Insert the USB-drive with the digital signature into the computer and run the program CryptoPro CSP, go to tab Service and press Copy….

In the window that opens, select the key container by clicking the button Overview.

In the list of key user containers that opens, select a container and click OK.

After selecting a container, its name will appear in the line Key container name. In the next window just click Further.

In the next step, you need to specify information about the new container, for which enter Certificate Name (think of any name for the key certificate). After that press the button Ready.

For a newly created container, it is possible to set a new password. If you wish to set a password, enter it twice in the corresponding fields. If you do not plan to use a password, leave the fields blank and click OK.

So, we have selected an object for copying, indicated the location for storing the certificate. Now you need to install this certificate.

In the tab Service click View certificates in container...

Clicking on the button Overview, in the window that opens, if you noticed, another key container has appeared. Select the newly created container and click OK.

After selecting a new container, click Further.

The window that opens will list the certificate to view. Click Install.

As a result, after the actions you have taken, a message will appear about the successful installation of the certificate. Click OK.

Ready. EDS is installed on the computer.

Electronic digital signatures (EDS) have long and firmly entered into use both in public institutions and in private firms. The technology is implemented through security certificates, both common to the organization and personal. The latter are most often stored on flash drives, which imposes some restrictions. Today we will tell you how to install such certificates from a flash drive on a computer.

Despite their reliability, flash drives can also fail. In addition, it is not always convenient to insert and remove the drive for work, especially for a short time. The certificate from the key carrier can be installed on a working machine to avoid these problems.

The procedure depends on the version of Cryptopro CSP that is used on your machine: for latest versions Method 1 is suitable, for older ones - Method 2. The latter, by the way, is more universal.

Method 1: Installation in automatic mode

The latest versions of Cryptopro DSPs have a useful feature automatic installation personal certificate from external media to your hard drive. To enable it, do the following.

1. The first step is to launch CryptoPro CSP. Open the menu "Start", in it go to "Control Panel".
   
   
   Click the left mouse button on the marked item.
2. The working window of the program will start. Open "Service" and select the option to view certificates marked in the screenshot below.



3. Click the browse button.
   
   
   The program will prompt you to select the location of the container, in our case, a flash drive.
   
   
   Select the one you want and click "Further"..
4. A preview of the certificate opens. We need its properties - click on the desired button.
   
   
   In the next window, click on the install certificate button.



5. The Certificate Import Utility opens. Press to continue working. "Further".
   
   
   You have to choose a repository. In the latest versions of CryptoPro, it is better to leave the default settings.
   
   
   Finish working with the utility by clicking "Ready".



6. A message will appear indicating that the import was successful. Close it by clicking "OK".

   
   Problem solved.

This method is by far the most common, but in some variants of certificates it is impossible to use it.

Method 2: Manual installation method

Older versions of CryptoPro only support manual installation of a personal certificate. Moreover, in some cases latest versions Software can take such a file into work through the import utility built into CryptoPro.

1. First of all, make sure that the USB flash drive that is used as a key has a certificate file in CER format.



2. Open CryptoPro DSP as described in Method 1, but this time choosing to install certificates..



3. Will open "Personal Certificate Installation Wizard". Proceed to choose the location of the CER file.
   
   
   Select your flash drive and a folder with a certificate (as a rule, such documents are located in the directory with the generated encryption keys).
   
   
   After making sure the file is recognized, press "Further".



4. In the next step, review the properties of the certificate to make sure the selection is correct. After checking, press "Further".



5. The next step is to specify the key container of your .cer file. Click on the appropriate button.
   
   
   In the pop-up window, select the location of the desired one.
   
   
   Returning to the import utility, press again "Further".



6. Next, you need to select the storage of the imported EDS file. click "Overview".
   
   
   Since we have a personal certificate, we need to mark the appropriate folder.

   

   Attention: if you are using this method on the latest CryptoPro, then do not forget to check the box "Install a certificate (certificate chain) into the container"!

7. Exit the import utility.



8. We are going to replace the key with a new one, so feel free to press "Yes" in the next window.
   
   
   The procedure is over, you can sign the documents.

This method is somewhat more complicated, but in some cases it is the only way to install certificates.

As a summary, we remind you: install certificates only on trusted computers!

The article provides answers to the questions: “What does an electronic signature look like”, “How does an EDS work”, its capabilities and main components are considered, and a visual step-by-step instruction the process of signing a file with an electronic signature.

What is an electronic signature?

An electronic signature is not an object that can be picked up, but a document requisite that allows you to confirm that the EDS belongs to its owner, as well as to fix the state of information / data (presence or absence of changes) in electronic document from the moment of its signing.

Reference:

The abbreviated name (according to federal law No. 63) is ES, but more often they use the outdated abbreviation EDS (electronic digital signature). This, for example, facilitates interaction with search engines on the Internet, since ES can also mean an electric stove, a passenger electric locomotive, etc.

According to the legislation of the Russian Federation, a qualified electronic signature is the equivalent of a handwritten signature with full legal force. In addition to the qualified in Russia, there are two more types of EDS:

- unqualified - ensures the legal significance of the document, but only after the conclusion of additional agreements between the signatories on the rules for the application and recognition of the EDS, allows you to confirm the authorship of the document and control its invariability after signing,

- simple - does not give the signed document legal significance until the conclusion of additional agreements between the signatories on the rules for the application and recognition of the EDS and without observing the legally fixed conditions for its use (a simple electronic signature must be contained in the document itself, its key must be applied in accordance with the requirements of the information system, where it is used, and so on in accordance with Federal Law-63, Article 9), does not guarantee its invariance from the moment of signing, allows you to confirm authorship. Its use is not allowed in cases related to state secrets.

Possibilities of electronic signature

For individuals, EDS provides remote interaction with government, educational, medical and other information systems through the Internet.

For legal entities, an electronic signature gives access to participation in electronic auction, allows you to organize a legally significant electronic document management (EDM) and the delivery of electronic reporting to the regulatory authorities.

The opportunities provided by the EDS to users have made it an important part of the daily life of both ordinary citizens and company representatives.

What does the phrase "the client has been issued an electronic signature" mean? What does an ECP look like?

The signature itself is not an object, but the result of cryptographic transformations of the signed document, and it cannot be “physically” issued on any medium (token, smart card, etc.). Nor can it be seen, in the truest sense of the word; it does not look like a stroke of a pen or a figured print. About, What does an electronic signature look like? we will tell below.

Reference:

A cryptographic transformation is an encryption that is built on an algorithm that uses a secret key. The process of restoring the original data after cryptographic transformation without this key, according to experts, should take longer than the validity period of the extracted information.

Flash media is a compact storage medium that includes flash memory and an adapter (usb flash drive).

A token is a device whose body is similar to that of a USB flash drive, but the memory card is password protected. The information for creating an EDS is recorded on the token. To work with it, you need to connect to the USB-connector of the computer and enter a password.

A smart card is a plastic card that allows you to carry out cryptographic operations due to a microcircuit built into it.

A SIM card with a chip is a card mobile operator, equipped with a special chip, on which a java application is safely installed at the production stage, expanding its functionality.

How should one understand the phrase “electronic signature issued”, which is firmly entrenched in the colloquial speech of market participants? What is an electronic signature?

The issued electronic signature consists of 3 elements:

1 - a means of electronic signature, that is, a technical tool necessary for the implementation of a set of cryptographic algorithms and functions. This can be either a cryptographic provider installed on a computer (CryptoPro CSP, ViPNet CSP), or an independent token with a built-in cryptoprover ( Rutoken EDS, JaCarta GOST), or "electronic cloud". You can read more about EDS technologies related to the use of the "electronic cloud" in the next article of the Single Electronic Signature Portal.

Reference:

A crypto provider is an independent module that acts as an "intermediary" between operating system, which, with the help of a certain set of functions, controls it, and a program or hardware complex that performs cryptographic transformations.

Important: the token and the means of a qualified EDS on it must be certified by the Federal Security Service of the Russian Federation in accordance with the requirements of Federal Law No. 63.

2 - a key pair, which consists of two impersonal sets of bytes formed by an electronic signature tool. The first of them is the electronic signature key, which is called "closed". It is used to form the signature itself and must be kept secret. Placing a “private” key on a computer and a flash drive is extremely insecure, on a token it is somewhat unsafe, on a token/smart card/sim card in an unrecoverable form it is the most secure. The second is the electronic signature verification key, which is called "open". It is not kept secret, it is unambiguously tied to a “private” key and is necessary so that anyone can check the correctness of the electronic signature.

3 - EDS verification key certificate issued by a certification authority (CA). Its purpose is to associate an impersonal set of bytes of the “public” key with the identity of the owner of the electronic signature (person or organization). In practice, it looks like this: for example, Ivan Ivanovich Ivanov (an individual) comes to the certification center, presents his passport, and the CA issues him a certificate confirming that the declared “public” key belongs to Ivan Ivanovich Ivanov. This is necessary to prevent a fraudulent scheme, during the deployment of which an attacker, in the process of transmitting an "open" code, can intercept it and replace it with his own. Thus, the offender will be able to impersonate the signatory. In the future, by intercepting messages and making changes, he will be able to confirm them with his EDS. That is why the role of the certificate of the electronic signature verification key is extremely important, and the certification center bears financial and administrative responsibility for its correctness.

In accordance with the legislation of the Russian Federation, there are:

- "electronic signature verification key certificate" is generated for an unqualified digital signature and can be issued by a certification center;

— “qualified digital signature verification key certificate” is generated for a qualified digital signature and can only be issued by a CA accredited by the Ministry of Telecom and Mass Communications.

Conventionally, it can be indicated that the keys for verifying an electronic signature (sets of bytes) are technical concepts, and the “public” key certificate and the certification center are organizational concepts. After all, the CA is a structural unit that is responsible for matching "open" keys and their owners as part of their financial and economic activities.

Summarizing the above, the phrase “the client has been issued an electronic signature” consists of three terms:

1. The client purchased an electronic signature tool.
2. He received an "open" and "private" key, with the help of which an EDS is generated and verified.
3. The CA issued a certificate to the client confirming that the “public” key from the key pair belongs to this particular person.

Security issue

Required properties of signed documents:

• integrity;
• authenticity;
• authenticity (authenticity; "non-repudiation" of the authorship of information).

They are provided by cryptographic algorithms and protocols, as well as software and hardware-software solutions based on them for the formation of an electronic signature.

With a certain degree of simplification, we can say that the security of an electronic signature and services provided on its basis is based on the fact that the "private" keys of an electronic signature are kept secret, in a protected form, and that each user keeps them responsibly and does not allow incidents.

Note: when purchasing a token, it is important to change the factory password, so that no one can access the EDS mechanism except for its owner.

How to sign a file with an electronic signature?

To sign a digital signature file, you need to perform several steps. As an example, let's consider how to put a qualified electronic signature on a trademark certificate of the Unified Electronic Signature Portal in .pdf format. Need to:

1. Click on the document with the right mouse button and select the crypto provider (in this case, CryptoARM) and the “Sign” column.

2. Pass the path in the dialog boxes of the cryptographic provider:

At this step, if necessary, you can select another file for signing, or skip this step and go directly to the next dialog box.

The Encoding and Extension fields do not require editing. Below you can choose where the signed file will be saved. In the example, the document with digital signature will be placed on the desktop (Desktop).

In the "Signature properties" block, select "Signed", if necessary, you can add a comment. Other fields can be excluded/selected as desired.

From the certificate store, select the one you need.

After verifying that the "Certificate Owner" field is correct, click the "Next" button.

In this dialog box, the final verification of the data required to create an electronic signature is carried out, and then after clicking on the “Finish” button, the following message should pop up:

Successful completion of the operation means that the file has been cryptographically converted and contains a requisite that fixes the immutability of the document after it is signed and ensures its legal significance.

So, what does an electronic signature look like on a document?

For example, we take a file signed with an electronic signature (saved in the .sig format) and open it through a cryptographic provider.

Fragment of the desktop. On the left: a file signed with an ES, on the right: a cryptographic provider (for example, CryptoARM).

Visualization of the electronic signature in the document itself when it is opened is not provided due to the fact that it is a requisite. But there are exceptions, for example, the electronic signature of the Federal Tax Service upon receipt of an extract from the Unified State Register of Legal Entities / EGRIP through online service conditionally displayed on the document itself. Screenshot can be found at

But what about in the end "looks" EDS, or rather, how is the fact of signing indicated in the document?

By opening the “Signed Data Management” window through the crypto provider, you can see information about the file and the signature.

When you click on the "View" button, a window appears containing information about the signature and certificate.

The last screenshot clearly shows what does a digital signature look like on a document"from within".

You can purchase an electronic signature at .

Ask other questions on the topic of the article in the comments, the experts of the Unified Electronic Signature Portal will definitely answer you.

The article was prepared by the editors of the Single Portal of the Electronic Signature site using materials from SafeTech.

With full or partial use of the material, a hyperlink to www..