Cryptopro csp does not see the container. Installation via the “Install personal certificate” menu

Hi all! Since I work in the government. institution, I could not avoid using the program for working with cryptokeys “CryptoPro”. Now everything seems simple and quite logical to me, but at the beginning of my career I had many questions about using this program.

Read about how to copy the Crypto Pro key container and install the user’s personal certificate

I think many people know about the well-known sites zakupki.gov and bus.gov... the first is used for posting applications for electronic trading, and the second is for posting information about the organization, however, both require the user’s electronic signature, and it can only work if you have Crypto Pro.

When you generate an electronic signature, it is MANDATORY! should be saved to external media, but this may not always be convenient and not always reliable. Unfortunately, many organizations refuse to keep up with the times and still use floppy disks as a digital signature carrier. I don’t think it’s worth explaining that a floppy disk is a very unreliable option for storing information. Therefore, it is better to have a copy of the key, so that if the media fails, you can recover, rather than generate a new one, because if a new one is generated, you will have to wait for the certificate (At least one day).

When else might this be needed? For example, your chapter. boom a bunch of electronic signatures (ours has 4 of them) and constantly sticking one by one is not always convenient, and the confusion is constant, so all these keys can be copied to the registry of your computer, and the real keys can be hidden away in a safe. Of course, you need to understand that having the keys in the registry, you don’t need the key itself to sign a document - you only need access to the computer where they are installed, so be sure! when copying, set the password for the key container

Let's begin. Launching CryptoPros CSP (issued by your local treasury office) and go to the “Service” tab, click the “Copy…” button

In the next window we should click “Browse” and select the location of our key container, in my case it is a USB flash drive that has the letter F in the system (Drive F)

Now that the container has been selected, we proceed to the process of copying it, make sure that you have selected the correct key and click “Next”

Enter his name

And indicate where to copy it, in my case I copied it to the registry so as not to paste it every time...

If you copied the key to the registry like I did, be sure to create a password!

That’s all, a copy of the key container has been created on the media specified by you 😉 now let’s move on to the next step...

Unlike regular certificates, our certificate must be associated with a private key, so simply clicking the “Install Certificate” button will not work; installing a certificate in CryptoPro differs from the usual procedure.

Open the program, go to the “Services” tab and click “Install personal certificate...”

Click “Browse” and select the user certificate

...and indicate where our key is located (in my case I selected the key copied to the registry)

Checking that everything is selected correctly

Select the certificate storage “Personal”

We check whether we have done everything correctly and click “Finish”, this completes the installation of the cryptopro certificate.

Installation via the “View certificates in container” menu

1. Select “Start” > “Control Panel” > “CryptoPro CSP”, go to the “Tools” tab and click on the “View certificates in the container” button.

2. In the window that opens, click the “Browse” button to select a container to view. After selecting the container, click on the “Ok” button.

3. In the window that opens, click the “Next” button.

4. In the next window, click on the button« Install”, then respond affirmatively to the certificate replacement notification (if it appears). The certificate is installed.

5. If the “Install” button is missing, then in the “Certificate for viewing” window, click on the “Properties” button.

6. In the window that opens, select Install Certificate.

7. In the Certificate Import Wizard window, select Next . In the next window, leave the radio button on Automatically select a store based on certificate type and click Next. The certificate will be installed in the Personal storage.

8. In the next window, select Next, then click on the Finish button and wait for the successful installation message.

Installation via the “Install personal certificate” menu

To install, you will need a certificate file (a file with the .cer extension). The certificate file can be exported from the Personal storage. If the storage does not contain the required certificate, please contact technical support at [email protected], indicating the tax identification number and checkpoint of the organization and the essence of the problem.

1. Select Start > Control Panel > CryptoPro CSP. In the CryptoPro CSP Properties window, go to the “Service” tab and click on the “Install personal certificate” button.

2. In the Certificate Import Wizard window, click on the Next button. In the next window, click on the Browse button and select the certificate file.

4. In the next window, click on the “Next” button.

5. Click the Browse button .

6. Specify the private key container corresponding to the certificate and click OK.

7. After selecting the container, click on the Next button .

8. In the “Select a certificate store” window, click on the “Browse” button.

If the version of CryptoPro CSP 3.6 R2 (product version 3.6.6497) or higher is installed, then check the “Install certificate into container” checkbox.

9. Select Personal storage and click OK.

10. After selecting the storage, click on the Next button, then Finish. After clicking the Finish button, you may be asked to replace the existing certificate with a new one. At the prompt, select Yes.

Wait for a message about successful installation. The certificate is installed.

If none of the solutions suggested below fix the problem, the key media may have been damaged and requires recovery (see). It is impossible to recover data from a damaged smart card or registry.

If there is a copy of the key container on another medium, then you must use it for work, having first installed the certificate.

Diskette

If you are using a floppy disk as the key container, you must complete the following steps:

1. Make sure that in the root of the floppy disk there is a folder containing the files: header, masks, masks2, name, primary, primary2. Files must have a .key extension and the folder name format must be xxxxxx.000.

the private key container has been corrupted or deleted

2. Make sure that the “Disk drive X” reader is configured in CryptoPro CSP (for CryptoPro CSP 3.6 - “All removable drives”), where X is the drive letter. To do this:

• Select the “Start” menu > “Control Panel” > “CryptoPro CSP”;

?).

3. In the CryptoPro CSP window “Selecting a key container”, select the “Unique names” radio button.

4.

• Select the “Start” menu > “Control Panel” > “CryptoPro CSP”;
• Go to the “Service” tab and click on the “Remove remembered passwords” button;

5. How to copy a container with a certificate to another medium?).

Flash drive

If a flash drive is used as the key media, you must complete the following steps:

1. Make sure that in the root of the media there is a folder containing the files: header, masks, masks2, name, primary, primary2 . Files must have a .key extension and the folder name format must be as follows: xxxxxx.000 .

If any files are missing or their format is incorrect, then the private key container may have been damaged or deleted. You also need to check whether this folder contains six files on other media.

2. Make sure that the “Disk drive X” reader is configured in CryptoPro CSP (for CryptoPro CSP 3.6 - “All removable drives”), where X is the drive letter. To do this:

• Select the “Start” menu > “Control Panel” > “CryptoPro CSP”;
• Go to the “Equipment” tab and click on the “Configure readers” button.

If the reader is missing, you need to add it (see How to configure readers in CryptoPro CSP?).

3.

4. Remove remembered passwords. For this:

• Select the “Start” menu > “Control Panel” > “CryptoPro CSP”;
• Select the “User” item and click the “OK” button.

5. Make a copy of the key container and use it for work (see How to copy a container with a certificate to another medium?).

6. If CryptoPro CSP version 2.0 or 3.0 is installed at your workplace, and Drive A (B) is present in the list of key media, then it must be removed. For this:

• Select the “Start” menu > “Control Panel” > “CryptoPro CSP”;
• Go to the “Equipment” tab and click on the “Configure readers;” button
• Select the reader “Disk Drive A” or “Disk Drive B” and click on the “Delete” button.

After removing this reader, working with the floppy disk will be impossible.

Rutoken

If a Rutoken smart card is used as a key carrier, you must complete the following steps:

1. Make sure that the light on the rutoken is on. If the light does not light, then you should use the following recommendations.

2. Make sure that the “Rutoken” reader is configured in CryptoPro CSP (for CryptoPro CSP 3.6 - “All smart card readers”). To do this:

• Select the “Start” menu > “Control Panel” > “CryptoPro CSP”;
• Go to the “Equipment” tab and click on the “Configure readers” button.

If the reader is missing, you need to add it (see How to configure readers in CryptoPro CSP?).

3. In the “Select a key container” window, select the “Unique names” radio button.

4. Remove remembered passwords. For this:

• Select the “Start” menu > “Control Panel” > “CryptoPro CSP” ;
• Go to the “Service” tab and click on the “Remove remembered passwords” button;
• Select the “User” item and click the “OK” button.

5. Update the support modules required for Rutoken to work. For this:

• Disconnect the smart card from the computer;
• Select the “Start” menu > “Control Panel” > “Add or Remove Programs” (for Windows Vista\Seven “Start” > “Control Panel” > “Programs and Features”);
• Select “Rutoken Support Modules” from the list that opens and click on the “Delete” button.

After removing modules you need to restart your computer .

• Download and install the latest version of support modules. The distribution is available for download on the Aktiv website.

After installing the modules, you must restart your computer.

6. You should increase the number of Rutoken containers displayed in CryptoPro CSP using the following instructions .

7. Update the Rutoken driver (see How to update the Rutoken driver?).

8. You should make sure that Rutoken contains key containers. To do this, you need to check the amount of free memory on the media by following these steps:

• Open “Start” (“Settings”) > “Control Panel” > “Rutoken Control Panel” (if this item is missing, you should update the Rutoken driver).
• In the “Rutoken Control Panel” window that opens, in the “Readers” item, select “Activ Co. ruToken 0 (1,2)" and click on the "Information" button.

If the rutoken is not visible in the “Readers” item or when you click on the “Information” button, the message “ruToken memory status has not changed” appears, then the media has been damaged, you need to contact the service center for an unscheduled key replacement.

• Check what value is indicated in the line “Free memory (bytes)”.

Service centers issue root tokens with a memory capacity of about 30,000 bytes as key media. One container takes up about 4 KB. The amount of free memory of a rootken containing one container is about 26,000 bytes, two containers - 22,000 bytes, etc.

If the free memory of a root token is more than 29-30,000 bytes, then there are no key containers on it. Therefore, the certificate is contained on a different medium.

Registry

If the Registry reader is used as a key medium, you must perform the following steps:

1. Make sure that the “Register” reader is configured in CryptoPro CSP. For this:

• Select the “Start” menu > “Control Panel” > “CryptoPro CSP”;
• Go to the “Equipment” tab and click on the “Configure readers” button.

If the reader is missing, you need to add it (see How to configure readers in CryptoPro CSP?).

2. In the “Select a key container” window, select the “Unique names” radio button.

3. Remove remembered passwords. For this:

• Select the “Start” menu > “Control Panel” > “CryptoPro CSP”;
• Go to tab « Service" and click on the "Delete remembered passwords" button;
• Select the “User” item and click the “OK” button.

Installing the certificate and private key

We will describe the installation of an electronic signature certificate and private key for Windows operating systems. During the setup process we will need Administrator rights (so we may need a system administrator if you have one).

If you have not yet figured out what an Electronic Signature is, then please read Or if you have not yet received an electronic signature, contact the Certification Center, we recommend SKB-Kontur.

Well, suppose you already have an electronic signature (token or flash drive), but OpenSRO reports that your certificate is not installed, this situation may arise if you decide to configure your second or third computer (of course, the signature does not “grow” to only one computer and it can be used on multiple computers). Usually the initial setup is carried out with the help of the technical support of the Certification Center, but let’s say this is not our case, so let’s go.

1. Make sure that CryptoPro CSP 4 is installed on your computer

To do this, go to the menu Start CRYPTO-PRO CryptoPro CSP run it and make sure that the program version is not lower than 4.

If it is not there, then download, install and restart the browser.

2. If you have a token (Rutoken for example)

Before the system can work with it, you will need to install the necessary driver.

• Drivers Rutoken: https://www.rutoken.ru/support/download/drivers-for-windows/
• Drivers eToken: https://www.aladdin-rd.ru/support/downloads/etoken
• Drivers JaCarta: https://www.aladdin-rd.ru/support/downloads/jacarta

The algorithm is as follows: (1) Download; (2) Install.

3. If the private key is in the form of files

The private key can be in the form of 6 files: header.key, masks.key, masks2.key, name.key, primary.key, primary2.key

There is a subtlety here if these files are written to the hard drive of your computer, then CryptoPro CSP will not be able to read them, so all actions must be performed by first writing them to a flash drive (removable media), and you need to place them in a first-level folder, for example: E:\Andrey\( files) if located in E:\Andrey\ keys\(files), then it will not work.

(If you are not afraid of the command line, then removable storage can be emulated something like this: subst x: C:\tmp a new disk (X:) will appear, it will contain the contents of the C:\tmp folder, it will disappear after a reboot. This method can be used if you plan to install keys in the registry)

We found the files, recorded them on a flash drive, and move on to the next step.

4. Installing a certificate from a private key

Now we need to get a certificate, we can do this as follows:

1. Opening CryptoPro CSP
2. Go to the tab Service
3. Press the button View certificates in a container, press Review and here (if we did everything correctly in the previous steps) we will have our container. Press the button Further, information about the certificate will appear and then click the button Install(the program may ask whether to provide a link to the private key, answer “Yes”)
4. After this, the certificate will be installed in the storage and it will be possible to sign documents (at the same time, at the time of signing the document, it will be necessary for the flash drive or token to be inserted into the computer)

5. Using an electronic signature without a token or flash drive (installation in the registry)

If speed and ease of use are a little higher for you than security, then you can install your private key in the Windows registry. To do this you need to do a few simple steps:

1. Perform the private key preparation described in steps (2) or (3)
2. Next we open CryptoPro CSP
3. Go to the tab Service
4. Press the button Copy
5. Using a button Review choose our key
6. Press the button Further, then we’ll come up with some name, for example “Pupkin, LLC Romashka” and press the button Ready
7. A window will appear in which you will be asked to select the media, select Registry, click OK
8. The system will ask Set password for the container, come up with a password, click OK

Important Note: the OpenSRO portal will not “see” the certificate if its validity period has expired.

When installing a personal certificate through the “Install personal certificate” menu, after selecting a key container, the error message “The private key in the container does not match the public key” appears.

To solve this problem, you must complete the following steps (after completing each step, install the certificate again)

1. If a floppy disk is used as a key media, you should check whether it is write-protected (on a write-protected floppy disk, both slots located in the corners of the media are open).

3. Make a copy of the key container and install the certificate from the duplicate (see How to copy a container with a certificate to another medium?).

4. If your workplace uses Crypto Pro CSP 3.6 R2 or R3 (product version 3.6.6497 and higher), then you need to install the certificate through the Install personal certificate menu and in the “Private key container” window (point 5 of the instructions) check the box “Find container automatically” fields.

The version of the installed crypto provider is indicated on the "General" tab ("Start" menu > "Control Panel" > "CryptoPro CSP").

5. Key containers generated on CryptoPro CSP 3.0 or 3.6 will not work on CryptoPro CSP 2.0.

If CryptoPro CSP 2.0 is installed, and the certificate request was made on a workstation with CryptoPro CSP 3.0 or 3.6, then the following solutions are possible:

Otherwise, go to step 6.

6. The public key certificate (file with the .cer extension) may be damaged. You must contact technical support at: [email protected] to receive a copy. When applying, be sure to indicate the TIN and KPP of the organization.

7. The private key container may be damaged. If a floppy disk or flash card is used as the key media, it is recommended to perform data recovery (see.