If a flash drive or floppy disk is used for work, copying can be performed using Windows(this method is suitable for CryptoPro CSP versions not lower than 3.0). The folder with the private key (and the certificate file, if any) must be placed in the root of the flash drive (floppy disk). It is recommended not to change the folder name when copying.
The private key folder should contain 6 files with the extension .key. Below is an example of the contents of such a folder.
Container copying can also be done using the CryptoPro CSP crypto provider. To do this you need to follow these steps:
1. Select Start / Control Panel / CryptoPro CSP.
2. Go to the Tools tab and click on the Copy button. (see Fig. 1).
Rice. 1. “CryptoPro CSP Properties” window
3. In the window Copying a container private key press the button Review(see Fig. 2).
Rice. 2. Copying the private key container
4. Select a container from the list, click on the button OK, then Further.
Rice. 3. Key container name
6. In the “Insert and select media to store the private key container” window, you must select the media on which the new container will be placed (see Figure 4).
Rice. 4. Selecting a blank key media
7. You will be prompted to set a password for the new container. Setting a password is optional, you can leave the field blank and click on the button OK(see Fig. 5).
Rice. 5. Setting a password for the container
If copying to media Rutoken, the message will sound different (see Fig. 6)
Rice. 6. Pin code for container
Please note: if you lose your password/pin code, using the container will become impossible.
8. After copying is completed, the system will return to the tab Service in the window CryptoPro CSP. Copying is complete. If you plan to use a new key container to work in the Kontur-Extern system, you must install a personal certificate (see How to install a personal certificate?).
For bulk copying, download and run the Certfix utility.
There are often situations when after Windows reinstallation it turns out that some of the settings are again installed programs, including registration, remained in the old system. Moreover, re-tuning will take quite a lot of time - this option is not suitable.
All parameters and registration are stored in Windows registry. However, it is not always possible to boot into old system. It is either infected with viruses, or the ability to download is simply impossible, which is the reason for the reinstallation. And in this article I will tell you, how to transfer data for a specific program from the old registry to the new one.
A little about the registry structure
First, launch the registry editor Start – Run – Type “regedit” and click “OK”. As you can see from the figure, all data is stored in the main sections:
- HKEY_CLASSES_ROOT
- HKEY_CURRENT_USER
- HKEY_LOCAL_MACHINE
- HKEY_USERS
- HKEY_CURRENT_CONFIG
First, you need to decide in which part of the registry the old data was stored.
We will be primarily interested in sections HKEY_LOCAL_MACHINE and HKEY_CURRENT_USER. The first stores the settings of computer programs, the second stores the settings of the current user. It happens that a program stores data in both branches of the registry. Therefore, parameters and registration of programs are most likely stored in the following sections:
- HKEY_CURRENT_USER\Software
- HKEY_LOCAL_MACHINE\Software
You need to find a manufacturer software and then the name of the program itself
Where to look for files containing the contents of the old Windows registry
- HKEY_CURRENT_USER is generated from the file
%USERPROFILE%\ntuser.dat, where %USERPROFILE% is the current user's folder in C:\Documents and Settings - HKEY_LOCAL_MACHINE\Software is stored in the file
%SystemRoot%\system32\config\software - HKEY_LOCAL_MACHINE\System\ is stored in the file
%SystemRoot%\system32\config\system - HKEY_LOCAL_MACHINE\SAM\ is stored in the file
%SystemRoot%\system32\config\SAM - HKEY_LOCAL_MACHINE\SECURITY\stored in file
%SystemRoot%\system32\config\SECURITY - HKEY_LOCAL_MACHINE\HARDWARE\" is formed depending on the hardware (dynamically).
- HKEY_USERS\DEFAULT is stored in the file
%SystemRoot%\system32\config\default
Transfer method using the example of The Bat program
Let's try to transfer the data postal client The Bat from the old registry. If this is not done, the program will not “remember” any old mailboxes, no settings, no registration. This program stores data in the registry file HKEY_CURRENT_USER\Software, which means that the data is physically located in the file ntuser.dat. Where to look for it is indicated above.
The Windows operating system has died and there is no way to recover it. There were key containers in the system recorded in the registry and they do not exist on other media. Let's transfer key containers from the old registry to the new system.
Of course it is better to always store backups of all keys received, but this is done only by those who have already had problems with loss and subsequently a long and painful process of recovering the necessary keys. The biggest problem is that not every container in the registry contains a public key. Government agencies are usually issued, on a flash drive, a key container and a personal certificate, which work in the system only in conjunction. Some carefully store this bundle, but most install the container in the system registry and then use the flash drive for personal purposes without hesitation, deleting everything unnecessary if necessary. Data safety is everyone’s business; my business is to solve a problem based on the current realities, which I will tell you about. This option is also suitable for the case when you don’t want to transfer every key, but want to transfer everything at once to a new computer.
Key containers in the registry, how to work with them?
To work with old registries, you need rights to open the necessary data, otherwise a warning will appear:
To work with the old registry, perform the following steps:
- Download the PsTools program and unpack it to any folder;
- Copy the required file PSExec.exe to a folder C:\Windows\System32;
- Launch the command line cmd as administrator;
- Paste the command psexec -i -d -s c:\windows\regedit.exe and press Enter.
This is what it should look like in cmd:
Now you can safely work with the registry and not receive warnings about the impossibility of viewing data.
Necessary data in the old registry
The registry files are located along the path Windows/system32/config the file we are interested in is called SOFTWARE. In our case, it was working, otherwise it would not be possible to restore the necessary data.
Connecting the old registry to the new one
To connect, you must perform the following steps:
- Select the required registry branch HKEY_LOCAL_MACHINE;
- Go to menu File → Load hive;
- Select the required file SOFTWARE;
- Assign a name to the loaded hive (old in my case).
After a successful connection, you will see a bush with the previously entered name.
CryptoPro serial number in the registry
Determine what version it was and serial number You can look at the entries on the screen below (the path where to look is indicated below):
Where are key containers stored in the registry?
You can find all containers along the path (for 64): HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Crypto Pro\Settings
\USERS\(user ID)\Keys\(Container name)
Saving key containers
Now we need to export the keys section to make the necessary changes and load it into the working registry. After exporting, I received a file called reestr.reg.
Adding containers to a new registry
Before adding containers to the new registry, we need to change the user's uid and edit the path by removing the name of the loaded hive.
We look at the UID of the required user
In the cmd command line enter the command WHOAMI/USER and see the required user sid:
To copy text from the command line Windows strings, you need to right-click on the title of the console window and in the “Properties” menu on the “General” tab, enable the “Mouse selection” option. Text is inserted when clicked right button mice!
Changing the data in the file
Open the file in Notepad and make the replacement:
Don't forget to remove the name where you added the bush! You need to load it into the working part of the registry!
Exports containers to a new registry
Unloading the old registry
Do not look for the possibility of deleting the old bush that we added! A bush that is no longer needed can only be unloaded!
Checking for adding key containers
Open the Crypto Pro program and see what we have in the registry:
Everything went well and all key containers are present.
Transferring User Personal Certificates
Adding a certificate through Crypto PRO
We take the open certificate that we need and install it via Crypto Pro specifying automatic search container. If you installed containers without entering a password, simply press Enter (if you entered it, look where you wrote it down).
Perform all actions with keys through the Crypto Pro program!
Transfer all certificates
All certificates in Windows system are on the way C:\Users\REQUIRED USER\AppData\Roaming\Microsoft\SystemCertificates\ My. It is enough to copy this folder to a similar location on the new computer and the keys will be transferred.
Conclusion
There is only one conclusion - keep backup copies of your keys. In my case, I was able to recover private key containers and personal certificates. I always try to either transfer the keys to the registry and keep the originals, if possible. Don't be lazy to make backups.