Copy using Windows
If you use a floppy disk or flash drive for work, you can copy the container with the certificate using Windows (this method is suitable for versions of CryptoPro CSP no lower than 3.0). Place the folder with the private key (and, if there is one, the certificate file - the public key) in the root of the floppy disk / flash drive (if you do not place it in the root, then working with the certificate will be impossible). It is recommended not to change the folder name when copying.
The folder with the private key should contain 6 files with the extension .key. As a rule, the private key contains a public key (the header.key file in this case will weigh more than 1 KB). In this case, it is not necessary to copy the public key. Example private key- a folder with six files and a public key - a file with the extension .cer.
Private key Public key
Copy to Diagnostics profile
1. Go to the “Copying” Diagnostics profile using the link.
2. Insert the media to which you want to copy the certificate.
3. On the desired certificate, click on the “Copy” button.
If a password has been set for the container, the message “Enter the password for the device from which the certificate will be copied” will appear.
4. Select the media where you want to copy the certificate and click “Next”.
5. Give the new container a name and click on the “Next” button.
6. A message indicating that the certificate was successfully copied should appear.
Bulk copy
- Download and run the utility. Wait for the entire list of containers/certificates to load and select the required checkboxes.
- Select the Bulk Actions menu and click on the Copy Containers button.
3. Select the storage media for the container copy and click OK. When copying to the registry, you can check the box “Copy to the key container of the computer”, then after copying the container will be available to all users of this computer.
4. After copying, click the “Update” button at the bottom left.
If you want to work with copied containers, you need .
Copying using CryptoPro CSP
Select “Start” > “Control Panel” > “CryptoPro CSP”. Go to the “Service” tab and click on the “Copy” button.
In the Copy Private Key Container window, click on the Browse button .
Select the container you want to copy and click on the “Ok” button, then “Next”. If you copy from a root token, an input window will appear in which you should enter a pin code. If you have not changed the pin code on the media, the standard pin code is 12345678.
Create and manually specify a name for the new container. Russian layout and spaces are allowed in the container name. Then click "Done".
In the Insert Blank Key Media window, select the media on which the new container will be placed.
You will be prompted to set a password for the new container. We recommend that you set a password that is easy for you to remember, but that others cannot guess or guess. If you do not want to set a password, you can leave the field blank and click OK.
Do not store your password/pin code in places where others have access. If you lose your password/pin code, using the container will become impossible.
If you copy the container to a ruToken smart card, the message will sound different. In the input window, enter your pin code. If you have not changed the pin code on the media, the standard pin code is 12345678.
After copying, the system will return to the “Service” tab of CryptoPro CSP. Copying is complete. If you plan to use a new key container to work in Externa, .
Initially, an electronic signature (ES) is issued on a physical medium called RuToken or EToken. It stores a certificate (aka public key, as I understand it) and a secret (aka private) key. This key pair is combined by a key container. There can be several key containers on one physical medium. After the certificate expires, it is reissued along with the private key, that is, a pair of keys is created anew: private and public.So, what I’m talking about, the office has a Rutoken with an electronic signature, several employees may need it at the same time to sign documents, and this is where conflicts begin. But in fact, not everything is so sad, if the key container allows itself to be exported, then it can be placed from Rutoken to the Registry! By placing the container in the registry and indicating to the certificate that the private key is stored in the registry at such and such an address, the presence of Rutoken in the USB port disappears.
How it's done
Naturally, the first thing we do is insert Rutoken into the USB port. Launch CryptoPro CSP as ADMINISTRATOR and check which media are available:If a reader is available in the list Registry, then everything is fine, otherwise press the button Add and using the reader installation wizard we add Registry.
Next you should test the key container:
If key export is allowed, then let's start copying the key! Go to the key copy interface Tools -> Copy, select the name of the key container that is stored on Rutoken. Please note the setting if installed User, then the browser will display key containers from the registry that were previously exported for the current OS user, if you install Computer, then the containers previously exported for the computer will be displayed. Let's copy it for the user:
 |
| Selecting a container to copy |
After selecting the reader, set New Password for the new copied key container, the export is complete. To make the certificate refer to the private key stored in the registry, simply reinstall the certificate. Initially, an electronic signature (ES) is issued on a physical medium called RuToken or EToken. It stores a certificate (aka public key, as I understand it) and a secret (aka private) key. This key pair is combined by a key container. There can be several key containers on one physical medium. After the certificate expires, it is reissued along with the private key, that is, a pair of keys is created anew: private and public.
So, what I’m talking about, the office has a Rutoken with an electronic signature, several employees may need it at the same time to sign documents, and this is where conflicts begin. But in fact, not everything is so sad, if the key container allows itself to be exported, then it can be placed from Rutoken to the Registry! By placing the container in the registry and indicating to the certificate that the private key is stored in the registry at such and such an address, the presence of Rutoken in the USB port disappears.
How it's done
Naturally, the first thing we do is insert Rutoken into the USB port. Launch CryptoPro CSP as ADMINISTRATOR and check which media are available:If a reader is available in the list Registry, then everything is fine, otherwise press the button Add and using the reader installation wizard we add Registry.
Next you should test the key container:
If key export is allowed, then let's start copying the key! Go to the key copy interface Tools -> Copy, select the name of the key container that is stored on Rutoken. Please note the setting if installed User, then the browser will display key containers from the registry that were previously exported for the current OS user, if you install Computer, then the containers previously exported for the computer will be displayed. Let's copy it for the user:
|
| Selecting a container to copy |
After selecting the reader, set a new password for the new copied key container, and the export is complete. To make the certificate refer to the private key stored in the registry, simply reinstall the certificate.