Copy using CSP cryptopro. How to copy an electronic signature from the registry on the media? What does an electronic signature look like on a flash drive

The electronic signature is usually issued or on a flash carrier, or on tokenet, or on a diskette. Working with the propulsion is simply regardless of the selected media type: the interface is understood, and the problems in use rarely occur. Convenience and easy to use make an electronic signature available even for people who do not have technical skills and experience with complex programs.

Before using the EDS, the user must make sure that he has all the necessary tools and funds on PC. These include:

  • cryptoprovider;
  • closed key and certificate of EDS;
  • customized workplace.

Cryptoprovider is called special software responsible for cryptographic algorithms. It is necessary to create, check, encrypt and decrypt the EDS. The data is stored on an encrypted flash drive to which the cryptoproderder is drawn when performing operations.

Configuring the workplace is one of the most important processes in the preparatory work for the use of EDS. This includes the installation of the certificate of the Certification Center, as well as the setting and installing a key certificate and a cross-certificate of the Ministry of Communications. You must also configure the browser so that it allows you to implement all the required operations. This means the installation of the necessary plug-ins and add-ons.

How to use epp from flash drives

It is not difficult to master the work with a digital signature: the process takes only a few minutes and consists in a consistent implementation of simple actions.

Setting up EDS

Erecting an electronic signature from the flash drive will not be difficult: for a start, the medium must be connected to the computer. When the flash drive appears in the system, you need to select "Cryptopro" - "Equipment" - "Set up readers":

In a new window, there must be menu items such as "all smart card readers" and "all removable wheels":

If for some reason they are missing, then it is necessary:

  • in the "Configure Readers" tab, click "Add" and "Next";

  • in a new window, choose "All manufacturers";

  • then choose "All smart card readers" and click "Finish."

The signature is ready to use, and the process of signing depends on the type of document.

Signing MS Word Documents

In the right file, the user opens:

  • "Information" - "Add EDS";

  • selects the formed signature, if necessary, adds a comment, and clicks "Sign";

  • if there are no errors, the system gives the message:

Signing a document through the cryptopro plugin using the EDS from the flash drive seems to be the previous way:

  • the user opens the desired document, selects the "File" menu item - "Add EDS";

  • then chooses the necessary signature, and adds to the document, completing the action by pressing "sign".

In the absence of errors, the plugin will give a message about the successful signing of the document.

Signature formation for PDF documents also takes place in several stages. On the first, the user opens the desired file, and the "Certificates" section goes through the "Tools" panel:

Then clicks to "put a signature", and selects the area where it will be located:

After that, in the window with a set of digital details, the user chooses the desired, and clicks "Continue":

A new window with a preliminary image of an electronic signature will appear:

If everything is true, the user completes the action through the "Sign" button. After signing the document in the absence of errors, a message is issued about the successful completion of the process.

Using a flash drive as an electronic key

The USB flash drive can be used as an analogue of EDS using a frame module. Its task includes testing of each electronic media for compliance with the data. Data blocking or system access depends on the scan results.

A flash drive, used as an electronic key, works like this: Each successful login launches the process of overwriting the data stored in the backup. During the next login, the system compares the brand, serial number, backup storage data and manufacturer.

To configure the frame module, it is necessary:

  • set library libpam_usb.so and utilities needed to control the module;
  • insert a USB flash drive to the USB port, collect and record all the media information for the subsequent user identification;
  • enter the command that fixes the name of the flash drive to the user account;
  • run data validation check;
  • relieve the PAM_USB module with the right to control the system. When appropriate media is not at need, the system must request a password and login, or block the input.

The advantages of such using the media can be attributable to storing information on a flash drive and quick login, auto protection, lack of need to memorize a large amount of information.

How to copy the EDS from the flash drive

Despite the fact that the flash carrier refers to reliable, the epi with it is recommended to be copied to the PC registry. It is necessary in order to have a backup in case of a carrier breakdown. It also will relieve the user from the need to carry a flash drive everywhere, which will reduce the risk of theft or loss.

How to copy the EDS:

  • through the Start / Control Panel / Cryptopro, select "Service" and "Copy";

  • in the window that opens, click "Overview", select a key container and confirm the action "OK";

  • press "Next" and proceed to copy the closed key container. In the "Key Container Name" window, enter the name of EP. Press "ready";

  • in a new window, click "Registry" and "OK".

Install a copied certificate. For this:

  • in the "Service" tab, select "View Certificates";

  • through the "Overview" to go to the selection of the certificate;

  • select the desired certificate and confirm the action through "OK" and "Next";

  • complete the process to serially press "Set", "Yes", "OK".

Installing the EDS is completed. Now you can use the signature from both USB flash drives and PC.

Why may not work ep

Usually, working with an electronic signature does not cause problems, however, there are a number of cases when the key certificate ceases to respond to user actions.

If the closed key does not fit the open, then you need to check all closed containers on the PC used. The problem may consist that the port is not the same. If the closed container is selected correctly, and the error is repeated - you need to contact the UC to re-remove the EP.

Sometimes, when starting, the system issues an error: Certificate Isn't Valid. EDS is rendered to eliminate it according to the UC instructions. Also, sometimes a message comes out that there is no confidence in the certificate of EP. In this case, reinstalled the root certificate.

Often the problem in the work of EP is associated with the expired term of cryptopro. To extend the license, you need to contact representatives of the UC and get a new key.

If no valid certificate is found on the PC, then you need to reinstall the EDS and check the validity periods of the keys.

Cryptopro may not see EP due to the lack of a stable Internet connection, as well as due to an incorrectly installed program.

Less likely, the case occurs when the plugin does not see the installed and added certificate even after reinstalling. The problem may wage in the review list of UC certificates. If the user works with the Internet via a proxy server, then it does not see the Reviews directory installed. To troubleshoot a malfunction you only need to add this directory to the PC.

Special means must be installed to work with the electronic signature from the flash drive on the PC. These include cryptoproderder and a configured browser. The signing of documents is underway using cryptopro plugins, which are manufactured both for MS Office and for PDF files. Flash carrier can also be used to store the electronic signature key. It is convenient that this is the fact that the user does not need to memorize all the data, and the login is automatically when connected and checking the flash drive. If there is a need for frequent rides and work with IDP certificates outside the office or at home, it is advisable to copy the EP certificate from the PC flash drive. It will save from breakdown, loss or theft of carrier, and subsequent recovery of EDS.

Document flow B. electronic The form is introduced into different areas of activity. The kernel of this system is EDP. It is considered a complete replacement of his own signatures, confirms the author document and allows you to make sure that the file after signing is not subject to change.

Owners who first use this attribute, are interested in the question " how to use the EDS "? For the performance of EP, it is necessary to install a specialized means to protect information in cryptographic mode (SKZI) on a personal computer. It is a module responsible for secure data encrypter. Only if available can be signed any document, as well as to protect against unauthorized hacking unauthorized persons.

If you want the software to start working, it is required to purchase a license that the Certification Authority issues. With its absence, you can install any third-party cryptovider corresponding to GOST. The most common are cryptopro and vipnet.

If you are afraid that you can not cope with the setting, you can seek help from the UC manager. For those who do not know how to use the EDS from the flash drive,and in general, first encountered such signatureIt is important to know that EP, issued on one SCJ, will not act on others. In case you plan to apply several different systems at once on one PC, it should be kept by a specialist for issuing and installing electronic signature.

To subscribe any document, the owner is required to have key EDS.who is known only to him. It is recommended to read in advance and clarify how to use electronic keyand how to store it properly. Best written it on a special carrier. If the usual flash drive falls into the attacker, he can easily put his signature on you instead document. Electronic key You can contain:

  • On the specialized carrier token, which possesses good protection, and works only when the correct PIN is introduced.
  • In the cloud located on the server of the Certification Center. This allows you to sign signature on digital documentation at any time and anyone convenient to you where there is an Internet.

If you already know how to use a digital signatureand yours EDPi am ready to begin to fulfill your functional duties, register it in the UC and tie a special special certificate.

All elements associated with electronic signature, including the certificate, issued a CC. Each is stored on a special token carrier, which ensures their protection. When any cryptographic operation is performed, cryptovider to access the key EDP Closed type, addresses electronic media. On the website of the certifying center, you can see the information of interest and find out in detail how to use an electronic signature.

Select signature

Allocate 2 types of documents:

  • Electronic documentation in a specialized format that allows you to integrate the EDS in the inside of the document.
  • Informal documentation that does not have an instrument for embedding EDS.

After you understand how to use EDPYou should figure out whether it is possible to integrate it into the file itself. In some cases, special settings are required, but most often enough simple version of this program. When using Microsoft Word, most factors depends on the version of the product itself. In programs until 2007 EDP in document Created without auxiliary add-ons, but in versions created by a little later, the presence of a special plug-in Cryptopro Office Signature is required. Speaking of signing Files in PDF format, it is worth noting the importance of applying Adobe Acrobat. With its help in document can be built EDP.

Electronic signaturemany are used to work on the ETP. To do this, accreditation should be accredited by attaching photocopies of the necessary documents signed by EP, and figure out, how to use the electronic signature key. With participation in the auction of this type, all actions must be confirmed electronic signatureSince all information is saved on ETP servers.

Face, received document electronic Format, can check the authenticity of the file with the EDS. Do it can only if there are open key Sender. As a result of the check, the special program module allows you to install whether it matches signature Document and open electronic key.

The relevance of the application of such signatures Every year it increases. Only some details are changing concerning the area of \u200b\u200bits use, and all other elements remain the same. All you need is to learn in detail how to use electronic digital signature.

The article gives answers to questions: "What an electronic signature looks like", "how the EDS works", its capabilities and main components are considered, and a visual step-by-step instruction of the e-signature file signing process.

What is an electronic signature?

The electronic signature is not an object that can be taken into hand, and the props of a document that allows you to confirm the owner's assistance to its owner, as well as to fix the status of information / data (availability, or no changes) in the electronic document from the moment of its signing.

Reference:

Abbreviated name (according to Federal Law No. 63) - EP, but more often use the outdated abbreviation of EDS (electronic digital signature). This, for example, facilitates interaction with search engines on the Internet, as EP may also mean electric stove, passenger electric locomotive, etc.

According to the legislation of the Russian Federation, a qualified electronic signature is the equivalent of signatures affected by "by hand", which has a full legal force. In addition to qualified in Russia, two more types of EDS are presented:

- Unqualified - ensures the legal significance of the document, but only after the conclusion of additional agreements between the signatures on the rules for the application and recognition of the EDS, it allows you to confirm the authorship of the document and control its immutability after signing,

- simple - does not give the signed document to the informed value before the conclusion of additional agreements between the signatures on the rules of application and recognition of the EDS and without complying with the legislatively fixed conditions for its use (a simple electronic signature should be contained in the document itself, its key is applied in accordance with the requirements of the information system, where it is used, and so on according to the FZ-63, Article 9), does not guarantee its immutability from the moment of signing, it allows you to confirm the authorship. Its application is not allowed in cases associated with the state secret.

Opportunities of electronic signature

EDC individuals provide remote interaction with state, educational, medical and other information systems via the Internet.

Legal entities electronic signature gives admission to participate in electronic trading, it allows you to organize a legal and significant electronic document management (EDO) and the delivery of electronic reporting into controlling authorities.

Opportunities that provide EDS users made it an important component of everyday life and ordinary citizens, and representatives of companies.

What does the phrase "the client issued an electronic signature"? What does the EDS look like?

By itself, the signature is not the subject, but the result of cryptographic transformations of the document being signed, and it is impossible to "physically" to issue on any carrier (tokenet, smart card, etc.). Also, it can not be seen, in the direct value of this word; It does not look like a stroke of the feather or figured print. About, how "looks like" an electronic signature, Tell me a little lower.

Reference:

Cryptographic transformation is an encryption that is built on the algorithm used secret key. The process of restoring the initial data after cryptographic transformation without this key, according to specialists, should take more time than the relevance of the relevant information.

Flash carrier is a compact storage medium, which includes Flash memory and adapter (USB flash drive).

The token is a device whose housing is similar to the USB Body Body, but the memory card is protected by a password. The token recorded information for the creation of EDS. To work with it, you need to connect to a USB computer connector and the password introduction.

Smart card is a plastic card that allows you to carry out cryptographic operations at the expense of the chip-built into it.

The SIM card with the chip is a mobile operator card equipped with a special chip on which a Java application is installed in a safe manner, expanding its functionality.

How should I understand the phrase "issued an electronic signature", which firmly entrenched in the conversational speech of market participants? What is the electronic signature?

The issued electronic signature consists of 3 elements:

1 - The means of electronic signature, that is, the technical means necessary for the implementation of the set of cryptographic algorithms and functions. This can be either a cryptoproderder (CSP, VIPNET CSP cryptopro, VIPNET CSP), or an independent token with a built-in cryptoproprodder (RUCOCEN EDS, Jacarta GOST), or an "electronic cloud". You can read more about EDS technologies related to the use of an "electronic cloud", it will be possible in the next article of a single email portal.

Reference:

The cryptoproderder is an independent module protruding the "mediator" between the operating system, which, using a specific set of functions, controls it, and a program or hardware complex that performs cryptographic transformations.

Important: Token and a qualified EDS agent on it should be certified by the FSB of the Russian Federation in accordance with the requirements of Federal Law No. 63.

2 - key steam, which is two impersonal set bytes formed by means of electronic signature. The first one is the key of an electronic signature, which is called "closed". It is used to form the signature itself and must be kept secret. The placement of a "closed" key on a computer and Flash-carrier is extremely unsafe, tokenet - partly unsafe, on a token / smart card / SIM card in the most secure. The second is the electronic signature check key, which is called "open". It is not contained in secret, unambiguously tied to the "closed" key and is necessary that anyone can check the correctness of the electronic signature.

3 - Certificate of the EDS audit key, which releases the Certification Center (UC). His appointment is to associate an impersonal set of the "open" key with the identity of the electronic signature owner (man or organization). In practice, it looks like this: for example, Ivan Ivanovich Ivanov (individual) comes to the certifying center, it makes a passport, and the CCT gives it a certificate confirming that Ivan Ivanovich Ivanovka Ivanovka Ivanov. It is necessary to prevent fraudulent schemes during the deployment of which an attacker during the transmission of the "open" code can intercept it and replace its own. Thus, the criminal will be able to issue himself for the signator. In the future, intercepting messages and making changes, he will be able to confirm their EDS. That is why the role of the electronic signature certificate of the electronic signature is extremely important, and the certification and administrative responsibility of the Certification Authority is credited to its correctness.

In accordance with the law, the Russian Federation distinguishes:

- "Certificate of the electronic signature key certificate" is formed for unqualified EDS and can be issued to the certificate center;

- "The qualified certificate of the electronic signature check key" is formed for a qualified EDS and can be issued only by the accredited Ministry of Communications and Mass Communications of the UC.

Conditionally, it can be designated that the electronic signature check keys (byte kits) - technical concepts, and the certificate of the "open" key and the certification center are the concepts of organizational. After all, the HC is a structural unit that is responsible for comparing "open" keys and their owners within their financial and economic activities.

Summing up the foregoing, the phrase "the client is issued an electronic signature" consists of three terms:

  1. The client acquired an electronic signature tool.
  2. He received the "open" and "closed" key, with the help of which the EDS is formed and is checked.
  3. The HC issued a certificate to the client confirming that the "open" key from the key couple belongs to this particular person.

Security issue

Required properties of the subscribers:

  • integrity;
  • accuracy;
  • authenticity (authenticity; "non-accuracy" from the authorship of information).

They provide cryptographic algorithms and protocols, as well as software-based software and software and hardware solutions for the formation of electronic signature.

With a certain amount of simplification, it can be said that the safety of electronic signatures and services provided on its basis is based on the fact that the "closed" keys of the electronic signature are stored in the secret, in a secure form, and that each user will respond to them and does not allow incidents.

Note: When purchasing a token, it is important to change the factory password, so no one can gain access to the EDS mechanism besides its owner.

How to sign an electronic signature file?

To sign the EDS file, you need to perform several steps. As an example, consider how to put a qualified electronic signature on a certificate of a single email portal in the format.pdf. Need to:

1. Click on the document with the right mouse button and select the cryptoproderder (in this case, cryptoarm) and the Count "Sign".

2. Complete the path in the Cryptoprovider dialog box:

At this step, if necessary, you can choose another file to sign, or skip this stage and immediately go to the next dialog box.

The "Encoding and Expansion" fields do not require editing. Below you can choose where the signed file will be saved. In the example, the Document with the EDS will be placed on the desktop (Desktop).

In the "Signature Properties" block, you choose "signed", if necessary, you can add a comment. The remaining fields can be excluded / choose at will.

From the repository of certificates you choose the desired one.

After checking the correct function, the "certificate owner", press the "Next" button.

In this dialog box, a final verification of the data required to create an electronic signature is performed, and then after clicking on the "Finish" button, the following message should pop up:

The successful ending of the operation means that the file was cryptographically transformed and contains props, which fixes the invariance of the document after its signing and providing its legal significance.

So, what does an electronic signature look like?

For example, we take a file signed by an electronic signature (stored in format.sig), and open it through a cryptoprovider.

Desktop fragment. Left: File, signed by EP, Right: Cryptoprovider (for example, cryptoarm).

The visualization of the electronic signature in the document itself does not provide for its opening due to the fact that it is a props. But there are exceptions, for example, an electronic signature of the FTS upon receipt of an extract from the EGRUL / JRIP through the online service is conditionally displayed on the document itself. Screenshot can be found by

But as in the end "Looks like" EDSRather, how is the fact of signing is indicated in the document?

Opening through the cryptoproker window "Management signed data", you can see the file information and signature.

When you click on the "View" button, a window appears containing information about the signature and certificate.

The last screenshot clearly demonstrates what does the EDS look like on the document "From the inside."

You can purchase an electronic signature by.

Ask other questions on the topic of the article in the comments, experts of a single portal of the electronic signature will definitely answer you.

The article is prepared by the editors of a single portal of electronic signature. Website using Safetech materials.

With full or partial use of the material hyperlink on WWW ..

Electron-digital signatures (EDS) have long and firmly entered the use of both government agencies and private firms. The technology is implemented through security certificates, both common to the organization and personal. The latter is most often stored on flash drives, which imposes some restrictions. Today we will tell you how to install such certificates from flash media to a computer.

Despite its reliability, flash drives can also fail. In addition, it is not always convenient to insert and remove the drive for work, especially for a short time. Certificate from the carrier-key can be installed on the work machine to avoid these problems.

The procedure depends on the CSP cryptopro version, which is used on your machine: For the latest versions, method 1 is suitable for older - Method 2. The last, by the way, more versatile.

Method 1: Installation automatically

The latest versions of CPSP cryptopro have a useful feature of the automatic installation of a personal certificate from an external medium to a hard disk. To use it, do the following.

  1. First of all, you need to launch CSP cryptopro. Open menu "Start", go to "Control Panel".


    Left-clicking on the marked item.
  2. The program window will start. Open "Service" and select the Certificate View option marked in the screenshot below.

  3. Click on the View button.


    The program will propose to choose the location of the container, in our case the flash drive.


    Select the desired and click "Further"..
  4. A certificate preview will open. We need its properties - click on the desired button.


    In the next window, click the Certificate Setup button.

  5. Certificate import utility opens. Press to continue "Further".


    Will be selected storage. In the latest versions of Cryptopro, it is better to leave the default settings.


    Finish work with the utility by clicking "Ready".

  6. A message about successful imports will appear. Close it by clicking "OK".


    The task is solved.

This method is the most common, but in some variants of certificates to use it impossible.

Method 2: Manual installation method

Outdated cryptopro versions support only the manual installation of a personal certificate. In addition, in some cases, the latest versions of software can take such a file to work through the import utility built into the Cryptopro.

  1. First of all, make sure that the flash drive that is used as a key is present a certificate file in CER format.

  2. Open the CPSP cryptopro by described in the method 1, but this time choosing the installation of certificates ..

  3. Opens "Personal Certificate Installation Wizard". Go to the selection of the CER file location.


    Select your USB flash drive and a certificate folder (as a rule, such documents are located in the directory with the generated encryption keys).


    Making sure the file is recognized, click "Further".

  4. At the next stage, browse the properties of the certificate to make sure that the choice is correct. Checking, press "Further".

  5. Further actions - Specify the container of the key of your CER file. Click on the appropriate button.


    In the pop-up window, select the location you need.


    Returning to the import utility, press again "Further".

  6. Next, you need to select the repository of the EDS imported file. Click "Overview".


    Since the certificate is personal, then you need to mark the appropriate folder.

    ATTENTION: If you use this method on the newest Cryptopro, do not forget to celebrate item "Set the certificate (certificate chain) to the container"!

  7. Complete work with the import utility.

  8. We are going to replace the key to a new one, so boldly press "Yes" In the next window.


    The procedure is over, you can sign documents.

    9. This method is somewhat more complicated, however, in some cases, you can only install certificates.

As a summary of the results, we will remind: Install certificates only on proven computers!

Can be used if it comes to reinforced unqualified signatures.

Views EDPWith the maximum degree of protection, recorded exclusively on specialized USB devices. Their release is provided in all current items of the certificate.

Consider the options for flash drives that most often try to use for storage Crypto Protection Information:

  • Unprotected flash drive. Low-way for storage Confidential information due to open access to third parties.
  • Flash drive with built-in encryption feature. The device limits, but does not completely prevent unauthorized access to keys. Danger arises at the time of transfer EDP on a computer when signing the document.
  • (Tocken) with a built-in cryptoprocessor. More appropriate option for storage EDP. Contains two degrees of information protection that are activated at the time of recording EDP And appeal to it in the process of signing. Signature, recorded on such a carrier of information, cannot be illegally changed, but the probability of its theft at the time of transfer to the computer is saved.
  • USB device with built-in formation function EDP. This type flashki It is a kind of minicomputer - a document subject to signature is filed to the "entrance" of the device and is signed within it. Such a token is maximally protected from unauthorized access, because signature It is not removed from it. Loading signatures No external devices are required for its use.

How to record the EDS on the USB flash drivefrom another media information? Use the capabilities of a special CSP cryptopro program.

We give a brief instructions for rewriting a certificate:

  • The computer is inserted clean Flash drive for EDPand carrier signatures.
  • The CSP cryptopro program is launched.
  • In the program menu that opens, the "Service" tab is selected, then the button " Copy».
  • Indicates the path to the certificate EDP In the "Overview" menu tab, the choice is confirmed by pressing the "OK" button.
  • If the system requests a password, you must enter it. The default is the number sequence 12345678.
  • Assigns the name of a new copy signatures And by pressing the "Finish" button, the preparation for copying is completed.
  • In the dialog box that opens, a new flash drive is selected and after pressing the "OK" button entered a password for a copy. EDP. You can leave the old password to eliminate confusion with access codes or select a new combination of characters.

How to transfer EDS from flash drives to a USB flash drive? Simple copying of the certificate folder and insert it to a new medium. Show precautions when transferring EDP on a new device!

Using a flash drive as an electronic key

The key is the most accessible method of protecting the computer from access to unauthorized persons. The USB device is a modern analogue of the key. How to make an electronic key from a flash drive?

One of the ways is to use the RAM module, in the tasks of which the testing of each inserted into the computer flashki For compliance with the information laid in the system and, depending on the result, the result is the result, open the login or block it.

Electronic key flash driveworks as follows: With each successful input, the information stored in its backup occurs.

At the next login attempt, the system will compare the credentials flashki - its serial number, brand, manufacturer and data from the backup of the USB device.

The module setting is as follows:

  • The libpam_usb.so library is set and the utility module you need.
  • A flash drive is inserted into the USB port - the future key. With the help of a special team, the module is collected by all information about flashke and writing on it for service information for subsequent user identification.
  • The command attaching the name is entered. flashki to a specific account.
  • Start checking the correctness of the data entered into the data system.
  • The PAM_USB module is executed by the right control system until the key is used. In the case of the appropriate flashkiThe system can request login and password or, according to the settings installed, block the entrance to it.

Using flashki As a key, it does not provide for the placement on it of logins and passwords, the means of crypto protection information.

Choose EDP

Such a key besides convenience storage Provides the user to the following advantages:

  • No need to memorize a large amount of information.
  • Possibility of use flashki in the quality of the means storage information.
  • Ensuring fast login.
  • Auto protection console. When pulled out of a USB port flashki The computer is automatically blocked.