All about car tuning

How to install a personal certificate? Installing and configuring an electronic signature Download a signature key certificate compatible with cryptopro

) in the certification center, in order to get started, you need to install it on your computer. Now we will tell you how to do it correctly.

Installing digital signature on a computer - detailed instructions

To correctly install digital signature on a computer, the program must already be installed on it CryptoPro CSP 3.6. Without it software working with an electronic digital signature is impossible. You can download this program on the official website of CryptoPro. The program is paid, but has a trial period of 3 months, which will be enough for you to understand all the necessary functions.

Let's get started with the instructions installation of digital signature on PC.

1 step.

Open the windows control panel and select from the list of programs CryptoPro CSP. When the program starts, you will see the following window:

Step 2.

Go to the tab Service

Step 3.

In the tab Service click the button View certificates in container...

Step 4

In the window that opens, click the button. A window will appear with the name of the container and the available reader. Click OK.

Step 5

In the window " Certificates in a container private key ", click Further without changing anything.

Step 6

In the window displaying information about the user and electronic signature, press the button Properties.

Step 7

Now in the window that opens, click the button Install certificate...

Step 8

In the window " Certificate Import Wizard", click Further.

Step 9

Now you need to select the item Place all certificates in the following store by pressing the button.

Step 10

Click on the folder name first Personal, and then on OK

It is a document confirming that the public key belongs to its owner. In fact, this means that the signature belongs to you and is certified by some third arbiter. The role of the arbitrator in in this case performed by the Certification Authority that issues the certificate. It guarantees the authenticity of the signature. Many people are interested in how to install a digital signature certificate on a computer.

What is a certificate

The certificate in accordance with Article 14 of Federal Law No. 63, officially published on 04/06/2011, can be issued both in paper and electronic form.

The certificate is used so that the recipient of the document can verify that the received document with the electronic signature is signed by the person to whom the signature belongs and the key is valid. To do this you need to establish a signature.

According to Federal Law No. 14 (Article 2), the certificate contains the following information:

  • Public key for verification.
  • Details of the certification center.
  • Standards for public keys and closed type.
  • Information about the individual or the name of the legal entity and their location.
  • Number and validity period of the certificate, date of issue.

If the certificate is issued to a legal entity, then along with the name indicate the full name of the person who is entrusted with the right to sign by power of attorney or according to the Charter of the enterprise. Both physical and legal entities you need to know how to install a digital signature certificate on a computer.

Verification Center

This is the organization that is responsible for the authenticity of the digital signature. In case of termination of work, the CA is obliged to notify everyone who used its services one month in advance. If, during liquidation, the information contained in the register is not transferred to a third party, then it is destroyed. This must also be notified 1 month in advance.

Certificates are issued for a period of 1 year. If the customer knows that their status and information may change earlier, the validity period may be reduced. If verification of the digital signature certificate reveals violations, it may be cancelled. It can also be revoked by a court decision or a client’s application.

On the website of the NCA (National Certification Authority) you can order different types certificates: for Rosreestr, for trading, for the tax service, etc.

How to install a digital signature certificate on a computer

To install the certificate on your computer, you must have the CryptoPro CSP program. It can be downloaded from the developer's website. The program is paid, but you can use it for free for three months.

We turn on the certificate carrier into the computer and install its driver, if necessary. Algorithm of actions:

  1. Install the program and run it.
  2. In the program window, select the “Service” tab.
  3. In the window that appears, click “View certificates in the container.”
  4. Click on “Browse” and see the data available for installation. We agree (OK).
  5. We see the “Private Key Certificates” window, skip it by clicking “Next”.
  6. In the window that opens, select “Properties” and “Install certificate”.
  7. The certificate import wizard will open, then select the installation location.
  8. Select the desired folder, agree, and click “Finish.”
  9. After installing the digital signature certificate, CryptoPro confirms that everything is in order.

The installation procedure is very simple and accessible to everyone. But, if you are not sure that you can handle it, CA specialists can provide this service. In addition, many other specialized companies know how to install a digital signature certificate on a computer, and can help you with this for a small fee.

IN last years everyone's got ideas digital economy, e-government. These themes are heard at all levels of government. Even the President spoke about this in his annual Address. Discussing different sides this phenomenon: philosophical, technical, and organizational. In many areas economic life began to actively use electronic document management.

Everyone in life has to put their signature on various documents. We sign as a private person, certifying certain actions or familiarization with something. There can be many examples of this. We sign documents, orders, instructions, as executive. This is evidence of the authenticity of the document and its significance.

For electronic document management you must have an electronic signature. And for this, you also need to know how to install a digital signature certificate on a computer.

How to install a personal certificate in CryptoPro

In CryptoPro CSP, the procedure is carried out in the presence of a document with the .cer extension, which actually represents a certificate. Possible locations document location: flash drive, various tokens or HDD computer. Depending on where it is stored, there are two installation methods. If the certificate is in a private key container, you need to open it by going to Services and finding the “View certificates in container” item. In the “Certificates in the private key container” window, you will need to click the “Install” button. The document will be installed in the “Personal” storage.

If the certificate is stored in a file, the method is slightly different. The certificate is installed in the “Personal” store and a link to the private key that corresponds to this certificate is generated. Through the “Control Panel” you need to open the Service tab. By clicking “Install personal certificate”, you will need to decide on the file name. After receiving confirmation, you need to fill in the “Name of the key container”. You may need to enter a password to access the private key. The last step is to select a storage location for installing the certificate. The step-by-step process is described for version CryptoPro 4.0; if you need guidance on installing a personal certificate for CryptoPro 3.6, we recommend that you read the information on the developer’s website.

As paper document flow is replaced by electronic one, a tool such as an electronic signature is becoming increasingly important and widespread. Already, many departments exchange documents exclusively in in electronic format, and each legally significant document is signed with an electronic signature. It is used when working on electronic trading platforms, when interacting with government information systems(such as GIS GMP, GIS housing and communal services and others) and can even be used for authorization on state portals(such as gosuslugi.ru). There is no doubt that the scope of application of electronic signatures will continue to expand in the future, and therefore specialists in the field information technologies It is extremely important to understand the principle of operation of an electronic signature and be able to take the necessary steps to install and configure software for working with an electronic signature.

Of course, studying this issue would be worth starting with federal law"About electronic signature" ( http://www.consultant.ru/document/cons_doc_LAW_112701/ ), where definitions of concepts are given, legal status electronic signature, procedure for its use, etc. helpful information. However, the purpose of this article is to show how quickly, without going into details, to install an electronic signature, which in some cases, in cases where there is no time for proper study, will be very useful.
We will perform the installation on a computer running an operating system. Windows systems 7 Professional, a private key for an electronic signature on eToken media, and we will use CryptoPro CSP as a crypto provider.
Let's start by installing the necessary software:
- CryptoPro CSP version 3.6 or higher;
- Media driver (when using eToken or Rutoken).
The driver for eToken can be downloaded for free from the following link http://www.aladdin-rd.ru/support/downloads/etoken/ , the driver for Rutoken is available for download here http://www.rutoken.ru/support/download/drivers-for-windows/ .
Other devices, such as a flash drive, smart card or registry, can also be used as a carrier of key information, but it is not recommended to use them as they do not provide a sufficient level of protection of key information from unauthorized access.

Installing an electronic signature key certificate.

After the eToken driver (Rutoken) and the crypto provider CryptoPro CSP are installed, we can begin installing the electronic signature verification key certificate.
Launch the CryptoPro CSP program, go to the “Service” tab and click the “View certificates in the container” button.

In the window that opens, click “Browse”, select the desired owner and click “OK”.

In the next window, do not change anything, click “Next”.


A window will open in which we can see brief information about the user certificate (information about the owner, the validity period of the certificate and its serial number).


To view detailed information, click “Properties”. If the root certificate of the certification authority has not yet been installed (as in our case), then in the general tab we will see a message as in the figure below. The current root certificate of a certification authority is usually available for download on the website of the certification authority (the organization that issued the electronic signature).

Return to the previous window and click “Install” to continue installing the user certificate. A message appears indicating that the certificate is being installed. Confirm the installation by clicking the “Yes” button.


A message from eToken PKI will also appear, asking you to write the certificate to eToken. We refuse, click “Cansel”.


The certificate is installed in the certificate store. Click “Finish” to complete the installation.

Installing the root certificate of the certification authority.

File root certificate open the certification authority (with the .cer extension) by double-clicking and click the “Install certificate” button.

The Certificate Import Wizard will open. Click “Next”. Then check the “Place the certificate in the following storage” checkbox.


Through “Browse” we indicate the “Trusted” folder root centers certification."

Click “Ok” and complete the installation. A message appears indicating that the operation was successful.

Now, when we open the properties of the user certificate, we will not see the same error.

All we have to do is test the private key container.

Testing.

Open CryptoPro CSP, and in the “Service” tab, click “Test”.

We find the key container through “Browse” or using the corresponding certificate and click “Next”. You will be prompted to enter a pin code for the container. Enter the password and click “Ok”. If you check the “Remember pin code” checkbox, the system will not request it whenever you access the key container (including when signing a document), which is not recommended in order to protect against unauthorized access.
Next, a window will open with information about the presence or absence of errors.

Installing an electronic signature in the register.

It is possible that the private key of an electronic signature needs to be duplicated in order to be used on several computers. In such cases, the optimal solution would be to install the private key of the electronic signature in the registry. For a container created in the registry, you can set a password and thereby limit access to the private key of the electronic signature, which is stored in the container. Removable media, after installation, can be transferred to another user. I note that such a measure is justified in cases where, for example, several employees of one organization (department) use the same signature (for example, the signature of an authority). In other cases, resorting to such measures is not recommended.

Installation of the “Register” reader.

The first thing you need to do is install the reader. This is quite easy to do using the reader installation wizard (adding and removing readers is done under account with administrator rights). If, when installing CryptoPro CSP, you checked the “Register reader “Registry”” checkbox, as in the figure below, and it is present in the list of readers, you can immediately proceed to copying the private key container to the registry.


Launch CryptoPro CSP, in the “Equipment” tab, click the “Configure readers” button.

In the window that opens, click “Add”.

The reader installation wizard will start, click “Next”.


From the list in the window on the right, select “Registry” and click “Next”.


Then we set the name of the reader, or leave it unchanged as in our example and click “Next”.


We complete the wizard and click “Finish”.

Copying the private key container to the registry.

The reader is prepared, now you need to copy the container with key information from the eToken removable media to the registry. To do this, go to the main menu of CryptoPro CSP and in the “Service” tab, click the “Copy” button. Through “Browse” we indicate the container that we want to copy to the registry.


The system will then request a password to access the container on removable media (eToken). Enter the password, and in the next window set the name for the key container that will be created in the registry.


In the next window, the program will prompt you to select the media on which you want to burn the container. Select “Registry” and click “Ok”.


Now we need to set a password for the container that we placed in the registry.

Enter the password, confirm and click “Ok”.
Now, having launched the function of testing the private key container, in addition to the container on removable media, we will see the created container on the “Registry” reader.
We complete the container testing procedure. If no errors are found, proceed to installing the electronic signature key certificate (if it has not been done previously). The procedure for installing a certificate from the registry is similar to the installation procedure from removable media, and if the owner’s certificate has already been installed from removable media, then installing it again after copying the container to the registry is not required.

Electronic document management is entering our lives more and more tightly.
Today, this issue concerns not only office employees of enterprises and individual entrepreneurs, working with electronic documents increasingly makes it easier for ordinary citizens to solve everyday problems in everyday life. Of course, with the increasing applicability of electronic documents, the distribution of electronic digital signature, abbreviated as EDS.
It is about increasing the convenience of working with digital signatures that we will discuss further, namely, we will consider how to add EDS key to the CryptoPro registry on the computer.

What is digital signature and private key certificate

Electronic digital signature used in many software products: 1C: Enterprise (and other programs for conducting business or accounting), VLSI++ , Contour.Extern (and other solutions for working with accounting and tax reporting) and others. EDS has also found application in service individuals when resolving issues with government agencies.

EDS- this is a kind of guarantor in the world of electronic document management, similar to a regular signature and seals on paper

As with signing paper documents, the signing process electronic media information related to " editing"primary source.

Electronic digital signature of documents carried out by transformation electronic document using the owner's private key, this process is called document signing

To date private key certificates most often distributed either on regular USB flash drives or on special protected media with the same USB interface ( Rutoken , eToken and so on).
At the same time, every time there is a need to sign documents (or identify a user), we need to insert the media with the key into the computer, and then manipulate the certificate. Accordingly, after completing the work, we simply need to remove the media from the computer so that no one else can use our signature. This method is quite safe, but not always convenient.

If you use digital signature at home, then every time connect/disconnect token gets boring quickly. In addition, the carrier will occupy one USB port, which are not always enough to connect all the necessary peripherals.
If you use digital signature at work, then it happens that the certification center issued only one key, and must sign documents different people . Carrying a container back and forth is also not convenient, and there are also cases when Several specialists work with a certificate at the same time.
In addition, both at home and, especially, at work, it happens that on one computer it is necessary to perform actions using immediately multiple digital signature keys.

It is in cases where the use of a physical certificate medium is inconvenient that you can register the digital signature key in the CryptoPro registry(you can read more about the Windows registry in a general sense in the corresponding article: Changing Windows registry settings) And use the certificate without connecting the media to the computer's USB port.

Adding a Registry reader to CryptoPro CSP

First of all, in order for our CryptoPro to be able to work with locally registered keys, we need to add a version of such a reader.

In order to set the new media type in the CSP utility, run the program as an administrator with the right mouse button or from the menu of the utility itself on the General tab

Now go to the Hardware tab and click on the button Configure readers...
If there is no option in the window that opens Registry, then to display it here, click on the Add button...

  1. Click the Next button in the first window.
  2. From the list of readers from all manufacturers, select the option Registry and click Next again.
  3. Enter a custom reader name, you can leave the default name. Click Next.
  4. In the last window we see a notification that after completing the reader setup, it is recommended to restart the computer. Click the Finish button and reboot the machine yourself.

The first stage is completed. Registry reader added , as evidenced by the corresponding item in the window Reader management (We remind you that this window is called up along the path CryptoPro - Equipment - Configure readers...)

Copying the key to the CryptoPro CSP Registry

To register the key container in local storage, connect the physical media with the key to the computer.

Now run the CryptoPro utility again, open the Service tab and click on the Copy button...
Next in the window Copy Private Key Container Wizards Click the Browse button (or According to the certificate...) and select our key media, confirming the selection with the OK button, then proceed to the next window with the Next button.

In the new window, set an arbitrary friendly name for the key container being created and click the Finish button. Then, to record the key, select the reader type we created earlier Registry, confirming your choice with the OK button.
After confirmation, we need to set a Password for the created key container; by default, most often, a password is used 12345678 , but for more safe work The password can be set more difficult. After entering the password, click on the OK button.

All, key container added to the CryptoPro Registry .

Installing a CryptoPro CSP private key certificate

To complete the setup of signing documents without connecting the key carrier to the computer, all we have to do is install private key certificate from the created media container.

To install a certificate in CryptoPro you need to do the following:

  1. In the CSP utility, on the Service tab, click on the button View certificates in container...
  2. In the window that opens, click on the Browse button, where we select the desired media using the name we specified, confirming the selection with the OK button. Click Next.
  3. In the final window, we check that the certificate has been selected correctly and confirm the decision with the Install button.

Now we have installed Private key certificate from local storage Registry .

Setting up CryptoPro is complete, but you should remember that many software products will also require re-register a new key in the system settings.
After these steps we can sign documents without connecting a key, be it Rutoken, eToken or some other physical medium.