Installing an electronic digital signature on a computer. (EDS) electronic signature for government services, creation and receipt

In this section we will indicate what procedures are involved in the implementation of digital signature. We present to you a brief, overview description of how specialized software should be installed and configured for correct operation EDS on your computer.

Attention! Can't connect Rutoken or make a link to USB-nopm before installing the driver.

In case Rutoken was connected before the driver stopped and the “Found New Hardware” and “Found New Hardware Wizard” window appeared, you should select the “Cancel” command and disable Rutoken.

When adding new USB ports, you may need to reinstall the driver Rutoken.

To install the driver and connection module Rutoken follow these steps:

• on installation disk run the appropriate file and complete the installation, following the system messages;
• after installation is complete, restart your computer;
• run the file on the installation disk rtSup_CryptoPro.exe and complete the installation following the system messages;
• after all the necessary software is installed, connect Rutoken to the computer. Messages will appear in the system tray indicating that the device has been installed successfully.

Once connected, the indicator light on the device lights up. This is a sign that Rutoken correctly recognized operating system and ready to go.

Key information storage device Rutoken is a device made in the form of a USB keychain designed to protect and securely store key information.

When working with Rutoken The following features of using this device must be taken into account:

• Rutoken is not detected by the operating system as removable disk(like a flash drive). In addition, all information that is placed on Rutoken, is encrypted by the device itself and stored on it in encrypted form. Accordingly, there is no possibility using standard methods view content Rutoken or record (delete) information on the device;
• All actions for recording (deleting) keys on Rutoken performed using CIPF CryptoPro CSP;
• In the process of working with Rutoken A special pin code is required. The standard user pin code for the device is 12345678;
• Rutoken does not require special procedure extracted from a computer (like a flash drive). After connection Rutoken the indicator light on the device lights up. When the system accesses the content contained on Rutoken information (signing a digital signature document), the indicator light blinks. The device can be disconnected from the computer at any time, except when the indicator light is blinking, as this may lead to loss of information on Rutoken.

Attention! During the installation process, “Rutoken” must be disabled. If in present moment If it is connected, it must first be disconnected.

Once the installation is complete, a window will appear prompting you to restart the operating system.

Important! You must restart your computer to further work. Do not attempt to proceed to the next steps without rebooting

Cryptoprovider CryptoPro CSP 3.6 is designed for:

• authorization and ensuring legal validity electronic documents when exchanging them between users, through the use of procedures for generating and verifying electronic digital signature (EDS) in accordance with domestic standards GOST R 34.10-94, GOST R 34.11-94, GOST R 34.10-2001;
• ensuring confidentiality and monitoring the integrity of information through its encryption and imitation protection, in accordance with GOST 28147-89; ensuring authenticity, confidentiality and impersonation protection of TLS connections;
• integrity control, system and application software to protect it from unauthorized modification or disruption of proper functioning;
• management key elements systems in accordance with the regulations on protective equipment.

Peculiarities:

• Built-in Winlogon support
• Included CryptoPro CSP 3.6 included Revocation Provider, working via OCSP responses.
• Support for the x64 platform has been implemented. Implementation of the EAP/TLS protocol is provided.
• Expanded front end CIPF to ensure work with functional key carrier (FKN), key coordination for use in implementations IPSec protocol, work with other applications.
• The possibility of using the standard is excluded GOST R 34.10-94.

Implemented algorithms:

• The algorithm for generating the hash value is implemented in accordance with the requirements GOST R 34.11 94 « Information technology. Cryptographic information protection. Hash function."
• Generation and verification algorithms EDS implemented in accordance with the requirements:
• GOST R 34.10 94“Information technology. Cryptographic information protection. Electronic digital signature system based on an asymmetric cryptographic algorithm";
• GOST R 34.10 94 And GOST R 34.10-2001“Information technology. Cryptographic information protection. Processes of formation and verification of electronic digital signatures.”
• The data encryption/decryption algorithm and calculation of imitations are implemented in accordance with the requirements GOST 28147 89"Information processing systems. Cryptographic protection."
  When generating private and public keys, it is possible to generate with different parameters in accordance with GOST R 34.10-94 And GOST R 34.10-2001.
  When generating a hash value and encryption, it is possible to use different replacement nodes in accordance with GOST R 34.11-94 And GOST 28147-89.

If the CryptoPro CSP support module was previously installed on your computer, it should be removed before installing the new version of CryptoPro CSP!

CAPICOM- element ActiveX controls, created by Microsoft to help application developers access services that provide security for applications based on cryptographic functions implemented in CryptoAPI through COM technology. CAPICOM can be used to digitally sign data, verify signatures, display digital signature and digital certificate information, add or remove certificates, and finally encrypt and decrypt data.

CAPICOM version 2.1.0.2 is the latest version of CAPICOM that is officially supported on Windows.

Setting up the browser is necessary for its correct collaboration with cryptography components, as well as the ability to work with secure document flow.

When setting up the browser, you need to change the security settings and allow the browser settings to run.

In particular,You will need ETP certificates Zakaz.RF and RTS-Tender.

You might also be interested in:

Don't forget to purchase!

1. Open the menu Start - Control Panel - CryptoPro CSP.

2. In the window programsCryptoPro CSP go to the tab Service and press the button View certificates in a container:

Review to select a container to view (in our example, the container is on the JaCarta smart card):

4. After selecting the container, click the button OK, then Next.

* If after pressing the button Next You see this message:

"There is no private key in the container public key encryption", you should install the certificate according to the recommendations described in section Option 2.

5. In the window Certificate for viewing click the button Install:

6. If the message “ This certificate is already present in the certificate store. Replace the existing certificate with a new one, with a link to the private key?", click Yes:

7. Wait for the successful installation message:

8. The certificate is installed. You can close everything open windows CryptoPro.

Option 2. Installation via the “Install personal certificate” menu.

To install a certificate using this method, you will need a certificate file (a file with the .cer extension). It may be located, for example, on removable media or on your computer’s hard drive (if you made a copy of the certificate or were sent it to you by email).

If the certificate file is missing, write a letter describing the problem to technical support at the address [email protected].

1. Open the menu Start - Control Panel - CryptoPro CSP.

2. In the window programsCryptoPro CSP go to the tab Service and press the button Install a personal certificate:

3. In the next window, click the button Review to select the certificate file:

4. Specify the path to the certificate file and click the button Open(in our example, the certificate file is located on the Desktop):

6. Check the box Find container automatically(in our example the container is on the JaCarta smart card) and click Next:

7. In the next window, check the box Install a certificate (certificate chain) into a container and press

Electronic digital signatures (EDS) have long been firmly established in use both in government agencies and in private companies. The technology is implemented through security certificates, both general for the organization and personal. The latter are most often stored on flash drives, which imposes some restrictions. Today we will tell you how to install such certificates from a flash drive to a computer.

Despite their reliability, flash drives can also fail. In addition, it is not always convenient to insert and remove the drive for work, especially for a short period of time. The certificate from the key media can be installed on the production machine to avoid these problems.

The procedure depends on the version of Cryptopro CSP that is used on your machine: for latest versions Method 1 is suitable, for older ones - Method 2. The latter, by the way, is more universal.

Method 1: Automatic installation

The latest versions of Cryptopro DSP have useful function automatic installation personal certificate with external media on hard drive. To enable it, do the following.

1. The first step is to launch CryptoPro CSP. Open menu "Start", in it go to "Control Panel".
   
   
   Left-click on the marked item.
2. Will start working window programs. Open "Service" and select the option to view certificates marked in the screenshot below.



3. Click the review button.
   
   
   The program will prompt you to select the location of the container, in our case a flash drive.
   
   
   Select the one you want and click "Next.".
4. Will open preview certificate. We need its properties - click on the desired button.
   
   
   In the next window, click on the certificate installation button.



5. The certificate import utility will open. To continue, press "Next".
   
   
   You have to select a storage location. In the latest versions of CryptoPro, it is better to leave the default settings.
   
   
   Finish working with the utility by pressing "Ready".



6. A message indicating that the import was successful appears. Close it by clicking "OK".

   
   The problem is solved.

This method is the most common today, but in some certificate options it is impossible to use it.

Method 2: Manual installation method

Outdated versions of CryptoPro only support manual installation personal certificate. Moreover, in some cases latest versions Software can use such a file through the import utility built into CryptoPro.

1. First of all, make sure that the flash drive that is used as a key contains a certificate file in CER format.



2. Open CryptoPro DSP in the same way as described in Method 1, but this time choosing to install certificates.



3. Will open "Personal Certificate Installation Wizard". Proceed to select the location of the CER file.
   
   
   Select your flash drive and the folder with the certificate (as a rule, such documents are located in the directory with the generated encryption keys).
   
   
   After making sure that the file is recognized, press "Next".



4. On next stage Review the certificate properties to ensure that you have chosen the correct one. After checking, press "Next".



5. Next steps are to specify the key container for your CER file. Click on the appropriate button.
   
   
   In the pop-up window, select the location you need.
   
   
   Returning to the import utility, click again "Next".



6. Next you need to select the storage for the imported digital signature file. Click "Review".
   
   
   Since our certificate is personal, we need to mark the corresponding folder.

   

   Attention: if you use this method on the latest CryptoPro, then do not forget to check the box “Install a certificate (certificate chain) into the container”!

7. Finish with the import utility.



8. We're about to replace the key with a new one, so feel free to click "Yes" in the next window.
   
   
   The procedure is over, you can sign the documents.

This method is somewhat more complicated, but in some cases this is the only way to install certificates.

To summarize, let us remind you: install certificates only on trusted computers!

How to install a personal certificate in CryptoPro

In CryptoPro CSP, the procedure is performed in the presence of a document with the .cer extension, which actually represents a certificate. Possible locations for the document: a flash drive, various tokens, or a computer hard drive. Depending on where it is stored, there are two installation methods. If the certificate is in a private key container, you need to open it by going to Services and finding the “View certificates in container” item. In the “Certificates in the private key container” window, you will need to click the “Install” button. The document will be installed in the “Personal” storage.

If the certificate is stored in a file, the method is slightly different. The certificate is installed in the “Personal” store and a link to the private key that corresponds to this certificate is generated. Through the “Control Panel” you need to open the Service tab. By clicking “Install personal certificate”, you will need to decide on the file name. After receiving confirmation, you need to fill in the “Name of the key container”. You may need to enter a password to access private key. The last step is to select a storage location for installing the certificate. The step-by-step process is described for version CryptoPro 4.0; if you need guidance for installing a personal certificate for CryptoPro 3.6, we recommend that you read the information on the developer’s website.