How to Copy a Certificate From a Computer to a USB Flash Drive

Article

A qualified digital signature is legally equivalent to a handwritten one. This tool is actively used by participants in electronic document management (EDI). Storage of hardware and software of electronic devices is not regulated by Federal Law No. 63-FZ. users have the right to manage personal data at their discretion.

Nevertheless, the aforementioned legal norm obliges certification centers to issue CPU keys to applicants on protected USB tokens, smart cards. Some of them are equipped with a built-in cryptographic information protection tool (CPSI). Access to information on secure key media is possible only after entering a PIN code.

You can also store ES software on a regular flash drive in the registry of the Windows operating system (OS). in this article we will consider working in this environment. Today we’ll talk about how to copy an EDS from a flash drive to a computer, and about possible ways to duplicate it and store it.

How to copy EDS from a flash drive to a computer or Rutoken

Immediately make a reservation that a flash drive is sometimes called not only a classic flash-drive with a USB connector, but also a protected USB-token issued by the authorized employee of the certification center (CA) to the applicant. Most often, this is Rutoken. a combined solution consisting of two components: a USB key and flash memory.

So, you have received in the CA hardware-software means for generating and verifying a digital signature. How to copy an EDS from a USB flash drive or protected media to a computer? First, prepare the workplace.

The first one. You will need to download and install CryptoPro CSP and drivers for Rutoken on a laptop, PC or server.

The second one. To register a personal open certificate, you will need to install the CA root certificate (CA) in the corresponding OS section. If this is not done, the system will display an error message.

Note 1 An authorized CA employee usually writes the CA to USB tokens or smart cards issued to users, or to the applicant’s USB flash drive (upon request). The electronic format of the COP is a file with the extension.cer. If you did not find it on your key medium, download from the web portal of the CA that issued you the ES funds. The vast majority of accredited certification authorities put their CA in the public domain.

Note 2 All instructions on Windows should be followed from the system profile with administrator privileges.

We register the COP in the registry of Windows 10:

  1. By double-clicking the left mouse button, we open the file containing the CA CA. We carefully check the displayed information.
  2. Click “Install Certificate”. “OK”. “Further”.
  3. We check the box “Put all certificates in the next store”.
  4. Click “Overview”.
  5. In the list with directories, open “Trusted root certification authorities”, tick the option “Show physical storages”: select “Register” to restrict access to the CA to all but the current user, or “Local computer” if the CC is to be used by all OS users.
  6. We read the system security warning. “Yes”.
  7. The import utility will report completion. Click Finish.
  8. We are waiting for the corresponding notification. “OK.”

You can open a regular storage device and view its contents in the OS browser. for example, Windows Explorer. On it you will find a file with the extension.cer and the folder of the private (secret) key. It contains 6 files. One of them. header.key. is your public key. In the System Explorer for Windows browser window, simply select and drag and drop data from the flash drive onto the PC into any folder you select.

ES software recorded on a USB token can be viewed and duplicated on a PC only using the CryptoPro CSP CIP (more on this below).

How to Copy a Certificate From a Computer to a USB Flash Drive

The third. Check if the token, smart card or storage device are listed in the list of installed readers for CryptoPro CSP:

  1. We start the cryptographic provider.
  2. Go to the “Equipment”.
  3. Click “Configure Readers. “.
  4. A window opens with a list that should contain the line “All smart card readers” if Rootoken is connected. If the key medium is a storage device, the list should contain the line “All removable drives”.
  5. If there is no actual key carrier in the above list, click “Add. »And supplement the list with a necessary reader.

The workplace is configured.

Instruction number 1. We reproduce data from Rutoken in Windows:

  1. We insert the device into the USB connector.
  2. We start the cryptographic provider.
  3. Go to the “Service” option.
  4. Click “Copy.”
  5. In the export window of the private key container, the line “Name. »Leave empty.
  6. Click “Browse.”
  7. A window opens with a list of key containers found. Select the desired one. in the “Reader” column, select Rutoken.
  8. “OK”. “Further”.
  9. Enter the PIN code (by default. 12345678).
  10. The cryptographic provider will return us to the export window. We invent and enter the name of the duplicate container.
  11. Click “Finish.”
  12. In the new window, as the medium of the private key container in the left list of “Devices”, select “Registry”. “OK.”
  13. The cryptographic provider will offer to set a password. We invent and introduce.
  14. We confirm it. “OK.”
  15. If you are sure that an outsider will not get access to the PC, leave the password line blank.
  16. If other users are also working on the PC, set a strong password. If possible, it should be kept out of reach. If you lose your password, it will become impossible to use the container.

At the end of the operation, the cryptographic provider will return to the “Service” tab.

1. Ask a question to our specialist at the end of the article.
2. Get detailed advice and a full description of the nuances!
3. Or find a ready-made answer in the comments of our readers.

Instruction number 2. We view and duplicate only the public key on the PC:

  1. We connect Rutoken.
  2. We start the cryptographic provider.
  3. Open the “Service”.
  4. Call the option “View certificates”.
  5. The line “Name. “Do not fill, click” Overview “.
  6. In the new window, we look through the list and select the desired one. in the “Reader” list, select Rutoken.
  7. “OK”. “Further”.
  8. In the viewing window, we carefully verify the displayed information.
  9. Click “Properties”.
  10. Select the “Composition” tab. “Copy to file”. “OK.”
  11. We tick the option “No, do not export the private key”. “Further”.
  12. As a format, mark the bird “Files X.509 (.CER) encoded DER”. “Further”.
  13. Click “Browse” and specify the file name, where we upload the information, and the path to it.
  14. “Further”. “Done.”
  15. We are waiting for a notification about the completion of the operation. “OK.”

Many users want to learn how to copy an electronic signature from a flash drive to Rutoken. This interest is dictated by the desire to protect personal information from theft as much as possible. As a rule, applicants who received ES software on a regular USB-drive later decide to transfer the information to a token or smart card.

Despite the external similarity (form factor, connector for connecting to a PC), the difference between these devices is very significant. The main purpose of a USB flash drive is data storage. An electronic computer (computer) perceives it as an external drive. USB-flash-drive withstands up to 10 thousand rewriting cycles.

The main purpose of Rutoken is the storage of confidential information, including personal key containers. Any USB token is a microcomputer that, by one method or another (for example, cryptographic), provides the authentication process. Rutoken can withstand 100,000 to 1 million rewriting cycles. Access to the memory of such a device, and, consequently, to the personal data that it contains, is carried out only when using special software.

How to copy certificates from a flash drive to Rutoken:

  1. Connect both media via USB to the workstation.
  2. Follow steps 2 through 6 of instruction number 1 in sequence.
  3. Go to step 7: in the column “Reader” Highlight the latin letter that stands for usb flash drive in the system. After that follow points 8. 11.
  4. Go to step 12: specify Rutoken in the “Insert media” field.

Follow steps 13 to 17 of instruction No. 1 and complete the operation.

How to copy a certificate from the OS repository to a USB flash drive through CryptoPro

An EDI participant, who often works on different machines (PCs, laptops, servers) with multi-user access, may need to transfer the public key to a flash drive. This is convenient if the recipient (for example, an employee of the Federal Tax Service of the Russian Federation) needs to verify the digital signature with which the sender’s documents are endorsed, and he does not want to enter his personal keys into the operating system on a foreign or corporate machine.

How to copy a certificate from the OS storage to a USB flash drive through CryptoPro:

  1. We connect the flash drive via the USB port of the PC.
  2. We act in accordance with instruction No. 2, posted in the previous section of this article. Follow steps 2-5.
  3. When choosing a container in the “Reader” column, select the “Registry” line.
  4. We carry out items 7-12.
  5. We indicate the file name and path to it. the Latin letter denoting the flash drive in the system and, if necessary, the name of the folder into which the information is reproduced.
source