Where is the private key container. Cryptopro does not see the JaCarta key, we decide in a minute. Installation via the menu "Install personal certificate"

1. Open the menu Start - Control Panel - CryptoPro CSP .

2. In the window programsCryptoPro CSP go to tab Service and press the button View certificates in a container:

Review to select a container to view (in our example, the container is on the JaCarta smart card):

4. After selecting a container, press the button OK, then Further.

* If after pressing the button Further You see this message:

"In a container private key no public encryption key, you should install the certificate according to the recommendations described in the Option 2 section.

5. In the window View Certificate press the button Install:

6. If the message " This certificate is already present in the certificate store. Replace an existing certificate with a new one with a reference to the private key?”, press Yes:

7. Wait for the message about successful installation:

8. The certificate is installed. You can close everything open windows CryptoPro.

Option 2. Installation via the "Install personal certificate" menu.

To install a certificate in this way, you will need a certificate file (a file with the .cer extension). It can be located, for example, on removable media or on the computer's hard drive (if you made a copy of the certificate or it was sent to you by e-mail).

If the certificate file is missing, write a letter describing the problem to technical support at [email protected].

1. Open the menu Start - Control Panel - CryptoPro CSP.

2. In the window programsCryptoPro CSP go to tab Service and press the button Install a personal certificate:

3. In the next window, click the button Review to select a certificate file:

4. Specify the path to the certificate file and click the button Open(in our example, the certificate file is located on the Desktop):

6. Check the box Find container automatically(in our example, the container is on the JaCarta smart card) and click Further:

7. In the next window, check the box Install a certificate (certificate chain) into a container and press

Install Rutoken in CryptoPro

Thanks to the use of Rutoken, you can reliably protect information from unauthorized access. Protected file system keep your data safe with cryptographic encryption. Specially created software that combines the capabilities of two programs - CryptoPro Rutoken CSP. Combining the identifier and CIPF, we got a reliable module on which you can safely store data.

Since all actions are performed inside the identifier key and the data exchange protocol is protected by a unique technology, it is rational to use such a distribution kit when working with electronic documents of high importance. If you use Rutoken separately, you must first install drivers for the software. You can not connect the identifier before installing the drivers. After installation, you will need to install support modules for CryptoPro. After completing the preparation steps, you can connect the Rutoken key. Then you should run the CryptoPro program and configure the readers in the Hardware tab. For the identifier to work, select the item "All smart card readers" and click "Next".

Electronic document management more and more integrated into our lives.
Today, this issue concerns not only office employees of enterprises and individual entrepreneurs, working with electronic documents is increasingly facilitating the solution of everyday problems for ordinary citizens and at home. Of course, with the expansion of the applicability of electronic documents, the distribution of electronic digital signature, for short - EDS.
It is about increasing the convenience in working with EDS that we will discuss further, namely, we will consider how to add an EDS key to the CryptoPro registry on the computer.

What is a digital signature and a private key certificate

Electronic digital signature is used in many software products: 1C: Enterprise (and other programs for conducting business or accounting), VLSI++ , Contour.Extern (and other solutions for working with accounting and tax reporting) and others. EDS has also found application in servicing individuals when dealing with government issues.

EDS- this is a kind of guarantor in the world of electronic document management, similar to a regular signature and seals on paper

As with the signing of paper documents, the process of signing electronic media is associated with " editing"primary source.

Electronic digital signature of documents carried out by transforming electronic document using the owner's private key, this process is called document signing

To date private key certificates most often distributed either on ordinary USB flash drives or on special secure media with the same USB interface (Rutoken , eToken and so on).
At the same time, every time when it becomes necessary to sign documents (or identify a user), we need to insert the key carrier into the computer, and then manipulate the certificate. Accordingly, after completing the work, it is enough for us to simply remove the media from the computer so that no one else can use our signature. This method is quite safe, but not always convenient.

If you use the digital signature at home, then every time enable/disable token gets bored quickly. In addition, the carrier will occupy one USB port, which is not always enough to connect all the necessary peripherals.
If you use an EDS at work, then it happens that the key is issued by the certification center alone, and different people have to sign documents. Carrying a container back and forth is also not convenient, and there are also cases when several specialists work with the certificate at the same time.
In addition, both at home and, especially, at work, it happens that on one computer it is necessary to perform actions using immediately multiple digital signature keys.

It is in those cases where the use of a physical certificate carrier is inconvenient, you can register the EDS key in the CryptoPro registry(more about the Windows registry in general terms can be found in the corresponding article: Changing Windows Registry Settings) And use the certificate without attaching the media to the computer's USB port.

Adding a Registry Reader to CryptoPro CSP

First of all, in order for our CryptoPro to be able to work with keys registered locally, it is required to add the variant of such a reader itself.

In order to install a new media type in the CSP utility, run the program as an administrator with the right mouse button or from the menu of the utility itself on the General tab

Now go to the Equipment tab and click on the button Set up readers...
If there is no option in the window that opens Registry, then to display it here, click on the Add...

Click the Next button in the first window.
From the list of readers from all manufacturers, select the option Registry and click Next again.
Enter an arbitrary reader name, you can leave the default name. Click Next.
In the last window, we see a notification that after completing the reader settings, it is recommended to restart the computer. Click the Done button and reboot the machine yourself.

The first stage has been completed. Reader Registry added , as evidenced by the corresponding item in the window Reader management (We remind you that this window is called along the path CryptoPro - Hardware - Configure readers...)

Copying the key to the CryptoPro CSP Registry

To register key container to local storage, connect the physical media with the key to the computer.

Now run the CryptoPro utility again, open the Service tab and click on the Copy... button.
Next in the window Copy Private Key Container Wizard click the Browse button (or By certificate...) and choose our key carrier, confirming the choice with the OK button, after which we proceed to the next window with the Next button.

In the new window, set an arbitrary friendly name for the created key container and click the button Done. Then, to write the key, select the type of reader we created earlier Registry, confirming the selection with the OK button.
After confirmation, we need to set a Password on the created key container, by default, most often, a password is used 12345678 but for more safe work the password can be more difficult. After entering the password, click on the OK button.

All, key container added to the CryptoPro Registry .

Installing the CryptoPro CSP private key certificate

At the end of setting up the signing of documents without connecting the key carrier to the computer, we only have to install private key certificate from the created media container.

To install a certificate in CryptoPro, you must do the following:

In the CSP utility, on the Service tab, click on the button View certificates in container...
In the window that opens, click on the button Browse, where we select the desired media by the name we specified, confirming the selection with the OK button. Click Next.
In the final window, we check the correctness of the choice of certificate and confirm the decision with the button Install.

Now we have installed Private key certificate from local media Registry .

CryptoPro setup is complete, but you should remember that many software products will also require rewrite new key in system settings.
After we have done this, we can sign documents without connecting a key, be it Rutoken, eToken or some other physical medium.

Installing the certificate and private key

We will describe the installation of a certificate electronic signature and private key for OS Windows families. During the setup process, we will need Administrator rights (so we may need a sysadmin if you have one).

If you have not yet figured out what an Electronic Signature is, then please read Or if you have not yet received an electronic signature, contact the Certification Authority, we recommend SKB-Kontur.

Well, suppose you already have an electronic signature (token or flash drive), but OpenSRO reports that your certificate is not installed, this situation may arise if you decide to set up your second or third computer (of course, the signature does not "grow" only to one computer and it can be used on multiple computers). Usually initial setup carried out with the help of technical support of the Certification Authority, but let's say this is not our case, so let's go.

1. Make sure CryptoPro CSP 4 is installed on your computer

To do this, go to the menu Start CRYPTO-PRO CryptoPro CSP run it and make sure that the version of the program is at least 4th.

If it is not there, then download, install and restart your browser.

2. If you have a token (Rutoken for example)

Before the system can work with it, you will need to install the correct driver.

Drivers Rutoken: https://www.rutoken.ru/support/download/drivers-for-windows/
Drivers eToken: https://www.aladdin-rd.ru/support/downloads/etoken
Drivers JCarta: https://www.aladdin-rd.ru/support/downloads/jacarta

The algorithm is as follows: (1) Download; (2) Install.

3. If the private key is in the form of files

The private key can be in the form of 6 files: header.key , masks.key , masks2.key , name.key , primary.key , primary2.key

There is subtlety here. if these files are written to HDD your computer, then CryptoPro CSP will not be able to read them, so all actions must be performed after writing them to a USB flash drive ( removable media), and you need to place them in the first-level folder, for example: E:\Andrey\(files) , if placed in E:\Andrey\ keys\(files) will not work.

(If you are not afraid of the command line, then removable media can be simulated like this: subst x: C:\tmp will appear new disk(X:), it will contain the contents of the C:\tmp folder, it will disappear after a reboot. This method can be used if you plan to install keys in the registry)

Found the files, recorded on a USB flash drive, go to the next step.

4. Installing a certificate from a private key

Now we need to get a certificate, you can do this as follows:

We open CryptoPro CSP
Go to the tab Service
We press the button View certificates in a container, press Review and here (if everything was done correctly in the previous steps) we will have our container. We press the button Further, information about the certificate will appear and then click the button Install(the program may ask whether to put a link to the private key, answer "Yes")
After that, the certificate will be installed in the storage and it will be possible to sign documents (at the same time, at the time of signing the document, it will be necessary that the flash drive or token be inserted into the computer)

5. Using an electronic signature without a token or flash drive (installation in the registry)

If the speed and convenience of work for you is a little higher than security, then you can set your private key to Windows registry. To do this, you need to do a few simple steps:

Prepare the private key described in paragraphs (2) or (3)
Next, open CryptoPro CSP
Go to the tab Service
We press the button Copy
With button Review choose our key
We press the button Further, then we will come up with some name, for example "Pupkin, Romashka LLC" and press the button Ready
A window will appear in which you will be prompted to select the media, select Registry, click OK
The system will ask Set password for the container, come up with a password, click OK

Important note: the OpenSRO portal will not "see" the certificate if it has expired.

List of documents for a legal entity:

1. Extract from the Unified State Register legal entities(Unified State Register of Legal Entities) not older than 30 days.

2. Passport

3. Company details

4. SNILS (Insurance Certificate of State Pension Insurance)

5. TIN certificate

List of documents for an individual entrepreneur (IP):

1. Extract from the Unified State Register of Individual Entrepreneurs (EGRIP)

2. Passport

3. SNILS (Insurance Certificate of State Pension Insurance)

4. TIN certificate

List of documents for an individual:

1. Passport

2. TIN certificate

2. SNILS (Insurance Certificate of State Pension Insurance)

2. A window pops up: "Error! The CAPICOM library cannot be loaded, possibly due to low access rights on this local machine."

If you get a window "Error! The CAPICOM library cannot be loaded, possibly due to low access rights on this local machine" pops up while working on the roseltorg.ru website, you need to:

1. Click on the yellow bar under the site address with the text "This website is trying to install the following add-on: "CAPICOM User Download v2.1.0.2" from "Microsoft Corporation". If you trust this website and add-on and want to install it , click here...";

2. Select "Install ActiveX Control";

3. Click on the "Install" button; this procedure must be performed until the window with this message stops popping up (this is individual for each computer). This is a one time setting.

3. How to install a personal certificate?

Installing a personal certificate (your organization's certificate) can be done in the following way:

Through the menu "View certificates in the container"

1. Select Start / Control Panel / CryptoPro CSP, go to the Service tab and click on the button View certificates in a container(see fig. 1).

Rice. 1. “CryptoPro CSP Properties” window

2. In the window that opens, click the Browse button to select a container to view. After selecting the container, click on the OK button (see Fig. 2).

Rice. 2. Window for selecting a container for viewing

3. In the next window, click on the Next button.

Rice. 3. Window "Selected private key container"

4. If the version of CryptoPro CSP 3.6 R2 (product version 3.6.6497) or higher is installed, then in the window that opens, click the Install button, and then respond in the affirmative to the certificate replacement notification (if it appears).

Rice. 4. Certificate view window

5. In the window that appears about the successful installation of the certificate, click OK

Rice. 5. The window "Message about the successful installation of the certificate"

6. then press the button ready

Rice. 6. View window for the selected certificate

5. Close the CryptoPro CSP window by pressing the OK button

Detailed information on installing the certificate is available at the following link.

4. How to set up email.

Outlook Express security settings are configured as follows:

1. Select the menu item Tools / Tools -> Accounts/ Accounts and open the Mail tab.

2. In the displayed list of accounts, select the one you want to configure and click the Properties button.

3. In the displayed dialog, select the Security tab, which allows the user to specify their personal certificates that will be used when selecting the user's private keys to generate an electronic digital signature and decrypt incoming messages. The certificate selection dialog only displays certificates that have a matching address Email and allowed for email protection

5. In the displayed dialog, select the Security tab:

6. In the displayed dialog, set the following modes:

a. Enable user when sending encrypted mail / Always encrypt messages when sending encrypted mail . Setting the enable mode allows the sender to decrypt messages sent to them.

b. Include my digital ID when sending singed messages. Setting this mode will automatically add the sender's certificate to all messages. This mode allows you to exchange certificates using a signed message, and then use the received certificates for subsequent encryption of messages between recipients.

c. Send messages with an opaque signature/ Encode message before signing. When message mode is enabled, all attachments will be merged into a single attachment with a digital signature included. If the mode is disabled, the signature is generated as one separate attachment for all attachments.

d. Automatically add the sender's certificate to address book/ Add senders certificates to my address book. When this mode is enabled, certificates transmitted as part of a signed message will be automatically added to the address book.

e. Check for revoked Digital Ds:

i. only when online / Only when online. Setting a verification token causes each operation to generate or verify an electronic digital signature to be accompanied by a certificate revocation check. To check for revocation, a Certificate Revocation List (CRL) is used, the location of which is recorded as an appendix in each user's certificate. By default, this option is not enabled, and Outlook Express does not track if user keys have been compromised.

ii. Never / Never.

Revocation check is not performed.

5. How to sign a document.

There are 2 types of sending a signed document.

The first way is to sign the document itself and the second way is to sign the entire letter.

To create and send a signed message:

1. Click the Create Mail button or select the menu item File -> New -> Mail message.

3. To send a signed message, check the status of the Sign button. It should be pressed and the sign of the signed message should be visible on the right side of the screen.

4. After the message is prepared for sending, click the Send button:

The second way is when the file itself is signed. Plastic bag Microsoft Office allows you to attach digital signatures to a specific document. For this you need:

1. On the Tools menu, select Options, and then click the Security tab.

2. Click the Digital Signatures button.

3. Click the Add button.

4. Select the desired certificate, and then click the OK button.

For other data formats, you must use the CryptoArm program.

6. CryptoPro expires.

Was not entered during installation serial number product under the license you purchased.

7. Mail does not see the certificate.

When setting up e-mail, at the stage of signing a document, the mail does not find the required certificate. This happens when the e-mail address, which is indicated during the production of the EDS, does not match the valid e-mail box.

8. When installing CryptoPro, at the last step, the system displays a message about the incorrect installation of the program and rolls back. How to be?

The problem occurs due to incomplete (or incorrect) removal previous version Crypto Pro from a computer. To remove the files remaining from the previous version, you must use the CryptoPro trace cleanup program clear.bat. You can download the program from here: ftp://ftp.cryptopro.ru/pub/CSP_3_6/clearing.zip

9. Where can I find the EDS signing public key?

All signatures issued by our company have the public key inside a container on a secure medium. In order to extract it from the container, you must:

When included in system unit via the CryptoPro program Start à Control Panel à CryptoPro à Tools à View certificates in the container. In the dialog box that appears, select the desired container via the browse à Next. In the EDS public key data view window, select properties à Composition tab à Copy to file and specify the path to save the certificate.

10. CryptoPro does not see the container on the flash drive. Prompts you to select another medium.

Depending on what type of media you are using, the solutions are different. If you are using smart cards such as Rutoken, MsKey, Etoken, then most likely you do not have drivers installed for correct operation with a key.

If your key is on a USB 2.0 flash drive, then you need to look at the version of the CryptoPro core. If you are using CryptoPro 3.0, then you have gone astray. In order to set it up you need to:

When the media is included in the system unit Via CryptoPro Start à Control Panel à CryptoPro àHardware Configure readers Add. In the reader installation wizard window that appears, select Drive on the right side of the screen (since in CryptoPro everything USB media defined as floppy disks). In the next window, select the correct name for the flash drive, that is, the name under which the flash drive was defined in "My Computer".

If you are using CryptoPro 3.6 and the container is not visible, then the medium is damaged. It should be submitted to the office to determine the status of the key.

11. We received an EDS, what to do next? How to register on the trading platform?

The entire procedure for accreditation, filing an application for participation in the auction and holding the auction itself is described in the rules of operation of a particular electronic trading platform which can be found on the website of this site. There are also various auxiliary video materials, instructions for working in the system. Or you can contact us to purchase our service of assistance in accreditation on any electronic platform.