How to use an electronic signature on a flash drive. Copying using CryptoPro CSP. Step-by-step instructions on how to copy an EDS certificate

How to use an electronic signature on a flash drive. Copying using CryptoPro CSP. Step-by-step instructions on how to copy an EDS certificate

An electronic signature is usually issued either on a flash drive, or on a token, or on a floppy disk. Working with props is easy, regardless of the selected media type: the software interface is clear, and problems in use rarely arise. Convenience and ease of use make electronic signature accessible even to people who do not have technical skills or experience working with complex programs.

Before starting to use the digital signature, the user must make sure that he has all the necessary tools and tools on his PC. These include:

  • crypto provider;
  • private key and digital signature certificate;
  • configured workplace.

A crypto provider is a special software, responsible for cryptographic algorithms. It is necessary to create, verify, encrypt and decrypt digital signatures. The data is stored on an encrypted flash drive, which the crypto provider accesses when performing operations.

Setting up a workplace is one of the most important processes in the preparatory work for using an electronic digital signature. This includes installing a certification authority certificate, as well as setting up and installing a key certificate and a cross-certificate of the Ministry of Telecom and Mass Communications. You also need to configure the browser so that it allows you to carry out all the required operations. This involves installing the necessary plugins and add-ons.

How to use digital signature from a flash drive

Learning to work with a digital signature is not difficult: the process takes only a few minutes and consists of sequentially performing simple steps.

Digital signature setup

Using an electronic signature from a flash drive is not difficult: first, the media must be connected to the computer. When the flash drive is displayed in the system, you need to select “CryptoPro” - “Equipment” - “Configure readers”:

The new window should have menu items such as “All smart card readers” and “All removable drives”:

If for some reason they are missing, then you must:

  • in the “Configure readers” tab, click “Add” and “Next”;

  • in the new window select “All manufacturers”;

  • then select “All smart card readers” and click “Finish”.

The signature is ready to use, and the signing process depends on the type of document.

Signing MS Word documents

In the required file, the user opens:

  • “Information” - “Add digital signature”;

  • selects the generated signature, adds a comment if necessary, and clicks “Sign”;

  • if there are no errors, the system displays the message:

Signing a document through the CryptoPro plugin using a digital signature from a flash drive is similar to the previous method:

  • the user opens the desired document, selects the menu item “File” - “Add digital signature”;

  • then selects the desired signature and adds it to the document, completing the action by clicking “Sign”.

If there are no errors, the plugin will display a message indicating that the document was successfully signed.

Generating a signature for PDF documents also takes place in several stages. On the first one, the user opens the required file, and through the “Tools” panel goes to the “Certificates” section:

Then click on “Sign” and select the area where it will be located:

After this, in the window with a set of digital details, the user selects the required one and clicks “Continue”:

A new window will open with a preview of the electronic signature:

If everything is correct, then the user completes the action through the “Sign” button. After signing the document, if there are no errors, a message indicating the successful completion of the process is displayed.

Using a flash drive as an electronic key

A flash drive can be used as an analogue of an electronic digital signature using a RAM module. Its task is to test each electronic media for compliance with the stored data. Blocking of data or access to the system depends on the results of the scan.

A flash drive used as an electronic key works like this: every successful login to the system starts the process of overwriting the data stored in the backup part. During the next login, the system compares the brand, serial number, backup storage and manufacturer data.

To configure the RAM module you need to:

  • install the libpam_usb.so library and utilities needed to manage the module;
  • insert a flash drive into the USB port, collect and record all information about the media for subsequent user identification;
  • enter a command assigning the name of the flash drive to account user;
  • run a data validation check;
  • give the pam_usb module the right to control the system. If no suitable media is found, the system must prompt you to enter a password and login, or block the login.

The advantages of using this type of media include the ability to store information on a flash drive and quickly log into the system, auto-protection, and the absence of the need to remember a large amount of information.

How to copy digital signature from a flash drive

Despite the fact that the flash drive is reliable, it is recommended to copy the electronic signature from it to the PC registry. You need this in order to have backup copy in case of media failure. This will also save the user from having to carry a flash drive with him everywhere, which will reduce the risk of theft or loss.

How to copy digital signature:

  • via Start/Control Panel/CryptoPro select “Service” and “Copy”;

  • in the window that opens, click “Browse”, select the key container and confirm the action “OK”;

  • Click “Next” and proceed to copying the private key container. In the “Key container name” window, enter the name of the electronic signature. Click “Finish”;

  • In the new window, click “Registry” and “OK”.

Install the copied certificate. For this:

  • in the “Service” tab, select “View certificates”;

  • Go through “Browse” to select a certificate;

  • select the required certificate and confirm the action using “OK” and “Next”;

  • complete the process by successively clicking “Install”, “Yes”, “OK”.

EDS installation is complete. Now you can use the signature both from a flash drive and from a PC.

Why might EP not work?

Typically, working with an electronic signature does not cause problems, however, there are a number of cases when the key certificate stops responding to user actions.

If the private key does not match the public key, then you need to check all closed containers on the PC you are using. The problem may be that the wrong port is selected. If the closed container is selected correctly, and the error repeats, you need to contact the CA to re-issue the electronic signature.

Sometimes, when starting, the system displays an error: certificate isn’t valid. To eliminate it, the digital signature is reinstalled according to the instructions of the CA. Also, sometimes a message appears stating that the electronic signature certificate is not trusted. In this case, the root certificate is reinstalled.

Often the problem in the operation of the electronic signature is related to the expired validity period of CryptoPro. To renew your license, you need to contact CA representatives and get a new key.

If no valid certificate is found on the PC, then you need to reinstall the digital signature and check the validity periods of the keys.

CryptoPro may not see the electronic signature due to the lack of a stable Internet connection, as well as due to an incorrectly installed program.

Less often, a case arises when the plugin does not see the installed and added certificate even after reinstallation. The problem may lie in the CA's certificate revocation list. If a user accesses the Internet through a proxy server, the software does not see reviews in the online directory installed certificate. To troubleshoot the problem, you just need to add this reference book to your PC.

To work with electronic signatures from a flash drive, you must have the following installed on your PC: special means. These include a crypto provider and a customized browser. Documents are signed using CryptoPro plugins, which are released for both MS Office and files PDF format. Flash media can also be used to store the electronic signature key. This is convenient because the user does not need to remember all the data, and login occurs automatically when connecting and checking the flash drive. If there is a need to travel frequently and work with digital signature certificates outside the office or at home, then it is advisable to copy the digital signature certificate from a flash drive to a PC. This will protect against damage, loss or theft of the media, and subsequent restoration of the digital signature.

Can be used if we're talking about about enhanced unskilled signatures.

Kinds EDS, which have the maximum degree of protection, are recorded exclusively on specialized USB devices. Their issuance is provided at all existing certificate points.

Let's look at the flash drive options that people most often try to use for storage means of cryptographic information protection:

  • Unprotected flash drive. Not suitable for storage confidential information due to open access third parties to it.
  • Flash drive with built-in encryption function. The device limits, but does not completely prevent, unauthorized access to keys. The danger arises at the moment of transfer EDS to the computer when signing the document.
  • (token) with a built-in crypto processor. More suitable option for storage EDS. Contains two levels of information protection that are activated at the time of recording EDS and contacting her during the signing process. Signature, recorded on such a storage medium cannot be illegally changed, but the possibility of its theft at the time of transfer to computer software remains.
  • USB device with built-in shaping function EDS. This type flash drives is a kind of minicomputer - the document to be signed is submitted to the “input” of the device and signed inside it. Such a token is maximally protected from unauthorized access, because signature is not extracted from it. Loading signatures on external devices is not required for its use.

How to write digital signature to a flash drive from another storage medium? Take advantage of opportunities special program CryptoPRO CSP.

Let's give brief instructions to rewrite the certificate:

  • A clean one is inserted into the computer flash drive for digital signature and carrier signatures.
  • The CryptoPRO CSP program is being launched.
  • In the program menu that opens, select the “Service” tab, then press the “ Copy».
  • Specifies the path to the certificate EDS in the “Overview” menu tab, the selection is confirmed by pressing the “OK” button.
  • If the system asks for a password, you must enter it. The default number sequence is 12345678.
  • Assigns a name to the new copy signatures and by clicking the “Finish” button, preparation for copying is completed.
  • In the dialog box that opens, select a new flash drive and after clicking the “OK” button, enter the password for the copy EDS. You can leave the same password to avoid confusion with access codes or choose a new combination of characters.

How to transfer digital signature from flash drive to flash drive? Simply copy the certificate folder and paste it onto the new media. Take precautions when carrying EDS to a new device!

Using a flash drive as an electronic key

A key is the most accessible method of protecting a computer from access by unauthorized persons. A USB device is a modern analogue of a dongle. How to make an electronic key from a flash drive?

One way is to use a RAM module, whose task is to test each device inserted into the computer. flash drives for compliance with the information stored in the system and, depending on the result of the check, open the login to the system or block it.

Electronic key flash drive works as follows: with each successful login to the system, the information stored in its backup part is overwritten.

The next time you try to log in, the system will compare the credentials flash drives- its serial number, brand, manufacturer and data from the backup part of the USB device.

The module is configured as follows:

  • The libpam_usb.so library and the utilities necessary to manage the module are installed.
  • A flash drive is inserted into the USB port - the future key. Using a special command, the module collects all information about flash drive and recording service information on it for subsequent identification of the user.
  • Enter a command attaching a name flash drives to a specific account.
  • A check is started to check the correctness of the data entered into the system.
  • The pam_usb module is given the right to control the system until the key is used. If no suitable flash drives, the system may prompt you to enter your login and password or, according to established settings, block the entrance to it.

Usage flash drives as a key, it does not provide for placing logins and passwords on it, or means of cryptoprotection of information.

Select digital signature

In addition to convenience, such a key storage provides the user with the following benefits:

  • No need to remember a large amount of information.
  • Possibility of use flash drives as a means storage information.
  • Ensuring quick login.
  • Console auto-protection. When removed from the USB port flash drives work on the computer is automatically blocked.

The article provides answers to the questions: “What does an electronic signature look like”, “How does an electronic signature work”, discusses its capabilities and main components, and also provides a visual step-by-step instruction for the process of signing a file with an electronic signature.

What is an electronic signature?

An electronic signature is not an object that can be picked up, but a document requisite that allows you to confirm that the digital signature belongs to its owner, as well as record the state of information/data (presence or absence of changes) in electronic document from the moment of its signing.

For reference:

The abbreviated name (according to Federal Law No. 63) is EP, but more often they use the outdated abbreviation EDS (electronic digital signature). This, for example, facilitates interaction with search engines on the Internet, since EP can also mean an electric stove, a passenger electric locomotive, etc.

According to the legislation of the Russian Federation, a qualified electronic signature is the equivalent of a handwritten signature that has full legal force. In addition to qualified digital signatures, there are two more types of digital signatures available in Russia:

- unqualified - ensures the legal significance of the document, but only after the conclusion of additional agreements between the signatories on the rules for the use and recognition of digital signatures, allows you to confirm the authorship of the document and control its immutability after signing,

- simple - does not give the signed document legal significance until additional agreements are concluded between the signatories on the rules for the use and recognition of digital signatures and without complying with the legally established conditions for its use (a simple electronic signature must be contained in the document itself, its key must be used in accordance with the requirements of the information system, where it is used, etc. in accordance with Federal Law-63, Article 9), does not guarantee its invariance from the moment of signing, allows you to confirm authorship. Its use is not permitted in cases related to state secrets.

Electronic signature capabilities

For individuals, digital signature provides remote interaction with government, educational, medical and other information systems through the Internet.

An electronic signature gives legal entities permission to participate in electronic trading, allows you to organize legally significant electronic document management (EDF) and submit electronic reporting to regulatory authorities.

The opportunities that digital signature provides to users have made it an important component Everyday life both ordinary citizens and company representatives.

What does the phrase “an electronic signature has been issued to the client” mean? What does the digital signature look like?

The signature itself is not an object, but the result of cryptographic transformations of the document being signed, and it cannot be “physically” issued on any medium (token, smart card, etc.). Also, it cannot be seen, in the literal sense of the word; it does not look like a pen stroke or a figurative imprint. About, what does an electronic signature “look like”, We'll tell you a little below.

For reference:

A cryptographic transformation is an encryption that is built on an algorithm that uses a secret key. The process of restoring the original data after cryptographic transformation without this key, according to experts, should take longer than the validity period of the extracted information.

Flash media is a compact storage medium that includes flash memory and an adapter (USB flash drive).

A token is a device whose body is similar to that of a USB flash drive, but the memory card is password protected. The token contains information for creating an electronic signature. To work with it, you need to connect to the USB connector of your computer and enter a password.

A smart card is a plastic card that allows you to carry out cryptographic operations using a built-in microcircuit.

A SIM card with a chip is a card mobile operator, equipped with a special chip, onto which a java application is securely installed at the production stage, expanding its functionality.

How should we understand the phrase “an electronic signature has been issued,” which is firmly entrenched in the colloquial speech of market participants? What does an electronic signature consist of?

The issued electronic signature consists of 3 elements:

1 - a means of electronic signature, that is, necessary for the implementation of a set of cryptographic algorithms and functions technical means. This can be either a cryptoprovider installed on a computer (CryptoPro CSP, ViPNet CSP), or an independent token with a built-in cryptoprovider (EDS Rutoken, JaCarta GOST), or an “electronic cloud”. You can read more about digital signature technologies associated with the use of the “electronic cloud” in the next article Single portal Electronic signature.

For reference:

A crypto provider is an independent module that acts as an “intermediary” between operating system, which, using a certain set of functions, controls it, and a program or hardware complex that performs cryptographic transformations.

Important: the token and the qualified digital signature on it must be certified by the FSB of the Russian Federation in accordance with the requirements of Federal Law No. 63.

2 - a key pair, which consists of two impersonal sets of bytes generated by an electronic signature tool. The first of them is the electronic signature key, which is called “private”. It is used to form the signature itself and must be kept secret. Placing a “private” key on a computer and flash media is extremely unsafe; on a token it is somewhat unsafe; on a token/smart card/sim card in a non-removable form is the most secure. The second is the electronic signature verification key, which is called “public”. It is not kept secret, is uniquely tied to the “private” key and is necessary so that anyone can verify the correctness of the electronic signature.

3 - EDS verification key certificate issued by a certification center (CA). Its purpose is to associate an anonymized set of bytes of a “public” key with the identity of the owner of the electronic signature (person or organization). In practice, this looks like this: for example, Ivan Ivanovich Ivanov (an individual) comes to the certification center, presents his passport, and the CA issues him a certificate confirming that the declared “public” key belongs to Ivan Ivanovich Ivanov. This is necessary to prevent a fraudulent scheme, during the deployment of which an attacker in the process of transmitting “open” code can intercept it and replace it with his own. This will give the criminal the opportunity to impersonate the signer. In the future, intercepting messages and making changes, he will be able to confirm them with his digital signature. That is why the role of the electronic signature verification key certificate is extremely important, and the certification center bears financial and administrative responsibility for its correctness.

In accordance with the legislation of the Russian Federation, there are:

— “electronic signature verification key certificate” is generated for an unqualified digital signature and can be issued by a certification center;

— “a qualified electronic signature verification key certificate” is generated for a qualified digital signature and can only be issued by a CA accredited by the Ministry of Communications and Mass Communications.

Conventionally, we can indicate that electronic signature verification keys (sets of bytes) are technical concepts, and a “public” key certificate and a certification authority are organizational concepts. After all, the CA is a structural unit that is responsible for matching “public” keys and their owners within the framework of their financial and economic activities.

To summarize the above, the phrase “an electronic signature has been issued to the client” consists of three components:

  1. The client purchased an electronic signature tool.
  2. He received a “public” and “private” key, with the help of which the digital signature is generated and verified.
  3. The CA issued the client a certificate confirming that the “public” key from the key pair belongs to this particular person.

Security issue

Required properties of signed documents:

  • integrity;
  • reliability;
  • authenticity (authenticity; “non-repudiation” of the authorship of information).

They are provided by cryptographic algorithms and protocols, as well as software and hardware-software solutions based on them for generating an electronic signature.

With a certain degree of simplification, we can say that the security of an electronic signature and the services provided on its basis is based on the fact that the “private” keys of the electronic signature are kept secret, in a protected form, and that each user responsibly stores them and does not allow incidents.

Note: when purchasing a token, it is important to change the factory password, so no one will be able to access the digital signature mechanism except its owner.

How to sign a file with an electronic signature?

To sign a digital signature file, you need to complete several steps. As an example, let's look at how to put a qualified electronic signature on a trademark certificate of the Unified Electronic Signature Portal in .pdf format. Need to:

1. Right-click on the document and select the crypto provider (in this case CryptoARM) and the “Sign” column.

2. Walk the path to dialog boxes crypto provider:

At this step, if necessary, you can select a different file to sign, or skip this step and go directly to the next dialog box.

The Encoding and Extension fields do not require editing. Below you can choose where the signed file will be saved. In the example, a document with digital signature will be placed on the desktop.

In the “Signature Properties” block, select “Signed”; if necessary, you can add a comment. The remaining fields can be excluded/selected as desired.

Select the one you need from the certificate store.

After checking that the “Certificate Owner” field is correct, click the “Next” button.

In this dialog box, the final check of the data required to create an electronic signature is carried out, and then after clicking on the “Finish” button, the following message should pop up:

Successful completion of the operation means that the file has been cryptographically converted and contains requisites that record the immutability of the document after it is signed and ensure its legal significance.

So, what does an electronic signature on a document look like?

For example, we take a file signed with an electronic signature (saved in .sig format) and open it through a crypto provider.

Desktop fragment. Left: file signed with digital signature, right: crypto provider (for example, CryptoARM).

Visualization of the electronic signature in the document itself when opening it is not provided due to the fact that it is a requisite. But there are exceptions, for example, an electronic signature of the Federal Tax Service when receiving an extract from the Unified State Register of Legal Entities/Unified State Register of Individual Entrepreneurs via online service conditionally displayed on the document itself. The screenshot can be found at

But how in the end EDS “looks”, or rather, how is the fact of signing indicated in the document?

By opening the “Manage signed data” window through the crypto provider, you can see information about the file and signature.

When you click on the “View” button, a window appears containing information about the signature and certificate.

The last screenshot clearly demonstrates what does the digital signature look like on a document?"from within".

You can purchase an electronic signature at.

Ask other questions on the topic of the article in the comments, the experts of the Unified Electronic Signature Portal will definitely answer you.

The article was prepared by the editors of the Unified Electronic Signature Portal website using materials from SafeTech.

When using the material in full or in part, a hyperlink to www..

If the electronic signature was issued to the PC registry, then you can copy it to a medium using the following instructions.

Step 1. Open CryptoPro and go to the “Service” tab, then click on the “Copy” button as shown in the instructions.

Step 2. In the window that appears, click the “Browse” button to select the electronic signature container you need to copy.

Step 3. In the list of existing containers that appears, select the container you need, which you need to copy to the media and click the “OK” button.

Step 4. Confirm the action by clicking the “Next” button in the window that appears

Step 5. In the window that appears, specify the name of the new container that will be created on the media. The name in the field is entered automatically, so you can simply leave it unchanged. Click the "Done" button.

Step 6. A media selection window will appear. Select the desired medium from the list to which you want to copy the electronic signature. In order to understand which media to select from the list, look at the “Inserted media” field: it will either say “Media is missing,” which means you have selected a non-existent media, or the media name will appear similar to the name in the screenshot. Select and click OK.

Step 7. After you select the media, a window will appear to enter the PIN code for the new electronic signature container. We recommend entering the standard PIN code “12345678”, because... clients often forget or lose their PIN codes, after which the electronic signature has to be reissued. You can set your (different) PIN if you are sure that you will not lose it. After entering the PIN code, click the "OK" button.

Ready. Now the electronic signature container has been copied to the selected medium and you can use it.

If you don’t want to understand these details, we will help. You can even call our engineer to your office.



Popular in the category:
How to create a karaoke clip on a computer?
How to create a karaoke clip on a computer?
read
The Origin app is required for the game, but it is not installed. FIFA 16 requires Origin.
The Origin app is required to play, but it is not installed FIFA...
read
Registering a personal page on the social network Facebook
Registering a personal page on the social network Facebook
read
How to Run a Simple Nmap Nmap Scan
How to Run a Simple Nmap Nmap Scan
read

Latest Articles
How to rotate an image a few degrees...
read
Disabling advertising in Yandex browser Where...
read
Troubleshooting Wi-Fi connection problems on...
read
Change password on Windows 10 profile
read
Instructions for setting up wireless routers...
read
How to choose a hard drive and which one is better to buy...
read
Meizu for dummies. Calls and address book....
read
Download PDFMaster program
read
Top