Installation of the ViPNet CSP cryptoprovider program. Installing the ViPNet CSP cryptoprovider program Vipnet key container name extension

5.Obtaining a certificate and private key

The procedure for obtaining and putting into effect a private key and certificate^

In order to obtain and put into effect a new certificate or update an existing one, you need to:

1 Generate a certificate request file in the program Creating a certificate request

3 Submit the file with the request to the administrator of the Certification Center (by email or another method accepted in your organization) and wait for the certificate to be received.

4 Install the received certificate into the container

5 Install the received certificate, as well as the certificates of issuers and

Creating a certificate request and generating a private key

To create a request for a new certificate or to update an existing one:

1 On the menu Start select All programs> ViPNet> ViPNet CSP > Creating a certificate request.

2 Choose one of the following actions:

Request a new certificate - to create a request for a new certificate.

Request a renewal of a valid certificate - to update an existing one. When creating a certificate renewal request:

In the window Certificate renewal select the certificate you want to update and click OK.

If you need to select another certificate or view the selected certificate, use the buttons Select certificate And Selected certificate.

If necessary, specify new certificate parameters and owner information or leave the details of the previous certificate.

3 In chapter Certificate options specify the following parameters:

On the list Purpose select the actions you want to perform using the certificate:

Signature and encryption(default), if you need to generate a key and certificate to encrypt messages and protect them using electronic signature.

Signature, if you need to generate a key and certificate only for signing messages and documents with an electronic signature.

Encryption, if you need to generate a key and certificate only to encrypt messages Email and documents.

On the list Certificate template select one of the options:

Qualified ViPNet CSP(by default) - to create a request for a qualified certificate in which you can specify the attributes of OGRNIP (main state registration number of an individual entrepreneur), SNILS (insurance number of an individual personal account), TIN (taxpayer identification number), OGRN (main state registration number) .

Reporting- to create a request for a certificate with which you can sign documents generated for submitting financial statements.

Standard- for all other cases.

4 In chapter Certificate owner information indicate the necessary information about the person for whom the certificate request is being generated.

5 In chapter Saving a request to a file click Review and specify the disk or removable media location and file name to save the request file.

6 Click the button Create a request. This button appears after all required fields have been filled in.

7 In the window that appears ViPNet - initializing the key container please indicate:

Container name or leave the default value.

Placement by setting the switch to one of the following values: Folder on disk or Select device.

8 In the window, set a password to protect the private key.

9 Follow the instructions on the window Electronic roulette.

10 In the message box that the certificate request file was successfully created, click OK.

11 After creating the request file, the browser page Certification Service can be closed

Using signing keys from ViPNet programs CryptoService

To use ViPNet CryptoService user signing keys in the ViPNet CSP program, follow these steps:

1 In the ViPNet CryptoService program window, click the button Security Settings.

2 In the window Configuring Security Settings open the tab Keys.

3 In Group Signature click the button Postpone.

4 In the window, click the button Review and specify the folder or removable media, to which you want to move the container.

5 In the window ViPNet CSP - initializing the key container click the button OK, the container will be moved to the specified folder.

6 Copy the container to the computer on which ViPNet CSP is installed.

7 Install the container in ViPNet CSP

6.Installation of containers and certificates

Methods for installing the private key and certificate

To get started with electronic signature mechanisms, follow these steps:

Install the private key container:

If private key and the certificate are in the same container and placed in a folder on the disk, see section Installing a container from a folder

If the private key and certificate are in the same container and hosted on an external device

If the certificate was issued by a certificate authority upon request, and as a result there is a private key container and a separate certificate file,

Install the public key certificate into the system store

Install issuer certificates and certificate revocation list (CRL) to the system store

Installing a container from a folder

To install a container on the system from a folder on disk:

1 In the program window ViPNet CSP Choose a section Containers.

2 In chapter Containers click the button Add.

3 In the window ViPNet CSP - initializing the key container click the button Review.

If the container is stored on a hard drive, the window Browse folders specify the path to the folder containing the container.

If the container is stored on a removable flash drive, the window Browse folders indicate this removable drive. In field Folder on disk The path will be automatically substituted, for example E:\Infotecs\Containers.

4 From the list Container name select a container file or leave the default value.

5 Click OK. In the window Key container A message will appear indicating that the container was successfully added and a proposal to install the certificate in the store. To work with certificates, they must be installed in the current user's storage.

6 After installing (or uninstalling) the certificates in the store, the added container will appear in the list of available containers.

Installing a certificate in a container

To install a certificate into a container, follow these steps:

1 In the program window ViPNet CSP Choose a section Containers

2 In chapter Containers select the container where you want to install the certificate and click the button Properties or double-click the desired container.

3 In the window Key container properties click the button Add

4 In the window Open specify the certificate file that matches the private key in the container and click the button Open. If a valid certificate is specified, it will be added to the container, otherwise a "Key not found" message will appear.

Installing a user certificate into the system store

Installing a certificate not added to the container

If the certificate has not yet been added to the container, follow these steps to install the certificate in the system store:

1 In the ViPNet CSP program window, select the section Containers

2 In chapter Containers click the button Install certificate from file.

3 In the window Open specify the path to the certificate file on disk

4 On the Welcome page of the Certificate Installation Wizard, click Further.

5 On the page Selecting a certificate store indicate in which storage your certificate will be installed and click the button Further.

6 On the page Ready to install certificate:

Check that the selected parameters are correct. If necessary, return to the previous wizard page using the button and select other options

7 If checkbox Specify key container installed and the container is not found or is inaccessible, in the window that appears ViPNet CSP – initialization of the key container specify the location of the key container:

folder on disk

device indicating its parameters and PIN code

After that, click the button OK.

8 In the confirmation window, click the button Yes to add the certificate to the key container, or button No to leave the certificate as a separate file.

9 If checkbox Specify key container installed and the container is available, in the window that appears ViPNet CSP – key container password in field Password enter the container access password, then click the button OK.

10 On the page Completing the Certificate Installation Wizard click the button Ready.

7.Operations with containers

Creating a container backup

1 In the program window ViPNet CSP open the section Containers.

2 In chapter Containers select the container to transfer and click the button Copy.

3 In the window ViPNet CSP - key container password set and confirm the password that will be used to access the copy being created container

4 In the window ViPNet CSP - initializing the key container specify a new name for the container and its location. You can copy the container to a folder on disk or to an external device

5 In the window ViPNet CSP - key container password Enter the password (or PIN if the container is on an external device) to access the container you want to create a copy of.

6 A copy of the container will appear in the list of containers and in the specified folder (or on the device).

Removing a container

1 In the program window ViPNet CSP Choose a section Containers

2 In chapter Containers select the container you want to delete and click the button Delete.

3 To confirm deleting the container, in the window that opens, click the button OK.

The container will be removed from the list of containers and from the folder or external device where it is stored.

Viewing and setting container properties

Changing the container password

To change the password for a container in a folder on disk:

1 In the program window ViPNet CSP Choose a section Containers

2 In chapter Containers select the container for which you want to change the password and click the button Properties or double-click on the desired container.

3 In the window Key container properties click the button Change password.

4 In the window Password enter the current container access password and click the button OK.

5 In the window ViPNet CSP - key container password please indicate New Password in the fields enter password And Confirmation. Click the button OK.

The container access password has been changed.

8.Working with external devices

View a list of connected devices

1 In the program window ViPNet CSP open the section Devices

2 On the list Connected devices select the desired device.

3 On the list Key containers on the device select a container.

To view the properties of the selected container, click the button View

To remove a container from your device, click the button Delete.

Configuring the list of polled devices

By default, ViPNet CSP searches for all supported device types. To reduce the time it takes to find the required electronic key, disconnect unused devices:

1 In the program window ViPNet CSP open the section Configuring the list of polled devices.

2 Uncheck the boxes next to device types that you are not using.

Initializing the device

Initialization is the formatting of the device memory. During the initialization process, all data stored on the device is deleted. The password and other device settings are reset.

To initialize a connected device:

1 In the program window ViPNet CSP open the section Devices

2 Select a device from the list Connected devices.

3 Click the button Initialize. A warning will appear indicating that all data on the device will be lost during initialization.

4 In the warning window, click Yes. A window will open Initialization.

5 In the window Initialization:

In field Enter your administrator PIN Enter your device administrator PIN.

In field Enter new user PIN set a PIN code to access the device and confirm it in the field Confirm the new user PIN.

6 Click the button OK.

The device will be initialized. In this case, all data stored on it will be lost. The user's specified PIN will be used to access the device.

Using the Random Number Sensor

To select the random number sensor to use:

1 On the left pane of the window Setting up ViPNet CSP expand the element Devices, then select Random number sensor.

2 On the list Random number sensor installed select one of the options:

Biological- to use “Electronic Roulette” to generate random numbers.

External device (Token) PKCS#11- to use to generate random numbers external device eToken Aladdin or eToken GOST

DSDR- to use a pre-generated sequence of random numbers (gamma). Once you select this option, follow these steps:

Click the button Properties.

In the window Properties click the button Add gamma.

In the window Browsing Directories specify the folder containing the files containing the sequence of random numbers.

A hardware random number sensor installed on a computer.

To save the settings, click the button Apply.

4 To view information about the selected random number sensor, click the button Properties.

To check the functionality of a biological or hardware random number sensor, in the window Properties click the button Test. After the test is completed, the program will display a message about its result.

9. Electronic signature in MS Office documents

Signing the document

Microsoft Office 2003

1 Save the document.

2 On the menu Service select item Options.

3 Select a tab Safety, on the tab click the button Digital signatures.

4 In the window Digital signature click the button Add.

5 A window will open Selecting a certificate with a list of available electronic signature certificates. To view information about a certificate, highlight it and click View certificate.

6 In the window Selecting a certificate highlight the required certificate and click OK. A window will open ViPNet CSP – key container password

7 Enter your password and click OK. The selected certificate will appear in the list Digital document signatures in the window Digital signature.

8 Double click OK, to close dialog boxes. An icon will appear in the status bar of the document window indicating that the document contains an electronic signature.

Microsoft Office 2007

To add an electronic signature to a document Microsoft Word, Excel and PowerPoint:

1 Click the button Microsoft Office, select item Preparation and then click Add a digital signature. A window will open Signing.

2 In the window Signing you can fill in the field Purpose of signing the document Change and select a different certificate.

3 Sign. A window will open

4 Enter your password and click OK. A message will appear indicating that the electronic signature has been successfully added and the document has been saved. An icon will appear in the status bar of the document window indicating that the document contains an electronic signature.

Microsoft Office 2010

To add an electronic signature to a Microsoft Word, Excel and PowerPoint document:

1 Open the tab File and select a section Intelligence.

2 In Group Permissions click the button Protect document, Protect the book or Protect your presentation then select the command Add a digital signature.

3 Read the message in Microsoft Word, Excel, or PowerPoint and click OK. A window will open Signing.

4 In the window Signing you can fill in the field Purpose of signing the document. Below in the same window you will find brief information about the certificate that is supposed to be used to sign the document. If necessary, press the button Change and select a different certificate.

5 After selecting the certificate, click the button Sign. A window will open ViPNet CSP – key container password

6 Enter your password and click OK. A message will appear indicating that the electronic signature was added successfully.

Viewing an electronic signature

1 On the menu Service select item Options.

2 Select a tab Safety, on the tab click the button Digital signatures.

3 In the window Digital signature select the signing certificate and click the button View certificate

Removing an electronic signature

Microsoft Office 2003

To remove an electronic signature from a Microsoft Word, Excel, or PowerPoint document:

1 On the menu Service select item Options.

2 Select a tab Safety, on the tab click the button Digital signatures.

3 In the window Digital signature select the signature to delete. You can view the signing certificate by clicking the button View certificate.

4 After selecting an electronic signature, click Delete. The signature will be removed from the document

13.Organization of a secure TLS/SSL connection

Stages of organizing access to a secure web server

Browser settings Internet Explorer for working via TLS/SSL protocol

As a rule, the default browser settings allow you to work using the TLS/SSL protocol. If the browser settings are different from the original ones or the connection to the server does not occur, follow these steps:

1 On the menu Service Internet Explorer, select Internet Options.

2 IN Internet Options open the tab Additionally.

3 Check the boxes SSL 2.0, SSL 3.0, TLS 1.0.

4 Check the accessibility of the website using the secure HTTPS protocol

14.Problems and malfunctions

Checking the integrity of program modules

To visually control the availability of the necessary libraries:

1 In the left panel of the ViPNet CSP program window, select the element Compound.

2 In the table Executable modules check the library composition.

To check the integrity of libraries:

1 In the ViPNet CSP program window, select the section Compound.

2 In chapter Compound click the button Test.

In this case, the checksums will be recalculated and their compliance with the amounts specified in each module will be checked.

1 Run the installation file Setup.exe.

2 In the window Installing ViPNet CSP use the switch to select Update, then click the button Continue. The program components will begin updating.

3 Once the update is complete, the program will prompt you to restart your computer. In the reboot message window, click Yes.

ViPNet CSP conflict with other programs

To eliminate a conflict between ViPNet software and third-party applications, make changes to the Windows system registry:

1 Press the keyboard shortcut Win+R.

2 In field Open type regedit and click the button OK. A window will open Registry Editor.

3
In the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Infotecs\PatchEngine, set the Flags value to 0.

4 Restart your computer.

There are two options by which an electronic signature can be established:

1. Only the public key signing certificate can be installed into the system, and the signature container (containing the private key) will remain stored on the electronic signature medium. In this case, each time you need to use a signature, you will need to have electronic signature media inserted into your computer.
2. Both the signature container itself (containing the private key) and the public signature key certificate can be copied to the system. In this case, to use the signature, you will not need to insert an electronic signature medium, because the private key is stored on the computer.

We strongly recommend installing only the public key signing certificate! Copying a signature container can potentially lead to a compromise of the electronic signature! The main principle of storing an electronic signature is that only the owner of the signature has access to it. The use of electronic signature media such as a USB token is excellent for this. If an electronic signature is copied and subsequently stored on a computer, it may be compromised, for example, as a result of computer virus, hacking, gaining access to the computer of other persons (both external to the organization and internal).

Preliminary actions

1. Make sure that the electronic signature media driver is installed (for example, RuToken)
2. Launch ViPNet CSP (the launch shortcut is on the desktop)

Make sure that the "Enable support for ViPNet CSP via MS Crypto API" checkbox is present. If it is missing, turn it on.

How to install a public key signing certificate?

1. Insert RuToken into the USB connector and launch ViPNet CSP

2. Go to "Containers" and click the "Add" button

In the window that appears, select "Select a device", enter the pin code of the RuToken device and click OK

If there is a container of electronic signature keys on the RuToken device, a window appears asking you to install a user certificate. If necessary, you can click the "Certificates" button and view the certificate stored in the container. Next, you need to click the “Yes” button, and the certificate will be installed in the system storage.

How to install copied signature container?

1. Insert the USB Flash into the USB connector (or copy the container to a disk folder) and launch ViPNet CSP. If you use USB-Flash, then the container should be in the \Infotecs\Containers folder (for example, d:\Infotecs\Containers\sgn-4D19-6AE0-C8CE-5A55) 2. Go to "Containers" and click the "Add" button

3. Click the Browse button and select the folder containing key container(file like sgn-XXXX-XXXX-XXXX-XXXX, where XXXX is a hexadecimal value)

4. Click OK. If the specified folder actually contained a key container, then ViPNet CSP will offer to install the certificate found in the container into the system storage, and you must click “Yes”

Installing a personal certificate from the deviceeToken. TechnologyVipNetCSP.

Insert the eToken device into the USB port of your computer.

Click the button Add" and select "Select device"

From devices, select the desired eToken, in container name the desired container accordingly. Then click " OK» .

Contacts: 228-28-38 – technical support

Application

Installing drivers for working with the deviceeToken

Open the folder on the eToken drive. Select the distribution that matches your operating system 1:

For 32 bit systems 2 - PKIClient-x32.msi

For 64 bit systems - PKIClient-x64.msi

1 bit depth operating system can be found out as follows. Open the "Start" menu - "Control Panel" - "System". The “System type” field indicates the bit depth of the operating system.

2 Also setup files can be downloaded from the website www. tax. cek. ru in the “Technical Support” - “Download” section, “Additional Software” tab, paragraphs 3.14-3.15

To initialize the container and install the certificate, you must perform the following steps:

1. Open the program ViPNet CSP. To do this, go to the menu Start→All programs→ViPNet CSP→ViPNet CSP.

2. A window will open Key containers. The program will automatically find previously created containers. Select the required container and click the button Properties.

If the container you need is not listed, go to .

3. In the window that opens, click the button Open

4. The certificate will open. Click the button Install certificate.

5. It will start Certificate Import Wizard. Without changing any settings, press successively Next → Next → Done. After this, a window will appear indicating that the certificate import was successful.

The container and certificate are ready to go!

If the required container is not in the list of VipNet CSP containers, in the section Key containers click the button Add container.

7. Click the button Review. The program will prompt you to select the folder in which your key container is located.

8. After selecting a container, a confirmation window will open. You will also be prompted to install the user certificate into the system certificate store; confirm the action by clicking the button Yes.

Note. When moving a key container to another directory, it must be added (initialized) again.