Transferring non-exported Crypto-PRO containers
Sometimes it happens that it is necessary to transfer client-bank or other diverse accounting and not-so software from one computer to another. In the case when the cryptographic provider is the cryptographic cryptographic interface Crypto-PRO usually doesn’t cause any problems - the cryptographic cryptographic network has regular tools for copying keys. But everything is not always smooth - in the case when the key container is in the Windows registry, and when the key was generated , the checkmark “Mark the key as exported” was not ticked then when trying to copy somewhere, this Crypto-PRO key will swear and will not copy the key .
There is a very simple way out of this situation - unload the HKLM \ SOFTWARE \ CryptoPro \ Settings \ Users \ {SID} \ Keys \ registry branch (in x64 operating systems, the containers are in HKLM \ SOFTWARE \ Wow6432Node \ CryptoPro \ Settings \ Users \ {SID} \ Keys \ ), and on the PC where you need to import, we look at the bitness of the OS \ SID of the user, edit the .reg file with the notepad (change the SID and, if necessary, the path to the final branch), and import it into the registry.
Also, this method is very convenient to backup and clone keys when there are a lot of them (for example, in outsourced accounting).
PS Do not forget to install certificates from crypto containers in “Personal” after the transfer.
Addition from Ghool
In the crypto pro on the containers you can put a pin code.
And also when you enter this pin-code, you can put a tick "save" - ​​and in the future it will not have to enter.
Sometimes after this pin-code is safely forgotten (which happened in our company).
')
When copying by the above method, the container remains protected by a pin code - but the “saving” of this pin code is not transferred to a new computer.
What can be done in this case?
If the source computer is still alive - go to the control panel -> CryptoPro CSP -> Service -> Copy
Select the desired container (button “review” or “by certificate”, as it is easier to find) -> Next -> enter the name of the new container -> next -> set the new password on it. Or do not install.
And after that we already copy the registry branch to the new computer.
By the way, in order not to suffer with the SID substitution - you can copy the certificates into the container of the computer and not the user, then they will be stored here:
Win32
HKLM \ SOFTWARE \ CryptoPro \ Settings \ Keys \
Win64
HKLM \ SOFTWARE \ Wow6432Node \ CryptoPro \ Settings \ Keys \
There is a very simple way out of this situation - unload the HKLM \ SOFTWARE \ CryptoPro \ Settings \ Users \ {SID} \ Keys \ registry branch (in x64 operating systems, the containers are in HKLM \ SOFTWARE \ Wow6432Node \ CryptoPro \ Settings \ Users \ {SID} \ Keys \ ), and on the PC where you need to import, we look at the bitness of the OS \ SID of the user, edit the .reg file with the notepad (change the SID and, if necessary, the path to the final branch), and import it into the registry.
Also, this method is very convenient to backup and clone keys when there are a lot of them (for example, in outsourced accounting).
PS Do not forget to install certificates from crypto containers in “Personal” after the transfer.
Addition from Ghool
In the crypto pro on the containers you can put a pin code.
And also when you enter this pin-code, you can put a tick "save" - ​​and in the future it will not have to enter.
Sometimes after this pin-code is safely forgotten (which happened in our company).
')
When copying by the above method, the container remains protected by a pin code - but the “saving” of this pin code is not transferred to a new computer.
What can be done in this case?
If the source computer is still alive - go to the control panel -> CryptoPro CSP -> Service -> Copy
Select the desired container (button “review” or “by certificate”, as it is easier to find) -> Next -> enter the name of the new container -> next -> set the new password on it. Or do not install.
And after that we already copy the registry branch to the new computer.
By the way, in order not to suffer with the SID substitution - you can copy the certificates into the container of the computer and not the user, then they will be stored here:
Win32
HKLM \ SOFTWARE \ CryptoPro \ Settings \ Keys \
Win64
HKLM \ SOFTWARE \ Wow6432Node \ CryptoPro \ Settings \ Keys \
Source: https://habr.com/ru/post/161361/
All Articles