Cryptographic operations, such as creating an electronic signature or decrypting a file, require access to the user's keys and personal data (for example, to a store of personal certificates). When performing such operations by web applications (using the CryptoPro EDS Browser plug-in), the plugin asks the user for permission to access his keys or personal data.
The user's permission will be requested when activating the CryptoPro EDS Browser plug-in objects.
Trusted Web sites (for example, those on your organization's intranet) can be added to the Trusted Web Sites list. Websites on the trusted sites list will not ask for user confirmation when opening the certificate store and performing operations on the user's private key.
Managing the list of trusted websites on Windows platforms
To manage the list of trusted websites in the CryptoPro EDS Browser plug-in, the user must run Start -> Crypto-Pro -> EDS settings Browser plug-in. This page is part of the CryptoPro EDS Browser plug-in distribution.
A computer or domain administrator can also manage the list of trusted websites for all users through Group Policy. The setting is carried out in the group policy console in the section Computer Configuration/User Configuration -> Administrative Templates -> Crypto-Pro -> CryptoPro EDS Browser plug-in. The following policies are available to the administrator: List of trusted hosts. Specifies the addresses of trusted nodes. Web sites specified through this policy are considered trusted in addition to those that the user adds independently through the settings page of the CryptoPro EDS Browser plug-in.
The page saves for a specific user
HKEY_USERS\
The policy is saved in the appropriate section for policies:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Crypto-Pro\CadesPlugin\TrustedSites
Managing the list of trusted websites on Unix platforms
To manage the list of trusted websites in the CryptoPro EDS Browser plug-in on Unix platforms, use the /etc/opt/cprocsp/trusted_sites.html page, which is part of the CryptoPro EDS Browser plug-in distribution.
Also, to view the list of trusted websites, you can use the command:
/opt/cprocsp/sbin/
To add websites (for example, http://mytrustedsite and http://myothertrustedsite) to the trusted list, you can use the command:
/opt/cprocsp/sbin/
To clear the list of trusted websites, you can use the command:
/opt/cprocsp/sbin/
Adding sites to the list of trusted sites for all users is available using the command
/opt/cprocsp/sbin/
Electronic security in the modern world is of particular importance, as there are securities, intellectual property and other valuables in the network. To protect your information, confirm the right to data ownership or verify the electronic signature (ES) in the Yandex browser, there is an extension CryptoPro EDS Browser Plug-in. It simplifies the use of low-level signatures, with the plugin creating and viewing ES is simple and safe. Without fail, the add-on is used on the websites of financial structures, for example, when entering the foreign trade office on the website of the Customs Service.
The CryptoPro plugin is supported in Yandex browser and any other web browser (only modern ones) that support dynamic JavaScript code. Available for most popular platforms:
- Linux - LSB 3.1 or later
- Windows 2000 (provided that SP4 and IE0 are installed) and higher;
- iOS 6 and Mac OSX 10/7 and newer;
- Solaris - from version 10;
- AIX 5-7;
- FreeBSD from 7.
Almost every computer meets the listed requirements, rarely there are any problems with system components.
Why is the CryptoPro extension used in Yandex browser?
The main task is to work with signatures. Installing CryptoPro Extension for CAdES Browser helps you achieve the following goals:
- User identification;
- Creation of a certificate with public keys;
- Formation of the ES register;
- EDS management with public keys;
- Certificate owners can generate and manage keys.
What are signatures installed in CryptoPro EDS Browser Plugin for Yandex browser:
- Any electronic documents;
- Information entered into the submission forms;
- Files that the user uploaded to the server from a PC;
- Messages in text form.
The CryptoPro plugin is mainly used in secure systems, such as Internet banking or similar resources that are responsible for processing money or important documents. After installing the signature, there will be no doubt that the owner performed the necessary operations with his own hands. Less often, you need to use the CryptoPro add-on for Yandex browser on client portals or while accessing the Internet from a corporate network.
From the side of the CryptoPro center, a number of useful actions will be performed:
- Generation of own identifiers of both private and public type. Supports encryption function;
- Creates a request to issue a new certificate on the local network;
- Performs registration of requests in electronic form in the "Registration Center of the CA".
- Filling in the digital signature using public keys according to the X.509 standard of the third version and RFC 3280. Centralized certification of certificates helps to record the key and attribute to it for each user;
- All registered users are sent information about revoked certificates.
How to install the CryptoPro add-on?
Installing the CryptoPro module is relatively simple, but the method is slightly different from the standard algorithm of actions. After installing the extension, you must separately install the program of this developer.
How to install:
If CryptoPro CSP was installed earlier, then when installing the extension, the plugin icon will be without a red cross and an inscription will appear that the extension has been successfully installed and working.
The above actions are enough to start using the module, but some users complain that the plugin does not start or it is not possible to open a page that requires the extension.
Why does the CryptoPro plugin not work in Yandex browser?
If the Yandex web browser does not respond to the EDS in any way after installing the plug-in, some of the functions of banking systems will not be available.
Causes of failures and ways to restore work:
- The CryptoPro CSP program is not installed - the most common cause of failure. You can download the file from the link;
- The PC has not been restarted. Despite the notification after installation, it is often forgotten to restart the computer;
- Install the plugin on a clean browser. Before installing the add-on, it is worth deleting the cache from the web browser. Click Ctrl+Shift+Del, in the line "Delete entries" select "For all time" and be sure to check the box next to "Files saved in the cache";
- Inactive extension. If by chance the plugin was deactivated, it becomes clear why nothing happens. It is easy to check the situation by clicking on "Yandex Browser Settings" and selecting "Add-ons". The CryptoPro plugin is located in the "From other sources" column;
- The resource is not in the list of trusted sites. To add the site to the exceptions, you need to find the installed program "Crypto-Pro" in the system (preferably through the search) and select "Settings CryptoPro EDS Browser Plug-in". In the column "List of trusted nodes" enter the domains and subdomains of the site.
If opening the file from the last paragraph does not work, you should right-click on the program and select "Open with ...", where we select Internet Explorer.
Most likely the reason why the plugin does not work is user carelessness, but this is easy to fix. After completing the above steps, the CryptoPro EDS Browser Plug-in extension will start working properly in Yandex browser and any browser based on Chromium.
The rules for installing the CryptoPro CSP plugin in Mozilla Firefox differ depending on the browser version - 52 and higher, or older.
Mozilla Firefox version below 52
To sign documents in Mozilla Firefox:
- Turn off automatic updates. To do this, go to "Menu" ⇒ "Settings" ⇒ "Additional" ⇒ "Updates" (Fig. 1).
- Install version 51.0.1 from Mozilla Firefox official website.
To install the CryptoPro Browser plug-in, follow these steps:
- Download the installer from the official website of the Crypto-Pro company www.cryptopro.ru/products/cades/plugin and run the executable file.
2. In the CryptoPro Browser plug-in installation window, click the "Yes" button (Fig. 2-a).
Rice. 2-a. Installing CryptoPro Browser plug-in 3. Wait for the installation to complete (Fig. 2-b).
Rice. 2b. Installing CryptoPro Browser plug-in 4. Click the "OK" button and restart the Internet browser (Fig. 2-c).
Rice. 2-in. Installing CryptoPro Browser plug-in Important
After installing CryptoProBrowser plug- init is necessary to check whether the add-on for working with the electronic signature CryptoPro EDS Browser plug-in for browsers is installed in the browser.
5. Open the browser, press the "Browser menu" button, select the "Add-ons" section (Fig. 3).
Rice. 3. Browser menu 6. Open the "Plugins" tab. Opposite the plugin "CryptoPro CAdES NPAPI Browser Plug-in" in the drop-down menu, select the option "Always enable" (Fig. 4).
Rice. 4. Add-ons management 7. Restart your browser.
Mozilla Firefox version 52 and above
To install CryptoPro Browser plug-in follow the steps:
- Follow the link www.cryptopro.ru/products/cades/plugin , then select "browser extension" (Fig. 5).
Rice. 5. CryptoPro website
2. Click "Allow" (Fig. 6).
Rice. 6. Request resolution
3. Click "Add" (Fig. 7).
In recent years, most of the workflow has moved to the field of remote service via the Internet, while paper media are gradually being replaced by electronic virtual counterparts. The most popular software product "Crypto Pro", with the help of which the confirmation of an electronic digital signature is carried out. But for reliability and reliability, it is necessary to check the “CryptoPro EDS Browser plug-in” plugin and make sure that it is installed correctly on a computer or other electronic device.
The nuances of the plugin and system requirements
For the normal functioning of all departments, the question arises of ensuring the necessary level of data protection when signing documents, maintaining secrecy and trade secrets. The solution of problems is achieved by the development of special software products and algorithms that encrypt and decrypt the information included in the document, simultaneously confirming its authenticity. These programs are a certified product and cover certain areas of the information field.
The essence of their work is to process documents online using special extensions for all browsers that have JavaScript support. It functions freely on all major operating systems except Android. The plugin allows you to endorse the following types of documents:
- in electronic format;
- files that are downloaded from the user's computer;
- text messages and other types of documentation.
For example, when transferring funds in Internet banking, using the “CryptoPro EDS Browser plug-in” check, you can confirm that the operation comes from the account holder with an active key certificate that is valid at a particular moment. This software checks advanced and conventional electronic CPU. At the same time, there is no need to connect to the Internet when checking, documentation is archived. An electronic signature can be:
- attached, that is, added to the approved documents;
- separated ES, that is, created separately.
The software product "CryptoPro EDS Browser plug-in" is distributed free of charge and can be downloaded from the official website. The plug-in is checked on the user's computer.
Software installation
The installation process is simple. You should go to the official portal cryptopro.ru/products/cades/plugin/get_2_0. Upload specifying where the cadesplugin.exe boot file will be saved. Run the program.
Important! Plugin launch is not available for regular users. You need to have administrator rights.
Upon successful completion, a corresponding notification will be displayed on the monitor screen.
But this message is not a guarantee of correctness in work. It will be necessary to carry out additional configuration and verification of the Browser plug-in EDS, depending on the type of browser used. For correct operation, the installed program must be restarted, in some cases with a complete reboot of the computer.
Advice! In whatever browser the program is used, after installation, you should always restart it.
Features of the installation process
Given that each browser is somewhat different in how it works, the plugin is adapted for each environment.
Attention! If errors are detected before starting work and the program does not create objects, then it is necessary to allow launching independently for specific sites or pages that the user often visits.
In cases where the plugin is used on specific pages, an appropriate icon is required, which will indicate the possibility of using this extension.
To do this, you need to find the CryptoPro CAdES NPAPI Drowser Plug-in and allow it to be used in automatic mode. This is true for Mozilla Firefox. For Opera and Yandex, the procedure for using the extension is identical.
Find the "Extensions" item in the menu, and load the plugin through it. You can also copy and paste the name of the extension into the appropriate query string. The system will do everything by itself. For the Google Chrome browser, the extension will be found by itself, and the user will have to confirm the installation.
After performing all operations and settings, you must close all windows and tabs, restart the browser again.
What to do if the system "does not detect" the program?
It often happens that when installing the plugin and then trying to work with the EDS, problems appear. A window pops up asking you to install the program. In this case, it is recommended to contact the developers' website in the "Contacts" section to state the essence of the problem and get appropriate recommendations. It is recommended to provide screenshots of all activities. In this case, it will be much easier to identify the problem. If the check was successful, then a corresponding notification appears that the plugin has been loaded.
Software Recommendations
If you have to reinstall an existing plugin, but not working, then you first need to:
- remove it and all unnecessary programs through the "Control Panel";
- clear cache memory;
- re-download the plugin and run it with administrator rights;
- be sure to add all the pages of "Personal Accounts" to trusted nodes.
To verify CAdES-X Long Type 1 signature https://www.cryptopro.ru/sites/default/files/products/cades/demopage/cades_xlong_sample.html
Agree with all pop-ups, if any.
You should see a page that looks like this:
If you see such a window, then go to step 2, if not, then read on.
If you see such a window, it means that CryptoPro CSP is not installed or available, see How to check the installation or install CryptoPro CSP.
If you see such a window, then CAdESBrowserPlug-in is not installed or not available, see How to check if the plugin is installed, How to make sure that the browser is configured correctly.
Step 2
In the Certificate field, select the desired certificate and click Sign.
Note: The Certificate field displays all the certificates installed in the current user's Personal store and the certificates stored in key containers. If there are no certificates in the list or the required one is missing, then you need to insert a key carrier with a private key and .
If after clicking the Sign button you see such a result, it means that you have successfully completed the signature and the CryptoPro EDS Browser plug-in is working normally.
If you get an error, see the Error Information section.
How to check if CryptoPro is installedCSP
You can check if CryptoPro CSP is installed by going to the Control Panel Programs and Features (Add or Remove Programs). You can also see the version of the installed product there:
If CryptoPro CSP has not been installed, then a trial version (for 3 months) can be downloaded from our website (to download the file, you need a valid account on our portal): https://www.cryptopro.ru/sites/default/files/ private/csp/40/9944/CSPSetup.exe
After downloading the .exe file, run it and select "Install (recommended)". The installation will take place automatically.
How to check if CryptoPro EDS Browser plug-in is installed
You can check if the CryptoPro EDS Browser plug-in is installed by going to the Programs and Features control panel (Add or Remove Programs). You can also see the version of the installed product there.
If the CryptoPro EDS Browser plug-in is not installed, then the distribution kit can be downloaded from our website: https://www.cryptopro.ru/products/cades/plugin/get_2_0
Plugin installation instructions: https://cpdn.cryptopro.ru/content/cades/plugin-installation-windows.html
How to make sure the browser extension is enabled
If you are usingGoogleChrome, then you must enable the extension. To do this, in the upper right corner of the browser, click on the icon Customize and manage Google Chrome (three dots) - More tools - Extensions.
Make sure the CryptoPro Extension for CAdES Browser Plug-in is present and enabled. If the extension is missing, reinstall the CryptoPro EDS Browser plug-in or download the extension from the Chrome Web Store: https://chrome.google.com/webstore/detail/cryptopro-extension-for-c/iifchhfnnmpdbibifmljnfjhpiffofog?hl=ru
If you are usingMozillaFirefox version 52 and above, then you need to additionally install a browser extension.
Allow it to install:
Click Add:
Go to Tools-Add-ons-Extensions and make sure the extension is enabled:
If you are usingInternet Explorer, then when you go to a page in which CAdESBrowserPlug-in is embedded, you will see the following message at the bottom of the page:
Click Allow.
In the Access Confirmation window, click Yes:
If you are usingopera, then you need to install the extension from the Opera add-ons directory:
And in the pop-up window, click - Install extension:
In the next window, click - Install:
Or go Menu-Extensions-Extensions:
Click Add extensions and in the search bar type CryptoPro, select our plugin and click Add to Opera. After that, restart your browser.
You can check if the plugin is enabled in Menu-Extensions-Extensions:
If you use Yandex Browser, then you need to go to Options-Settings-Add-ons and make sure that CryptoPro EDS is available and enabled. If the extension is missing, then you can download it from the Directory of extensions for Yandex Browser using the search for the word CryptoPro.
Error Information
1) CryptoPro window appearsCSP Insert Key Media
The appearance of this window means that you have not inserted the media with the private key for the certificate you selected.
You need to insert a key carrier. Make sure the OS "sees" it and try again.
If the previous steps did not help, you need to reinstall the certificate in the current user's Personal store with a binding to the private key. .
2) Failed to generate signature due to error: Unable to build certificate chain for trusted root authority. (0x800B010A)
This error occurs when the status of the certificate cannot be verified (no private key binding, no access to revocation lists or OCSP service), or root certificates are not installed.
Bind the certificate to the private key:
Check if the chain of trust is being built: open the certificate file (you can open it through Start-All Programs-CryptoPro-Certificates-Current User-Personal-Certificates), go to the Certification Path tab. If there are red crosses on this tab, or nothing at all except the current certificate (except if the certificate is self-signed)
Screenshots with examples of certificates that do not have a chain of trust.
To build a chain of trust, you need to download and install root and intermediate certificates. You can download them from the website of the CA that issued the certificate.
If you use a qualified certificate, then try to install these 2 certificates in the trusted root (these are the certificates of the Head CA of the Ministry of Telecom and Mass Communications and from them, if the Internet is available, a chain of trust should be built for any qualified certificate), if it does not help, then contact the CA that issued you the certificate .
To install the downloaded certificate to Trusted Root Certification Authorities, right-click on it - Select - Install Certificate - Current User - Place all certificates in the following store - Browse - Trusted Root Certification Authorities - Ok - Next - Finish - when the security warning appears about installing the certificate - click Yes-Ok. if you are installing an intermediate CA certificate, then select the repository - intermediate CAs.
Important: If you create CAdES-T or CAdES-XLongType 1, an error may occur if the TSP service operator certificate is not trusted, in which case you must install the root certificate of the CA that issued it in Trusted Root Certification Authorities.
3) If the signature is created but the certificate chain verification error is on, it means that there is no access to the lists of revoked certificates.
Lists of revoked certificates can be downloaded from the website of the CA that issued the certificate, after receiving the list it must be installed, the procedure is identical to the procedure for installing an intermediate CA certificate.
4) Error: 0x8007064A
The reason for the error is that the licenses for CryptoPro CSP and/or CryptoPro TSP Client 2.0 and/or CryptoPro OCSP Client 2.0 have expired.
To create a CAdES-BES signature, there must be a valid license for CryptoPro CSP
To create an XLT1, there must be valid licenses for the following software products: CryptoPro CSP, CryptoPro TSP Client 2.0, CryptoPro OCSP Client 2.0
You can view the status of licenses through: Start - All Programs - CRYPTO-PRO - Manage CryptoPro PKI licenses.
Solution: Purchase a license for the desired software product and activate it:
Start - All Programs - CRYPTO-PRO - CryptoPro PKI license management - select the desired software product - open the context menu (right-click) - select the All tasks item select the Enter serial number... - enter the license serial number - click the OK button
5) Keyset does not exist (0x80090016)
Error reason: The browser does not have enough rights to perform the operation - add our site to trusted
6) Access denied (0x80090010)
Error Cause: The private key has expired. Check the validity period Go to Start->All Programs(all applications)->CryptoPro->CryptoPro CSP. Go to the Service tab. Select the Test item, select a container with a private key, and in the test results you will be able to see its validity period. It is recommended to get a new key.
7) Mistake: Invalid algorithm specified. (0x80090008)
This error occurs if you are using a certificate whose algorithm is not supported by your crypto provider.
Example: You have CryptoPro CSP 3.9 installed and the certificate issued according to GOST 2012.
Or if a hash algorithm is used that does not match the certificate.
Also check the relevance of the CryptoPro CSP version.
