Chrome does not have the cryptopro plugin installed. Configuring trusted nodes for CryptoPro EDS Browser plug-in. Managing the Trusted Sites List on Windows Platforms
Cryptographic operations, such as creating an electronic signature or decrypting a file, require access to the keys and personal data of the user (for example, to the store of personal certificates). When such operations are performed by web applications (using the CryptoPro EDS Browser plug-in), the plug-in asks for the user's permission to access his keys or personal data.
User permission will be requested when activating CryptoPro EDS Browser plug-in objects.
Trusted sites (for example, those on an organization's intranet) can be added to the list of trusted sites. Trusted sites will not prompt the user for confirmation when opening a certificate store and when performing operations with the user's private key.
Managing the Trusted Sites List on Windows Platforms
To manage the list of trusted websites in the CryptoPro EDS Browser plug-in, the user must run Start -> Crypto-Pro -> EDS settings Browser plug-in... This page is part of the CryptoPro EDS Browser plug-in distribution kit.
A computer or domain administrator can also manage the list of trusted sites for all users through Group Policy. Configuration is carried out in the Group Policy Console in the section Computer Configuration / User Configuration -> Administrative Templates -> Crypto-Pro -> CryptoPro EDS Browser plug-in... The following policies are available to the administrator: Trusted sites list... Determines the addresses of trusted hosts. Websites specified through this policy are considered trusted in addition to those that the user adds independently through the CryptoPro EDS Browser plug-in settings page.
The page is saved for a specific user
HKEY_USERS \
The policy saves in the appropriate section for policies:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Policies \ Crypto-Pro \ CadesPlugin \ TrustedSites
Trusted site management on Unix platforms
To manage the list of trusted websites in the CryptoPro EDS Browser plug-in on Unix platforms, use the /etc/opt/cprocsp/trusted_sites.html page, which is part of the CryptoPro EDS Browser plug-in distribution kit.
Alternatively, you can use the command to view the list of trusted sites:
/ opt / cprocsp / sbin /
To add Web sites (for example, http: // mytrustedsite and http: // myothertrustedsite) to the list of trusted sites, you can use the command:
/ opt / cprocsp / sbin /
To clear the list of trusted sites, you can use the command:
/ opt / cprocsp / sbin /
Adding sites to the list of trusted sites for all users is available using the command
/ opt / cprocsp / sbin /
In this article, we will consider how to quickly configure the Yandex browser to work with an electronic signature. The settings below will work if your computer is already configured to work with electronic signature:
- installed crypto provider (CryptoPRO CSP or other);
- the Personal certificate is installed;
- installed root certificates of the Certification Authority, which issued you an electronic signature.
Attention!This article describes the configuration process ONLY for electronic signatures issued using a cryptographic provider CryptoPRO CSP and for hardware keys (Rutoken EDS, JaCarta GOST, etc.). If your electronic signature was issued using a different encryption provider (for example, Vipnet CSP, Lissi CSP, etc.) further settings may damage your operating system! To configure, contact the organization that issued your electronic signature!
Where can I get Yandex Browser?
You can download the Browser from the official developer page: https://browser.yandex.ru/
We will not describe the download and installation process, it is quite simple and straightforward.
Installing components for working with electronic signature
To work with an electronic signature, you need to install the following components:- CryptoPRO CSP;
- CryptoPRO EDS Browser plugin;
- Plugin for the e-government system (only needed to work with the website of the State Services and the Unified Information System of Autonomous Systems).
Since January 1, 2019, CryptoPRO CSP version 4.0 and higher is recommended for use, so we recommend using it. ...
Installation of CryptoPRO CSP is quite simple, any user can handle it - run the downloaded file and then follow the installation wizard.
The current version of CryptoPRO EDS Browser plugin can be downloaded from the manufacturer's website via a direct link: https://www.cryptopro.ru/products/cades/plugin/get_2_0
Installation of CryptoPRO EDS Browser plugin is also quite simple - run the downloaded file and follow the installation wizard.
You will also need to install a browser extension, you can install it from the link: https://chrome.google.com/webstore/detail/cryptopro-extension-for-c/. When the page opens, click "Install", after a couple of seconds the extension will be installed.
The e-government plug-in can be downloaded from the download page: https://ds-plugin.gosuslugi.ru/plugin/upload/Index.spr
When you click on the link, the download of the plugin will start automatically. Plugin installation is also simple, no additional configuration is required.
To work in Yandex Browser, you need to install the extension. To install it, you need to open Yandex Browser and open the link https://chrome.google.com/webstore/detail/ifcplugin-extension/ in it and click the "Install" button. After a couple of seconds, the plugin should be installed.
Turn off unnecessary
Along with some programs (for example, Yandex Browser), additional programs may be installed that may interfere with the normal operation of electronic signatures on some sites.
To avoid problems, we recommend removing such programs as Browser manager , Yandex button on the taskbar , Yandex elements for Internet Explorer ... They are removed using standard MS Windows tools - through the Control Panel - Programs and Features.
Enabling signature settings
The settings for working with electronic signatures are enabled through the browser menu. To do this, we will perform the following actions:Open the browser menu (there is a button with three stripes in the upper right corner of the browser) and select the "Add-ons" item as shown in the picture or in the address bar simply open the browser: // tune page.
In the window that opens with plugins, you need to enable the plugins we need: CryptoPRO EDS and Extension for the Public Services plugin (if necessary).
After enabling the plugins, you must enable the ability to work with a secure TLS connection in accordance with GOST. To do this, go to the browser settings and in the "Network" section, check the "Connect to sites using encryption according to GOST." As indicated in the pictures below.
After enabling these settings, you can start working with an electronic signature on the resource we need without rebooting.
Pay attention! For the secure connection to work correctly, you must turn off the antivirus while working with a signature! This is necessary when working on the FTS website or on the ERUZ website (zakupki.gov.ru). As for the famous Kaspersky antivirus, you have to do it " Output"(shutdown doesn't help)!
Usually setting Yandex Browser it takes our specialists 10-15 minutes to work with an electronic signature. You can contact our paid technical support for help. The cost of setting up an electronic signature in Yandex Browser usually costs 600 rubles!
On some sites, you have to deal with certificates and electronic keys, and at first you have to solve various problems in order for everything to work. This article will focus on the error in the CAdES plugin when it is loaded and objects are not created.
Solving the problem with the plugin
As follows from the content of the error, the CAdES plugin itself seems to be loaded, i.e. he is in the system, but something interferes with his work. Usually the problem occurs in older versions of Firefox up to version 51 (in newer plugins it simply does not work). In this article, an electronic marketplace is taken as an example, and there are three ways to solve the problem.
Method 1: enable plugin for the current site
The inclusion of a plugin only for the current site is justified for security reasons when the browser is used for personal purposes and to open a wide variety of pages. And also if you need to complete the task with electronic keys only once.
Method 2: enable plugin for all sites
If the issue of security is not too worrisome, tk. the computer is used exclusively for work on several sites, you can enable CAdES plugin for all sites. Then it will work immediately after the page is loaded. This can also help in the case when it is impossible to find a dark gray square to enable the plugin.
Method 3: Using a different browser
For some unforeseen reason, the CAdES plugin may still refuse to work. Therefore, another way to fix the error is to use a different browser. Most browsers are based on the Chromium engine, they are all somewhat similar, so let's look at Google Chrome as an example.
Conclusion
As you can see, there are several ways to solve the problem with the plugin not working correctly. Depending on your preferences and circumstances, you can choose the one that suits you best.
On January 1, 2019, a new GOST 34.10-11.12 entered into force, regulating the processes of creating and verifying electronic digital signature (EDS) keys. On the official website of the provider (https://www.cryptopro.ru/), two new versions of the browser plug-in, adapted to the new GOST, have become available. If the EDS was purchased earlier and its validity period has not yet expired, then the plugin update is not necessary. For new signatures, you need to download and configure a new browser plug-in version 2.0. for the OS used.
Installing the cryptopro browser plugin is simple: you need to download the plugin from the official website, then click on the saved file and start the automatic installation process:
When the installation is complete, you need to click "OK" and restart your Internet browser. Without this, the change will not take effect. To complete the installation and adjust the processes, you must also restart the PC.
Setting process
Further configuration of the browser depends on the program used. For IE, additional settings are not required, and immediately after installation and reboot, you can evaluate the correctness of the plugin. To do this, you need to allow the operation in the opened form:
If there are no errors and the installation was successful, the system will display a message:
Checking the correctness of the plugin is required, because without it, it is impossible to assess the readiness of the plug-in to generate an EDS.
For the Firefox browser, you need to download the extension from the official page. After that, the program is installed on the PC:
Restart the browser and check the plugin setting in the "Add-ons" section.
To work with EDS via Google Chrome, the browser must be updated to the latest version. While downloading the plugin, a window will open asking for permission to install:
If you need to configure the extension in manual mode, then the plugin must be downloaded from the official Chrome web store and click "Install". The installation completes after restarting the browser. This extension can also be used to work with EDS in any Chromium-based browsers, incl. Yandex browser and Opera.
Installing a plugin on Unix
Working with EDS in the Unix system is possible with browsers Firefox, Opera version 35, Chromium, Chrome, as well as Yandex.
You must first install the CSP provider version higher than 4.0. You can download it on the official website (https://cryptopro.ru/products/csp). It is also mandatory to pre-install cprocsp-rdr-gui-gtk and remove (if any) the cprocsp-rdr-gui package.
Next, you need to download and unpack the archive cades_linux_amd64.zip or cades_linux_ia32.zip. Then the user installs the cprocsp-pki-2.0.0-cades.rpm cprocsp-pki-2.0.0-plugin packages from this archive, and in the packages for the Debian OS family, it is first necessary to convert to deb format. Usually the alien utility is used for this.
Setting process
The subsequent setup depends on the type of software used.
- launch the program and wait for the notification about the new extension;
- enable the extension;
- restart Chrome.
An extension in IE usually starts working in automatic mode and does not require any configuration steps on the part of the user.
How to work with the plugin
To start working with the extension, you need to go to the demo page (https://www.cryptopro.ru/sites/default/files/products/cades/demopage/main.html) with one of the examples of EDS (CAdES BES, XML, etc. etc.). Then, following the prompts of the page assistant, select an EDS certificate, enter all the necessary data and click "Continue".
After checking the data, the extension will be ready to work.
Example of Extension Checking Code
To activate the objects of the Browser plug-in extension, you need to connect the cadesplugin_api.js file to the page.
Through HTML, this can be done like this:
< language=»java»src=»cadesplugin_api.js»> < language=»java»>cadesplugin.then (function () (// code), function (error) (// system error notification));
Through JavaScript, do the following: // Create an object cryptopro EDS Browser plug-in varoStore = cadesplugin.CreateObject ("CAdESCOM.Store"); varoSigner = cadesplugin.CreateObject ("CAdESCOM.CPSigner"); var oPrivateKey = cadesplugin.CreateObject ("X509Enrollment.CX509PrivateKey").
According to the new GOST, all EDS owners are required to use the latest version of the plugin that meets the security requirements of the FSB. The extension is loaded on Windows OS automatically, and subsequent configuration depends on the browser used. Working with the extension on Unix systems requires downloading and unpacking archives suitable for the OS bitness. Subsequent configuration is similar to Windows. Before starting to work with the plugin, you need to enter the user data and the EDS certificate through the demo page.