Cryptopro digital signature browser plugin. Installing the CryptoPro CSP plugin in the Mozilla Firefox browser. Wait for installation to complete
CryptoPro EDS browser plug-in (aka CryptoPro CADESCOM or Kadescom) is a plug-in required for creating and verifying an electronic signature on web pages using CryptoPro CSP. Used to work on trading platforms and portals. The distribution is available on the CryptoPro website in the Products / CryptoPro EDS Browser plug-in section http://www.cryptopro.ru/products/cades/plugin/get_2_0.
System requirements
- Installation of the plugin is possible on the following operating systems: Win XP SP3, Win Vista SP2, Win 2003 SP2, Win 2008 SP2, Win 7, Win 2008 R2, Win 8, Win8.1, Win10.
- Works with browsers: IE 8 - 11, Opera, Mozilla Firefox, Google Chrome, Yandex Browser
Does not work in the Edge browser, which is preinstalled in Windows 10.
- Requires pre-installed CryptoPro CSP version no lower than 3.6 R2
Features of some browsers for configuring the plugin
- in Mozilla Firefox 29 and higher: you must enable the plugin (the browser may not ask for permission to enable the plugin). To do this, go through diagnostics and perform a fix "Enabling plugins in Mozilla Firefox", after which it is necessary restart Firefox. You can also do this manually: press Ctrl+Shift+A, go to the “Plugins” section, select CryptoPro CAdES NPAPI Browser Plug-in and switch it to the “Always active” state, after which you must restart Firefox .
- in Google Chrome you need to follow the link and install the extension.
- In Yandex Browser and Opera you need to install the extension available at this link
- IN Internet Explorer you need to make the following settings:
- Add the address of the site where you work with the plugin to trusted sites (Browser options / security / trusted sites / sites / add site address).
- If you are working in Internet Explorer 11, then try working in compatibility mode.
- Check that the site address has been added to the plugin’s trusted nodes (most sites that accept our CA certificates can be added automatically using the diagnostics https://help.kontur.ru/uc). To check that the site has been added to the trusted nodes of the plug-in, you need to go to Start - All programs - CRYPTO-PRO - Settings CryptoPro EDS Browser plug-in. A browser window will open in which you will need to allow to unblock all page contents/allow access.
Electronic security in modern world is of particular importance, since the network has securities, intellectual property and other valuables. To protect your information, confirm the right to own data or check your electronic signature (ES), the Yandex browser has the CryptoPro EDS Browser Plug-in extension. It simplifies the use of low-level signatures; with the plugin, creating and viewing electronic signatures is simple and safe. IN mandatory the addition is used on the websites of financial institutions, for example, when entering the foreign trade office on the website of the Customs Service.
The CryptoPro plugin is supported in Yandex browser and any other web browser (only modern ones) that support dynamic JavaScript code. Available for most popular platforms:
- Linux - LSB 3.1 or later;
- Windows 2000 (subject to installation of SP4 and IE0) and higher;
- iOS 6 and Mac OSX 10/7 and later;
- Solaris – from version 10;
- AIX 5-7;
- FreeBSD from 7.
Almost every computer meets the listed requirements; there are rarely any problems with system components.
Why is the CryptoPro extension used in the Yandex browser?
The main task comes down to working with signatures. Installing CryptoPro Extension for CAdES Browser helps achieve the following goals:
- User identification;
- Creating a certificate with public keys;
- Formation of a register of electronic signatures;
- EDS management with public keys;
- Certificate owners can generate and manage keys.
What are signatures set to in CryptoPro EDS Browser Plugin for Yandex browser:
- Any electronic documents;
- Information entered into submission forms;
- Files that the user uploaded to the server from a PC;
- Messages in text form.
The CryptoPro plugin is mainly used in secure systems, such as online banking or similar resources responsible for processing money or important documents. After installing the signature, there will be no doubt that the owner performed the necessary operations with his own hands. Less often it is required to use the CryptoPro add-on for Yandex browser on client portals or when accessing the Internet from the corporate network.
The CryptoPro center will perform a number of useful actions:
- Generating your own identifiers, both private and open type. Supports encryption function;
- Creates a request to issue a new certificate on the local network;
- Registers requests electronically in the CA Registration Center.
- Filling out digital signatures using public keys according to the X.509 standard, version 3 and RFC 3280. Centralized certification of certificates helps to record the key and its attribute for each user;
- Information about revoked certificates is sent to all registered users.
How to install the CryptoPro add-on?
Installing the CryptoPro module is relatively simple, but the method is slightly different from the standard algorithm of actions. After installing the extension, you must separately install the program from this developer.
How to install:
If CryptoPro CSP was installed earlier, then when installing the extension, the plugin icon will not have a red cross and a message will appear that the extension has been successfully installed and is working.
The listed steps are enough to start using the module, but some users complain that the plugin does not start or they cannot open a page that requires the extension.
Why doesn't the CryptoPro plugin work in the Yandex browser?
If the Yandex web browser does not react to the digital signature after installing the plugin, some of the functions of banking systems will be inaccessible.
Causes of failures and ways to restore operation:
- The CryptoPro CSP program is not installed - the most common cause of failure. You can download the file from the link;
- The PC was not restarted. Despite the notification after installation, it is often forgotten that you need to restart the computer;
- Install the plugin on a clean browser. Before installing the add-on, you should delete the cache from your web browser. Click Ctrl + Shift + Del, in the “Delete records” line, select “For all time” and be sure to check the box next to “Files saved in the cache”;
- Inactive extension. If by chance the plugin was deactivated, it becomes clear why nothing is happening. You can easily check the situation by clicking on “Yandex Browser Settings” and selecting “Add-ons”. The CryptoPro plugin is located in the “From other sources” column;
- The resource is not in the list of trusted sites. To add a site to the exceptions, you need to find the installed Crypto-Pro program in the system (preferably through a search) and select “CryptoPro EDS Browser Plug-in Settings”. In the “List of trusted nodes” column, enter the domains and subdomains of the site.
If opening a file from the last point does not work, you should right-click on the program and select “Open with...”, where we select Internet Explorer.
Most likely the reason why the plugin does not work is user inattention, but this is easy to fix. After completing the above steps, the CryptoPro EDS Browser Plug-in extension will begin to work properly in the Yandex browser and any Chromium-based browser.
master of syllable May 2, 2015 at 09:46Electronic digital signature on the website using CryptoPro EDS Browser plug-in
- JavaScript,
- Website development,
- Cryptography
In this article we will consider the use of an electronic digital signature on a website.
What is necessary for a person to be able to use an electronic digital signature on a website?
1) CIPF (cryptographic information protection tool)
My work experience shows that about 90% use CryptoPro CSP (download), which is explicitly or implicitly promoted by certification authorities. About 10% VipNet CSP (), which can be used for free. I have not encountered the rest of the CIPF in practice.
2) CryptoPro EDS Browser plug-in (plugin page).
3) Established signature (at least one).
Checking the possibility of signing
javascript (+jquery)
1) Trying to create a cades object.
It is necessary to make a note that here and further there will be a division into a browser with ActiveX (read IE) and the rest.
The check will be carried out:
Return("ActiveXObject" in window);
for ActiveX:
Try ( store = new ActiveXObject("CAdESCOM.store"); status = true; ) catch (e) ( status = false; )
For others:
If (navigator.mimeTypes["application/x-cades"]) ( status = true; ) else ( status = false; )
If the check was unsuccessful, we notify the user about this.
It is worth keeping in mind that after updating Chrome to version 42 (thanks for the information), you need to enable:
Chrome://flags/#enable-npapi
The next check is whether the plugin is allowed to run (not a check for IE)?
Try ( store = objSign.CreateObject("CAPICOM.store"); status = true; ) catch (e) ( status = false; )
Where objSign:
ObjSign = $(" ", ( "id": "cadesplugin", "type": "application/x-cades", "css": ( "visibility": "hidden", "height": "0px", "width": "0px ", "position": "absolute") )).appendTo("body").get(0);
We check for CIPF by trying to open the storage.
Try ( store.Open(); status = true; ) catch (e) ( status = false; )
We check for the existence of certificates in the store:
If ("Certificates" in store) ( certs = store.Certificates; )
And their number (it happens that there are Certificates, but they are empty, which is also not suitable for us):
If (certs.Count) ( status = true; ) else ( status = false; )
We took the first step - checked the possibility of signing something.
Selecting an electronic digital signature
A client can have multiple certificates installed. Certificates can be from different certification centers (CA), issued to different people, with different issuance dates, so you need to give a choice as to which one you want to use.
1) Group by certification authorities
Information about the certification authority is stored in the certificate.
Certs.Item(i).GetInfo(1)
where certs are certificates from the store, see above
i - the serial number of the certificate from 1 (note) to certs.Count.
Please note that in the case of “crooked” certificates, undefined may also be returned; it makes sense to create one default CA for such cases.
Now we know the list of CAs whose services the client used.
We remember them and display them through optgroup.
The text of the option itself will be like this:
cert.GetInfo(6) + " (" + formatDate(cert.ValidFromDate) + " - " + formatDate(cert.ValidToDate) + ")"
in cert.GetInfo(6) - to whom the certificate was issued
in ValidFromDate - from what date the certificate began/will begin to be valid
in ValidToDate - accordingly, until what time
Well, the date formatting is standard:
Function formatDate(d) ( try ( d = new Date(d); return ("0" + d.getDate()).slice(-2) + "." + ("0" + (d.getMonth() + 1)).slice(-2) + "." + d.getFullYear(); ) catch (e) ( return ""; ) )
You can also highlight option.
Green - for working certificates, red - not.
Information can be obtained using the certificate itself.
Try ( return cert.IsValid().Result; ) catch (e) ( return false; )
It is worth noting that this test in itself is of little value, since it cannot eliminate all causes.
But the most basic ones, for example, checking the date, are checked.
In the value of option we will write the thumbprint cert.Thumbprint .
You can write down the serial number, or other data - at your discretion.
Signing
Well, in fact, the most important step we were striving for was signing.
1) Find the selected certificate.
For our example:
Certs.Find(0, thumbprint).Item(1)
0 - means that we are searching by fingerprint
1 - that we use the first result of the sample (in fact, the only one)
2) Sign:
If (isActiveX()) ( var CPSigner = new ActiveXObject("CAdESCOM.CPSigner"); ) else ( var CPSigner = objSign.CreateObject("CAdESCOM.CPSigner"); ) CPSigner.Certificate = cert; if (isActiveX()) ( var SignedData = new ActiveXObject("CAdESCOM.CadesSignedData"); ) else ( var SignedData = objSign.CreateObject("CAdESCOM.CadesSignedData"); ) SignedData.Content = text; return SignedData.SignCades(CPSigner, 1, false);
Where cert is the certificate with which we sign
text - what we are signing
Well, the signed message is returned in return.
P.s. I tried to clean the code as much as possible from the specifics of the project. If this material is useful and interesting to someone, I will also write the server part. Checking a signed message (with and without a chain), checking a certificate (ocsp and without), using tsp, etc.
Tags: criptopro, digital signature, openssl, cades, javascript
CryptoPro EDS browser plug-in (aka CryptoPro CADESCOM or Kadescom) is a plug-in required for creating and verifying an electronic signature on web pages using CryptoPro CSP. Used to work on trading platforms and portals. The distribution is available on the CryptoPro website in the Products / CryptoPro EDS Browser plug-in section http://www.cryptopro.ru/products/cades/plugin/get_2_0.
System requirements
- The plugin can be installed on the following operating systems: Win XP SP3, Win Vista SP2, Win 2003 SP2, Win 2008 SP2, Win 7, Win 2008 R2, Win 8, Win8.1, Win10.
- Works with browsers: IE 8 - 11, Opera, Mozilla Firefox, Google Chrome, Yandex Browser
Does not work in the Edge browser, which is preinstalled in Windows 10.
- Requires pre-installed CryptoPro CSP version no lower than 3.6 R2
Features of some browsers for configuring the plugin
- in Mozilla Firefox 29 and higher: you must enable the plugin (the browser may not ask for permission to enable the plugin). To do this, go through diagnostics and perform a fix "Enabling plugins in Mozilla Firefox", after which it is necessary restart Firefox. You can also do this manually: press Ctrl+Shift+A, go to the “Plugins” section, select CryptoPro CAdES NPAPI Browser Plug-in and switch it to the “Always active” state, after which you must restart Firefox .
- in Google Chrome you need to follow the link and install the extension.
- In Yandex Browser and Opera you need to install the extension available at this link
- In Internet Explorer you need to make the following settings:
- Add the address of the site where you work with the plugin to trusted sites (Browser options / security / trusted sites / sites / add site address).
- If you are working in Internet Explorer 11, then try working in compatibility mode.
- Check that the site address has been added to the plugin’s trusted nodes (most sites that accept our CA certificates can be added automatically using the diagnostics https://help.kontur.ru/uc). To check that the site has been added to the trusted nodes of the plug-in, you need to go to Start - All programs - CRYPTO-PRO - Settings CryptoPro EDS Browser plug-in. A browser window will open in which you will need to allow to unblock all page contents/allow access.
Electronic digital signature on the website using CryptoPro EDS Browser plug-in
In this article we will consider the use of an electronic digital signature on a website.
What is necessary for a person to be able to use an electronic digital signature on a website?
1) CIPF (cryptographic information protection tool)
My work experience shows that about 90% use CryptoPro CSP (download), which is explicitly or implicitly promoted by certification authorities. About 10% VipNet CSP (), which can be used for free. I have not encountered the rest of the CIPF in practice.
2) CryptoPro EDS Browser plug-in (plugin page).
3) Established signature (at least one).
Checking the possibility of signing
javascript (+jquery)
1) Trying to create a cades object.
It is necessary to make a note that here and further there will be a division into a browser with ActiveX (read IE) and the rest.
The check will be carried out:
Return("ActiveXObject" in window);
for ActiveX:
Try ( store = new ActiveXObject("CAdESCOM.store"); status = true; ) catch (e) ( status = false; )
For others:
If (navigator.mimeTypes["application/x-cades"]) ( status = true; ) else ( status = false; )
If the check was unsuccessful, we notify the user about this.
It is worth keeping in mind that after updating Chrome to version 42 (thanks to the article for the information), you need to enable:
Chrome://flags/#enable-npapi
The next check is whether the plugin is allowed to run (not a check for IE)?
Try ( store = objSign.CreateObject("CAPICOM.store"); status = true; ) catch (e) ( status = false; )
Where objSign:
ObjSign = $(" ", ( "id": "cadesplugin", "type": "application/x-cades", "css": ( "visibility": "hidden", "height": "0px", "width": "0px ", "position": "absolute") )).appendTo("body").get(0);
We check for CIPF by trying to open the storage.
Try ( store.Open(); status = true; ) catch (e) ( status = false; )
We check for the existence of certificates in the store:
If ("Certificates" in store) ( certs = store.Certificates; )
And their number (it happens that there are Certificates, but they are empty, which is also not suitable for us):
If (certs.Count) ( status = true; ) else ( status = false; )
We took the first step - checked the possibility of signing something.
Selecting an electronic digital signature
A client can have multiple certificates installed. Certificates can be from different certification centers (CA), issued to different people, with different issuance dates, so you need to give a choice as to which one you want to use.
1) Group by certification authorities
Information about the certification authority is stored in the certificate.
Certs.Item(i).GetInfo(1)
where certs are certificates from the store, see above
i - the serial number of the certificate from 1 (note) to certs.Count.
Please note that in the case of “crooked” certificates, undefined may also be returned; it makes sense to create one default CA for such cases.
Now we know the list of CAs whose services the client used.
We remember them and display them through optgroup.
The text of the option itself will be like this:
cert.GetInfo(6) + " (" + formatDate(cert.ValidFromDate) + " - " + formatDate(cert.ValidToDate) + ")"
in cert.GetInfo(6) - to whom the certificate was issued
in ValidFromDate - from what date the certificate began/will begin to be valid
in ValidToDate - accordingly, until what time
Well, the date formatting is standard:
Function formatDate(d) ( try ( d = new Date(d); return ("0" + d.getDate()).slice(-2) + "." + ("0" + (d.getMonth() + 1)).slice(-2) + "." + d.getFullYear(); ) catch (e) ( return ""; ) )
You can also highlight option.
Green - for working certificates, red - not.
Information can be obtained using the certificate itself.
Try ( return cert.IsValid().Result; ) catch (e) ( return false; )
It is worth noting that this test in itself is of little value, since it cannot eliminate all causes.
But the most basic ones, for example, checking the date, are checked.
In the value of option we will write the thumbprint cert.Thumbprint .
You can write down the serial number, or other data - at your discretion.
Signing
Well, in fact, the most important step we were striving for was signing.
1) Find the selected certificate.
For our example:
Certs.Find(0, thumbprint).Item(1)
0 - means that we are searching by fingerprint
1 - that we use the first result of the sample (in fact, the only one)
2) Sign:
If (isActiveX()) ( var CPSigner = new ActiveXObject("CAdESCOM.CPSigner"); ) else ( var CPSigner = objSign.CreateObject("CAdESCOM.CPSigner"); ) CPSigner.Certificate = cert; if (isActiveX()) ( var SignedData = new ActiveXObject("CAdESCOM.CadesSignedData"); ) else ( var SignedData = objSign.CreateObject("CAdESCOM.CadesSignedData"); ) SignedData.Content = text; return SignedData.SignCades(CPSigner, 1, false);
Where cert is the certificate with which we sign
text - what we are signing
Well, the signed message is returned in return.
P.s. I tried to clean the code as much as possible from the specifics of the project. If this material is useful and interesting to someone, I will also write the server part. Checking a signed message (with and without a chain), checking a certificate (ocsp and without), using tsp, etc.
Tags: criptopro, digital signature, openssl, cades, javascript
Loading...