The crypto plugin is not installed. How to set up a Yandex browser to work with electronic signatures. Managing a list of trusted websites on Windows platforms
Cryptographic operations, such as creating an electronic signature or decrypting a file, require access to keys and personal data of the user (for example, to a personal certificate store). When performing such operations by web applications (using the CryptoPro EDS Browser plug-in), the plug-in requests the user’s permission to access his keys or personal data.
The user's permission will be requested when activating CryptoPro EDS Browser plug-in objects.
Trusted Web sites (for example, those located on your organization's intranet) can be added to the list of trusted Web sites. Sites on the Trusted Sites list will not prompt the user for confirmation when opening the certificate store or performing operations on the user's private key.
Managing a list of trusted websites on Windows platforms
To manage the list of trusted websites in the CryptoPro EDS Browser plug-in, the user must run Start -> Crypto-Pro -> Digital signature settings Browser plug-in. This page is part of the CryptoPro EDS Browser plug-in distribution kit.
A computer or domain administrator can also manage the list of trusted websites for all users through Group Policy. Configuration is carried out in the Group Policy console in the section Computer configuration/User configuration -> Administrative templates -> Crypto-Pro -> CryptoPro EDS Browser plug-in. The following policies are available to the administrator: List of trusted nodes. Defines the addresses of trusted nodes. Websites specified through this policy are considered trusted in addition to those that the user adds independently through the CryptoPro EDS Browser plug-in settings page.
The page is saved for a specific user
HKEY_USERS\
The policy is saved in the appropriate section for policies:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Crypto-Pro\CadesPlugin\TrustedSites
Managing a list of trusted websites on Unix platforms
To manage the list of trusted websites in the CryptoPro EDS Browser plug-in on Unix platforms, use the page /etc/opt/cprocsp/trusted_sites.html, which is part of the CryptoPro EDS Browser plug-in distribution.
You can also use the command to view a list of trusted websites:
/opt/cprocsp/sbin/
To add websites (for example, http://mytrustedsite and http://myothertrustedsite) to the trusted list, you can use the command:
/opt/cprocsp/sbin/
To clear the list of trusted websites, you can use the command:
/opt/cprocsp/sbin/
Adding sites to the list of trusted sites for all users is available using the command
/opt/cprocsp/sbin/
On January 1, 2019, the new GOST 34.10-11.12 came into force, regulating the processes of creating and verifying electronic digital signature (EDS) keys. Two new versions of the browser plugin, adapted to the new GOST, have become available on the provider’s official website (https://www.cryptopro.ru/). If the digital signature was purchased earlier and its validity period has not yet expired, then updating the plugin is not necessary. For new signatures, you need to download and configure a new browser plugin version 2.0. for the OS you are using.
Installing the cryptopro browser plugin is simple: you need to download the plugin from the official website, then click on the saved file and start the automatic installation process:
When the installation is complete, you need to click “Ok” and restart the Internet browser. Without this change the change will not take effect. To completely complete the installation and adjust the processes, you must also restart the PC.
Setup process
Further browser settings depend on the program used. For IE, no additional settings are required, and immediately after installation and reboot you can evaluate the correct operation of the plugin. To do this, you need to allow the operation in the form that opens:
If there are no errors and the installation was successful, the system will display the following message:
Checking the correct operation of the plugin is required, because Without it, it is impossible to assess the readiness of the plugin for generating digital signatures.
For the Firefox browser, you need to download the extension from the official page. After this, the program is installed on the PC:
Restart the browser and check the plugin settings in the “Add-ons” section.
To work with digital signature via Google Chrome, the browser must be updated to the latest version. During the plugin download process, a window will open asking permission to install:
If you need to configure the extension manually, then the plugin must be downloaded from the official Chrome online store and click “Install”. The installation is completed after restarting the browser. This extension can also be used to work with digital signatures in any browsers based on Chromium, incl. Yandex browser and Opera.
Installing the plugin on Unix
Working with digital signatures in the Unix system is possible with Firefox, Opera version 35, Chromium, Chrome, and Yandex browsers.
You must first install a CSP provider version higher than 4.0. You can download it on the official website (https://cryptopro.ru/products/csp). It is also necessary to first install cprocsp-rdr-gui-gtk and remove (if any) the cprocsp-rdr-gui package package.
Next you need to download and unpack the archive cades_linux_amd64.zip or cades_linux_ia32.zip. Then the user installs cprocsp-pki-2.0.0-cades.rpm cprocsp-pki-2.0.0-plugin packages from this archive, and packages for the Debian OS family must first be converted to deb format. Usually, the alien utility is used for this.
Setup process
Subsequent settings depend on the type of software used.
- launch the program and wait for notification of a new extension;
- enable extension;
- restart Chrome.
An extension in IE usually starts working automatically and does not require any configuration steps on the part of the user.
How to use the plugin
To start working with the extension, you need to go to the demo page (https://www.cryptopro.ru/sites/default/files/products/cades/demopage/main.html) with one of the digital signature examples (CAdES BES, XML, etc. .d.). Next, following the prompts of the page assistant, select the digital signature certificate, enter all the necessary data and click “Continue”.
After checking the data, the extension will be ready to use.
An example of a code that checks for the presence of an extension
To activate Browser plug-in extension objects, you need to include the cadesplugin_api.js file in the page.
This can be done via HTML like this:
< language=»java»src=»cadesplugin_api.js»> < language=»java»>cadesplugin.then(function () ( // code), function(error) ( // system error notification ));
Through JavaScript they do this: // Creating a cryptopro EDS object Browser plug-in varoStore =cadesplugin.CreateObject("CAdESCOM.Store"); varoSigner =cadesplugin.CreateObject("CAdESCOM.CPSigner"); var oPrivateKey =cadesplugin.CreateObject("X509Enrollment.CX509PrivateKey").
According to the new GOST, all owners of digital signatures are required to use the latest version of the plugin that meets the security requirements of the FSB. The extension downloads on Windows OS automatically, and subsequent configuration depends on the browser used. Working with the extension on Unix systems requires downloading and unpacking archives that match the bit size of the OS. The subsequent setup is similar to Windows OS. Before starting to work with the plugin, you must enter the user data and digital signature certificate through the demo page.
On some sites you have to deal with certificates and electronic keys, and at first you have to solve various problems to make everything work. This article will talk about the CAdES plugin’s error when it is loaded but objects are not created.
Solving the problem with the plugin
As follows from the contents of the error, the CAdES plugin itself seems to be loaded, i.e. it is in the system, but something is preventing it from working. Usually the problem occurs in older versions of Firefox up to version 51 (in newer ones the plugin simply does not work). This article takes an electronic trading platform as an example, and there are three ways to solve the problem.
Method 1: Enable the plugin for the current site
Enabling the plugin only for the current site is justified by security considerations when the browser is used for personal purposes and opening a wide variety of pages. And also if you need to perform a task with electronic keys only once.
Method 2: Enable the plugin for all sites
If the security issue is not much of a concern, because... The computer is used exclusively for working on several sites, you can enable the CAdES plugin for all sites. Then it will work immediately after the page loads. This can also help in cases where it is impossible to find the dark gray square to enable the plugin.
Method 3: Use a different browser
For some unforeseen reasons, the CAdES plugin may still refuse to work. Therefore, another way to resolve the error is to use a different browser. Most browsers are based on the Chromium engine, they are all somewhat similar, so let's look at Google Chrome as an example.
Conclusion
As you can see, there are several ways to solve the problem with the plugin not working correctly. Depending on your preferences and circumstances, you can choose the one that suits you best.
In recent years, most of the document flow has moved to the area of remote service via the Internet, while paper media are gradually being replaced by electronic virtual analogues. The most popular software product is “Crypto Pro”, which is used to confirm electronic digital signatures. But for reliability and authenticity, it is necessary to check the “CryptoPro EDS Browser plug-in” plug-in and make sure that it is installed correctly on a computer or other electronic device.
Nuances of the plugin and system requirements
For the normal functioning of all departments, the question arises of ensuring the necessary level of data protection when signing documentation, maintaining secrecy and trade secrets. Solving problems is achieved by developing special software products and algorithms that encrypt and decrypt information included in a document and at the same time confirm its authenticity. These programs are a certified product and cover certain areas of the information field.
The essence of their work is to process documents online using special extensions for all browsers that support JavaScript. It runs freely on all major operating systems except Android. The plugin allows you to endorse the following types of documents:
- in electronic format;
- files that are downloaded from the user's computer;
- text messages and other types of documentation.
For example, when transferring funds in Internet banking, using the “CryptoPro EDS Browser plug-in” check, you can confirm that the operation comes from the account owner with an active key certificate valid at a particular moment. This software tests both advanced and conventional electronic CPU. At the same time, there is no need to connect to the Internet when checking, and archival preservation of documentation is ensured. An electronic signature can be:
- attached, that is, added to the endorsed documents;
- separated electronic signature, that is, created separately.
The software product “CryptoPro EDS Browser plug-in” is distributed free of charge and downloaded from the official website. The plugin's operation is checked on the user's computer.
Software installation
The installation process is simple. You should go to the official portal cryptopro.ru/products/cades/plugin/get_2_0. Upload, specifying where the cadesplugin.exe boot file will be saved. Run the program.
Important! Launching the plugin is not available for regular users. You must have administrator rights.
Upon successful completion, a corresponding notification will appear on the monitor screen.
But this message is not a guarantee of correct operation. It will be necessary to carry out additional configuration and verification of the Browser plug-in digital signature depending on the type of browser used. For correct operation, the installed program must be restarted, in some cases with a complete reboot of the computer.
Advice! Whatever browser the program is used in, you should always restart it after installation.
Features of the installation process
Considering that each browser works slightly differently, the plugin is adapted for each environment.
Attention! If errors are detected before starting work and the program does not create objects, then it is necessary to allow it to run independently for specific sites or pages that the user frequently visits.
In cases where the plugin is used on specific pages, a corresponding icon is needed that will indicate the possibility of using this extension.
To do this, you need to find the CryptoPro CAdES NPAPI Drowser Plug-in and allow it to be used in automatic mode. This is true for Mozilla Firefox. For Opera and Yandex, the procedure for using the extension is identical.
Find the “Extensions” item in the menu and load the plugin through it. You can also copy and paste the extension name into the corresponding query string. The system will do everything itself. For the Google Chrome browser, the extension will be found on its own, and the user will only have to confirm the installation.
After completing all operations and settings, you must close all windows and tabs and restart the browser.
What to do if the system “does not detect” the program?
It often happens that when installing a plugin and then trying to work with digital signatures, problems appear. A window pops up prompting you to install the program. In this case, it is recommended to go to the developers’ website in the “Contacts” section, explain the essence of the problem and receive appropriate recommendations. It is recommended to provide screenshots of all actions. In this case, identifying the problem will be much easier. If the check was successful, a corresponding notification appears that the plugin has been loaded.
Recommendations for using the software
If you have to reinstall a plugin that already exists but is not working, then first you need to:
- remove it and all unnecessary programs through the “Control Panel”;
- clear cache memory;
- download the plugin again and run it with administrator rights;
- be sure to add all “Personal Accounts” pages to trusted nodes.