How to install and configure a browser plugin for working with digital signatures. Fixing the error “The plugin is loaded, but objects are not created Plugin crypto interface plugin firefox
Cryptographic operations, such as creating an electronic signature or decrypting a file, require access to keys and personal data of the user (for example, to a personal certificate store). When performing such operations by web applications (using the CryptoPro EDS Browser plug-in), the plug-in requests the user’s permission to access his keys or personal data.
The user's permission will be requested when activating CryptoPro EDS Browser plug-in objects.
Trusted Web sites (for example, those located on your organization's intranet) can be added to the list of trusted Web sites. Sites on the Trusted Sites list will not prompt the user for confirmation when opening the certificate store or performing operations on the user's private key.
Managing a list of trusted websites on Windows platforms
To manage the list of trusted websites in the CryptoPro EDS Browser plug-in, the user must run Start -> Crypto-Pro -> Digital signature settings Browser plug-in. This page is part of the CryptoPro EDS Browser plug-in distribution kit.
A computer or domain administrator can also manage the list of trusted websites for all users through Group Policy. Configuration is carried out in the Group Policy console in the section Computer configuration/User configuration -> Administrative templates -> Crypto-Pro -> CryptoPro EDS Browser plug-in. The following policies are available to the administrator: List of trusted nodes. Defines the addresses of trusted nodes. Websites specified through this policy are considered trusted in addition to those that the user adds independently through the CryptoPro EDS Browser plug-in settings page.
The page is saved for a specific user
HKEY_USERS\
The policy is saved in the appropriate section for policies:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Crypto-Pro\CadesPlugin\TrustedSites
Managing a list of trusted websites on Unix platforms
To manage the list of trusted websites in the CryptoPro EDS Browser plug-in on Unix platforms, use the page /etc/opt/cprocsp/trusted_sites.html, which is part of the CryptoPro EDS Browser plug-in distribution.
You can also use the command to view a list of trusted websites:
/opt/cprocsp/sbin/
To add websites (for example, http://mytrustedsite and http://myothertrustedsite) to the trusted list, you can use the command:
/opt/cprocsp/sbin/
To clear the list of trusted websites, you can use the command:
/opt/cprocsp/sbin/
Adding sites to the list of trusted sites for all users is available using the command
/opt/cprocsp/sbin/
On some sites you have to deal with certificates and electronic keys, and at first you have to solve various problems to make everything work. This article will talk about the CAdES plugin’s error when it is loaded but objects are not created.
Solving the problem with the plugin
As follows from the contents of the error, the CAdES plugin itself seems to be loaded, i.e. it is in the system, but something is preventing it from working. Usually the problem occurs in older versions of Firefox up to version 51 (in newer ones the plugin simply does not work). This article takes an electronic trading platform as an example, and there are three ways to solve the problem.
Method 1: Enable the plugin for the current site
Enabling the plugin only for the current site is justified by security considerations when the browser is used for personal purposes and opening a wide variety of pages. And also if you need to perform a task with electronic keys only once.
Method 2: Enable the plugin for all sites
If the security issue is not much of a concern, because... The computer is used exclusively for working on several sites, you can enable the CAdES plugin for all sites. Then it will work immediately after the page loads. This can also help in cases where it is impossible to find the dark gray square to enable the plugin.
Method 3: Use a different browser
For some unforeseen reasons, the CAdES plugin may still refuse to work. Therefore, another way to resolve the error is to use a different browser. Most browsers are based on the Chromium engine, they are all somewhat similar, so let's look at Google Chrome as an example.
Conclusion
As you can see, there are several ways to solve the problem with the plugin not working correctly. Depending on your preferences and circumstances, you can choose the one that suits you best.
In this article we will look at quickly setting up the Yandex browser to work with electronic signatures. The following settings will work if your computer is already configured to work with electronic signatures:
- a crypto provider has been installed (CryptoPRO CSP or another);
- Personal certificate installed;
- The root certificates of the Certification Authority that issued you the electronic signature are installed.
Attention!This article describes the setup process ONLY for electronic signatures issued using a crypto provider CryptoPRO CSP and for hardware keys (Rutoken EDS, JaCarta GOST, etc.). If your electronic signature was issued using another crypto provider (for example, Vipnet CSP, Lissi CSP, etc.), further settings may damage your operating system! To set up, contact the organization that issued your electronic signature!
Where can I get Yandex Browser?
You can download the Browser from the official developer page: https://browser.yandex.ru/
We will not describe the downloading and installation process; it is quite simple and understandable.
Installing components for working with electronic signatures
To work with electronic signatures you will need to install the following components:- CryptoPRO CSP;
- CryptoPRO EDS Browser plugin;
- Plugin for the e-government system (needed only to work with the State Services website and the Unified Identification of Authorities).
From January 1, 2019, CryptoPRO CSP version 4.0 and higher is recommended for use, so we recommend using it. .
Installing CryptoPRO CSP is quite simple, any user can handle it - run the downloaded file and then follow the installation wizard.
The current version of CryptoPRO EDS Browser plugin can be downloaded from the manufacturer’s website via a direct link: https://www.cryptopro.ru/products/cades/plugin/get_2_0
Installing the CryptoPRO EDS Browser plugin is also quite simple - run the downloaded file and follow the installation wizard.
You will also need to install a browser extension, you can install it from the link: https://chrome.google.com/webstore/detail/cryptopro-extension-for-c/. When the page opens, click “Install”, after a couple of seconds the extension will be installed.
The e-government system plugin can be downloaded from the downloads page: https://ds-plugin.gosuslugi.ru/plugin/upload/Index.spr
When you click on the link, the download of the plugin will start automatically. Installing the plugin is also simple and does not require any additional configuration.
To work in Yandex Browser you will need to install an extension. To install it, you need to open Yandex Browser and open the link https://chrome.google.com/webstore/detail/ifcplugin-extension/ in it and click the “Install” button. After a couple of seconds the plugin should install.
Turn off unnecessary things
Along with some programs (for example, Yandex Browser), additional programs may be installed that may interfere with the normal operation of electronic signatures on some sites.
To avoid problems, we recommend removing programs such as Browser Manager , Yandex button on the taskbar , Yandex elements for Internet Explorer . They are removed using standard MS Windows tools - through Control Panel - Programs and Features.
Enabling settings for working with signatures
Enabling settings for working with electronic signatures is done through the browser menu. To do this, perform the following steps:Open the browser menu (there is a button with three bars in the upper right corner of the browser) and select the “Add-ons” item as shown in the figure or simply open the browser://tune page in the address bar.
In the window with plugins that opens, you need to enable the plugins we need: CryptoPRO EDS and Extension for the State Services plugin (if necessary).
After enabling the plugins, you need to enable the ability to work with a secure TLS connection according to GOST. To do this, go to the browser settings and in the “Network” section, check the box “Connect to sites that use GOST encryption.” As shown in the pictures below.
After enabling these settings, you can start working with an electronic signature on the resource we need without rebooting.
Please pay attention! For the secure connection to work correctly, you must disable the antivirus while working with the signature! This is necessary when working on the Federal Tax Service website or on the ERUZ website (zakupki.gov.ru). As for the famous Kaspersky anti-virus, it needs to do " Exit"(turning it off doesn't help)!
Usually setting Yandex.Browser It takes our specialists 10-15 minutes to work with an electronic signature. You can contact our paid technical support for help. The cost of setting up an electronic signature in Yandex.Browser usually costs 600 rubles!
On January 1, 2019, the new GOST 34.10-11.12 came into force, regulating the processes of creating and verifying electronic digital signature (EDS) keys. Two new versions of the browser plugin, adapted to the new GOST, have become available on the provider’s official website (https://www.cryptopro.ru/). If the digital signature was purchased earlier and its validity period has not yet expired, then updating the plugin is not necessary. For new signatures, you need to download and configure a new browser plugin version 2.0. for the OS you are using.
Installing the cryptopro browser plugin is simple: you need to download the plugin from the official website, then click on the saved file and start the automatic installation process:
When the installation is complete, you need to click “Ok” and restart the Internet browser. Without this change the change will not take effect. To completely complete the installation and adjust the processes, you must also restart the PC.
Setup process
Further browser settings depend on the program used. For IE, no additional settings are required, and immediately after installation and reboot you can evaluate the correct operation of the plugin. To do this, you need to allow the operation in the form that opens:
If there are no errors and the installation was successful, the system will display the following message:
Checking the correct operation of the plugin is required, because Without it, it is impossible to assess the readiness of the plugin for generating digital signatures.
For the Firefox browser, you need to download the extension from the official page. After this, the program is installed on the PC:
Restart the browser and check the plugin settings in the “Add-ons” section.
To work with digital signature via Google Chrome, the browser must be updated to the latest version. During the plugin download process, a window will open asking permission to install:
If you need to configure the extension manually, then the plugin must be downloaded from the official Chrome online store and click “Install”. The installation is completed after restarting the browser. This extension can also be used to work with digital signatures in any browsers based on Chromium, incl. Yandex browser and Opera.
Installing the plugin on Unix
Working with digital signatures in the Unix system is possible with Firefox, Opera version 35, Chromium, Chrome, and Yandex browsers.
You must first install a CSP provider version higher than 4.0. You can download it on the official website (https://cryptopro.ru/products/csp). It is also necessary to first install cprocsp-rdr-gui-gtk and remove (if any) the cprocsp-rdr-gui package package.
Next you need to download and unpack the archive cades_linux_amd64.zip or cades_linux_ia32.zip. Then the user installs cprocsp-pki-2.0.0-cades.rpm cprocsp-pki-2.0.0-plugin packages from this archive, and packages for the Debian OS family must first be converted to deb format. Usually, the alien utility is used for this.
Setup process
Subsequent settings depend on the type of software used.
- launch the program and wait for notification of a new extension;
- enable extension;
- restart Chrome.
An extension in IE usually starts working automatically and does not require any configuration steps on the part of the user.
How to use the plugin
To start working with the extension, you need to go to the demo page (https://www.cryptopro.ru/sites/default/files/products/cades/demopage/main.html) with one of the digital signature examples (CAdES BES, XML, etc. .d.). Next, following the prompts of the page assistant, select the digital signature certificate, enter all the necessary data and click “Continue”.
After checking the data, the extension will be ready to use.
An example of a code that checks for the presence of an extension
To activate Browser plug-in extension objects, you need to include the cadesplugin_api.js file in the page.
This can be done via HTML like this:
< language=»java»src=»cadesplugin_api.js»> < language=»java»>cadesplugin.then(function () ( // code), function(error) ( // system error notification ));
Through JavaScript they do this: // Creating a cryptopro EDS object Browser plug-in varoStore =cadesplugin.CreateObject("CAdESCOM.Store"); varoSigner =cadesplugin.CreateObject("CAdESCOM.CPSigner"); var oPrivateKey =cadesplugin.CreateObject("X509Enrollment.CX509PrivateKey").
According to the new GOST, all owners of digital signatures are required to use the latest version of the plugin that meets the security requirements of the FSB. The extension downloads on Windows OS automatically, and subsequent configuration depends on the browser used. Working with the extension on Unix systems requires downloading and unpacking archives that match the bit size of the OS. The subsequent setup is similar to Windows OS. Before starting to work with the plugin, you must enter the user data and digital signature certificate through the demo page.