Instructions for generating an electronic signature key. The company "maximum" produces seals and stamps - questions about the Vipnet csp digital signature forgot the password of the key container

When using the online account of the taxpayer, a simplified mechanism for certifying documents by electronic signature (ES) has been introduced. Innovations have recently been associated with the installation of a new ES for users of the old version of the account. During the registration procedure, an error often occurs in generating a certificate in the taxpayer's personal account, which can be solved in several ways.

EP creation scheme

An electronic signature is an enhanced version of confirmation that the document is recognized as valid and is equated to a paper form, where written initials are put. In the process of registering an office on the website of the tax service, it is possible to create an unqualified type of ES with the following properties:

  • used in the workflow within the framework of the Federal Tax Service;
  • the encryption system is characterized by a high level of protection.

As mentioned above, an electronic signature was available in the old account, but in the updated version you have to register a new certificate. Moreover, it is proposed to store the registered ES at the user's station or at the service of the Federal Tax Service. Due to fraudulent activities, it is recommended to use the latter option, as it is mostly safe and can be used on mobile gadgets. When a taxpayer wants to install an ES on his PC, it will be necessary to protect the key with special programs. The responsibility lies with the user.

Instructions for obtaining an ES

Following the scheme described below, the user will quickly register the certificate. For this you need:

  • log in to your personal account (enter your login, password or apply account data in the State Services);
  • open a profile - click on the item where the full name and TIN are indicated;
  • in the profile, click on the service "Get an electronic signature";
  • mark the desired storage option in the list of suggested ones;
  • set a password combination to open the certificate;
  • confirm previously entered data by redialling;
  • click on the "Submit request" command.

Attention! When the information is sent to the service, "Generation of electronic signature" appears on the page.

Note! The process requires the installation of a program that generates keys. All specifications are listed under System Requirements. Operating system versions availableWindows Andmacos.

At the creation stage, there is a function of registering an existing qualified ES. It implies the possession of a certificate issued by a certified center, namely: the organization must be accredited by the Ministry of Communications of Russia. For successful work in the taxpayer's office, it is necessary to exchange data in order to further use the ES in the electronic document management system of the tax service.

Occurrence of a certificate generation error

During the registration process, the user may receive a message: "Certificate generation error". Incidents happen for a variety of reasons:

  • carrying out technical work on the website of the Federal Tax Service;
  • ES registration takes in most cases a long time.

According to the reviews of citizens who have been using the electronic signature of the Federal Tax Service for a long time, the conclusion suggests itself that the registration of code combinations takes 30 minutes, and in some cases is extended up to 2 days. Then the question arises of how much the taxpayer's personal account is formed.

Note! When the service is launched, a message appears about the duration of registration and the possibility of exiting the account if necessary, which does not interfere with the data generation procedure.

Situations are not ruled out when additional programs for generating codes have not been installed (the user did not use the link when familiarizing himself with the system requirements). As a result, the service will not be able to find a workstation to save the information.

Solutions to the problem

If an error problem is identified when generating an ES in the taxpayer's office, it is worth resorting to one of the methods:

  • try to download the certificate again - often a secondary or tertiary attempt ends in success, as the system can be rebooted by applications;
  • get acquainted with the schedule of technical work on the website of the Federal Tax Service and reschedule the procedure for another day;
  • after sending a request for registration of an electronic key, exit the cabinet, as a notification of the certificate assignment will be received at the next authorization;
  • contact the tax office, presenting the TIN and passport.

It is important to know! Often, the initial start of certificate generation does not allow obtaining data. However, when the operation is repeated, everything ends successfully. Moreover, a secondary request is made on the same day or a week later.

View certificate details

When the user manages to get the ES from the FTS system, a message about the release of keys appears. There are two options available:

  • view;
  • review.

If "View Certificate" is selected, the password previously set during the registration process must be entered. As a result, a window with information opens:

  • SNILS;
  • owner;
  • validity;
  • number;
  • publisher;
  • email address.

1. What is an electronic signature?

An electronic signature (electronic digital signature) is a requisite of an electronic document that allows you to establish the absence of information distortion in an electronic document from the moment it is signed and verify that the signature belongs to the owner of the electronic signature key certificate. The attribute value is obtained as a result of cryptographic transformation of information using the private key of the signature. An electronic signature is similar to a handwritten signature. The use of an electronic signature in Russia is regulated by federal law No. 63-FZ of April 6, 2011.

2. How to create an electronic signature?

You can create your own electronic signature using the “Key Management” section of the main menu of the system if you have a code word that you must specify in the Client Questionnaire when visiting our office in person or in the process of opening an account online.

In order to create and use an EDS in the system, you must also sign the Agreement on the use of documents in electronic form at the company's office or in any other possible way.

3. How to change the electronic signature?

The electronic signature cannot be changed. However, you can create a new electronic signature key using the "Key Management" section of the main menu of the system. To do this, you will need to enter your code word. After creating a new electronic signature key, your old key will be cancelled.

4. How safe is it to use an electronic signature?

An electronic signature is almost impossible to forge. However, you must take some precautions. Keep the electronic signature key in places inaccessible to unauthorized persons! Do not give the key file and access password to anyone! If you suspect that your electronic signature key may be used by other persons, immediately notify the Company by phone: +7 812 635 68 65. The Client is fully responsible for the safety of the electronic signature key and passwords.

5. I have forgotten the password of the electronic signature key, what should I do?

The password of the electronic signature key cannot be recovered. If you have forgotten it, create a new electronic signature using the "Key Management" section of the main menu of the system. To do this, you will need to enter your code word. After creating a new electronic signature key, your old key will be cancelled.

If you suspect that your electronic signature keys may have been changed by third parties, immediately report this to the customer service department at tel. +7 812 635-68-65 to block access to your account and cancel the electronic signature key.

6. I forgot my code word, what should I do?

The code word cannot be recovered. We cannot send it to your e-mail address or say it over the phone. To change the code word, you need to visit one of our offices in person. Check again how you enter your code word. It must be entered exactly as you wrote it in the Client Questionnaire. Check the letter case (small or large) and keyboard layout (input language, etc.).

7. Computer requirements for signing documents with an electronic signature

The component Java Virtual Machine (JVM, Java virtual machine) must be installed on your computer and enabled in the browser settings, which is needed to launch and operate applets (loadable software modules) for key generation and electronic signature under documents.

Microsoft Internet Explorer usually comes with a Java machine from Microsoft, the Microsoft VM. You can also install a similar component from SUN (SUN Java Virtual Machine browser plug-in), which can be downloaded from the SUN website.

After downloading the file, double-click to launch the installation of the component. After the component is installed, you need to restart your computer.

The service works correctly with Microsoft VM components 3 version 5.0 and higher, as well as Sun Java browser plug-in version 1.4.2_03 and higher, 1.5.0 and higher, 1.6.0 and higher.

You can view information about the installed Java VM component (as well as enable / disable it) in the browser menu "Tools" -\u003e "Internet Options" (Internet Options) on the "Advanced" tab, in the window that opens, look for a section about VM (Microsoft VM or Java (Sun)).

The version of the Microsoft VM component can be viewed in the menu "View" (View) -\u003e "Window of the Java language" (Java console), if the option "Java console enabled" is enabled on the "Advanced" tab.

If you have both Microsoft VM and Sun Java plug-in installed and enabled in your browser, then one of them must be disabled.

If you are using a browser other than Microsoft Internet Explorer, we recommend choosing a Java browser installation package or optionally installing Sun's Java machine.

For Linux users, we recommend that you install at least version 1.5.0 of Sun's Java Machine, which can be downloaded from

Option 1:

The default settings are used, the token PIN is remembered by the system. The least secure option. To do this, when you first request a PIN code, you must check the "Remember pin code" checkbox:

In this case, on this computer, the PIN code will no longer be requested; for signing, you will simply need to select the certificate with which we sign once. The PIN code will be remembered for all actions with the ES, until in the settings of Crypto Pro-Service - Private key passwords - Delete remembered passwords ... they are not deleted.

Option 2:

Using the private key container cache mode.

In the Crypto Pro settings, you must enable the use of the key storage service and caching. Changes to Crypto Pro parameters are made by a user with Administrator rights.

When enabled, the PIN code must be entered when entering the site, then the PIN code will not be requested until the browser is restarted. If you click the "Exit" button on the site, and then go back to it under the same user without closing the browser, then the PIN code will not be requested. If you close the browser and open it again, or enter the site in another browser, then the PIN code is requested (tested in Google Chrome, Internet Explorer).
According to "ЖТЯИ.00087-01 92 01. Instructions for use. Windows.pdf" - Setting security parameters - p.43:"When storing keys in the key storage service, it is possible to use caching of containers of private keys. Caching means that the keys read from the carrier remain in the service's memory. The key from the cache is available even after the key carrier is removed from the reader, as well as after the work of the one that downloaded this application key Each cached key is available to any application running under the same account as the application that cached the key All cached keys are available until the key storage service terminates When the cache is full, the next key is overwritten in place of the cached early key.
Container caching improves application performance by providing faster access to the private key, as the key is read only once.
The cache size specifies the number of keys that can be stored in memory at the same time.
In order to enable caching, you must set the flag in the Enable caching field. You must also set the cache size in the corresponding input field.".

In order for these modes to be enabled, it is necessary to install the “Key storage service” component when installing Crypto Pro on a computer, by default this service is not installed.

Option 3: (Using this option is not recommended when working on the ETP, since more than 100 files can be signed when signing an electronic contract)

The default settings, the highest security level, are used. In this case, when signing contractual documents, a window will be called up for entering a PIN code for signing each document (agreement, annexes, specifications, etc.).

You can change your PIN if you wish.

For this:

  1. Go to the "Start" menu - "Control Panel" - "Rutoken Control Panel".
  2. Click the Enter PIN button, enter your current PIN, click OK.
  3. In the Manage PIN codes tab, click the "Change" button, enter a new PIN code.

Don't forget the new pin code, because no one can tell you.

JaCarta SE/LT

To change the PIN code of the User of the PKI\GOST part:

1.In the JaCarta Unified Client, click on the "Switch to user mode" button

3. Enter the Current User PIN, New User PIN, confirm it and click on the "Execute" button

4. A message should appear indicating that the PIN code has been changed successfully.

To change the Administrator pin code of the PKI\GOST part:

1. In the Jacarta Unified Client, click on the "Switch to Admin Mode" button

2. Select the required PKI\GOST partition

3. Click on the "Change Admin PIN" button

4. Enter the old Admin PIN, new Admin PINs, and click the Run button.

5. A message should appear indicating that the PIN code has been changed successfully.

This page contains answers to frequently asked questions that arise when working with EDS. Select the question you are interested in, open it and follow the instructions clearly.

WOscripts.com - JavaScript - Contractible Headers Script

1. Obtaining an EDS

To obtain an EDS, you can fill out a registration card on our website (in the "Obtaining an EDS" section), or on the site where you learned about us, or contact the nearest CA.

When applying to the CA, you must have the following documents with you:

    identity documents (standard - a copy of the passport);

    documents confirming the existence of a legal entity (certificate of TIN, Unified State Register of Legal Entities, etc.);

    a power of attorney for the FL on empowering him to perform certain actions from the organization;

    upon receipt of an EDS for the head, an order for appointment to a position (decision on election).

Additional information required by the CA in accordance with its regulations is not regulated by law. In practice, each CA has its own list of documents for obtaining an EDS.

2. EDS does not work

1. The private key on the specified container does not match the public key in the certificate. We check all closed containers, you may have chosen the wrong one. If we do not find the desired container, you must contact the CA to reissue the EDS

2. The certificate is not valid (certificate is not valid)

3. There is no trust in this certificate. You need to install the root certificates of your CA according to the instructions. To do this, they can be downloaded from the AETP website or found on digital media supplied with the EDS.

4. CryptoPro has expired. You must enter the license key of the CryptoPro program from the documents supplied with the EDS of your CA.

5. Capicom is not installed Download Capicom and install it with the browser closed and configure the browser according to the instructions of the TP on which you plan to work.

6. No valid certificate found (or no certificate selection shown)

    Install the EDS according to the instructions of the CA

    Check the validity period of the certificate (maybe it has expired)

    Install the root certificate of your CA

    Install CAPICOM with the browser closed

3. Is there a possibility of EDS hacking or forgery?

According to most experts, it is impossible to forge (hack) an EDS - this requires a huge amount of calculations that cannot be implemented with the current level of computer technology and mathematics in an acceptable time, that is, while the information contained in the signed document remains relevant.

Additional protection against forgery is provided by certification by a certification authority of the public key of the signature.

4. An EDS user with administrator rights quit. How to be?

5. Forgot the EDS password. How to recover the key?

Standard passwords: Rutoken 12345678, Etoken 1234567890

If you forgot the password on the rutoken, you need to use the Rutoken console, which is installed along with the driver and is available from the Control Panel (Windows). This applies to the case if the User knows the password (pin-code) of the Administrator, and he needs to unlock the token (reset the counter of the number of incorrectly entered passwords to 0).

If the carrier is a token, you need to contact the CA.

6. How to digitally sign a word file

A document created in Microsoft Office Word is signed with an EDS, the private key of which was generated by the EDS tool no earlier than Crypto-Pro 3.0. Before signing, you need to check the Crypto-Pro core (Start / Control Panel / Crypto-Pro / General. The version of Crypto-Pro will be indicated on the tab and then “build” will stand - this is the core). It is advisable to install the product of the latest build.

Now we sign the document itself

The document must first be saved. In the menu, select Tools / Options / Security / Digital signatures / certificate, click "OK" and sign the document. If the certificate is not registered in Personal, the document cannot be signed. Save the document. Select Office button / Prepare / Add digital signature / Specify the purpose of signing the document (for example, accreditation) / Select signature / sign. The message "This document contains a digital signature" will appear. A red emblem will appear on the panel.

7. Where can I get an EDS for free?

Free EDS receive only state. organizations in the divisions of the Federal Treasury

8. Can an individual receive an electronic signature?

An individual can also receive an EDS. Currently, this service is most in demand for the participation of individuals in auctions on electronic trading platforms for bankruptcy (sale of bankrupt property). To obtain an EDS, individuals need to contact the CA, having with them:

    Passport of a citizen of the Russian Federation;

    Certificate of assignment of TIN.

9. Is there a universal digital signature for general use?

There is currently no universal EDS that would work in electronic auctions (both state and commercial) and with the help of which it would be possible to submit reports.

10. Where can I get training on working with EDS?

You can get training in the training center of the Association of Electronic Trading Platforms. Seminars are held regularly on the territory of most subjects of the Russian Federation.

11. How many days is the EDS done?

12. Can I transfer my digital signature to a colleague during the holidays?

No. Responsibility, according to the Federal Law on EDS, is borne personally by its owner.

13. Help! I deleted the signature from the flash drive, what should I do?

Contact the CA to restore and reissue the EDS

14. Will the contract be valid if I sign it today (my EDS expires tomorrow), and my partner in a week (at the time of signing by the partner, my signature will no longer be valid, but when I signed it, it was still working)?

If the document is signed in accordance with all the rules and the validity of the EDS at the time of signing has not expired, the contract will be valid, but it will be impossible to make changes to it after signing.

15. Can a digital signature issued for tax reporting be used on marketplaces?

No. EDS for tax reporting is not suitable for electronic trading.

16. How do you get an EDS?

EDS Received only personally by the owner of the certificate

17. How to copy a signature from a disk to a USB flash drive?

Copying the private key container:

To copy the private key container, run Start - Programs - CryptoPro - CryptoProCSP and go to the Tools tab. Click the Copy button.

The system will display the "Copy Private Key Container" window

In this window, you must fill in the following input field: Name of the key container - entered manually or selected from the list by clicking the Browse button

Search options:

The entered name specifies the key container - the switch is set to User or Computer, depending on the storage where the container is located;

Select a CSP to search for key containers - the required cryptographic provider (CSP) is selected from the proposed list.

You can also select a container that matches the certificate installed on the system. To do this, instead of the Browse button, click By certificate and select from the list of certificates installed in the user's personal stores, or, if you have administrator rights, on the local computer, the certificate whose container you want to copy;

If a password is set for access to the private key, the system will ask you to enter it. Enter a password and click OK.

The system will display the "Copy private key container" window, in which you must enter the name of the new key container and select the radio button Entered name sets the key container to User or Computer, depending on where you want to place the copied container.

After entering, click Finish. The system will display a window in which you need to select the media for the copied container.

Insert the media into the reader and click OK. The system will display a window for setting a password to access the private key. Enter the password, confirm it, if necessary, set the Remember password flag (if this flag is set, the password will be saved in a special storage on the local computer, and when accessing the private key, the password will be automatically read from this storage, and not entered by the user).

If you liked the material, you can post a link to it on social networks: