Is a personal account password considered an electronic signature? Ecp password Instructions for using the CryptoPro PIN code when signing several documents - Instructions - TEK-Torg JSC Cryptopro PIN code csp where

Tokens, electronic keys for accessing important information, are becoming increasingly popular in Russia. The token is now not only a means for authentication in the operating system of a computer, but also a convenient device for storing and presenting personal information: encryption keys, certificates, licenses, certificates. Tokens are more reliable than a standard “login / password” pair due to the two-factor identification mechanism: that is, the user must not only have an information carrier (the token itself) available, but also know the PIN code.

There are three main form factors in which tokens are issued: a USB token, a smart card, and a key fob. PIN security is most commonly found in USB tokens, although recent USB tokens come with RFID tag capability and an LCD display to generate one-time passwords.

Let us dwell in more detail on the principles of functioning of tokens with a PIN code. A PIN code is a specially set password that breaks the authentication procedure into two stages: attaching a token to a computer and entering the actual PIN code.

The most popular token models in the modern Russian electronic market are Rutoken, eToken from the Aladdin company, and an electronic key from the Aktiv company. Let's consider the most frequently asked questions regarding token PIN codes using the example of tokens from these manufacturers.

1. What is the default PIN?

The table below provides information about the default PIN codes for Rutoken and eToken tokens. The default password is different for different owner levels.

Owner	User	Administrator
Rutoken	12345678	87654321
eToken	1234567890	By default, no administrator password is set. Can be set via control panel for eToken PRO, eToken NG-FLASH, eToken NG-OTP models only.
JaCarta PKI	11111111	00000000
JaCarta GOST	Not set	1234567890
JaCarta PKI/GOST	For PKI functionality: 11111111 When using JaCarta PKI with "Backward compatible" option - PIN - 1234567890 For GOST functionality: PIN code not set	For PKI functionality: 00000000 When using JaCarta PKI with "Backward compatible" option - PIN code is not set For GOST functionality: 1234567890
JaCarta PKI/GOST/SE	For PKI functionality: 11111111 For GOST functionality: 0987654321	For PKI functionality: 00000000 For GOST functionality: 1234567890
JaCarta PKI/BIO	11111111	00000000
JaCarta PKI/Flash	11111111	00000000
ESMART Token	12345678	12345678
IDPrime card	0000	48 zeros
JaCarta PRO/JaCarta LT	1234567890	1234567890

2. Should I change the default PIN? If so, at what point in working with the token?

3. What should I do if the PINs on the token are unknown and the default PIN has already been reset?

The only way out is to completely clear (format) the token.

4. What should I do if the user PIN is blocked?

You can unlock the user PIN through the control panel of the token. To perform this operation, you need to know the administrator PIN.

5. What should I do if the Admin PIN is blocked?

You cannot unlock the Admin PIN. The only way out is to completely clear (format) the token.

6. What security measures have manufacturers taken to reduce the risk of password guessing?

The main points of the security policy for PIN-codes of USB-tokens of Aladdin and Active companies are presented in the table below. After analyzing the data in the table, we can conclude that the eToken will presumably have a more secure PIN code. Rutoken, although it allows you to set a password of just one character, which is unsafe, in other respects it is not inferior to the Aladdin product.

Parameter	eToken	Rutoken
Minimum PIN length	4	1
Composition of the PIN	Letters, numbers, special characters	Numbers, letters of the Latin alphabet
	Greater than or equal to 7	Up to 16
PIN security administration	Eat	Eat
	Eat	Eat

The importance of keeping the PIN code secret is known to all those who use tokens for personal purposes, store their electronic signature on it, trust the electronic key with information not only of a personal nature, but also with the details of their business projects. Tokens of Aladdin and Active companies have pre-installed protective properties and, together with a certain degree of precaution that will be taken by the user, reduce the risk of password guessing to a minimum.

Rutoken and eToken software products are presented in various configurations and form factors. The proposed range will allow you to choose exactly the model of the token that best meets your requirements, whether

When generating certificate and key requests in the "Key generation workstation" program, a window appears where this program (or rather Crypto Pro) prompts you to enter a password (Fig. 8). Offers, but does not force. If the fields are left blank, no password will be set. But users probably think differently and, of course, fill in these fields. Everything would be fine, but then they safely forget what password they entered during generation, and when they have to sign something for the first time, the person falls into a stupor. Then, of course, there is a call to the Treasury asking for help.

Today, in this article, I will tell you how you can remove or change this password. There are two options for removing a password. The first - when the user remembers the old password, the second - when he does not remember. Let's start with the first one. As I mentioned at the beginning of the article, the Crypto Pro program is responsible for the password for the key container. Let's run it by going to the computer control panel (Fig. 1):

In order for you to open the same window as mine, in the upper right corner of the window, select the "Small Icons" view mode. We start Crypto Pro, a window opens (Fig. 2):

Click on the "Service" tab to get to the following window (Fig. 3):

At the bottom of the window there is a button labeled "Change Password". Click on it and get into the following window (Fig. 4):

Here we are offered to select a key container by clicking the "Browse" button. First, do not forget to insert a USB flash drive or other media into your computer with your keys. When you click on the button, the following window will open (Fig. 5):

Select the key carrier we need and click "OK". The following window will open (Fig. 6):

We make sure that we really have the container of the private key we need selected, and click the "Finish" button, after which the password entry window will open (Fig. 7):

Here you need to enter the password that you entered when generating keys and requesting a certificate in the "Key generation workstation" program. It is assumed that you remember it :). We enter, click "OK", the "Remember password" checkbox is not necessary, and we get into the window for entering a new password (Fig. 8):

Here you can not only change the password, but also delete it if you leave the fields blank. If you want to change the password, then think up and enter it twice.

With the case when the user remembers the old password for the container, we figured it out. Let's try to remove the password from the container when it is safely forgotten. This is where the csptest.exe utility will help us, which is included in the Crypto Pro installation kit starting from version 3.6. If you have this program installed, then you have this utility and it is located along the program installation path, i.e. C:\Program Files (x86)\Crypto Pro\CSP (I have a 64-bit OS, if you have 32 bit, then (x86) will be absent in the path). We need to run it from the command line.

To open the command line in Windows 7, you need to get to the desired folder through the explorer, press the "Shift" key on the keyboard, and while holding it, right-click on the desired folder. Everything is illustrated in the picture below (Fig. 9):

In the context menu that appears, select "Open command window" with the left mouse button. In the command window, you must first enter the following command: without square brackets, of course. This command will show us all available private key containers in the form: [\\.\media name\container name]. When we find out the name of our private key container, we need to enter one more command: . Again, no square brackets. In quotes, you must enter the name of your private key container, which you learned in the previous step. Quote marks enter NECESSARILY. This command will show us the saved password, after learning it, we can use the first method to remove or change the password.

All of the above actions were done by me, as evidenced by Figure 10:

I want to note right away that I did not manage to "learn" the password using this method (red line in Fig. 10). But I think that this is due to the fact that the container that I specified in the second command was obtained by copying from media to media using the Crypto Pro menu item "Copy" (Fig. 3). The generation of private keys was carried out on another medium, which is no longer available to me. But the method is working.

If you also fail to remove the password in this way, then the only way left is to revoke the current certificate and generate new keys and a new certificate request. And if you take password protection more seriously, then passwords will not be "forgotten". That's all. Good luck!

And finally ... If you liked this article and you learned something new for yourself from it, then you can always express your gratitude in monetary terms. The amount can be any. It does not oblige you to anything, everything is voluntary. If you still decide to support my site, then click on the "Thank you" button, which you can see below. You will be redirected to a page on my website where you can transfer any amount of money to my wallet. In this case, a gift awaits you. After a successful transfer of money, you can download it.

Is a personal account password considered an electronic signature? EDS password

CryptoPro: view the saved password (pincode) on the EDS private key container

Often, users cannot remember the password (pincode) from the EDS container, which is not surprising when it changes once a year when the EDS key is changed, after which the "remember password" checkbox is checked and the password is never entered again. The saved password can be viewed using the csptest console utility, part of the CryptoPro CSP.

The utility is located in the folder where CryptoPro is installed (C:\Program Files\Crypto Pro\CSP\ by default).

Go to the directory with the program

cd "C:\Program Files\Crypto Pro\CSP\"

We look at the names of the available EDS private key containers:

csptest -keyset -enum_cont -fqcn -verifycontext

the command displays a list of available containers of the form: \\.\<имя считывателя>\<имя контейнера>

After that, we display the saved password for the desired container:

csptest -passwd -showsaved -container"<имя контейнера>"

PS: This method is suitable for CryptoPro 3.6 and higher. In CryptoPro 3.0, the csptest utility does not have the -showsaved option.

PPS: If this method does not help and you have hardware containers (tokens), you can try entering the default password. For rutoken it is 12345678, for eToken 1234567890, for JaCarta PKI/GOST 11111111 (1234567890 if the backward compatibility option is enabled).

PPPS: The whole process can be automated with a regular batch file that extracts passwords from all available keys en masse. Thank you very much. You can download the bat file from here. Batch text:

@echo offSetLocal EnableExtensions EnableDelayedExpansioncopy "C:\Program Files\Crypto Pro\CSP\csptest.exe" >nulchcp 1251if exist %computername%.txt del /f /q %computername%.txtif exist temp.txt del /f /q temp .txtset NameK=""for /f "usebackq tokens=3,4* delims=\" %%a in (`csptest -keyset -enum_cont -fqcn -verifycontext`) do (set NameK=%%a;csptest -passwd -showsaved -container "!NameK!" >> temp.txt)del /f /q csptest.exeset/a $ai=-1set/a $bi=2for /f "usebackq delims=" %%a in ("temp .txt") do @(set "$a=%%a"if "!$a:~,14!"=="AcquireContext" echo:!$a! >> %computername%.txtif "!$a: ~,8!"=="An error" echo:Alas, the key medium is missing or the password was not saved. >> %computername%.txt & echo: >> %computername%.txtif "!$a:~,5! "=="Saved" set/a $ai=1if !$ai! geq 0 set/a $ai-=1 & set/a $bi-=1 & echo:!$a! >> %computername%.txtif !$bi!==0 echo: >> %computername%.txt & set/a $bi=2)del /f /q temp.txtEndLocalecho on

You can download the csptest utility separately for versions 3.6 and 3.9 from here.

Tmie.ru

I can't import my key, how can I find out the password.

Hello! After you have received the keys, you need to install the software. You can read the instructions by following this link: http://pki.gov.kz/index.php/ru/fizicheskie-litsa You can import the keys as follows: If you have Mozilla Firefox browser: Launch the browser, select the Tools tab, Next, in this tab, select Settings. In the settings window that opens, select the Advanced tab, in this tab select Encryption, in it click the View Certificates button. In the window that opens, select the Your certificates tab and import the certificate on the AUTH_RSA algorithm into it. If you have Explorer or Google Chrome, then you need to open the AUTH_RSA key: 1) You are welcomed by the certificate import wizard - Next 2) Import file - Next 3) Password - Enter the password and Next 4) Certificate store - Place all certificates in the following store - Overview : a) Check the box "Show physical storages" b) Find "Personal" in the list, expand the list, select "Registry" - OK - Next 5) Completing the certificate import wizard - Done To import into OPERA: Go to the menu Opera browser "Tools" - "Settings" Select the "Advanced" tab, then "Security" and click on the "Set password" button Enter an arbitrary security password. Remember the password. Click "OK" Click the "Manage certificates" button In the window that appears, select the "Personal" tab and click the "Import" button In the window that appears, select the AUTH_RSA***.p12 file located on the disk media and click the "Open" button Enter the password for the digital signature Click "OK" Standard password for keys 1 to 6 (123456). If you changed it through your personal account on the pki.gov.kz website, then you set the password yourself. If you changed the standard password and forgot the new password, you must apply for a new key and submit the documents to the PSC again.

pkigovkz.userecho.com

CryptoPro view the saved password (pincode) on the EDS private key container

Details Created: 16 May 2016 Updated: 21 June 2017

Recently I ran into a problem in accounting, CryptoPro asked for a pincode for a private key container, for what purpose I don’t remember. The accountant, of course, not remembering any passwords, began flipping through a notebook, poking a dozen flash drives at me and nervously muttering something about religion, government and directors. I also pretended to be a "reindeer" climbed into the Internet and found an easy way to find out the saved password, pincode (if you please), on the container of the private key of the electronic digital signature (EDS).

I was very surprised by the simplicity, and thought that it would not work, but it worked out. Here is a step by step guide:

1. We launch the command line - the keyboard shortcut Windows + R, and then we write cmd. A black window should appear (there are people who call windows signs :))
2. in the command line you need to go to the folder with CryptoPro, in Windows XP you need to type the command cd "C:\Program Files\Crypto Pro\CSP\" (quotes are required). In Windiws 7 the command might be cd "C:\Program Files (x86)\Crypto Pro\CSP\"
3. View the list of EDS private key container names with the csptest -keyset -enum_cont -fqcn -verifycontext command

Now we can view the saved CryptoPro password for the EDS container of interest csptest -passwd -showsaved -container "<имя контейнера>"

I was surprised that it was so easy to recover a forgotten password for an EDS container, I wonder how it is consistent with security requirements, GOSTs, etc.? After such simple manipulations, the accountant began to call me a "programmer", and I considered myself the coolest hacker :)

Add a comment

raboj.su

Questions and answers about EDS - Yvision.kz

What is an ECP?

When receiving any certificate on paper, we put a signature. An electronic document, in order to give it legal significance, also needs to be signed. For this, an electronic digital signature is used - an analogue of a handwritten one. This is not a scanned version of your ordinary signature, the EDS contains digital symbols that confirm the authenticity of the electronic document, its ownership and the invariance of the content.

Why do you need an EPC?

An EDS is needed to request electronic government services and services at any convenient time, without leaving home. And also, it is necessary for registration and authorization on the portals of e-government eGov.kz, public procurement, "Open Government", E-licensing, etc.

How to get an EDS?

In order to obtain registration certificates of the NCA RK (EDS), it is necessary to submit an online application on the website of the NCA RK, having previously installed the NCALayer application on the computer. After that, submit the documents to the Public Service Center of the Republic of Kazakhstan, in accordance with the State Service Standard "Issuance and withdrawal of a registration certificate of the NCA of the Republic of Kazakhstan." Without an approved package of documents, the PSC operator does not have the right to process applications for the issuance of registration certificates by the NCA of the RK (EDS). The applicant must submit the documents to the PSC personally, or using an authorized representative on behalf of the applicant according to a notarized power of attorney. EDS is issued free of charge. More detailed information about this procedure can be found on the official website of the NCA RK.

Why do I need to install the NCALayer application?

Recently, popular browsers have begun blocking Java software from running. The NCALayer application is required to ensure the operation of the EDS signing mechanism using Java in the browser.

What is the difference between EDS keys called AUTH_RSA and RSA?

RSA is a registration certificate intended for signing an electronic document/request. AUTH_RSA is a registration certificate intended for user authentication.

Why is the EDS issued for a period of 1 year?

The validity of all registration certificates of the NCA RK (EDS) is 1 year from the date of their issue. After the expiration of this time, the registration certificates of the NCA RK are invalid. The period of 1 year is set to ensure the strength of cryptographic keys to limit the time period for the possibility of their calculation by intruders.

How to independently extend the validity period of the EDS?

With the help of the existing valid EDS, the user can reissue a new pair of keys without contacting the PSC to confirm the application. Confirmation occurs by signing an online application for the issuance of an EDS with your valid keys. To reissue, use the personal account of the NCA RK user, having previously read the user manual for working in the personal account.

What is a digital signature on an identity card?

The new samples of identity cards have a microchip, as on bank cards. In a special memory area of ​​this chip, you can write an EDS and use it with a card reader. The registration procedure is carried out in any public service center (NJSC State Corporation "Government for Citizens"), as well as with the independent use of a card reader. This device is available in all stores specializing in computer technology. Note: EDS keys are recorded on an identity card only for individuals.

How to change the password for the EDS?

To change the password for EDS keys, you need to use the personal account of the NCA RK user, after reading the instructions.

What should I do if I forgot the EDS password, how to recover it?

If you have forgotten the password for the EDS keys, then it is impossible to recover them. The NCA RK does not store user passwords, and if you lose your password, you need to revoke these EDS keys and go through the standard procedure for obtaining new ones.

––––––

A brief description of the procedure for obtaining an EDS is here - http://egov.kz/cms/ru/information/e...

Instructions for obtaining an EDS and reissuing it can be found here - http://egov.kz/cms/ru/information/h...

Answers to some other questions - http://www.pki.gov.kz/index.php/ru/vopros-answer

www.yvision.kz

Is a personal account password considered an electronic signature? #ep / eps #EDS #ECMJ

Reader's question: The company works on an electronic offer, each client has their own personal account - a login and password are issued. Is this considered a simple EP? Can a QR code be a simple ES?

According to part 2 of Art. 5 of the Federal Law N 63 "On Electronic Signature", a simple ES is an electronic signature, which, through the use of codes, passwords or other means, confirms the fact of the formation of an electronic signature by a certain person. Along with this, on the basis of Part 2 of Art. 6 of the Federal Law N 63, information in electronic form, signed by a simple ES, is recognized as an electronic document, equivalent to a document on paper, signed with a handwritten signature when concluding an agreement between participants in electronic interaction.

Thus, based on the foregoing, the login / password can be considered a simple ES. At the same time, we recommend that in the offer or other documents regulating the work in your personal account, clearly state what in your case is a simple ES, the conditions for its recognition, etc. Examples of such agreements can be found on the Internet (Agreement on the use of a simple ES when servicing clients through a personal account from OTKRITIE Brokerage House OJSC).

In our opinion, the Agreement must contain:

1. Terminology corresponding to the current legislation of the Russian Federation: what is a simple ES, a simple ES key, a simple ES key owner, etc.

2. Conditions for recognizing a document signed with a simple ES, namely that the parties agree to use a simple ES to sign electronic documents, and also recognize that such documents are equivalent to paper documents signed with handwritten signatures, etc.

3. Rules for determining the person who signed the electronic document using a simple ES.

You can also designate a list of documents that will be signed using a simple ES, the rights and obligations of the parties, their responsibilities, etc.

ecm-journal.ru

Working with an electronic signature:: Frequently asked questions:: DOKHOD Client Center:: Financial group "DOHOD"

Working with an electronic signature

1. What is an electronic signature?
2. How to create an electronic signature?
3. How to change the electronic signature?
4. How safe is it to use an electronic signature?
5. I have forgotten the password of the electronic signature key, what should I do?
6. I forgot my password, what should I do?
7. Requirements for a computer for signing documents with an electronic signature

1. What is an electronic signature?

An electronic signature (electronic digital signature) is a requisite of an electronic document that allows you to establish the absence of information distortion in an electronic document from the moment it is signed and verify that the signature belongs to the owner of the electronic signature key certificate. The attribute value is obtained as a result of cryptographic transformation of information using the private key of the signature. An electronic signature is similar to a handwritten signature. The use of an electronic signature in Russia is regulated by federal law No. 63-FZ of April 6, 2011.

2. How to create an electronic signature?

You can create your own electronic signature using the “Key Management” section of the main menu of the system if you have a code word that you must specify in the Client Questionnaire when visiting our office in person or in the process of opening an account online.

In order to create and use an EDS in the system, you must also sign the Agreement on the use of documents in electronic form at the company's office or in any other possible way.

3. How to change the electronic signature?

The electronic signature cannot be changed. However, you can create a new electronic signature key using the "Key Management" section of the main menu of the system. To do this, you will need to enter your code word. After creating a new electronic signature key, your old key will be cancelled.

4. How safe is it to use an electronic signature?

An electronic signature is almost impossible to forge. However, you must take some precautions. Keep the electronic signature key in places inaccessible to unauthorized persons! Do not give the key file and access password to anyone! If you suspect that your electronic signature key may be used by other persons, immediately notify the Company by phone: +7 812 635 68 65. The Client is fully responsible for the safety of the electronic signature key and passwords.

5. I have forgotten the password of the electronic signature key, what should I do?

The password of the electronic signature key cannot be recovered. If you have forgotten it, create a new electronic signature using the "Key Management" section of the main menu of the system. To do this, you will need to enter your code word. After creating a new electronic signature key, your old key will be cancelled.

If you suspect that your electronic signature keys may have been changed by third parties, immediately report this to the customer service department at tel. +7 812 635-68-65 to block access to your account and cancel the electronic signature key.

6. I forgot my code word, what should I do?

The code word cannot be recovered. We cannot send it to your e-mail address or say it over the phone. To change the code word, you need to visit one of our offices in person. Check again how you enter your code word. It must be entered exactly as you wrote it in the Client Questionnaire. Check the letter case (small or large) and keyboard layout (input language, etc.).

7. Computer requirements for signing documents with an electronic signature

The component Java Virtual Machine (JVM, Java virtual machine) must be installed on your computer and enabled in the browser settings, which is needed to launch and operate applets (loadable software modules) for key generation and electronic signature under documents.

Microsoft Internet Explorer usually comes with a Java machine from Microsoft, the Microsoft VM. You can also install a similar component from SUN (SUN Java Virtual Machine browser plug-in), which can be downloaded from the SUN website.

After downloading the file, double-click to launch the installation of the component. After the component is installed, you need to restart your computer.

The service works correctly with Microsoft VM components 3 version 5.0 and higher, as well as Sun Java browser plug-in version 1.4.2_03 and higher, 1.5.0 and higher, 1.6.0 and higher.

You can view information about the installed Java VM component (as well as enable / disable it) in the browser menu "Tools" -\u003e "Internet Options" (Internet Options) on the "Advanced" tab, in the window that opens, look for a section about VM (Microsoft VM or Java (Sun)).

The version of the Microsoft VM component can be viewed in the menu "View" (View) -\u003e "Window of the Java language" (Java console), if the option "Java console enabled" is enabled on the "Advanced" tab.

If you have both Microsoft VM and Sun Java plug-in installed and enabled in your browser, then one of them must be disabled.

If you are using a browser other than Microsoft Internet Explorer, we recommend choosing a Java browser installation package or optionally installing Sun's Java machine.

For Linux users, we recommend that you install Sun's Java Machine version 1.5.0 or later, which can be downloaded from the SUN website.

www.dohod.ru

Working with EDS on the e-government portal

Many different opinions are caused by online services: someone is distrustful, someone thinks it is too complicated, and someone has been successfully using electronic services for a long time, saving their time, money and effort. And the first step towards the productive organization of your time, business and even life is obtaining EDS keys. What is hidden under these magic letters, and how to use them, we will tell in this post.

What is an ECP?

An electronic digital signature (EDS) is an analogue of a handwritten signature, which is used to give an electronic document the same legal force as if this document were on paper with a signature and a sealed seal.

An EDS is a requisite of an electronic document obtained as a result of cryptographic transformation of information using an electronic registration certificate (hereinafter referred to as the Certificate) and an EDS private key.

Simply put, the use of an EDS is a complete replacement for a handwritten signature.

According to the Law of the Republic of Kazakhstan dated January 7, 2003 "On electronic document and electronic digital signature", the concept of "registration certificate" is given, which in international practice is used as a "certificate" or "public key certificate". Basic concepts taken from the above law

• National Certification Center of the Republic of Kazakhstan - a certification center serving participants of "electronic government", state and non-state information systems;
• registration certificate - a document on paper or an electronic document issued by a certification center to confirm the compliance of an electronic digital signature with the requirements established by this Law;
• owner of the registration certificate - an individual or legal entity in whose name the registration certificate is issued, legally owning the private key corresponding to the public key specified in the registration certificate;
• electronic document - a document in which information is presented in electronic digital form and certified by means of an electronic digital signature;
• electronic digital signature - a set of electronic digital symbols created by means of an electronic digital signature and confirming the authenticity of an electronic document, its ownership and the invariance of the content;
• means of electronic digital signature - a set of software and hardware used to create and verify the authenticity of an electronic digital signature;
• public key of an electronic digital signature - a sequence of electronic digital symbols available to any person and intended to confirm the authenticity of an electronic digital signature in an electronic document;
• private key of an electronic digital signature - a sequence of electronic digital symbols known to the owner of the registration certificate and intended for creating an electronic digital signature using electronic digital signature tools.

What are the benefits of using EDS on our portal?

Key advantages when using EDS through the e-government portal:

• The possibility of receiving electronic services of state bodies at any time convenient for you: around the clock, seven days a week;
• The possibility of submitting electronic applications to virtual receptions of state bodies of the region and the republic. The link to the "Electronic requests" service appears in the right block of the portal pages after the user's authorization.

Software Update

At the beginning of May 2012, the team of developers of the National Certification Authority announced the release of an upgraded version of the NCA RK software.

The purpose of the transition to the use of new software is to facilitate the installation of root certificates for businesses and individuals. If earlier users had to resort to the help of Tumar CSP software, which required special efforts during installation and was limited by Windows OS, now, with the new software, everything is much easier.

So what's the difference?

• Root certificate - a certificate belonging to the Certification Authority, with the help of which the validity of others issued by the certificate authority is verified. In order for software, such as an operating system or browser, to correctly validate a user's certificate, the root certificate must first be installed in the browser or operating system.
• Tumar CSP is a software that performed “injection” into the operating system of the Windows family of the GOST cryptographic algorithm, which is not initially supported by them. That is, it was software for the cryptography subsystem of the operating system, and the root certificate is the information used by this very cryptography subsystem.

Previously, the user had to install the Tumar CSP software in a difficult way. And also, it was tied to the Windows operating system, since Tumar CSP fully functioned only on this OS.

From now on, the user only needs pre-installed Java, one of the most common operating systems (Windows XP/Vista/Seven, Linux) and access to the Internet.

Moreover, the entire process “Installing Software - Obtaining EDS - Obtaining Portal Services” is available on Mac OS X. Root certificates for this OS must be downloaded in their pure form. They are available at this link.

This year it is planned to implement the corresponding functionality for the Android OS, then according to the plan - support for iOS and Windows Mobile.

The procedure for obtaining certificates has not changed. Let's represent it in a schematic form:

Brief explanations of the procedure for obtaining a certificate

Let's repeat the description of the process of obtaining NCA certificates. The portal has a page "Obtaining an EDS", which briefly describes the steps and provides links to download the necessary software, user manual and document forms. It contains all the necessary data, both for individuals and for legal entities.

If you want to install the certificate for the first time, then we recommend downloading the user manual, where available and with illustrations, showing the steps of the entire process of obtaining a certificate. You will save yourself from many problems and malfunctions by performing all your actions according to this guide.

For clarity, the presentation of the entire process, from installing certificates to obtaining a certificate of a popular electronic service, I will post screenshots with explanations.

Maybe, on the one hand, it will look like a repetition of instructions, but still, this is the author's own experience in going through this process.

Registration on the portal

Registration on the portal is implemented in the usual, one might even say, very simplified way. I am required to enter my IIN in the required field. After clicking the "Find" link, my full name was automatically entered in the required fields, and it only took me to enter a password and enter my e-mail address to receive notifications.

So, the registration was successful and there were no difficulties at all.

Here we open the first tab and click on the buttons. First, we download the root certificates, which will be installed in 2 clicks, and then you need to download Java from its official website. This site is quite easy to navigate, as is the installation of the software itself. It took no more than ten clicks on the obvious buttons.

After these operations, it is time to apply to the NCA for a certificate. To do this, click on the "Submit online application" button, which will open a special page for submitting an application.

After entering personal data, you must indicate the address of the PSC, which will be convenient for you to go to confirm your identity that it is you (and not someone

The most demanded professions in the north How to open an interest club

Option 1:

The default settings are used, the token PIN is remembered by the system. The least secure option. To do this, when you first request a PIN code, you must check the "Remember pin code" checkbox:

In this case, on this computer, the PIN code will no longer be requested; for signing, you will simply need to select the certificate with which we sign once. The PIN code will be remembered for all actions with the ES, until in the settings of Crypto Pro-Service - Private key passwords - Delete remembered passwords ... they are not deleted.

Option 2:

Using the private key container cache mode.

In the Crypto Pro settings, you must enable the use of the key storage service and caching. Changes to Crypto Pro parameters are made by a user with Administrator rights.

When enabled, the PIN code must be entered when entering the site, then the PIN code will not be requested until the browser is restarted. If you click the "Exit" button on the site, and then go back to it under the same user without closing the browser, then the PIN code will not be requested. If you close the browser and open it again, or enter the site in another browser, then the PIN code is requested (tested in Google Chrome, Internet Explorer).
According to "ЖТЯИ.00087-01 92 01. Instructions for use. Windows.pdf" - Setting security parameters - p.43:"When storing keys in the key storage service, it is possible to use caching of containers of private keys. Caching means that the keys read from the carrier remain in the service's memory. The key from the cache is available even after the key carrier is removed from the reader, as well as after the work of the one that downloaded this application key Each cached key is available to any application running under the same account as the application that cached the key All cached keys are available until the key storage service terminates When the cache is full, the next key is overwritten in place of the cached early key.
Container caching improves application performance by providing faster access to the private key, as the key is read only once.
The cache size specifies the number of keys that can be stored in memory at the same time.
In order to enable caching, you must set the flag in the Enable caching field. You must also set the cache size in the corresponding input field.".

In order for these modes to be enabled, it is necessary to install the “Key storage service” component when installing Crypto Pro on a computer, by default this service is not installed.

Option 3: (Using this option is not recommended when working on the ETP, since more than 100 files can be signed when signing an electronic contract)

The default settings, the highest security level, are used. In this case, when signing contractual documents, a window will be called up for entering a PIN code for signing each document (agreement, annexes, specifications, etc.).

You can change your PIN if you wish.

For this:

1. Go to the "Start" menu - "Control Panel" - "Rutoken Control Panel".
2. Click the Enter PIN button, enter your current PIN, click OK.
3. In the Manage PIN codes tab, click the "Change" button, enter a new PIN code.

Don't forget the new pin code, because no one can tell you.

JaCarta SE/LT

To change the PIN code of the User of the PKI\GOST part:

1.In the JaCarta Unified Client, click on the "Switch to user mode" button

3. Enter the Current User PIN, New User PIN, confirm it and click on the "Execute" button

4. A message should appear indicating that the PIN code has been changed successfully.

To change the Administrator pin code of the PKI\GOST part:

1. In the Jacarta Unified Client, click on the "Switch to Admin Mode" button

2. Select the required PKI\GOST partition

3. Click on the "Change Admin PIN" button

4. Enter the old Admin PIN, new Admin PINs, and click the Run button.

5. A message should appear indicating that the PIN code has been changed successfully.