Key generation arm 1.0 0.41. Installation of key generation arm and creation of keys. Fig.6 Dialog box for selecting a file

In general, this article applies to all versions of the Civil Code automated workplace (stands for Automated workplace key generation), and not just to 1.0.0.37n. I was very surprised to hear that some people had difficulty installing this product. And yet, nevertheless, this is so... I allowed myself to sculpt something here, namely, how I myself installed this program, of course, in pictures. So let's get started...

It should be noted right away: Two programs of this type They don’t live on the same computer. More precisely, they live, but only after a little “dancing with a tambourine,” namely editing Windows registry. But we will not touch on this, so as not to blow the minds of the audience of this site who had a problem installing this program.

Find the program on the Internet. Download and unzip it somewhere on your computer, and as a result you will get a folder with files (picture No. 1):

In this folder we are interested in the setup.exe file. In the picture above, the red arrow points to it. Let's launch it by double-clicking on it and we will see the installation program greeting:

We accept license agreement and we get to the following window, where you need to figure it out a little:

First of all, select the installation type “Full” so as not to bother with “Custom”. Otherwise, you will have to answer a number of more questions. We leave the "Install with default parameters" checkbox for the same reason. Here is the directory where the program will be installed, you can choose another one. I don't recommend it though. What if it comes out a new version(and it will come out sooner or later). Then you have to remember: “Where did you install it?” And you don’t need to remember... In general, click “Next” and get into the following window:

Here the installer informs us that in the list of computer programs "All programs", the OTR\EDS client folder will be created, and that it can be launched from there. Click next:

Well, everything is clear here. The installer has accepted all our changes and is ready to be installed in the selected folder. Click "install":

Well, all that remains is to wait for the program to be installed. If you see the following window, then everything is fine:

It is worth noting that the installer does not create a shortcut to launch the program on the desktop. This can be done manually, as I did. The picture below shows which file the shortcut will link to:

That's all. The installation of the program is complete. I wish you success in your further development...

And finally... If you liked this article and learned something new from it, you can always express your gratitude in monetary terms. The amount can be any. This does not oblige you to anything, everything is voluntary. If you still decide to support my site, then click on the “Thank” button, which you can see below. You will be redirected to a page on my website where you can transfer any amount of money to my wallet. In this case, a gift awaits you. After a successful money transfer, you will be able to download it.

INSTRUCTIONS

on generation of qualified keys

electronic signature(EP)

and sending requests and applications for receiving KSCP
To generate an electronic signature, the user must run the Key Generation Workstation (version no lower than 1.0.0.44n). In the workstation, select “Create a certificate request” (Figure 1):

Picture 1.

A window will open Generating a certificate request and private key(Figure 2).

Figure 2.

To generate a certificate for an individual, check the box “Request for the Applicant’s certificate”

In the window that appears (Figure 3), enter the value “Certificate Owner Roles.”

To work with the SUFD portal (Remote Financial Document Management System), the user specifies all the items except “Testing” from the “ASFC” block, as well as the “Server Authentication” and “Client Authentication” items (in the EDMS software, the “Server Authentication” item is located in the "ASFC" block).

Roles required to work in SUFD.

It is mandatory to set the marked roles.

Figure 3.

To go to the next step of the wizard, click the “Next” button.

In the window that appears (see Figure 4), enter the values:

“Last name” – the surname of the certificate owner is filled in with a capital letter in one word without spaces. Required field.
“Name Patronymic” – the name and patronymic of the certificate owner in the format “Name Patronymic” in two words separated by one space. Required field.
“Country” – filled in with a two-letter country code. For Russia, the default is RU. Required field.
“Name of the subject” – “Novosibirsk region”. Required field
"Name settlement" - "Novosibirsk". Required field.
“Organization” – indicate the full or abbreviated name of the organization.
"Formalized position" - for the right to sign 1, the formalized position “Manager” must be selected, For rights 2 signatures the formalized position “Chief Accountant” must be selected(the formalized position is selected regardless of the actual position of the UPC applicant).
“1st level department” – the field is not filled in.
“2nd level division” – the field is not filled in.
“E-mail” – letters about changes in the status of the certificate and about the expiration of the certificate will be automatically generated to the specified e-mail.

“TIN” – individual taxpayer number. The field is required to be filled in; the TIN of the owner of the electronic signature certificate (individual) is indicated.

“Exported private key” – indicates the possibility of transferring the ES key to another medium (if the value “no” is selected, the container with the key cannot be copied). The default value is "yes".
“SNILS” is a required field to be filled out in accordance with clause 2 of Article 17 of the Federal Law of 04/06/2011 No. 63-FZ “On Electronic Signatures”.

Figure 4.

To go to the next step of the wizard, click the “Next” button.
In the next window (Figure 5), you must set the checkbox in the “Print application for an EDS key certificate” field, since only with this printed form (Application for an electronic signature verification key certificate (hereinafter referred to as the Application)) will a request for key registration be accepted Regional registration center of the Office (Territorial body of the Office) of the Federal Treasury. The requested document will be output in MS Word form, which can then be printed standard means MS Word. Before printing the Application, you must perform the “shorten page” (“page fit”) function (Figure 8) and print the Application on one sheet (on both sides).

Figure 5.

To create an electronic signature key and generate a certificate request, click the “Run” button.

If a password is defined for an electronic signature key, its entry will be required before each operation of accessing the cryptographic protection functions, if it has not been saved in the system.

Figure 6.

When the ES key is generated (a container with the ES key will be created on the key media, and the ES key files will be placed in it (header.key, masks.key, masks2.key, name.key, primary.key, primary2.key ), the system will automatically generate a certificate request – file with extension *.req and will display the path where it will be placed (Figure 7).

!!! You must remember the path or specify the directory to save the certificate request file .

Figure 7.

After determining the directory in which the certificate request file is saved, the certificate request generation wizard will complete its work, and to close it you must click the “Finish” button. The generated Application for a certificate will open in the MS Word window, then it must be printed in two copies using standard MS Word tools (see paragraph 5), signed and stamped by the Organization.

Figure 8.

If the Application for a certificate is printed on 2 sheets, the Organization's seal must be affixed to each sheet, and the signature of the head of the Organization must also be affixed to each sheet of the Application.

After printing the Application, you must fill in the fields (Figure 9, Figure 10):

- “Based on the accession agreement (agreement) dated № to the regulations of the Certification Center of the Federal Treasury and powers of attorney* dated No. - details of the agreement and power of attorney are indicated (in the application for a certificate of the head of the applicant organization, details of the power of attorney are not indicated);

A block of fields containing data about an identity document;

- “Information for suspension of the SKP” - a code word or key phrase is indicated that allows you to identify the owner of the ES certificate without presenting an identification document if it is necessary to suspend the ES certificate.

A request for a certificate in electronic form, together with a printed and completed Application for a certificate, is submitted to the Regional Registration Center (RCC) of the Administration (Territorial Management Body) of the Federal Treasury.

The RCR operator sends it to the ACA (Authorized Certification Center of the Federal Treasury) for confirmation, where, based on the sent request for a certificate, an ES verification key certificate (file with *.cer extension) will be generated.

Programs released by the Treasury are updated very rarely and function very poorly on modern operating systems ah - anyone who has encountered Treasury software will tell you this. The situation is exactly the same with the AWP Key Generation program, released by this government agency for self-generation electronic digital signatures. One of the most common errors encountered Windows users 7, Windows 8, Windows 8.1 and Windows 10, having downloaded and installed any version of the AWP Key Generation program, it sounds like this: Exception EoleSysError in module vcl50.bpl (Error when accessing the OLE registry). Let's look at its causes and solutions.

Error when accessing the OLE registry - how to fix it?

The reason this error appears on operating systems released after Windows XP is a flaw in the program code. If you are working on any of the operating systems that came out later than XP (Windows 7, Vista, Windows 8, Windows 8.1 or Windows 10) - the main and main solution to this problem is to set the compatibility mode for the file cbank.exe, which is located on your computer at C:\FkClnt1\EXE\cbank.exe. Right-click on it and select the drop-down menu item Properties.

If it doesn't help

If this option does not help, then you have problems registering the midas.dll library in the OLE registry. To solve this problem, you need to register the library manually. Click Start, then in the "Search programs and files" field enter: regsvr32 C:\FkClnt1\SYSTEM\midas.dll. Press Enter. A window will appear indicating that the library has been successfully registered.

In rare cases, the problem may be related to how accounts access the registry. To disable it, select: “Start” - “Control Panel” - “ Accounts users" - "User Accounts". Select “Change User Account Control Settings” and move the slider to the bottom position. Reboot your computer and try running AWP Key Generation again.

Instructions for generating an electronic signature key

(version dated September 20, 2016)

On September 1, 2016, a new version of the regulations of the Certification Center of the Federal Treasury, approved by Order No. 280 dated July 25, 2016, came into force. Please familiarize yourself with the updated stages of obtaining certificates
19.09.2016 released a new version 1 Key generation workstation 10.0.0.44 n, it needs to be installed, after uninstalling the previous version.

List of abbreviations used:

AWS	Automated workstation
ASFC	Automated system of the Federal Treasury
GAS	State automated system
GMU	State municipal institution
PPO	Applied software
PC	Personal electronic Calculating machine
CIPF	Means cryptographic protection information
SUFD	Remote financial document management system
TOFK	Territorial body of the Federal Treasury
FC	Federal Treasury

Before you begin, make sure that the following is installed on your workstation:

CIPF “Crypto PRO CSP” (version 3.6 or later);
Key Generation Workstation ( current version AWP Key Generation programs can be downloaded at ftp://ftp.ufk39.ru/RCR/Distrib/ or if CIPF “Continent AP” is connected to home page SUFD portal ( http://10.39.4.123). Attention, if you install the “Key Generation Workstation” on workstation, intended for work in the SUFD software, you must use the instructions for setting up an additional workstation.

ATTENTION!!! Key generation must be carried out in the Key Generation Workstation no lower than version 1.0.0.44 n. Before installing the specified version, it is recommended to remove the previous one.
Skilled the certificate is required to work in all systems (SUFD, CIKZ Continent AP, Procurement website under 223-FZ, UIS (unified information system in the field of procurement) under 44-FZ, State Medical University, State Automated System "Management", GIIS " Electronic budget", portal "State Services", etc.).

Connect a clean formatted key carrier(flash drive, floppy disk, Ru-token, etc.) to system unit PC.

The medium must be taken into account in the “Logbook of computer storage media” (form approved by FAPSI order No. 152 dated June 13, 2001), the form with an example of filling out can be downloaded from the Department’s website.

In the Key Generation Workstation, click the “Create a certificate request” button (see Fig. 1).

Fig.1 Key Generation Workstation

Select the request type (see Fig. 2).

To create a request for an individual – “Request for Applicant’s Certificate”

Fig.2 Dialog box with selection of request type for key generation

In case you already have there is a certificate with dataTIN of an individual, then select “Generate a certificate request based on an existing certificate” (see Fig. 3) and click “Next”.

When lack of certificate, select the required option, and click “Next”, then proceed to paragraph 7 of these Instructions.

IMPORTANT if your previous certificate contained the TIN of a Legal Entity, and you need a certificate for an individual, then NOT select the type “Generate a certificate request based on an existing certificate” because in this case, only a certificate for the Legal Entity will be created; in this case, you need to select the “Request for Applicant Certificate” item and fill in all the parameters manually.

Fig.3 Dialog box with selection of request type for key generation

In the window that appears, click the “Find” button (see Fig. 4) and select previous file certificate (with the extension CER) or a request file (with the extension REQ) (see Fig. 5, Fig. 6, Fig. 7) and click the “Next” button.

Fig.4 Dialog box for selecting a file

Fig.5 Dialog box for selecting a file

Fig.6 Dialog box for selecting a file

Fig.7 Dialog box with selection of request type for key generation

In the window that appears, specify the required user roles (see Fig. 8). If an organization has several powers in the field of placing orders (for example, the Customer and the Financial Authority), for each such power it is necessary to generate SEPARATE KEY . IMPORTANT: for certificate Legal entity Only the Client Authentication role is required, which is mandatory for all types of certificates. Examples of selecting roles for common information systems are given in Appendix 1 to these Instructions.

IMPORTANT: for clients, working in SUFD: if an employee needs to work (for example, create documents) in the SUFD, but is not included in the “Sample Signature Card”, then such an employee needs to obtain a certificate for himself without the right to sign, with the following powers: “Client Authentication” and “ASFC” (only external tick see Appendix 1, Fig. 2).

Fig.8 Dialog box. User roles

In the window that appears, fill in all the required open to record a field (see Fig.9).

Fig.9 Dialog box with the Applicant’s data

“Last Name” - fill in the Applicant’s Last Name.
“Name and Patronymic” - fill in the Applicant’s First and Patronymic (if available), as indicated in the identity document.
“E-mail” - fill in the address Email The applicant, personal information will be sent to this address, for example, login and password for the first login to the information system.
“Position” - to be filled in only for a request for a Legal Entity certificate. When filling out this field for the heads of the organization, it is necessary to take into account the data of the Unified State Register of Legal Entities; for other employees of the organization, it is necessary to be guided by the staffing table.
“Formalized position” - the field becomes active when selecting roles from the “ASFC” group. You must select from 2: “ Supervisor" (if the right of first signature) or " Chief Accountant“(if the right of the second signature), the right of the first or second signature is defined in the document “Card of Sample Signatures” submitted by your organization to the Federal Treasury Department for the Kemerovo Region at the place of service of your account. The only exception is when an employee turned off to the “Sample Signature Card”, but he Signing of separate documents required(non-settlement) in terms of cash services – you must select “ Operator».
“Last name First name Patronymic” - the field is filled in automatically.
“Organization” - fill in only FULL name of company, the name must character by character coincide with information from the Unified State Register of Legal Entities. THE EXCEPTION IS THE NAME OF THE ORGANIZATION ONLY for certificate Legal entity , you need to fill in a short name, provided that the full name is longer 164 characters, in other cases, the full name is filled in if it does not exceed 164 characters.
“1st level division” - to be filled in only when generating a certificate Legal entity.
“2nd level division” - to be filled in only when generating a certificate Legal entity. This field is filled in only if an organization (Legal entity) has separate divisions, for example, Kemerovo State University (Full name is filled in the “Organization” field) has a branch in the city of Belovo (the name of the branch is filled in the “1st level division” field) which has structural divisions “Accounting” (to be filled out in the “2nd level division”) (see Fig. 10).
“Name of the locality” - fill in the name of the locality where the applicant Organization is located, for example, “Tashtagol”.
Address (street, house) – to be filled in only when generating a certificate Legal entity. This field indicates the address of the location of the Legal Entity of the applicant Organization.
“Country” - fill in with the value “RU”.
“Name of the subject” - select “Kemerovo region” from the list.
“TIN” - for a certificate of an individual, fill in with the TIN (12 characters) of the Applicant; for a certificate of a Legal Entity, fill in with the TIN (10 characters, with 2 zeros in front, for example, 004205654585) of the Legal Entity.
“OGRN” – to be filled in only when generating a certificate Legal entity. The value of the OGRN of the Legal entity is indicated.
“SNILS” - the value of the Applicant’s SNILS is indicated.
« Registration number UIS organizations” – the field becomes active only when selected in the previous step when selecting roles from the “working with UIS” section. The field is filled in with the value of the SDR code (customer summary list code), this value can be viewed on the website http:// www. zakupki. gov. ru to search for YOUR organization, in the register of organizations: tab “ Additional Information" - the value "Unique account number of the organization" (11 digits), if there is no specified tab, then in the information "Registration data of the organization" the value is: "SPZ code" (11 digits). (see Fig.11 or Fig.12)
“GMU account number” - the field becomes active when selected in the previous step when selecting roles from the “working with GMU” section. The field is filled in with the value of the GMU account number of the applicant organization; this value can be viewed on the website http:// www. bus. gov. ru in information about the organization “PSU Code” (see Fig. 13) or “Registration number in the list of State Medical University” (see Fig. 14).
“Protection class” - select the value “KS1” if at your workplace (computer) NOT hardware protection systems “Sobol”, “Accord”, etc. were installed. (hardware protection with a random number sensor), “KS2” - if the specified protection is installed.
“Exported private key” - always set to “Yes”.

Obtaining an ES certificate for certain types legal entities

In accordance with the clarifications of the Federal Treasury ( letter of the Federal Treasury dated July 21, 2016 No. 07-04-05/12-529), representatives the following legal entities due to the failure to place the procurement regulations in accordance with the Federal Law of July 18, 2011 No. 223-FZ, it is necessary in the field “ UIS organization registration number» specify the value « 00000000000 »:

Electronic platform operator
Information system operator
An organization that provides services for UIS users
A legal entity carrying out procurement in accordance with Part 4 of Article 5 of the Federal Law of December 30, 2008 N 307-FZ “On Auditing Activities”

After filling out and verifying all fields, click the “Next” button.

Fig. 10. Example of filling out data for a Legal Entity

Fig.11 Dialog box from the site http:// www. zakupki. gov. ru

Fig.12 Dialog box from the site http:// www. zakupki. gov. ru

Fig. 13 Dialog box from the site www. bus. gov. ru. Register of organizations

Fig.14 Dialog box from the site www. bus. gov. ru. Organization registration details

In the window that appears, click “Run” (see Fig. 15)

Fig. 15 Dialog window for key generation workstation

In the next step, you need to select the media type, depending on the media prepared in the first step, see step 1.

IMPORTANT:PROHIBITED write the private key to " Registry».

In the next window (see Fig. 16) enter the password and its confirmation. ATTENTION! Remember the entered password; if you lose it, it cannot be restored. These fields can be left blank, then a password will not be requested when signing with an electronic signature.

Fig. 16 Entering a password for the created private key

The next step is that the system will prompt you to save the certificate request file (see Fig. 17).

Fig.17 Dialog box. Saving a certificate request to a file
This request file must be brought to removable media information (flash drive, floppy disk, etc.), not containing key containers ( private keys) users , to the registration point of the Certification Center of the Federal Treasury, according to the territorial location of your organization.

Both copies of the application must be completed and submitted to the Certification Center of the Federal Treasury, according to the territorial location of your organization.

Fig. 18. Printable form statements

Samples of certification documents are available on information resource on the Internet ftp:// ftp. ufk39. ru, information portal at http://10.39.4.123(in a secure network segment, section Certification Authority), on the official website of the Federal Treasury Department for the Kemerovo Region http://kemerovskaya.roskazna.ru. (section GIS - Certification Authority)

Contact information for the Department of Privacy and Information Security

Federal Treasury Department for the Kemerovo Region:
Head of Department: Opalev Kirill Nikolaevich (384-2) 719-005, e-mail: opalevkn@ ufk39. ru

Deputy Head of Department: Rodionov Stanislav Nikolaevich (384-2) 719-022,

specialists in issuing certificates: (384-2) 719-034,719-164, 719-163,

specialists in working with ES and CIPF tools: (384-2) 719-161, 719-162, 719-022.

e-mail: uuc@ ufk39. ru
Contact details of operators of remote regional registration centers are posted on the Department’s website on the Internet in the GIS–Certification Center–Contacts section

Annex 1

Common examples of distribution of roles for working in various information systems
For all certificates, the Client Authentication role is required. The specified role is the only one for certificate Legal entity.

IMPORTANT only for the section “Working with EIS”!!! for one certificate, only one group of roles from the “Working with UIS” section can be used, for example, “Customer” or “Financial authority” or etc.

Please note that the previously required roles are “Email Protection” and “Server Authentication” are not mandatory roles.

Rice. 1. Mandatory user roles for working in the SUFD with signature rights

Rice. 2. Mandatory user roles for working in the SUFD WITHOUT signature rights

Rice. 3. Possible user roles for working on the site http:// www. bus. gov. ru

Rice. 4. Possible user roles for working on the site http:// www. zakupki. gov. ru within the framework of work under Federal Law No. 44. Personal Area- Customer.

Rice. 5. Possible user roles for working on the site http:// www. zakupki. gov. ru within the framework of work under Federal Law No. 44. Personal account - Financial authority.

Rice. 6. Mandatory role of users to work in GIIS “Electronic Budget”
Change registration sheet

Change date

If you have landed on this page, most likely you need to generate a certificate for the Bus Gov website (bus.gov.ru). This site is supervised by the Federal Treasury of Russia and is necessary primarily for posting information about state (municipal) institutions. The small amount of information on the Internet and the constant congestion of the Treasury telephone lines, coupled with the work schedule that is not always predictable, prompted me to write this article. In it we will learn how to independently use the program AWP Key generation generate signature certificates for the Bus Gov website and what data must be specified during generation.

We generate a certificate for the site bus.gov.ru

The current version of the AWP key generation program at the time of writing is 1.0.0.44n. You can download it, or you can - from the website of the Federal Treasury. Unpack the archive to a location convenient for you, go to the AWP GK 44 folder and run the install.exe file.

After installation, a folder will appear on your desktop OTR, and in it there is a subfolder: EDMS client with label Key generation workstation. Launch it. If an error appears Exception EoleSysError in module vcl50.bpl (Error when accessing the OLE registry)- follow the recommendations described and proceed directly to generating the key.

After successful launch of the shortcut Key generation workstation A window will appear at the top of the screen asking you to create a certificate request.

Click Create a certificate request and select from the menu Request for applicant certificate.

The next generation window will open, in which you must check three checkboxes (in addition to the checkbox Client Authentication), indicating what type of certificate will be generated and what it will be used for. Click on the + item icon Working with GMU and check the boxes as in the next picture.

Next, a window will appear in which you will need to enter information about the applicant - the head of the organization for which you plan to receive an access certificate. The required fields are highlighted in the picture.

The registration number of the State Medical University organization can be found on the Bus State website itself by following the link bus.gov.ru/pub/registry and entering the TIN of the required organization. Below in the search results, if the TIN matches an existing company, a link will be given in which you should click on the “Registration data” tab and in the 8th field Registration number in the list of GMU you will find the required serial number.

Press the D button alley and make sure that the checkbox is ticked Print an application for an EDS key certificate stood. Next, click Execute and indicate the medium on which the key will be written. It is desirable that it be a removable flash drive. Next, the biological random number sensor will start. Move your mouse continuously over this window and randomly press the number and letter buttons on your keyboard to help the system generate a key. When the generation process line reaches the end, you will only have to come up with a password for the certificate and repeat it in the next window. Pressing the button OK you will see a prompt to select the path for the key file with the .req extension. By default this is C:\FkClnt1\EXE\.

Afterwards the document will be generated Application for obtaining a qualified certificate for an electronic signature verification key at the Certification Center of the Federal Treasury which needs to be printed in 2 copies, signed by the responsible person and taken to the Treasury department along with the flash drive on which the key file was recorded. After activating the key, you will be able to work with the Bus Gov website (bus.gov.ru).