Default password for cryptopro. Instructions for using the CryptoPro PIN code when signing several documents - Instructions - TEK-Torg JSC. What is an electronic signature

When generating requests for certificates and keys in the "Workstation for Key Generation" program, a window appears where this program (or rather Crypto Pro) prompts you to enter a password (Fig. 8). He offers, but does not force. If the fields are left blank, then no password will be set. But users probably think differently and, of course, fill out these fields. Everything would be fine, but then they conveniently forget what password they entered when generating it, and when they have to sign something for the first time, the person falls into a stupor. Then, of course, comes a call to the Treasury asking for help.

Today, in this article, I will tell you how you can remove or change this password. There are two options for removing the password. The first is when the user remembers the old password, the second is when he does not remember. Let's start with the first one. As I already mentioned at the beginning of the article, for the password to key container answers the Crypto Pro program. Let's launch it by going to the computer control panel (Fig. 1):

To open the same window as mine, in the upper right corner of the window, select view mode " Small icons". Launch Crypto Pro, a window opens (Fig. 2):

Click on the “Service” tab to get into the following window (Fig. 3):

At the bottom of the window there is a button labeled "Change Password". Click on it and you will be taken to the following window (Fig. 4):

Here we are asked to select a key container using the "Browse" button. First, do not forget to insert a flash drive or other media into your computer with your keys. When you click the button, the following window will open (Fig. 5):

Select the key media we need and click "OK". The following window will open (Fig. 6):

We make sure that we actually have the private key container we need selected, and click the “Finish” button, after which the password entry window will open (Fig. 7):

Here you need to enter the password that you entered when generating keys and requesting a certificate in the Key Generation Workstation program. It is assumed that you remember it :). We enter it, click “OK”, there is no need to check the “Remember password” checkbox, and we get to the window for entering a new password (Fig. 8):

Here you can not only change the password, but also delete it if you leave the fields empty. If you want to change the password, then create and enter it twice.

We have dealt with the case where the user remembers the old password for the container. Let's try to remove the password from the container when it is safely forgotten. Here the csptest.exe utility will help us, which is included in the installation kit of the Crypto Pro program starting from version 3.6. If you have this program installed, then you have this utility and it is located along the program installation path, i.e. C:\Program Files (x86)\Crypto Pro\CSP (I have a 64-bit OS, if you have 32 bit, then (x86) will be missing on the way). We need to run it from the command line.

To open command line in Windows 7, you need to use Explorer to get to the desired folder, press the "Shift" key on the keyboard, and while holding it, right-click on the desired folder. Everything is illustrated in the picture below (Fig. 9):

In the appeared context menu, you need to select “Open command window” with the left mouse button. In the command window, you must first enter the following command: without square brackets, of course. This command will show us all available private key containers as: [\\.\media name\container name]. Once we know the name of our private key container, we need to enter another command: . Again, no square brackets. In quotes, you need to enter the name of your private key container, which you learned in the previous step. Enter quotation marks NECESSARILY. This command will show us the saved password, once we know it, we can use the first method to delete or change the password.

I carried out all the above actions, as evidenced by Figure 10:

I would like to note right away that I was unable to “find out” the password using this method (red line in Fig. 10). But I think this is due to the fact that the container that I specified in the second command was obtained by copying from media to media using the Crypto Pro program menu item “Copy” (Fig. 3). The generation of private keys was carried out on another medium that was no longer available to me. But the method works.

If you also fail to remove the password in this way, then the only way remains is to revoke the current certificate and generate new keys and a new certificate request. And if you take password protection more seriously, then passwords will not be “forgotten.” That's all. Good luck!

And finally... If you liked this article and learned something new from it, you can always express your gratitude in monetary terms. The amount can be any. This does not oblige you to anything, everything is voluntary. If you still decide to support my site, then click on the “Thank” button, which you can see below. You will be redirected to a page on my website where you can transfer any amount of money to my wallet. In this case, a gift awaits you. After a successful money transfer, you will be able to download it.

This page contains answers to FAQ that arise when working with digital signatures. Select the question you are interested in, open it and strictly follow the instructions.

WOscripts.com - JavaScript - Contractible Headers Script

1. Obtaining an electronic signature

To obtain an electronic signature, you can fill out a registration card on our website (in the “Obtaining an electronic signature” section), or on the website where you learned about us, or contact the nearest CA.

When contacting the CA, you must have the following documents with you:

identification documents (standard - a copy of the passport);

documents confirming the existence of a legal entity (TIN certificate, Unified State Register of Legal Entities, etc.);

power of attorney for the individual granting him the authority to perform certain actions on behalf of the organization;

upon receipt of an electronic digital signature for the manager, an order of appointment to the position (decision on election).

Additional information required by the CA in accordance with its regulations is not regulated by law. In practice, each CA has its own list of documents for obtaining an electronic signature.

2. EDS does not work

1. The private key on the specified container does not match the public key in the certificate. We check all closed containers; perhaps the wrong one was selected. If we do not find the required container, you need to contact the CA to reissue the digital signature.

2. The certificate is not valid. Install the digital signature according to the instructions of the CA

3. There is no trust in this certificate. You need to install the root certificates of your CA according to the instructions. To do this, they can be downloaded from the AETP website or found on digital media supplied with the digital signature.

4. CryptoPro has expired. You must enter license key CryptoPro programs from documents supplied with the digital signature of your CA.

5. Capicom is not installed Download Capicom and install it with the browser closed and configure the browser according to the instructions of the TP on which you plan to work.

6. No valid certificate found (or certificate selection is not displayed)

Install the digital signature according to the instructions of the CA

Check the validity period of the certificate (it may have expired)

Install the root certificate of your CA

Install CAPICOM with your browser closed

3. Is there a possibility of hacking or forgery of digital signature?

According to most experts, it is impossible to forge (hack) an electronic digital signature - this requires a huge amount of calculations that cannot be implemented with modern level computer technology and mathematics in an acceptable time, that is, as long as the information contained in the signed document remains relevant.

Additional protection against forgery is provided by certification of the public signature key by a certification authority.

4. The digital signature user with administrator rights quit. What should I do?

5. Forgot your EDS password. How to recover the key?

Standard passwords: Rutoken 12345678, Etoken 1234567890

If you have forgotten the password on Rutoken, you need to use the Rutoken console, which is installed along with the driver and is accessible from the Control Panel (Windows). This applies to the case if the User knows the password (pin code) of the Administrator, and he needs to unlock the token (reset the counter for the number of incorrectly entered passwords to 0).

If the carrier is an etoken, you need to contact the CA.

6. How to sign a word file with an electronic digital signature

Document created in Microsoft Office Word, is signed with an electronic signature, the private key of which was generated by the digital signature tool no earlier than version Crypto-Pro 3.0. Before signing, you need to check the Crypto-Pro kernel (Start / Control Panel / Crypto-Pro / General. The tab will indicate the version of Crypto-Pro and then “build” - this is the kernel). It is advisable to install the latest build product.

Now we sign the document itself

The document must first be saved. In the menu, select Tools / Options / Security / Digital signatures / certificate, click “Ok” and sign the document. If the certificate is not registered in Personal, the document cannot be signed. Save the document. Select Office Button / Prepare / Add digital signature/ Specify the purpose of signing the document (for example, accreditation) / Select a signature / sign. The message “This document contains a digital signature” will appear. A red logo will appear on the panel.

7. Where can I get an electronic signature for free?

Only state authorities receive digital signatures free of charge. organizations in divisions of the Federal Treasury

8. Can an individual obtain an electronic signature?

An individual can also receive an electronic signature. Currently this service most in demand for the participation of individuals in trading on electronic trading platforms for bankruptcy (sale of bankrupt property). To obtain an electronic signature, individuals need to contact the CA, bringing with them:

Passport of a citizen of the Russian Federation;

Certificate of assignment of TIN.

9. Is there a universal digital signature for public use?

A universal digital signature that would work at electronic auctions (both government and commercial) and with the help of which it would be possible to submit reports to this moment does not exist.

10. Where can I get training on working with digital signatures?

You can study at training center Association of Electronic Trading Platforms. Seminars are held regularly on the territory of most constituent entities of the Russian Federation.

11. How many days does it take to complete the digital signature?

12. Is it possible to transfer my digital signature to a colleague during vacation?

No. Responsibility, according to the Federal Law on EDS, is borne personally by its owner.

13. Help! I deleted the signature from the flash drive, what should I do?

Contact the CA for restoration and re-issuance of digital signature

14. Will the contract be valid if I sign it today (my digital signature expires tomorrow), and my partner signs it a week later (at the time my partner signs it, my signature will no longer be valid, but when I signed, it was still working)?

If the document is signed according to all the rules and the digital signature has not expired at the time of signing, the agreement will be valid, but it will be impossible to make changes to it after signing.

15. Can a digital signature issued for tax reporting be used on marketplaces?

No. EDS for tax reporting is not suitable for electronic trading.

16. How do you get an electronic signature?

Digital signature is received only personally by the owner of the certificate

17. How to copy a signature from a disk to a flash drive?

Copying a private key container:

In order to copy the private key container, go to Start - Programs - CryptoPro - CryptoProCSP and go to the Tools tab. Click the Copy button.

The system will display the Copy Private Key Container window.

In this window, you must fill in the following input field: Key container name - entered manually or selected from the list by clicking the Browse button

Search options:

The entered name specifies the key container - the switch is set to User or Computer, depending on which storage the container is located in;

Select CSP to search for key containers - the required crypto provider (CSP) is selected from the list provided.

You can also select a container that matches the certificate installed on the system. To do this, instead of the Browse button, you need to click By certificate and select from the list of certificates installed in the user’s personal storages, or, if you have administrator rights, on the local computer, the certificate whose container you want to copy;

If a password is set for access to the private key, the system will ask you to enter it. Enter your password and click OK.

The system will display the “Copy Private Key Container” window, in which you must enter the name of the new key container and select the radio button The entered name sets the key container to User or Computer, depending on the storage in which you want to place the copied container.

After entering, click Finish. The system will display a window in which you must select media for the copied container.

Insert the media into the reader and click OK. The system will display a window for setting a password to access the private key. Enter the password, confirm it, if necessary, set the Remember password flag (if this flag is set, the password will be saved in a special storage on local computer and when accessing the private key, the password will be automatically read from this store rather than being entered by the user).

If you liked the material, you can post a link to it on social networks:

Option 1:

Default settings are used, the token PIN is remembered by the system. Least safe option. To do this, the first time you request a PIN code, you need to check the “Remember PIN code” checkbox:

In this case, on this computer The PIN code will no longer be requested; to sign, you will simply need to select the certificate with which to sign once. The PIN code will be remembered for all actions with the electronic signature, until in the settings of Crypto Pro-Service - Private key passwords - Delete remembered passwords... they are deleted.

Option 2:

Using caching mode for private key containers.

In the Crypto Pro settings, you must enable the use of a key storage service and caching. Crypto Pro parameters can be changed by a user with Administrator rights.

When enabled, the PIN code must be entered when entering the site; then the PIN code will not be requested until the browser is restarted. If you click the “Exit” button on the site, and then log in again under the same user without closing the browser, the PIN code will not be requested. If you close the browser and open it again, or access the site in another browser, the PIN code is requested (checked in Google Chrome, Internet Explorer).
According to "ZHTYAI.00087-01 92 01. Instructions for use. Windows.pdf" - Setting security parameters - p.43:"When storing keys in the key storage service, it is possible to use caching of containers of private keys. Caching consists in the fact that keys read from the media remain in the service’s memory. A key from the cache is available even after the key media is removed from the reader, as well as after the work of the one who loaded it is completed application key. Each key from the cache is available to any application that runs under the same account as the application that placed this key in the cache. All keys from the cache are available until the key storage service is terminated. When the cache is full, the next key is written in its place. an early key placed in the cache.
Container caching can improve application performance by increasing quick access to the private key, because The key is read only once.
The cache size specifies the number of keys that can be stored in memory at one time.
To enable caching, you must set the checkbox in the Enable caching field. You must also specify the cache size in the corresponding input field."

In order for these modes to be enabled, when installing Crypto Pro on your computer, you must install the “Key Storage Service” component by default this service not installed.

Option 3: (Using this option is not recommended when working on an ETP, since when signing an electronic contract, it is possible to sign more than 100 files)

Default settings are used, the highest level of security. In this case, when signing contractual documents, a window will be called up to enter a PIN code for signing each document (agreement, applications, specifications, etc.).

When using the taxpayer’s online account, a simplified mechanism for document certification has been introduced by electronic signature(EP). Innovations in Lately associated with the installation of a new electronic signature for users old version account. During the registration procedure, an error often occurs when generating a certificate in the taxpayer’s personal account, which can be resolved in several ways.

Scheme for creating an electronic signature

An electronic signature is a strengthened version of confirmation that a document is recognized as valid and is equivalent to a paper form where written initials are placed. During the process of registering an account on the tax service website, it is possible to create an unqualified type of electronic signature with the following properties:

used in document flow within the Federal Tax Service;
The encryption system is characterized by a high level of security.

As mentioned above, an electronic signature was available in the old account, but in the updated version you have to register a new certificate. Moreover, it is proposed to store the registered electronic signature at the user’s station or at the Federal Tax Service service. Due to fraudulent activities, it is recommended to use the latter option, since it is mostly safe and can be used on mobile gadgets. When a taxpayer wants to install an electronic signature on his PC, he will need to ensure that the key is protected with special programs. Responsibility rests with the user.

Instructions for obtaining electronic signature

Following the procedure below, the user will quickly register the certificate. To do this you need:

log in to your personal account (enter login, password or apply data account in State Services);
open your profile - click on the item where your full name and tax identification number are indicated;
in your profile, click on the “Get electronic signature” service;
Mark the right option storage in the list of suggested ones;
set a password combination to open a certificate;
Confirm previously entered data by re-typing;
Click on the “Send request” command.

Attention! When information is sent to the service, “Generation of electronic signature” appears on the page.

Note! The process requires the installation of a program that generates keys. All characteristics are indicated under the “System requirements” item. Versions available for operating systemsWindows AndMacOs.

At the creation stage, there is a function for registering an existing qualified electronic signature. It implies possession of a certificate issued by a certified center, namely: the organization must be accredited by the Ministry of Telecom and Mass Communications of Russia. To successfully work in the taxpayer’s account, data must be exchanged in order to subsequently use the electronic signature in the electronic document management system of the tax service.

A certificate generation error occurs

During the registration process, the user may receive a message: “Error generating certificate.” An incident happens for various reasons:

carrying out technical work on the Federal Tax Service website;
Registration of electronic signature takes a long time in most cases.

Based on reviews from citizens who have been using the electronic signature of the Federal Tax Service for a long time, the conclusion arises that registration of code combinations takes 30 minutes, and in some cases extends to 2 days. Then the question arises of how long it takes to create a taxpayer’s personal account.

Note! When starting the service, a message appears about the duration of registration and the ability to exit the account if necessary, which does not interfere with the procedure for generating data.

Situations cannot be excluded when installation is not completed additional programs to generate codes (the user did not use the link when reading the system requirements). As a result, the service will not be able to find workstation to save information.

Options for solving the problem

If an error problem is identified when generating an electronic signature in the taxpayer’s account, you should resort to one of the methods:

try to download the certificate again - often a secondary or tertiary attempt ends in success, since the system may be reloaded with applications;
familiarize yourself with the schedule of technical work on the Federal Tax Service website and reschedule the procedure for another day;
after submitting your registration request electronic key exit your account, as notification of the certificate assignment will be received upon next authorization;
contact the tax office, presenting your TIN and passport.

It is important to know! Often, the initial launch of certificate generation does not allow obtaining data. However, when the operation is repeated, everything ends successfully. Moreover, the secondary request is made on the same day or a week later.

Viewing certificate details

When the user manages to obtain an electronic signature from the Federal Tax Service, a message appears about the release of keys. There are two options available:

viewing;
review.

If you select View Certificate, you must enter the password you previously set during the registration process. As a result, a window with information opens:

SNILS;
owner;
validity;
number;
publisher;
email address.

And before sending the documents in the taxpayer’s personal account, they entered password for the electronic signature certificate, or to put it in simple language signed our “tolmuts” with an electronic signature.

Somehow I lost sight of the fact that not everyone knows what it is. The topic is useful both for assistance in creating an electronic signature in your personal taxpayer account and for general education. Considering that many of my readers are pensioners - people of advanced age and not confident enough in communicating with, “I’ll sort everything out.”

First of all, let's figure out why an electronic signature is needed and what the password for the certificate is. Everything here is as simple as simple signature from under the pen, it is needed to give any document legal force. But the simple one can be checked against the one in the passport and, at worst, a graphological examination of its authenticity can be carried out. But how to verify and check the electronic one? Here everything is much more complicated. But first, about the types and types.

Types and types of electronic signatures

I’ll say right away that there are not a great many species, but only two:

simple electronic signature;
reinforced;

Simple - this is a login and password. It confirms that it was sent by their owner. And nothing more. We are interested in the reinforced one. In addition to identifying the sender, it also confirms that the document has not been changed since signing and is equivalent to a piece of paper signed with a pen.

There are also two types of reinforced ones:

qualified electronic signature;
unskilled;

The tax office creates an unqualified enhanced electronic signature and it can be used in document flow only within the framework of the Federal Tax Service!

But the use of a qualified signature is much wider, but to obtain it you must personally contact a certification center accredited by the Ministry of Telecom and Mass Communications of Russia. And this service is paid.

If you do purchase it, then you will have the opportunity to register with the tax authorities without going through the ordeal. And then log in using this very signature instead of your login and password when choosing this authorization method. By the way, and in too. And of course, sign all possible electronic documents for her, including the tax office, of course.

This is followed by a general education program. If you are not interested in it, you can skip this section and scroll down. It already describes how to create an electronic signature in a taxpayer’s personal account and also about the password for the certificate. And I ask experts in the field of cryptography not to judge me harshly for some inaccuracies and simplifications in this opus.

It would be more correct to use the word algorithm instead of mechanism. But I will not frighten the main part of our audience - pensermen - with “abstruse” words. And don’t be alarmed, I’ll explain everything. So, how, for example, does Comrade Ivanov hand over signed documents to the Tax Office? Moreover, so that no one can read and replace them. In scientific language something like this:

First, Ivanov and the Tax Office generate public and private encryption keys. Then they exchange open ones among themselves. At the next stage:

Ivanov encrypts the “message” with his private key and as a result it is signed.
Next, Ivanov encrypts with the public key, which was previously sent to him by the Tax Service, what happened after completing point 1. Now no one outside will be able to read anything, even if they intercept it.
After the Tax Service has received Ivanov’s “message”, it first decrypts it with its private key and sees Ivanov’s encrypted document there.
This is where the Tax Office decrypts it using the public key given to it by Ivanov at the very beginning. As a result, Ivanov’s signature is verified.

And in the “worker-peasant” language of “appearances and passwords” it will be approximately similar to the following event:

First, Ivanov prepares a suitcase with a spare key and a paper with his own signed details, and a tax box also with a spare key. They go to the post office and send parcels to each other. Ivanov puts the key to the suitcase in a parcel post, and a paper with his details in a valuable letter and sends it separately. Tax office - a box by parcel and a parcel with one key, also separately.

Ivanov, having received the parcel and parcel, hides, for example, his signed document in a box and closes it with the key from the received parcel. He puts this secret box in his suitcase and also closes it with his own key. And then he sends this “matryoshka” by parcel to the Tax Office. He keeps the keys to the box and suitcase.

Why it is better to choose to store the key in the Russian Federal Tax Service system, I think you will not have any questions. If you have read the explanations, you will have noticed the undeniable advantages of this particular option.

After sending the request, a waiting window with a spinning circle appears. Sometimes it can linger for quite a long time:

Then a window will appear informing you that the certificate has been successfully issued. Here you can open a window with your certificate by clicking on the “View certificate” link:

in the window that pops up after this, enter the password that you already entered twice at the very beginning and the “Next” button:

And in the next window, admire your certificate, look at these same details that are verified by the tax office when they receive documents from you. It looks something like this:

Error generating ES certificate

In the first time after the launch of the tax website, this was a fairly common occurrence. Then everything seemed to “settle down.” Now such “glitches” have begun to arise again. For example, I find out about this by looking at the traffic statistics of this blog. It is increasing sharply. And all due to the article you are reading now.

In this regard, I can only say that the issue here is most likely not with you or the password, but with the overload of the Federal Tax Service portal. This is especially evident in the last days of filing tax returns of organizations and other tax payments of individuals. The lion's share of them usually occurs in the first quarter, that is, the beginning of the year.

So if the message “Error generating electronic signature certificate” appears on your monitor, don’t be too upset. Be patient and try this operation again. Better yet, come back to this another day. Perhaps the “glitches” will end by this time and you will be lucky.

What to do if you have forgotten the password to access the electronic signature verification key certificate

Don't be upset. Nothing wrong with that. This is not the password personal account taxpayer, in case of loss of which, you will have to visit the Federal Tax Service again. This is the case if you did not bother to set a code word to restore it by e-mail.

Everything is much simpler here. Pay attention to the bottom window there is a link “Revoke the current certificate”. Feel free to click on it and after that create a new certificate and you will have New Password:

of your time and in terms of cost savings. I'm not even talking about the fact that this is a more progressive stage in managing your affairs. And don’t be upset if you have lost the password to your electronic signature certificate, you can always recover it.

Good luck to you! And see you soon on the pages of the PenserMan blog.