Standard password skb contour. The company "maximum" makes seals and stamps - questions about digital signature

You can change your PIN if you wish.

For this:

1. Go to the "Start" menu - "Control Panel" - "Rutoken Control Panel".
2. Click the Enter PIN button, enter your current PIN, click OK.
3. In the Manage PIN codes tab, click the "Change" button, enter a new PIN code.

Don't forget the new pin code, because no one can tell you.

JaCarta SE/LT

To change the PIN code of the User of the PKI\GOST part:

1.In the JaCarta Unified Client, click on the "Switch to user mode" button

3. Enter the Current User PIN, New User PIN, confirm it and click on the "Execute" button

4. A message should appear indicating that the PIN code has been changed successfully.

To change the Administrator pin code of the PKI\GOST part:

1. In the Jacarta Unified Client, click on the "Switch to Admin Mode" button

2. Select the required PKI\GOST partition

3. Click on the "Change Admin PIN" button

4. Enter the old Admin PIN, new Admin PINs, and click the Run button.

5. A message should appear indicating that the PIN code has been changed successfully.

When generating certificate and key requests in the "Key generation workstation" program, a window appears where this program (or rather Crypto Pro) prompts you to enter a password (Fig. 8). Offers, but does not force. If the fields are left blank, no password will be set. But users probably think differently and, of course, fill in these fields. Everything would be fine, but then they safely forget what password they entered during generation, and when they have to sign something for the first time, the person falls into a stupor. Then, of course, there is a call to the Treasury asking for help.

Today, in this article, I will tell you how you can remove or change this password. There are two options for removing a password. The first is when the user remembers Old Password, the second - when he does not remember. Let's start with the first one. As I mentioned at the beginning of the article, the Crypto Pro program is responsible for the password for the key container. Let's run it by going to the computer control panel (Fig. 1):

In order for you to open the same window as mine, in the upper right corner of the window, select the "Small Icons" view mode. We start Crypto Pro, a window opens (Fig. 2):

Click on the "Service" tab to get to the following window (Fig. 3):

At the bottom of the window there is a button labeled "Change Password". Click on it and get into the following window (Fig. 4):

Here we are offered to select a key container by clicking the "Browse" button. First, do not forget to insert a USB flash drive or other media into your computer with your keys. When you click on the button, the following window will open (Fig. 5):

Select the key carrier we need and click "OK". The following window will open (Fig. 6):

We make sure that we really have the container we need selected private key, and click the "Finish" button, after which the password entry window will open (Fig. 7):

Here you need to enter the password that you entered when generating keys and requesting a certificate in the "Key generation workstation" program. It is assumed that you remember it :). We enter, click "OK", the "Remember password" checkbox is not necessary, and we get into the window for entering a new password (Fig. 8):

Here you can not only change the password, but also delete it if you leave the fields blank. If you want to change the password, then think up and enter it twice.

With the case when the user remembers the old password for the container, we figured it out. Let's try to remove the password from the container when it is safely forgotten. This is where the csptest.exe utility will help us, which is included in the Crypto Pro installation kit starting from version 3.6. If you have this program installed, then you have this utility and it is located along the program installation path, i.e. C:\Program Files (x86)\Crypto Pro\CSP (I have a 64-bit OS, if you have 32 bit, then (x86) will be absent in the path). We need to run it from the command line.

To open command line in Windows 7, you need to get to the desired folder through the explorer, press the "Shift" key on the keyboard, and while holding it, click right click mouse over the desired folder. Everything is illustrated in the picture below (Fig. 9):

In the appeared context menu, you need to select "Open command window" with the left mouse button. In the command window, you must first enter the following command: without square brackets, of course. This command will show us all available private key containers in the form: [\\.\media name\container name]. When we find out the name of our private key container, we need to enter one more command: . Again, no square brackets. In quotes, you must enter the name of your private key container, which you learned in the previous step. Quote marks enter NECESSARILY. This command will show us the saved password, after learning it, we can use the first method to remove or change the password.

All of the above actions were done by me, as evidenced by Figure 10:

I want to note right away that I did not manage to "learn" the password using this method (red line in Fig. 10). But I think that this is due to the fact that the container that I specified in the second command was obtained by copying from media to media using the Crypto Pro menu item "Copy" (Fig. 3). The generation of private keys was carried out on another medium, which is no longer available to me. But the method is working.

If you also fail to remove the password in this way, then the only way left is to revoke the current certificate and generate new keys and a new certificate request. And if you take password protection more seriously, then passwords will not be "forgotten". That's all. Good luck!

And finally ... If you liked this article and you learned something new for yourself from it, then you can always express your gratitude in monetary terms. The amount can be any. It does not oblige you to anything, everything is voluntary. If you still decide to support my site, then click on the "Thank you" button, which you can see below. You will be redirected to a page on my website where you can transfer any amount of money to my wallet. In this case, a gift awaits you. After a successful transfer of money, you can download it.

Option 1:

The default settings are used, the token PIN is remembered by the system. Least safe option. To do this, when you first request a PIN code, you must check the "Remember pin code" checkbox:

In this case, on this computer The PIN code will no longer be requested, for signing it will be necessary just once to select the certificate with which we sign. The PIN code will be remembered for all actions with the ES, until in the settings of Crypto Pro-Service - Private key passwords - Delete remembered passwords ... they are not deleted.

Option 2:

Using the private key container cache mode.

In the Crypto Pro settings, you must enable the use of the key storage service and caching. Changes to Crypto Pro parameters are made by a user with Administrator rights.

When enabled, the PIN code must be entered when entering the site, then the PIN code will not be requested until the browser is restarted. If you click the "Exit" button on the site, and then go back to it under the same user without closing the browser, then the PIN code will not be requested. If you close the browser and open it again, or enter the site in another browser, then the PIN code is requested (checked in Google Chrome, Internet Explorer).
According to "ЖТЯИ.00087-01 92 01. Instructions for use. Windows.pdf" - Setting security parameters - p.43:"When storing keys in the key storage service, it is possible to use caching of containers of private keys. Caching means that the keys read from the media remain in the service's memory. The key from the cache is available even after retrieval key carrier from the reader, as well as after the completion of the application that downloaded this key. Each key from the cache is available to any application that runs under the same account as the application that cached this key. All keys in the cache are available until the key storage service terminates. When the cache is full, the next key is written to the place of the earliest key placed in the cache.
Container caching allows you to increase application performance by more quick access to the private key, because the key is read only once.
The cache size specifies the number of keys that can be stored in memory at the same time.
To enable caching, you must set the flag in the Enable caching field. You must also set the cache size in the corresponding input field.".

In order for these modes to be enabled, when installing Crypto Pro on a computer, install the “Key Storage Service” component, by default this service not installed.

Option 3: (Usage this option not recommended when working on the ETP, since when signing an electronic contract, it is possible to sign more than 100 files)

The default settings, the highest security level, are used. In this case, when signing contractual documents, a window will be called up for entering a PIN code for signing each document (agreement, annexes, specifications, etc.).

And before sending the documents in the personal account of the taxpayer, they entered password for the electronic signature certificate, or to put it plain language signed our Tolmuts with an electronic signature.

Somehow I lost sight of the fact that not everyone knows what it is. The topic is useful both for assistance in creating an electronic signature in your personal taxpayer account and for general education. Considering that many of my readers are pensioners - people of advanced age and not confident enough in communicating with, "I'll put everything on the shelves."

First of all, let's figure out what an electronic signature is for and what is the password for the certificate. Everything is simple here, like a simple signature from a pen, it is needed to give any document legal force. But a simple one can be verified with the one in the passport and, at worst, carry out a handwriting examination of its authenticity. But how to verify and verify electronic? Here everything is much more complicated. But first, about types and types.

Types and types of electronic signatures

I will say right away that there are not a great many species, but only two:

• simple electronic signature;
• reinforced;

A simple one is a username and password. She confirms that it was sent by their owner. And nothing more. We are also interested in enhanced. In addition to identifying the sender, it also confirms that after signing the document has not changed and is equated to a documentary piece of paper with a signed pen.

There are also two types of reinforcements:

• qualified electronic signature;
• unskilled;

An unqualified enhanced electronic signature is created in the tax office and it can be used in document circulation only within the framework of the IFTS! But the use of a qualified signature is much wider, but to obtain it, you must personally contact a certification center accredited by the Ministry of Communications of Russia. And this service is paid.

If you still buy it, then you will have the opportunity to register with the tax authorities without the ordeals. And then enter there using this same signature instead of a login and password when choosing this authorization method. By the way, and also. And of course, sign her all possible electronic documents, including the tax of course.

Next comes the general educational program. If it doesn't interest you, you can skip this section and scroll down. It already says how to create electronic signature in the personal account of the taxpayer and, of course, about the password for the certificate too. And experts in the field of cryptography, please do not judge me strictly for some inaccuracies and simplifications in this opus.

The mechanism for sending documents signed with an enhanced electronic signature

It would be more correct to use the word algorithm instead of mechanism. But I will not frighten the main part of our audience - pensermen with "abstruse" words. And then do not be afraid, I will explain everything. So, how, for example, does Comrade Ivanov hand over the signed documents to the Tax Office? Moreover, so that no one could read and change them. In scientific language, something like this:

First, Ivanov and the Tax Office generate public and private encryption keys. Then they exchange open cards among themselves. At the next stage:

1. Ivanov encrypts the "message" with his private key, and as a result, it is signed.
2. Next, Ivanov encrypts with the public key that the Tax Office had previously sent him what happened after step 1 was completed. Now no outsider will be able to read anything, even if they intercept.
3. After the Tax Office has received Ivanov's "message", she first decrypts it with her private key and sees Ivanov's encrypted document there.
4. Here the "Tax" deciphers it with the help of public key given to her by Ivanov at the very beginning. As a result, Ivanov's signature is verified.

And in the "worker-peasant" language of "appearances and passwords" it will be approximately similar to such an event:

First, Ivanov prepares a suitcase with a spare key and paper with the details signed by himself, and the Tax box also with a spare key. They go to the post office and send parcels to each other. Ivanov puts the key to the suitcase in the parcel, and in valuable letter paper with your details and sends separately. Tax - a box as a parcel and a parcel with one key are also separate.

Ivanov, having received the parcel and the parcel, hides, for example, his signed document in a box and closes it with a key from the received parcel. He puts this secret box in his suitcase and also closes it with his own key. And then he sends this “matryoshka” to the Tax Office by parcel. Keeps the keys to the box and suitcase.

Why it is better to choose the storage of the key in the system of the Federal Tax Service of Russia, I think you will not have any questions. If you have read the explanations, you will have noticed the undeniable advantages of this particular option.

After sending the request, a waiting window with a spinning circle appears. Sometimes it can linger for quite a long time:

Then a window will appear informing you that the certificate has been successfully issued. Here you can open a window with your certificate by clicking on the link "View certificate":

in the window that pops up after that, enter the password that you have already entered twice at the very beginning and the "Next" button:

And in the next window, admire your certificate, see these very details that are checked in the tax office when receiving documents from you. It looks something like this:

Error generating ES certificate

For the first time after the launch of the tax website, this was a fairly common occurrence. Then, as it were, everything “settled down”. Now such "glitches" began to arise again. For example, I find out about this by looking at the traffic statistics of this blog. It increases sharply. And it's all due to the article you're reading right now.

On this occasion, I can only say that the point here, most likely, is not in you and not in the password, but in the congestion of the FTS portal. This is especially evident in the last days of filing tax returns of organizations and other tax payments. individuals. The lion's share of them usually falls on the first quarter, that is, the beginning of the year.

So if the message “Error generating an electronic signature certificate” appeared on your monitor, don’t be too upset. Be patient and try this operation again. Or better yet, come back to it another day. Perhaps the “glitches” will end by this time and you will be lucky.

What to do if you have forgotten the password for accessing the certificate of the electronic signature verification key

Don't be upset. Nothing wrong with that. This is not the password personal account taxpayer, in case of loss of which, you will have to re-visit the IFTS. This is in the event that you did not bother to set a code word to restore it by e-mail.

Everything is much simpler here. Pay attention to the bottom window there is a link "Revoke the current certificate". Feel free to click on it and then create new certificate and you will have a new password:

time and in terms of cost savings. I'm not talking about the fact that this is already a more progressive stage of your business. And do not be upset if you have lost the password for the ES certificate, it can always be restored.

Good luck to you! And see you soon on the pages of the PenserMan blog.

Tokens, electronic keys for access to important information are becoming more and more popular in Russia. The token is now not only a means of authentication in operating system computer, but also a convenient device for storing and presenting personal information: encryption keys, certificates, licenses, identities. Tokens are more reliable standard pair“login / password” due to the mechanism of two-factor identification: that is, the user must not only have an information carrier available (directly the token itself), but also know the PIN code.

There are three main form factors in which tokens are issued: a USB token, a smart card, and a key fob. PIN security is most commonly found in USB tokens, although latest models USB tokens are issued with the ability to install an RFID tag and with a liquid crystal display for generating one-time passwords.

Let us dwell in more detail on the principles of functioning of tokens with a PIN code. PIN code is special given password, which breaks the authentication procedure into two stages: attaching the token to the computer and entering the actual PIN code.

Most popular models tokens in the modern electronic market of Russia - Rutoken, eToken from the Aladdin company, and an electronic key from the Aktiv company. Let's consider the most frequently asked questions regarding token PIN codes using the example of tokens from these manufacturers.

1. What is the default PIN?

The table below provides information about the default PIN codes for Rutoken and eToken tokens. The default password is different for different owner levels.

2. Should I change the default PIN? If so, at what point in working with the token?

3. What should I do if the PINs on the token are unknown and the default PIN has already been reset?

The only way out is to completely clear (format) the token.

4. What should I do if the user PIN is blocked?

You can unlock the user PIN through the control panel of the token. To perform this operation, you need to know the administrator PIN.

5. What should I do if the Admin PIN is blocked?

You cannot unlock the Admin PIN. The only way out is to completely clear (format) the token.

6. What security measures have manufacturers taken to reduce the risk of password guessing?

The main points of the security policy for PIN-codes of USB-tokens of Aladdin and Active companies are presented in the table below. After analyzing the data in the table, we can conclude that the eToken will presumably have a more secure PIN code. Rutoken, although it allows you to set a password of just one character, which is unsafe, in other respects it is not inferior to the product of the Aladdin company.

The importance of keeping the PIN secret is known to all those who use tokens for personal purposes, store their electronic signature on it, trust electronic key information not only of a personal nature, but also the details of their business projects. Aladdin and Aktiv tokens have pre-installed protective properties and, together with a certain degree of precaution that will be taken by the user, reduce the risk of password guessing to a minimum.

Rutoken and eToken software products are presented in various configurations and form factors. The proposed range will allow you to choose exactly the model of the token that best meets your requirements, whether