Computer lessons

How to find out the password for the cryptopro container. The company "maximum" produces seals and stamps - questions about digital signature

This page contains answers to frequently asked questions that arise when working with digital signatures. Select the question you are interested in, open it and strictly follow the instructions.

WOscripts.com - JavaScript - Contractible Headers Script

1. Obtaining an electronic signature

To obtain an electronic signature, you can fill out a registration card on our website (in the “Obtaining an electronic signature” section), or on the website where you learned about us, or contact the nearest CA.

When contacting the CA, you must have the following documents with you:

    identification documents (standard - a copy of the passport);

    documents confirming the existence of a legal entity (TIN certificate, Unified State Register of Legal Entities, etc.);

    power of attorney for the individual granting him the authority to perform certain actions on behalf of the organization;

    upon receipt of an electronic digital signature for the manager, an order of appointment to the position (decision on election).

Additional information required by the CA in accordance with its regulations is not regulated by law. In practice, each CA has its own list of documents for obtaining an electronic signature.

2. EDS does not work

1. The private key on the specified container does not match the public key in the certificate. We check all closed containers; perhaps the wrong one was selected. If we do not find the required container, you need to contact the CA to reissue the digital signature.

2. The certificate is not valid. Install the digital signature according to the instructions of the CA

3. There is no trust in this certificate. You need to install the root certificates of your CA according to the instructions. To do this, they can be downloaded from the AETP website or found on digital media supplied with the digital signature.

4. CryptoPro has expired. You must enter the license key of the CryptoPro program from the documents supplied with the digital signature of your CA.

5. Capicom is not installed Download Capicom and install it with the browser closed and configure the browser according to the instructions of the TP on which you plan to work.

6. No valid certificate found (or certificate selection is not displayed)

    Install the digital signature according to the instructions of the CA

    Check the validity period of the certificate (it may have expired)

    Install the root certificate of your CA

    Install CAPICOM with your browser closed

3. Is there a possibility of hacking or forgery of digital signature?

According to most experts, it is impossible to forge (hack) an electronic digital signature - this requires a huge number of calculations that cannot be implemented with the modern level of computer technology and mathematics in an acceptable time, that is, while the information contained in the signed document remains relevant.

Additional protection against forgery is provided by certification of the public signature key by a certification authority.

4. The digital signature user with administrator rights quit. What should I do?

5. Forgot your EDS password. How to recover the key?

Standard passwords: Rutoken 12345678, Etoken 1234567890

If you have forgotten the password on Rutoken, you need to use the Rutoken console, which is installed along with the driver and is accessible from the Control Panel (Windows). This applies to the case if the User knows the password (pin code) of the Administrator, and he needs to unlock the token (reset the counter for the number of incorrectly entered passwords to 0).

If the carrier is an etoken, you need to contact the CA.

6. How to sign a word file with an electronic digital signature

A document created in Microsoft Office Word is signed with an electronic signature, the private key of which was generated by the electronic signature tool no earlier than version Crypto-Pro 3.0. Before signing, you need to check the Crypto-Pro kernel (Start / Control Panel / Crypto-Pro / General. The tab will indicate the version of Crypto-Pro and then “build” - this is the kernel). It is advisable to install the latest build product.

Now we sign the document itself

The document must first be saved. In the menu, select Tools / Options / Security / Digital signatures / certificate, click “Ok” and sign the document. If the certificate is not registered in Personal, the document cannot be signed. Save the document. Select Office button / Prepare / Add digital signature / Specify the purpose of signing the document (for example, accreditation) / Select signature / sign. The message “This document contains a digital signature” will appear. A red logo will appear on the panel.

7. Where can I get an electronic signature for free?

Only state authorities receive digital signatures free of charge. organizations in divisions of the Federal Treasury

8. Can an individual obtain an electronic signature?

An individual can also receive an electronic signature. Currently, this service is most in demand for the participation of individuals in trading on electronic trading platforms for bankruptcy (sale of bankrupt property). To obtain an electronic signature, individuals need to contact the CA, bringing with them:

    Passport of a citizen of the Russian Federation;

    Certificate of assignment of TIN.

9. Is there a universal digital signature for public use?

At the moment, there is no universal digital signature that would work at electronic auctions (both government and commercial) and with which it would be possible to submit reports.

10. Where can I get training on working with digital signatures?

You can undergo training at the training center of the Association of Electronic Trading Platforms. Seminars are held regularly on the territory of most constituent entities of the Russian Federation.

11. How many days does it take to complete the digital signature?

12. Is it possible to transfer my digital signature to a colleague during vacation?

No. Responsibility, according to the Federal Law on EDS, is borne personally by its owner.

13. Help! I deleted the signature from the flash drive, what should I do?

Contact the CA for restoration and re-issuance of digital signature

14. Will the contract be valid if I sign it today (my digital signature expires tomorrow), and my partner signs it a week later (at the time my partner signs it, my signature will no longer be valid, but when I signed, it was still working)?

If the document is signed according to all the rules and the digital signature has not expired at the time of signing, the agreement will be valid, but it will be impossible to make changes to it after signing.

15. Can a digital signature issued for tax reporting be used on marketplaces?

No. EDS for tax reporting is not suitable for electronic trading.

16. How do you get an electronic signature?

Digital signature is received only personally by the owner of the certificate

17. How to copy a signature from a disk to a flash drive?

Copying a private key container:

In order to copy the private key container, go to Start - Programs - CryptoPro - CryptoProCSP and go to the Tools tab. Click the Copy button.

The system will display the Copy Private Key Container window.

In this window, you must fill in the following input field: Key container name - entered manually or selected from the list by clicking the Browse button

Search options:

The entered name specifies the key container - the switch is set to User or Computer, depending on which storage the container is located in;

Select CSP to search for key containers - the required crypto provider (CSP) is selected from the list provided.

You can also select a container that matches the certificate installed on the system. To do this, instead of the Browse button, you need to click By certificate and select from the list of certificates installed in the user’s personal storages, or, if you have administrator rights, on the local computer, the certificate whose container you want to copy;

If a password is set for access to the private key, the system will ask you to enter it. Enter your password and click OK.

The system will display the “Copy Private Key Container” window, in which you must enter the name of the new key container and select the radio button The entered name sets the key container to User or Computer, depending on the storage in which you want to place the copied container.

After entering, click Finish. The system will display a window in which you must select media for the copied container.

Insert the media into the reader and click OK. The system will display a window for setting a password to access the private key. Enter the password, confirm it, and if necessary, set the Remember password flag (if this flag is set, the password will be saved in a special storage on the local computer and when accessing the private key, the password will be automatically read from this storage and not entered by the user).

If you liked the material, you can post a link to it on social networks:

1. What is an electronic signature?

An electronic signature (electronic digital signature) is a requisite of an electronic document that makes it possible to establish the absence of distortion of information in an electronic document from the moment of its signing and to verify that the signature belongs to the owner of the electronic signature key certificate. The value of the attribute is obtained as a result of cryptographic transformation of information using the private signature key. An electronic signature is analogous to a handwritten signature. The use of electronic signatures in Russia is regulated by Federal Law No. 63-FZ of April 6, 2011.

2. How to create an electronic signature?

You can create your own electronic signature using the “Key Management” section of the main menu of the system if you have a code word, which you must indicate in the Client Questionnaire when visiting our office in person or during the process of opening an account online.

To create and use an electronic digital signature in the system, you must also sign an Agreement on the use of documents in electronic form at the company’s office or in another possible way.

3. How to change an electronic signature?

An electronic signature cannot be changed. However, you can create a new electronic signature key using the “Key Management” section of the system’s main menu. To do this you will need to enter your code word. After creating a new electronic signature key, your old key is canceled.

4. How safe is it to use an electronic signature?

An electronic signature is almost impossible to forge. However, you must take some precautions. Keep the electronic signature key in places inaccessible to unauthorized persons! Do not give the key file and access password to anyone! If you have suspicions that your electronic signature key may be used by other persons, immediately notify the Company by phone: +7 812 635 68 65. The Client bears full responsibility for the safety of the electronic signature key and passwords.

5. I forgot my electronic signature key password, what should I do?

The electronic signature key password cannot be recovered. If you have forgotten it, create a new electronic signature using the “Key Management” section of the system’s main menu. To do this, you will need to enter your code word. After creating a new electronic signature key, your old key is canceled.

If you suspect that your electronic signature keys may have been changed by third parties, immediately notify the customer service department by phone. +7 812 635-68-65 to block access to your account and cancel your electronic signature key.

6. I forgot my code word, what should I do?

The code word cannot be recovered. We cannot send it to your email address or tell you over the phone. To change the code word, you need to come to one of our offices in person. Check again how you enter your code word. It must be entered exactly as you wrote it in the Client Questionnaire. Check the case of letters (small or capital) and keyboard layout (input language, etc.).

7. Computer requirements for signing documents with an electronic signature

On your computer, a component must be installed and enabled in the browser settings - Java Virtual Machine (JVM, virtual Java machine), which is needed to launch and operate applets (downloadable software modules) for generating keys and electronically signing documents.

Microsoft Internet Explorer usually comes with a Java machine from Microsoft - Microsoft VM. You can also install a similar component from SUN (SUN Java Virtual Machine browser plug-in), which can be downloaded from the SUN website.

After downloading the file, double-click to start installing the component. After the component is installed, you must restart your computer.

The service works correctly with components 3 of Microsoft VM version 5.0 and higher, as well as Sun Java browser plug-in version 1.4.2_03 and higher, 1.5.0 and higher, 1.6.0 and higher.

You can view information about the installed Java VM component (and also enable/disable it) in the browser menu “Tools” -> “Internet Options” on the “Advanced” tab, in the window that opens look for the section about VM (Microsoft VM or Java (Sun)).

The version of the Microsoft VM component can be viewed in the menu “View” -> “Java language window” (Java console), if the “Java console enabled” option is enabled on the “Advanced” tab.

If you have both Microsoft VM and Sun Java plug-in installed and enabled in your browser, then one of them must be disabled.

If you use a browser other than Microsoft Internet Explorer, we recommend choosing a browser installation package with Java or additionally installing a Java machine from Sun.

For Linux operating system users, we recommend installing a Java machine from Sun version no lower than 1.5.0, which can be downloaded from

Tokens, electronic keys for accessing important information, are becoming increasingly popular in Russia. A token is now not only a means of authentication in a computer operating system, but also a convenient device for storing and presenting personal information: encryption keys, certificates, licenses, identifications. Tokens are more reliable than the standard “login/password” pair due to the two-factor identification mechanism: that is, the user must not only have a storage medium (the token itself), but also know the PIN code.

There are three main form factors in which tokens are issued: USB token, smart card and key fob. PIN code protection is most often found in USB tokens, although recent models of USB tokens are available with the ability to install an RFID tag and with an LCD display for generating one-time passwords.

Let’s take a closer look at the principles of operation of tokens with a PIN code. A PIN code is a specially defined password that splits the authentication procedure into two stages: attaching a token to the computer and entering the PIN code itself.

The most popular token models on the modern Russian electronic market are Rutoken, eToken from the Aladdin company, and an electronic key from the Aktiv company. Let's look at the most frequently asked questions regarding PIN codes for tokens using the example of tokens from these manufacturers.

1. What is the default PIN?

The table below provides information about the default PIN codes for Rutoken and eToken tokens. The default password is different for different owner levels.

Owner User Administrator
Rutoken 12345678 87654321
eToken
1234567890 By default, no administrator password is set. Can be installed via the control panel only for eToken PRO, eToken NG-FLASH, eToken NG-OTP models.
JaCarta PKI 11111111 00000000
JaCarta GOST Not specified 1234567890
JaCarta PKI/GOST For PKI functionality: 11111111

When using JaCarta PKI with the "Backward Compatibility" option - PIN code - 1234567890

For GOST functionality: No PIN has been set

 		For PKI functionality: 00000000

When using JaCarta PKI with the "Backward Compatibility" option - no PIN is set

For GOST functionality: 1234567890
JaCarta PKI/GOST/SE For PKI functionality: 11111111

For GOST functionality: 0987654321

 		For PKI functionality: 00000000

For GOST functionality: 1234567890
JaCarta PKI/BIO 11111111 00000000
JaCarta PKI/Flash 11111111 00000000
ESMART Token 12345678 12345678
IDPrime card 0000 48 zeros
JaCarta PRO/JaCarta LT 1234567890 1234567890

2. Do I need to change the default PIN? If yes, then at what point in working with the token?

3. What should I do if the PIN codes on the token are unknown and the default PIN code has already been reset?

The only way out is to completely clear (format) the token.

4. What should I do if the user's PIN is blocked?

You can unlock the user's PIN through the token control panel. To perform this operation, you must know the administrator PIN.

5. What should I do if the administrator PIN is blocked?

The administrator PIN cannot be unlocked. The only way out is to completely clear (format) the token.

6. What security measures have manufacturers taken to reduce the risk of password guessing?

The main points of the security policy for PIN codes of USB tokens of the Aladdin and Aktiv companies are presented in the table below. After analyzing the table data, we can conclude that eToken will presumably have a more secure PIN code. Rutoken, although it allows you to set a password of just one character, which is unsafe, in other respects it is not inferior to the product of the Aladdin company.

Parameter eToken Rutoken
Minimum PIN length 4 1

PIN code composition

 Letters, numbers, special characters Numbers, letters of the Latin alphabet
Greater than or equal to 7 Up to 16

Administering PIN Security

 Eat Eat
Eat Eat

The importance of keeping the PIN code secret is known to all those who use tokens for personal purposes, store their electronic signature on it, and trust the electronic key with information of not only a personal nature, but also the details of their business projects. Tokens of the companies “Aladdin” and “Active” have pre-installed security properties and, together with a certain amount of caution that will be exercised by the user, reduce the risk of password guessing to a minimum.

Rutoken and eToken software products are presented in various configurations and form factors. The offered assortment will allow you to choose exactly the token model that best meets your requirements, be it

When generating requests for certificates and keys in the "Workstation for Key Generation" program, a window appears where this program (or rather Crypto Pro) prompts you to enter a password (Fig. 8). He offers, but does not force. If the fields are left blank, then no password will be set. But users probably think differently and, of course, fill out these fields. Everything would be fine, but then they conveniently forget what password they entered when generating it, and when they have to sign something for the first time, the person falls into a stupor. Then, of course, comes a call to the Treasury asking for help.

Today, in this article, I will tell you how you can remove or change this password. There are two options for removing the password. The first is when the user remembers the old password, the second is when he does not remember. Let's start with the first one. As I already mentioned at the beginning of the article, the Crypto Pro program is responsible for the password for the key container. Let's launch it by going to the computer control panel (Fig. 1):



To open the same window as mine, in the upper right corner of the window, select the “Small Icons” view mode. Launch Crypto Pro, a window opens (Fig. 2):



Click on the “Service” tab to get into the following window (Fig. 3):



At the bottom of the window there is a button labeled "Change Password". Click on it and you will be taken to the following window (Fig. 4):



Here we are asked to select a key container using the "Browse" button. First, do not forget to insert a flash drive or other media into your computer with your keys. When you click the button, the following window will open (Fig. 5):



Select the key media we need and click "OK". The following window will open (Fig. 6):



We make sure that we actually have the private key container we need selected, and click the “Finish” button, after which the password entry window will open (Fig. 7):



Here you need to enter the password that you entered when generating keys and requesting a certificate in the Key Generation Workstation program. It is assumed that you remember it :). We enter it, click “OK”, there is no need to check the “Remember password” checkbox, and we get to the window for entering a new password (Fig. 8):



Here you can not only change the password, but also delete it if you leave the fields empty. If you want to change the password, then create and enter it twice.


We have dealt with the case where the user remembers the old password for the container. Let's try to remove the password from the container when it is safely forgotten. Here the csptest.exe utility will help us, which is included in the installation kit of the Crypto Pro program starting from version 3.6. If you have this program installed, then you have this utility and it is located along the program installation path, i.e. C:\Program Files (x86)\Crypto Pro\CSP (I have a 64-bit OS, if you have 32 bit, then (x86) will be missing on the way). We need to run it from the command line.

To open the command line in Windows 7, you need to go through Explorer to the desired folder, press the "Shift" key on the keyboard, and while holding it down, right-click on the desired folder. Everything is illustrated in the picture below (Fig. 9):



In the context menu that appears, you need to select “Open command window” with the left mouse button. In the command window, you must first enter the following command: without square brackets, of course. This command will show us all available private key containers as: [\\.\media name\container name]. Once we know the name of our private key container, we need to enter another command: . Again, no square brackets. In quotes, you need to enter the name of your private key container, which you learned in the previous step. Enter quotation marks NECESSARILY. This command will show us the saved password, once we know it, we can use the first method to delete or change the password.

I carried out all the above actions, as evidenced by Figure 10:



I would like to note right away that I was unable to “find out” the password using this method (red line in Fig. 10). But I think this is due to the fact that the container that I specified in the second command was obtained by copying from media to media using the Crypto Pro program menu item “Copy” (Fig. 3). The generation of private keys was carried out on another medium that was no longer available to me. But the method works.

If you also fail to remove the password in this way, then the only way remains is to revoke the current certificate and generate new keys and a new certificate request. And if you take password protection more seriously, then passwords will not be “forgotten.” That's all. Good luck!

And finally... If you liked this article and learned something new from it, you can always express your gratitude in monetary terms. The amount can be any. This does not oblige you to anything, everything is voluntary. If you still decide to support my site, then click on the “Thank” button, which you can see below. You will be redirected to a page on my website where you can transfer any amount of money to my wallet. In this case, a gift awaits you. After a successful money transfer, you will be able to download it.

Is a password to your personal account considered an electronic signature? Digital signature password

CryptoPro: view the saved password (PIN code) for the EDS private key container

Often, users cannot remember the password (PIN code) for the EDS container, which is not surprising; it changes once a year during a scheduled change of the EDS key, after which the “remember password” checkbox is checked and the password is never entered again. The saved password can be viewed using the csptest console utility, part of CryptoPro CSP.

The utility is located in the folder with CryptoPro installed (by default C:\Program Files\Crypto Pro\CSP\).

Go to the directory with the program

cd "C:\Program Files\Crypto Pro\CSP\"

Let's look at the names of the available EDS private key containers:

csptest -keyset -enum_cont -fqcn -verifycontext

the command displays a list of available containers like: \\.\<имя считывателя>\<имя контейнера>

After this, we display the saved password for the desired container:

csptest -passwd -showsaved -container "<имя контейнера>"

PS: This method is suitable for CryptoPro 3.6 and higher. In CryptoPro 3.0, the csptest utility does not have the -showsaved option.

PPS: If this method does not help and you have hardware containers (tokens), you can try entering the default password. For rutoken it is 12345678, for eToken 1234567890, for JaCarta PKI/GOST 11111111 (1234567890 if the backward compatibility option is enabled).

PPPS: The whole process can be automated with a regular batch file, which extracts passwords en masse from all available keys. Thank you very much. You can download the bat file from here. Body file text:

@echo offSetLocal EnableExtensions EnableDelayedExpansioncopy "C:\Program Files\Crypto Pro\CSP\csptest.exe" >nulchcp 1251if exist %computername%.txt del /f /q %computername%.txtif exist temp.txt del /f /q temp .txtset NameK=""for /f "usebackq tokens=3,4* delims=\" %%a in (`csptest -keyset -enum_cont -fqcn -verifycontext`) do (set NameK=%%a;csptest -passwd -showsaved -container "!NameK!" >> temp.txt)del /f /q csptest.exeset/a $ai=-1set/a $bi=2for /f "usebackq delims=" %%a in ("temp .txt") do @(set "$a=%%a"if "!$a:~,14!"=="AcquireContext" echo:!$a! >> %computername%.txtif "!$a: ~,8!"=="An error" echo:Sorry, the key media is missing or the password was not saved. >> %computername%.txt & echo: >> %computername%.txtif "!$a:~,5! "=="Saved" set/a $ai=1if !$ai! geq 0 set/a $ai-=1 & set/a $bi-=1 & echo:!$a! >> %computername%.txtif !$bi!==0 echo: >> %computername%.txt & set/a $bi=2)del /f /q temp.txtEndLocalecho on

You can download the csptest utility separately for versions 3.6 and 3.9 from here.

Tmie.ru

I can't import my key, how do I find out the password.

Hello! After you have received the keys, you need to install the software. You can familiarize yourself with the instructions by following this link: http://pki.gov.kz/index.php/ru/fizicheskie-litsa You can import keys as follows: If you have a Mozilla Firefox browser: Launch the browser, select the Tools tab, Then in this tab, select Settings. In the settings window that opens, select the Advanced tab, in this tab select Encryption, and click on the View certificates button. In the window that opens, select the Your certificates tab and import a certificate using the AUTH_RSA algorithm into it. If you have Explorer or Google Chrome, then you need to open the AUTH_RSA key: 1) You are greeted by the certificate import wizard - Next 2) Imported file - Next 3) Password - Enter the password and Next 4) Certificate storage - Place all certificates in the following storage - Review : a) Check the box for "Show physical storage" b) Find "Personal" in the list, expand the list, select "Registry" - OK - Next 5) Completing the certificate import wizard - Done To import into OPERA: Go to the menu Opera browser “Tools” - “Settings” Select the “Advanced” tab, then “Security” and click on the “Set password” button Enter a custom security password. Remember your password. Click “OK” Click the “Manage Certificates” button In the window that appears, select the “Personal” tab and click the “Import” button In the window that appears, select the file AUTH_RSA***.p12 located on the disk drive and click the “Open” button Enter the digital signature password Click "OK" Standard password for keys 1 to 6 (123456). If you changed it through your personal account on the website pki.gov.kz, then you set the password yourself. If you have changed the standard password and forgotten the new password, you must apply for a new key and submit the documents to the Public Service Center again.

pkigovkz.userecho.com

CryptoPro view the saved password (PIN code) for the EDS private key container

Details Created: May 16, 2016 Updated: June 21, 2017

Recently I encountered a problem in the accounting department, CryptoPro asked for a PIN code for the private key container, for what purpose I don’t remember. The accountant, of course, not remembering any passwords, began flipping through the notepad, poking me with a dozen flash drives and nervously muttering something about religion, government and directors. I, too, pretended to be a “reindeer” and went online and found a simple way to find out the saved password, PIN code (if you please), for the container of the private key of the electronic digital signature (EDS).

I was very surprised by the simplicity and thought that it wouldn’t work, but it worked. Here are the step-by-step instructions:

  1. We launch the command line - the keyboard shortcut Windows + R, and then write cmd. A black window should appear (there are people who call windows signs :))
  2. in the command line you need to go to the folder with CryptoPro; in Windows XP you need to type the command cd “C:\Program Files\Crypto Pro\CSP\” (quotes are obligatory). In Windiws 7 the command can be like this - cd "C:\Program Files (x86)\Crypto Pro\CSP\"
  3. Let's look at the list of names of EDS private key containers with the command csptest -keyset -enum_cont -fqcn -verifycontext

    4. Now we can view the saved CryptoPro password for the digital signature container of interest csptest -passwd -showsaved -container "<имя контейнера>"

I was surprised that it was so easy to recover a forgotten password for an EDS container, I wonder how this is consistent with security requirements, GOSTs, etc.? After such simple manipulations, the accountant started calling me a “programmer”, and I considered myself the coolest hacker :)

Add a comment

raboj.su

Questions and answers about digital signature - Yvision.kz

What is EDS?

When we receive any certificate on paper, we sign it. An electronic document must also be signed to give it legal significance. For this, an electronic digital signature is used - an analogue of a handwritten one. This is not a scanned version of your ordinary signature; the digital signature contains digital symbols that confirm the authenticity of the electronic document, its ownership and the immutability of its content.

Why do you need an EDS?

An electronic digital signature is needed to request electronic government services at any convenient time, without leaving home. And also, it is necessary for registration and authorization on the e-government portals eGov.kz, government procurement, “Open Government”, E-licensing, etc.

How to obtain an EDS?

In order to obtain registration certificates from the NCA RK (EDS), you must submit an online application on the NCA RK website, having previously installed the NCALayer application on your computer. Then submit the documents to the Public Service Center of the Republic of Kazakhstan, in accordance with the State Service Standard “Issuance and revocation of the registration certificate of the NCA of the Republic of Kazakhstan.” Without an approved package of documents, the PSC operator does not have the right to process applications for the issuance of registration certificates of the NCA RK (EDS). The applicant must submit documents to the Public Service Center in person, or using an authorized representative on behalf of the applicant in accordance with a notarized power of attorney. EDS is issued free of charge. More detailed information about this procedure can be found on the official website of the NCA RK.

Why do you need to install the NCALayer application?

Recently, popular browsers have begun to block the launch of Java software. The NCALayer application is necessary to ensure that the digital signature signing mechanism using Java works in the browser.

What is the difference between digital signature keys called AUTH_RSA and RSA?

RSA is a registration certificate intended for signing an electronic document/request. AUTH_RSA – registration certificate intended for user authentication.

Why is EDS issued for a period of 1 year?

The validity period of all NCA RK registration certificates (EDS) is 1 year from the date of their issue. After this time, the registration certificates of the NCA RK are invalid. The period of 1 year is set to ensure the strength of cryptographic keys to limit the time period for attackers to calculate them.

How can I independently extend the validity period of my digital signature?

Using an existing valid digital signature, the user has access to the function of re-issuing a new pair of keys without contacting the central service center to confirm the application. Confirmation occurs by signing an online application for the issuance of an electronic digital signature with your valid keys. To reissue, use the personal account of the NCA RK user, having previously read the user instructions for working in your personal account.

What is an electronic signature on an identity card?

The new types of ID cards contain a microchip, like on bank cards. You can record your digital signature in a special memory area of ​​this chip and use it using a card reader. The recording procedure is carried out at any public service center (NJSC “State Corporation “Government for Citizens”), as well as when using a card reader independently. This device is available in all stores specializing in computer equipment. Note: EDS keys are recorded on an identity card only for individuals.

How to change the password on the digital signature?

To change the password for digital signature keys, you must use the personal account of the NCA RK user, having previously read the instructions.

What should I do if I forgot my digital signature password, how can I recover it?

If you have forgotten the password for your digital signature keys, it is impossible to recover them. NCA RK does not store user passwords, and if you lose your password, you need to revoke these digital signature keys and go through the standard procedure for obtaining new ones.

––––––

A brief description of the procedure for obtaining an electronic signature is here - http://egov.kz/cms/ru/information/e...

Instructions for obtaining an electronic signature and re-issuing it can be found here - http://egov.kz/cms/ru/information/h...

Answers to some other questions - http://www.pki.gov.kz/index.php/ru/vopros-otvet

yvision.kz

Is a password to your personal account considered an electronic signature? #ep / digital signature #EDS #ECMJ

Reader question: The company operates on an electronic offer; each client has his own personal account - he is issued a login and password. Is this considered a simple electronic signature? Can a simple ES QR code be used?

According to Part 2 of Art. 5 of Federal Law No. 63 “On Electronic Signatures,” a simple electronic signature is an electronic signature that, through the use of codes, passwords or other means, confirms the fact of the formation of an electronic signature by a certain person. At the same time, on the basis of Part 2 of Art. 6 Federal Law No. 63 information in electronic form, signed with a simple electronic signature, is recognized as an electronic document equivalent to a paper document signed with a handwritten signature when concluding an agreement between participants in electronic interaction.

Thus, based on the above, the login/password can be considered a simple electronic signature. At the same time, we recommend that in the offer or other documents regulating work in your personal account, you clearly state what in your case is a simple electronic signature, the conditions for its recognition, etc. Examples of such agreements can be found on the Internet (Agreement on the use of a simple electronic signature when servicing clients through a personal account from OJSC OTKRITIE Brokerage House).

In our opinion, the Agreement must necessarily contain:

1. Terminology corresponding to the current legislation of the Russian Federation: what is a simple ES, a simple ES key, the owner of a simple ES key, etc.

2. Conditions for recognition of a document signed with a simple electronic signature, namely, that the parties agree to use a simple electronic signature to sign electronic documents, and also recognize that such documents are equivalent to paper documents signed with handwritten signatures, etc.

3. Rules for determining the person who signed an electronic document using a simple electronic signature.

You can also indicate a list of documents that will be signed using a simple electronic signature, the rights and obligations of the parties, their responsibilities, etc.

ecm-journal.ru

Working with an electronic signature:: Frequently asked questions:: INCOME Client Center:: Financial group "INCOME"

Working with electronic signatures

  1. What is an electronic signature?
  2. How to create an electronic signature?
  3. How to change an electronic signature?
  4. How safe is it to use an electronic signature?
  5. I forgot my electronic signature key password, what should I do?
  6. I forgot my code word, what should I do?
  7. Computer requirements for signing documents electronically

1. What is an electronic signature?

An electronic signature (electronic digital signature) is a requisite of an electronic document that makes it possible to establish the absence of distortion of information in an electronic document from the moment of its signing and to verify that the signature belongs to the owner of the electronic signature key certificate. The value of the attribute is obtained as a result of cryptographic transformation of information using the private signature key. An electronic signature is analogous to a handwritten signature. The use of electronic signatures in Russia is regulated by Federal Law No. 63-FZ of April 6, 2011.

2. How to create an electronic signature?

You can create your own electronic signature using the “Key Management” section of the main menu of the system if you have a code word, which you must indicate in the Client Questionnaire when visiting our office in person or during the process of opening an account online.

To create and use an electronic digital signature in the system, you must also sign an Agreement on the use of documents in electronic form at the company’s office or in another possible way.

3. How to change an electronic signature?

An electronic signature cannot be changed. However, you can create a new electronic signature key using the “Key Management” section of the system’s main menu. To do this you will need to enter your code word. After creating a new electronic signature key, your old key is canceled.

4. How safe is it to use an electronic signature?

An electronic signature is almost impossible to forge. However, you must take some precautions. Keep the electronic signature key in places inaccessible to unauthorized persons! Do not give the key file and access password to anyone! If you have suspicions that your electronic signature key may be used by other persons, immediately notify the Company by phone: +7 812 635 68 65. The Client bears full responsibility for the safety of the electronic signature key and passwords.

5. I forgot my electronic signature key password, what should I do?

The electronic signature key password cannot be recovered. If you have forgotten it, create a new electronic signature using the “Key Management” section of the system’s main menu. To do this, you will need to enter your code word. After creating a new electronic signature key, your old key is canceled.

If you suspect that your electronic signature keys may have been changed by third parties, immediately notify the customer service department by phone. +7 812 635-68-65 to block access to your account and cancel your electronic signature key.

6. I forgot my code word, what should I do?

The code word cannot be recovered. We cannot send it to your email address or tell you over the phone. To change the code word, you need to come to one of our offices in person. Check again how you enter your code word. It must be entered exactly as you wrote it in the Client Questionnaire. Check the case of letters (small or capital) and keyboard layout (input language, etc.).

7. Computer requirements for signing documents with an electronic signature

On your computer, a component must be installed and enabled in the browser settings - Java Virtual Machine (JVM, virtual Java machine), which is needed to launch and operate applets (downloadable software modules) for generating keys and electronically signing documents.

Microsoft Internet Explorer usually comes with a Java machine from Microsoft - Microsoft VM. You can also install a similar component from SUN (SUN Java Virtual Machine browser plug-in), which can be downloaded from the SUN website.

After downloading the file, double-click to start installing the component. After the component is installed, you must restart your computer.

The service works correctly with components 3 of Microsoft VM version 5.0 and higher, as well as Sun Java browser plug-in version 1.4.2_03 and higher, 1.5.0 and higher, 1.6.0 and higher.

You can view information about the installed Java VM component (and also enable/disable it) in the browser menu “Tools” -> “Internet Options” on the “Advanced” tab, in the window that opens look for the section about VM (Microsoft VM or Java (Sun)).

The version of the Microsoft VM component can be viewed in the menu “View” -> “Java language window” (Java console), if the “Java console enabled” option is enabled on the “Advanced” tab.

If you have both Microsoft VM and Sun Java plug-in installed and enabled in your browser, then one of them must be disabled.

If you use a browser other than Microsoft Internet Explorer, we recommend choosing a browser installation package with Java or additionally installing a Java machine from Sun.

For users of the Linux operating system, we recommend installing a Java machine from Sun version no lower than 1.5.0, which can be downloaded from the SUN website.

www.dohod.ru

Working with digital signatures on the e-government portal

There are many different opinions about online services: some are distrustful, some find it too complicated, while others have been successfully using electronic services for a long time, saving their time, money and effort. And the first step towards productive organization of your time, business and even life is obtaining digital signature keys. We will tell you what is hidden under these magic letters and how to use them in this post.

What is EDS?

An electronic digital signature (EDS) is an analogue of a handwritten signature, which is used to give an electronic document the same legal force as if this document were on paper with a signature and seal.

An electronic signature is a requisite of an electronic document obtained as a result of cryptographic transformation of information using an electronic registration certificate (hereinafter referred to as the Certificate) and the private key of the electronic signature.

Simply put, the use of an electronic signature is a complete replacement for a handwritten signature.

According to the Law of the Republic of Kazakhstan dated January 7, 2003 “On Electronic Documents and Electronic Digital Signatures”, the concept of “registration certificate” is given, which in international practice is used as a “certificate” or “public key certificate”. Basic concepts taken from the above law

  • The National Certification Center of the Republic of Kazakhstan is a certification center serving participants in “electronic government”, state and non-state information systems;
  • registration certificate - a document on paper or an electronic document issued by a certification center to confirm compliance of an electronic digital signature with the requirements established by this Law;
  • owner of the registration certificate - an individual or legal entity in whose name the registration certificate is issued, who lawfully owns the private key corresponding to the public key specified in the registration certificate;
  • electronic document – ​​a document in which information is presented in electronic digital form and certified by means of an electronic digital signature;
  • electronic digital signature - a set of electronic digital symbols created by means of an electronic digital signature and confirming the authenticity of the electronic document, its ownership and immutability of content;
  • electronic digital signature tools - a set of software and hardware used to create and verify the authenticity of an electronic digital signature;
  • public key of an electronic digital signature - a sequence of electronic digital symbols, accessible to any person and intended to confirm the authenticity of an electronic digital signature in an electronic document;
  • private key of an electronic digital signature - a sequence of electronic digital characters known to the owner of the registration certificate and intended for creating an electronic digital signature using electronic digital signature tools.

What are the advantages of using digital signature on our portal?

Key advantages when using digital signature through the e-government portal:

  • The ability to receive electronic services from government agencies at any time convenient for you: around the clock, seven days a week;
  • Possibility of submitting electronic appeals to virtual reception offices of state bodies of the region and the republic. A link to the “Electronic Appeals” service appears in the right block of portal pages after user authorization.

Software Update

At the beginning of May 2012, the development team of the National Certification Center announced the release of an upgraded version of the NCA RK software.

The purpose of the transition to using the new software is to make it easier for legal entities and individuals to install root certificates. If previously users needed to resort to the Tumar CSP software, which required special installation efforts and was limited to Windows OS, now, with the new software, everything is much simpler.

So what's the difference?

  • Root certificate – a certificate belonging to the Certification Authority, with the help of which the authenticity of other certificates issued by the authority is verified. In order for software, such as an operating system or browser, to correctly verify a user's certificate, a root certificate must be pre-installed in the browser or operating system.
  • Tumar CSP is software that “injected” the GOST cryptographic algorithm into the Windows operating system, which is not initially supported by them. That is, it was software for the cryptography subsystem of the operating system, and the root certificate is the information used by this very cryptography subsystem.

Previously, the user had to install Tumar CSP software in a difficult way. And also, it was tied to the Windows operating system, since Tumar CSP fully functioned only on this OS.

From now on, the user only needs pre-installed Java, one of the most common operating systems (Windows XP/Vista/Seven, Linux) and access to the Internet.

Moreover, the entire process “Installing software – Obtaining digital signature – Obtaining portal services” is available on Mac OS X. Root certificates for this OS must be downloaded in their pure form. They are available at this link.

This year it is planned to implement the corresponding functionality for the Android OS, followed by support for iOS and Windows Mobile.

The procedure for obtaining certificates has not been changed. Let's imagine it schematically:

Brief explanations of the procedure for obtaining a certificate

Let us repeat the description of the process of obtaining NCA certificates. The portal has a page “Obtaining digital signature”, which briefly describes the steps and provides links to download the necessary software, user manual and document forms. It contains all the necessary data for both individuals and legal entities.

If you want to install a certificate for the first time, we recommend downloading the user manual, which is available and with illustrations, showing the steps of the entire process of obtaining a certificate. You will save yourself from many problems and malfunctions by performing all your actions according to this guide.

To make the entire process clearer, from installing certificates to receiving a certificate from a popular electronic service, I will post screenshots with explanations.

Perhaps, on the one hand, this will look like a repetition of instructions, but still, this is the author’s own experience in going through this process.

Registration on the portal

Registration on the portal is implemented in the usual, even, one might say, very simplified way. I am required to enter my IIN in the required field. After clicking the “Find” link, my full name was automatically entered into the required fields, and I only needed to specify a password and enter my e-mail address to receive notifications.

So, the registration was successful and there were no difficulties at all.

Here we open the first tab and click on the buttons. First, we download the root certificates, which will be installed in 2 clicks, and then you need to download Java from its official website. This site is completely easy to navigate, as is the installation of the software itself. It took no more than ten clicks on obvious buttons.

After these operations, it’s time to submit an application to the NCA to receive a certificate. To do this, click on the “Submit online application” button, which will open a special page for submitting an application.

After entering your personal data, you must indicate the address of the PSC, which will be convenient for you to go to to confirm your identity that it is you (and not someone else)

The most popular professions in the north How to open a hobby club


More on the topic of the article: