Using Rutoken allows CryptoPro CSP users to secure key information from unauthorized access. Keys and certificates will be stored in the protected Rutoken file system. But before moving on to setting up a root token, it is very important to understand the digital signature.
About electronic digital signature
An electronic digital signature is special information that is added to an electronic document and makes it possible to verify whether changes were made to the electronic document after it was signed, as well as to guarantee the identification of the person who signed the document. It is possible to add an electronic digital signature to an electronic document using a personal key and special software.
What is a private key? A private key is a set of characters in the form of a computer file. In this case, the private key plays the role of a ballpoint pen when signing a document on paper.
To verify the digital signature on an electronic document, a different set of symbols is used - a public key. Once the certificate is generated, the public key becomes part of it and is not used separately.
A strengthened public key certificate (hereinafter referred to as the certificate) is a document that certifies the authenticity and ownership of the public key to the subscriber. Such a document is issued by an accredited key certification center and exists in electronic form. To verify the digital signature on a document, you must have a signer’s certificate and special software.
The certificate is used to verify the digital signature on a document, is not secret and can be freely distributed via the Internet and other open communication channels. It is impossible to attach an electronic signature to an electronic document using a certificate or to obtain your personal key from it.
As a result, we get the following. One entity signs a document using a private key and special software, and the other verifies the signature on that document using a signer's certificate and special software. In this case, the person who verifies the signature does not need to have his own private key and certificate.
Instructions. Setting up root token. How to install a digital signature certificate
Rutoken is a small USB block designed for secure storage of electronic information, as well as digital signature storage. In order to properly configure Rutoken, you need to download the necessary drivers. You can download them from the official website www.rutoken.ru. After launching the file downloaded from the site, follow the next steps in the installation wizard by clicking “Next”. After completing the installation steps, click “Close” to configure Rutoken, performing a series of operations.
Setting up Rutoken
Step 1
Insert the USB block into the computer
Step 2
Activating the control panel
Step 3
Through the “Administration” tab we find the “Information” button
Step 4
in the window that opens you can see the status of Microsoft Base Smart Card Crypto Provider
If the opposite is “Supported”, then simply continue with “Ok”. If the status is “Activate”, activate the media. “Not supported” means that the media does not support working with EGAIS (Unified State Automated Information System).
Step 5
Select “Settings” in the tab with the same name.
Step 6
For “Rutoken EDS Smart Card” and “Rutoken EDS (2.0)” you need to select the same value - “Microsoft Base Smart Card Crypto Provider”.
Step 7
Rutoken setup is complete
Another important point required during settings is the Rutoken PIN code. By default, a PIN code is generated: 12345678, which must be entered. This makes it possible to avoid confusion with PIN codes and passwords, since it must be entered at each installation.
Before you learn how to install a digital signature certificate on your computer, you will need to download and install a special program. It is called Crypto Pro CSP and should only be downloaded from the official website. The program has paid content, but provides the opportunity to use it free of charge for 3 months. Next, you can begin installing the digital signature certificate itself.
EDS installation is carried out in two ways:
through the subsection “View certificates in the container”
through the subsection “Install personal certificate”
To begin, find the previously downloaded Crypto Pro. Having opened it, you will see a window with sections: “Algorithms”, “Security”, Winlogon, “General”, “Equipment”, “Service”. You need the "Service" tab.
Next we find “Install personal certificate”, and the certificate installation wizard will open in front of you. When setting up, click “Next” almost everywhere. It is possible to select a certificate through the “Browse” button and navigate to it. Also to the storage area.
The second option is sequential actions via “view certificates in the container”. Through “Browse”, select the certificate, click “Next”, “Properties”, “Install certificate”, “Next”, “Finish”. Installation completed successfully.
How to copy digital signature from Rutoken to a flash drive
Writing an electronic signature onto a flash drive is sometimes required to ensure the security of an electronic signature or for transfer to another person. You can also do this using:
the EDS bearer himself -
Rutoken
We open Crypto Pro, and both the flash drive and Rutoken must already be inserted into the computer in advance. In the “Service” tab, click “Copy” and in the window that opens, through “Browse”, select the certificate you need to copy, confirming the action with the “Ok” button. You may need to enter the password and name of the digital signature key copy by clicking “Next” until the “Finish” button appears. A window will open in front of you in which you need to select a flash drive, generate a new password and enter it, copying is completed. Check that a folder with a copy of your certificate appears on the flash drive. In order to copy digital signature from rutoken to rutoken, similar actions are carried out. Only after the “Finish” button select not the flash drive, but the second Rutoken media. At the end, also check if the copy folder appears.
To obtain an electronic signature, please contact our managers by phone or using the feedback form.
In order to check the readiness of the Rutoken key identifier for configuration for working with EGAIS, open the "Rutoken Control Panel" - the "Administration" tab - the "Information" button - and check the status opposite the "Microsoft Base Smart Card Crypto Provider" field:
Supported
This status means that the Rutoken electronic identifier is already ready to be configured by the default crypto provider. Go to the second point of this instruction - “Changing the default crypto provider”
If the status is Supported, go to
If the status next to the "Microsoft Base Smart Card Crypto Provider" field is Activate or Not supported, go to point 2.
2. Enabling crypto provider support for Rutoken digital signature
To check the readiness of the Rutoken key identifier for configuration for working with EGAIS, open the "Rutoken Control Panel" - the "Administration" tab - the "Information" button - and check the status opposite the "Microsoft Base Smart Card Crypto Provider" field:
Activate
If the User or Administrator has a non-default PIN, it will be required to be entered during activation.
Please note that if both PIN codes do not correspond to the default values, to activate you will need to enter the Administrator PIN code, then the User PIN code.
If one or both PINs are unknown, you will need to contact the company that provided you with the Key ID to obtain the PINs.
If it is not possible to find out the current PIN code values, the only option left is to format the Rutoken identifier to set new PIN code values. Please note that when formatting a key ID, all content is permanently deleted.
After the activation procedure, the status in the "Microsoft Base Smart Card Crypto Provider" field should change to "Supported"
To continue setting up the Rutoken key identifier, go to Step 2.
Not supported
The "Not supported" status is displayed if an attempt is made to configure a Rutoken model that is not intended to work with EGAIS, for example or. Only the model is suitable for working with EGAIS
3. Change the default crypto provider
Open "Start" - ("Settings") - "Control Panel" - "Rutoken Control Panel" - "Settings" tab - in the "Crypto provider settings" item, click the "Settings..." button
In the "Crypto Provider Settings" window, for the electronic identifier Rutoken EDS 2.0 you need to select "Microsoft Base Smart Card Provider".
If your computer will generate an RSA key pair, set Microsoft Enhanced RSA and AES Cryptographic Provider in the lower field
To save changes, click "OK".
4. Setting up a workplace for working with the EGAIS portal.
Detailed instructions for generating a transport key in your EGAIS personal account and installing a universal transport module can be viewed.1. The LED on the token may have burned out. To check you should:
- Open “Start” > “Control Panel” > “Rutoken Control Panel” (if this item is missing, you should update the Rutoken driver).
- In the “Rutoken Control Panel” window that opens, you should check whether the token is displayed in the “Readers” item, and whether the “Enter PIN code” (or “Login”) and “Information” buttons are active. If the buttons are active, then the light bulb has simply burned out (this will not affect the operation of Rutoken). If the buttons are inactive, then you need to go to step 2.
2. Connect Rutoken to another USB port.
3. Start/restart the Smart Card service. For this:
- Select Start > Control Panel > Administrative Tools > Services. Find the Smart Card service in the list and check the value in the Status column.
- If the service is running, you should restart it. You need to right-click on the line with the service name and select “Restart”.
- If the service is stopped, you need to start it. To do this, right-click on the line with the service name and select “Run”.
4. Reinstall the Rutoken driver, having first disconnected the media from the computer.
To do this, open the "Start" menu > "Control Panel" > "Add or Remove Programs" (for Windows Vista \ Windows Seven, the "Start" > "Control Panel" > "Programs and Features" menu). In the list, find the "Rutoken" item Drivers" and select "Delete". After removal, you need to restart the computer and install the Rutoken driver again.
5. If reinstalling the driver did not help solve the error, you need to install the driver using the “Device Manager” menu. The installation procedure depends on the operating system you are using. Below are the settings for:
Driver installation for Windows Vista\Windows Seven
2. In the menu that opens, select “Device Manager”.
3. In the window that opens, check if the “Other devices” item, indicated by a yellow icon, is in the list.
4. You need to highlight the line “ruToken” and select “Update drivers”.
6. Click on the “Browse” button, specify the directory C:\Windows\System32\Aktiv Co and click on the “Next” button. The specified directory may be hidden. In this case, you need to select the “Tools” menu > “Folder Options” > “View”, select the “Show hidden files, folders and drives” switch and repeat the directory selection.
7. Wait until the installation is complete and click on the “Close” button.
8. After installing the driver, the device will be displayed in the “USB Controllers” section. The diode on the token should also light up.
Driver installation for Windows XP
1. Right-click on the “My Computer” icon and select “Properties”.
2. In the “System Properties” window, go to the “Hardware” tab and click on the “Device Manager” button.
3. In the window that opens, check if the “ruToken” (or “Unknown device”) element, indicated by a yellow icon, is in the list. You need to right-click on it and select “Update driver”.
4. In the “Hardware Update Wizard” window, select the “Install from a specified location” radio button.
5. In the window that opens, click on the “Browse” button, specify the path to the C:\Windows\system32\Aktiv Co\rt USB directory and click on the “Next” button. The specified directory may be hidden. In this case, you need to select the “Tools” menu > “Folder Options” > “View”, select the “Show hidden files, folders and drives” switch and repeat the directory selection
6. Wait for the installation to complete and click on the “Finish” button.
7. Once the driver installation is complete, the device will appear in the Universal Serial Bus Controllers section. The diode on the token should also light up.
6. If following the instructions did not help fix the error, the token is most likely faulty. To verify this, you should connect Rutoken to a computer on which the driver has never been installed. If the media works correctly, the “Found New Hardware Wizard” should start. If nothing happens when you attach the root token, then the media is most likely faulty and needs to be replaced.
If you have saved a copy of the certificate, you should use it to work in the Kontur.Extern system, having previously installed the certificate. If no copies are saved, you must contact the service center for an unscheduled key replacement.
Website
Sergey, you need to check Rutoken. If, during setup, the status “Not supported” is displayed in the media information window, this means that Rutoken is not intended to work with EGAIS. Most likely, you have Rutoken Lite or Rutoken S. Only Rutoken EDS 2.0 (standard GOST R 34.10-2012) is suitable for working with EGAIS.
Arthur L
Sergey, if it says “not supported”, then you are either downloading from the wrong site and you got a broken version, or you have programs without EGAIS support. It’s better to actually pay extra and install the extended version along with the wizard, it costs a penny, at least look at how to do it in the future. This is a matter of your own safety; you have to sign the documents later.
Anna V.
Dmitry, I didn’t initially try to configure anything myself. I know that it’s a lost cause, not everything is as simple as they say in the instructions. Our specialist spent about three hours fussing, I can imagine how much I would have suffered. I didn’t set up the cash register myself, although it’s much easier there.
Sergey Gress
I downloaded Rutoken, decided not to spend extra money on drivers and set everything up myself. The driver itself downloaded, the icon appeared on the desktop, well, as usual when downloading. Now we need to configure the program for the correct transmission of reports to EGAIS, and this is where the trouble begins. I don’t understand at all, I go to the administration section of the root token, click on information, and it says ACTIVATE. I click on activation, but in response it says NOT SUPPORTED. What are my next steps, what should I do, why did the NOT SUPPORTED status appear and how to get rid of it?
Dmitriy
I set up Rutokol in EGAIS, until a certain point everything went smoothly. But starting from generating the key, I realized that the matter was complicated. I struggled with this key all day and couldn't do anything. According to the schemes, everything is so simple that anyone can do it. But in fact it's just some kind of nightmare. As a result, I called specialists and did everything without any problems without any diagrams or algorithms.
Vladimir
Alena, there are differences. USB tokens JaCarta and eToken perform similar functions, but the main difference between them is that the software components for Rutoken EDS 2.0 will have to be downloaded and installed separately. While its analogues have the software necessary for operation already included in a single software module PKI Client. Another difference is the price. With Rutoken it costs an average of 300-500 rubles. below. Otherwise the difference is insignificant. All media have two-factor authentication to protect account access. They support encryption using hardware cryptography - during use, the key does not leave the media, so the data is inaccessible to unauthorized persons. Suitable for Windows, Mac, Linux OS.
Alyona
Why is Rutoken better than other drivers? I used to have JaCarta, it seems to be ok too. Now everyone is running to this rutoken, I don’t understand what’s wrong with it. What features does this driver have in general? Is it the same price as others or more expensive? How is it even different from my old JaCarta? Maybe someone who already uses it can tell me. I wouldn’t want to throw money away and end up with nothing new.