What to do if you forgot your ESP password. You can issue an electronic signature through the "Personal account of the taxpayer - an individual How to restore the private key of the digital signature

In multifunctional centers, starting from 2017, it is possible to obtain an electronic (digital) signature key, it is easy to issue an EDS to an individual at the MFC, the process does not require large time and money costs.

Since April 6, 2011, Federal Law No. 63 FZ has been in force throughout Russia, regulating the creation and use of such signatures.

He came to replace the invalid No. 1-FZ. Many people are interested in why an electronic signature is needed, what advantages it gives.

In this review, we will talk about all the legal and everyday nuances associated with obtaining, using and recovering signatures.


Free legal advice

In the era of the development of cryptography (encryption), experts have created programs whose algorithms generate multi-character complex combinations. To use the system, a bunch of two keys is used - public and private.

The first user forwards to those with whom he plans to exchange confidential data. The second is used by the owner himself. It allows you to send certificates to other people and certify the authenticity of official papers.

Both options are software products that have an expiration date. Upon completion, it needs to be replaced. This is reminiscent of the operation of licenses for antivirus programs for which you need to extend the period of use. This restriction ensures the safety of users.

Hacking and forging a file is so difficult and costly that in the vast majority of cases, attackers simply do not have such resources.

The main scope of application is the confirmation of the authenticity of documents for various purposes, filled in by individuals (private citizens) or legal entities (enterprises and organizations). We are talking about a complete analogue of a personal painting, which has the same legal force in any instances.

Types of EDS and their differences

Let's move on to a more detailed consideration of the point about what electronic signatures are, and how they differ. The first option is a simple email. signature.

It can be used to work on the websites of government services or used for the internal affairs of the company related to the signing of orders, resolutions, correspondence.

The only purpose is to confirm the actual authorship. This option has no legal force at the state level.

A more advanced version, which has protection that guarantees authenticity and authorship, is called an unqualified electronic signature.

It can be used for internal and external (by mutual agreement) workflow. When making such software product new generation cryptographic systems are used.

The most effective and legally recognized is the qualified signature, abbreviated KEP. With its help, you can submit declarations to the tax office, work with the site pension fund to participate in the auction.

The level of protection in this case is maximum, because. cryptographic systems used for keys are tested by FSB experts and certified by security authorities.

Using a qualified ES, you restrict access to confidential documents, get protection from theft important information, incl. industrial espionage.

List of documents for obtaining an electronic digital signature

Some users are not aware of what documents are needed to obtain an EDS. The fact is that ordinary people, entrepreneurs and company executives will have a different list of required papers.

In the first case, it is enough to write an application, attaching to it a receipt and a photocopy of the passport, certified by a notary. The second one is more difficult:

  • Order on the appointment of the head of the enterprise (certified copy);
  • Passport of the person submitting the application (original);
  • If a third party is filing the application, a power of attorney in his name is required;
  • Charter of the enterprise (certified copy);
  • Payment statement.

The registration process is fast. On average, the production takes no more than three days from the date of application. Applications are always considered in order of priority, and this happens without a hitch.

Receipt through multifunctional centers

Often people simply do not know where the accredited EDS issuing service is located, and are interested in whether it is possible to get electronic signature through the MFC at the place of residence.

Experts answer that such a possibility really exists. By contacting the center of municipal services, any citizen or representative of a legal entity will be able to receive the keys within ten working days from the date of application. These services have been provided since 2017.

To apply, you need to make an appointment by phone hotline 88005505030 or come to the branch to take an electronic queue ticket.

Upon arrival, you will need to write an application according to the model that will be given to you on the spot. You also need to have with you, a passport and. The service is free for the public.

The procedure is extremely simple. First, you register on the website of the certification center, choose the registration service, prepare the above papers, pay for the service convenient way(bank, terminal, Visa card or MasterCard).

There are several ways to obtain an electronic signature for individuals, and they differ in purpose.

How to make an electronic signature for public services

Free legal advice

If you need to use the capabilities of the gosuslugi.ru website, work with the portals of the tax service and Rosreestr, you will need a qualified signature. With its help, a citizen can carry out the following operations:

  • Get or replace a civil or, TIN;
  • Request information on income, debts, fines in the tax and;
  • Receive in electronic form;
  • Check the account in the Pension Fund of the Russian Federation;
  • Register or de-register in the city, carry out similar operations with a car;
  • Apply to a university in another city;
  • Conclude contracts for remote work;
  • Participate in the electronic trading system throughout the country;
  • Register ;
  • Obtain a license, a patent.

You can get an EDS of this type in certification centers. Cost - 950 rubles. To do this, you will need to perform the following set of actions:

  • Visit the official website of the NCA RF and go through a quick registration procedure;
  • In your personal account, indicate where you live and where you want to receive an EDS;
  • Specify for what tasks it is planned to use;
  • Request an invoice and pay it in a convenient way;
  • Arrive at the place of receipt at the specified time with a package of necessary documents.

Thus, one can easily make an individual an electronic signature for public services and other tasks related to official document flow and various designs. As you can see, there is nothing complicated in this process, and it will take a little time.

EDS and distribution of powers

Often the signature belongs to a legal entity - more precisely, the head of the company or the owner of the business. But at the same time, all the main “current” tasks are performed by his deputy, the head of the legal department or another official in the company.

In this case, a natural question arises - how to issue a power of attorney for the use of an electronic signature by another person? Is such a procedure possible in principle?

Yes, this possibility is provided and fixed by law. In accordance with the Regulations on the use of EDS dated December 27, 2012, legal entities has the right to appoint authorized representatives who, in turn, will use special ES.

An application with a power of attorney is submitted to the certification center (you can download a sample here). After that, certificates will be issued to the representative.

Loss of digital signature and procedures related to restoration

Your laptop has been stolen or HDD was damaged and cannot be restored. What to do in this case To How to restore an electronic signature in the prescribed manner? If the key is lost, then it cannot be restored. You will have to apply for a new one.

The essence is the same as for the initial treatment. There is also no difference in timing. You simply repeat the previous procedure. Please notify everyone of these changes. Use funds backup storage, such as portable flash drives, to avoid unnecessary hassle.

If necessary, you can use the help of specialists who will help you quickly and competently collect all the necessary documents and issue or restore electronic digital signature in the shortest possible time.

When installing the EDS key into the operating system for the first time, you must enter a personal access password. With its help, access to the contents of the rutoken and the program (namely - CryptoPro CSP) is able to interact with it. In the future, this PIN will not be requested again when used on the same PC. What to do if the access code has been forgotten or lost? How to recover the EDS password?

Rules for using a personal password

In most certification centers, when issuing USB tokens, a standard access code is set on them (it is assigned automatically).

  • for rutokens it is 12345678;
  • for
    eToken - 1234567890;
  • for smart cards (
    JaCarta - 11111111
    .

It is they that will need to be entered when the certificate key carrier is first connected to the PC and when it is subsequently installed into the environment. operating system. Naturally, the user, at his discretion, in the future can change the password to any other using the current version of the CryptoPro CSP.

In some certification centers, the EDS password is set by default to a different one or even a random set of numbers is generated. It must be reported to the owner of the electronic signature when issuing the token. It is extremely important to save this access code, but at the same time it should not be disclosed to third parties, as they will later be able to install the certificate key on any other PC and use the digital signature without the knowledge of its owner.

When using the token on a specific computer, the password is entered only once. Further, it is automatically remembered by the device (added to the installed container), so you do not need to enter it again. But if the OS is reinstalled or certain equipment is noticed in the PC, then the installation will have to be repeated, to generate the key, you will again need to enter the password once.

Important note:

In some certification centers, the password for the EDS is set by default to their own. The representative of the CA should clarify this information. For example, earlier they did this in Kontur for all rutokens of version 2.0, later they began to use the standard ones.

How can I find out the previously entered password?

Expert opinion

Alexey Borisovich

Software Specialist

Ask an expert

How to find out the EDS password if the certificate key is already installed in the operating system? To do this, you need installed and activated CryptoPro CSP version 3.6 or higher.

This is done as follows:

  1. Go to the directory where the CryptoPro CSP program was installed
    . If the installation path has not changed, then the main application folder will be located in "Program Files" on the drive where Windows is installed.
  2. In the folder with installed program necessary find a file called "csptest"
    - it is with the help of this utility that you can see the password assigned to the certificate installed in the system.
  3. Run utility
    , in the window that opens, enter cd "C: Program FilesCrypto ProCSP" (be sure to observe case and punctuation).
  4. Enter the command csptest -keyset -enum_cont -fqcn –verifycontext
    . It will display a list of all EDS containers installed in the system (if only one signature is used on the PC, then the list will contain only one item).

If the password is forgotten and the certificate was not installed

If the certificate is not installed in the OS or the reinstalling Windows, but the password for accessing the ES is lost, then you should try using the above default passwords. If this option does not work, then the user will no longer be able to use his electronic signature. He will need to re-apply to the certification center and register a new EDS. The same should be done if the certificate key carrier has been mechanically destroyed.

Is there any way to recover the EDS password?

No, there is no such possibility.
This is done in order to minimize the risk of compromising the electronic signature by third parties. Even if they take possession of the token itself, they will not be able to recover the password to the EDS or reset it to the “factory” one, since such an opportunity is not provided even at the hardware level of the device. This can be done only with the help of CryptoPro CSP and only from the computer where the EDS certificate was previously installed.

Getting a new certificate

What should I do if I forgot my EDS password and it is impossible to recover it?
Reapply to the certification authority and issue a new certificate. At the same time, the previously issued signature, regardless of its validity period, will be canceled; if you try to sign a document with it or pass the key authentication, nothing will work, since the EDS will be considered invalid on the gateway of the Ministry of Communications and Mass Media. Accordingly, the files signed by her will not have legal force.

To issue a new EDS, you can use a previously issued rutoken, it is not necessary to buy a new one.

You will need to provide a basic set of documents to the certification center:

  • the passport;
  • SNILS;
  • extract from the register of the Federal Tax Service (only for entrepreneurs).

Further - everything is standard. It will be necessary to pay the cost of issuing a new certificate, it is made within 2 to 4 days. After receiving it, you can use it for authorization on the websites of the State Services portal.

Changing the password using the administrator pin

Exactly on
USB rutokens provide the ability to unlock and “reset” the password from the CryptoPro admin panel
CSP
. Only after it is installed default password The EDS will also need to reinstall the certificates installed in the OS environment.

So, unlocking is done as follows:

  • launch CryptoPro CSP from the control panel;
  • select "Enter PIN code" (in the "Administration" tab);
  • select "Administrator" and enter the code 87654321;
  • click "OK", in the window that appears - "Unblock".

This procedure will not allow you to find out which password on the EDS was previously used by default, but it makes it possible to set a new one. Naturally, in the future it is recommended to change it.

In total, how to change the password for an EDS if you forgot? If the default ones are not suitable, then you can only change the code on root tokens, but only if you have an administrator PIN. In other cases, you can find out the previously entered PIN-code only if the EDS certificate is installed in the OS. In other situations, the token will be blocked and it will not be possible to restore it, a certificate reissue will be required.

Password for the electronic signature certificate

In the last article, we dealt with the 3-NDFL declaration and before sending the documents in the taxpayer's personal account entered password for the electronic signature certificate,
or, in simple terms, signed our "Tolmuts" with an electronic signature.

Reports on IP and LLC can be done for free here.

Somehow I lost sight of the fact that not everyone knows what it is. The topic is useful both for assistance in creating an electronic signature in your personal taxpayer account and for general education. Considering that many of my readers are pensioners - people of advanced age and not confident enough in communicating with a computer, "I'll put everything on the shelves."

First of all, let's figure out what an electronic signature is for and what is the password for the certificate. Everything is simple here, like a simple signature from a pen, it is needed to give any document legal force. But a simple one can be verified with the one in the passport and, at worst, carry out a handwriting examination of its authenticity. But how to verify and verify electronic? Here everything is much more complicated. But first, about types and types.

Types and types of electronic signatures

I will say right away that there are not a great many species, but only two:

  • simple electronic signature;
  • reinforced;

A simple one is a username and password. She confirms that electronic message sent by their owner. And nothing more. We are also interested in enhanced. In addition to identifying the sender, it also confirms that after signing the document has not changed and is equated to a documentary piece of paper with a signed pen.

There are also two types of reinforcements:

  • qualified electronic signature;
  • unskilled;

An unqualified enhanced electronic signature is created in the tax office and it can be used in document circulation only within the framework of the IFTS!
But the use of a qualified signature is much wider, but to obtain it, you must personally contact a certification center accredited by the Ministry of Communications of Russia. And this service is paid.

If you still buy it, then you will have the opportunity to register in the personal account of the taxpayer without the ordeals of the tax authorities. And then enter there using this same signature instead of a login and password when choosing this authorization method. By the way, in public services too. And of course, sign her all possible electronic documents, including the tax of course.

Next comes the general educational program. If it doesn't interest you, you can skip this section and scroll down. It already describes how to create an electronic signature in the taxpayer's personal account and, of course, about the password for the certificate too. And experts in the field of cryptography, please do not judge me strictly for some inaccuracies and simplifications in this opus.

The mechanism for sending documents signed with an enhanced electronic signature

It would be more correct to use the word algorithm instead of mechanism. But I will not frighten the main part of our audience - pensermen with "abstruse" words. And then do not be afraid, I will explain everything. So, how, for example, does Comrade Ivanov transfer signed documents to the Tax Office via the Internet? Moreover, so that no one could read and change them. In scientific language, something like this:

First, Ivanov and the Tax Office generate public and private encryption keys. Then they exchange open cards among themselves. At the next stage:

  1. Ivanov encrypts the "message" with his private key, and as a result, it is signed.
  2. Next, Ivanov encrypts with the public key that the Tax Office had previously sent him what happened after step 1 was completed. Now no outsider will be able to read anything, even if they intercept.
  3. After the Tax Office has received Ivanov's "message", she first decrypts it with her private key and sees Ivanov's encrypted document there.
  4. It was then that the "Tax" decrypts it using the public key given to her by Ivanov at the very beginning. As a result, Ivanov's signature is verified.

And in the "worker-peasant" language of "appearances and passwords" it will be approximately similar to such an event:

First, Ivanov prepares a suitcase with a spare key and paper with the details signed by himself, and the Tax box also with a spare key. They go to the post office and send parcels to each other. Ivanov puts the key to the suitcase in a parcel, and sends paper with his details in a valuable letter separately. Tax - a box as a parcel and a parcel with one key, too, separately.

Ivanov, having received the parcel and the parcel, hides, for example, his signed document in a box and closes it with a key from the received parcel. He puts this secret box in his suitcase and also closes it with his own key. And then he sends this “matryoshka” to the Tax Office by parcel. Keeps the keys to the box and suitcase.

The tax office receives a parcel and a parcel. She already has all the keys, and if they fit, she opens both the suitcase and the box with them. Looks and checks the signature and details indicated in the document with those that came earlier in a valuable parcel. If everything matches and there are no corrections and suspicions, then he takes them into work.

I wrote this "blank" in order to make it clear - an enhanced electronic signature is a very serious thing with the highest level protection. And the password that you enter to send an electronic document is not just a password, such as for logging into Odnoklassniki, but it can be said to be a very complex mechanism for starting all these processes of encryption, data exchange, decryption, data verification.

I will not go into details about the terms. For example, what does the certificate of the electronic signature verification key mean. Why so, and not just a signature. Enough, and so much nonsense inflicted that his head swells. Closer to the topic.

How to create an electronic signature in the taxpayer's personal account

If you already have an electronic signature in old version personal account, then in the new one (since 2018) it will no longer be and the password, of course, too. So the ES certificate will have to be created again.

So, go to your personal account and open your profile. To do this, immediately on the first page, find your last name, first name, patronymic at the top right and click. Well, in the window that opens, everything is point by point, as in the picture:

  1. select the "Get ES" tab;
  2. electronic signature storage option;
  3. set a password to access the certificate;
  4. enter it again;
  5. press the "Submit request" button:


Why it is better to choose the storage of the key in the system of the Federal Tax Service of Russia, I think you will not have any questions. If you have read the explanations, you will have noticed the undeniable advantages of this particular option.

After sending the request, a waiting window with a spinning circle appears. Sometimes it can linger for quite a long time:


Then a window will appear informing you that the certificate has been successfully issued. Here you can open a window with your certificate by clicking on the link "View certificate":


in the window that pops up after that, enter the password that you have already entered twice at the very beginning and the "Next" button:


And in the next window, admire your certificate, see these very details that are checked in the tax office when receiving documents from you. It looks something like this:


Error generating ES certificate

For the first time after the launch of the tax website, this was a fairly common occurrence. Then, as it were, everything “settled down”. Now such "glitches" began to arise again. For example, I find out about this by looking at the traffic statistics of this blog. It increases sharply. And it's all due to the article you're reading right now.

On this occasion, I can only say that the point here, most likely, is not in you and not in the password, but in the congestion of the FTS portal. This is especially pronounced in last days surrender tax returns organizations and other tax payments of individuals. The lion's share of them usually falls on the first quarter, that is, the beginning of the year.

So if the message “Error generating an electronic signature certificate” appeared on your monitor, don’t be too upset. Be patient and try this operation again. Or better yet, come back to it another day. Perhaps the “glitches” will end by this time and you will be lucky.

What to do if you have forgotten the password for accessing the certificate of the electronic signature verification key

Don't be upset. Nothing wrong with that. This is not a password from the taxpayer's personal account, in case of loss of which, you will have to re-visit the IFTS. This is in the event that you did not bother to set a code word to restore it by e-mail.

Everything is much simpler here. Pay attention to the bottom window there is a link "Revoke the current certificate". Feel free to click on it and after that create a new certificate and you will have a new password:



The following window will open before you, which, I hope, will dispel your doubts:


This can be the end. And remember that electronic signature
opens up a lot of opportunities for you both in saving your time and in terms of saving money. I'm not talking about the fact that this is already a more progressive stage of your business. And do not be upset if you have lost the password for the ES certificate, it can always be restored.

Good luck to you! And see you soon on the pages of the PenserMan blog.

1. What is an electronic signature?

An electronic signature (electronic digital signature) is a requisite of an electronic document that allows you to establish the absence of information distortion in an electronic document from the moment it is signed and verify that the signature belongs to the owner of the electronic signature key certificate. The attribute value is obtained as a result cryptographic conversion information using the signature's private key. An electronic signature is similar to a handwritten signature. The use of an electronic signature in Russia is regulated by federal law No. 63-FZ of April 6, 2011.

2. How to create an electronic signature?

You can create your own electronic signature using the “Key Management” section of the main menu of the system if you have a code word that you must specify in the Client Questionnaire when visiting our office in person or in the process of opening an account online.

In order to create and use an EDS in the system, you must also sign the Agreement on the use of documents in electronic form at the company's office or in any other possible way.

3. How to change the electronic signature?

The electronic signature cannot be changed. However, you can create a new electronic signature key using the "Key Management" section of the main menu of the system. To do this, you will need to enter your code word. After creating a new electronic signature key, your old key will be cancelled.

4. How safe is it to use an electronic signature?

An electronic signature is almost impossible to forge. However, you must take some precautions. Keep the electronic signature key in places inaccessible to unauthorized persons! Do not share the key file and access password with anyone! If you suspect that your electronic signature key may be used by other persons, immediately notify the Company by phone: +7 812 635 68 65. The Client is fully responsible for the safety of the electronic signature key and passwords.

5. I have forgotten the password of the electronic signature key, what should I do?

The password of the electronic signature key cannot be recovered. If you have forgotten it, create a new electronic signature using the "Key Management" section of the main menu of the system. To do this, you will need to enter your code word. After creating a new electronic signature key, your old key will be cancelled.

If you suspect that your electronic signature keys may have been changed by third parties, immediately notify the customer service department at tel. +7 812 635-68-65 to block access to your account and cancel the electronic signature key.

6. I forgot my code word, what should I do?

The code word cannot be recovered. We cannot send it to your e-mail address or say it over the phone. To change the code word, you need to visit one of our offices in person. Check again how you enter your code word. It must be entered exactly as you wrote it in the Client Questionnaire. Check the letter case (small or large) and keyboard layout (input language, etc.).

7. Computer requirements for signing documents with an electronic signature

On your computer, the component must be installed and enabled in the browser settings - Java Virtual Machine (JVM, Java virtual machine), which is needed to launch and operate applets (downloadable software modules) generating keys and electronic signatures for documents.

With Microsoft Browser Internet Explorer a Java machine is usually supplied from Microsoft– Microsoft VM. You can also install a similar component from SUN (SUN Java Virtual Machine browser plug-in), which can be downloaded from the SUN website.

After downloading the file, double-click to launch the installation of the component. After the component is installed, you need to restart your computer.

The service works correctly with Microsoft VM components 3 version 5.0 and higher, as well as Sun Java browser plug-in version 1.4.2_03 and higher, 1.5.0 and higher, 1.6.0 and higher.

You can view information about the installed Java VM component (as well as enable / disable it) in the browser menu "Tools" (Tools) -\u003e "Internet Options" (Internet Options) on the "Advanced" tab, in the window that opens, look for the section about VM (Microsoft VM or Java (Sun)).

The version of the Microsoft VM component can be viewed in the menu "View" (View) -\u003e "Java language window" (Java console), if the option "Java console enabled" is enabled on the "Advanced" tab.

If you have both Microsoft VM and Sun Java plug-in installed and enabled in your browser, then one of them must be disabled.

If you are using a browser other than Microsoft Internet Explorer, we recommend choosing a Java browser installation package or optionally installing Sun's Java machine.

Operating room users Linux systems we recommend that you install at least version 1.5.0 of Sun's Java machine, which can be downloaded from

Federal Law No. 63 of 06.04.2011 "On Electronic Signature" defines the area of ​​use of the EDS and approves the legal force of each type of EDS. According to the bill, a qualified signature must be accompanied by a password-protected certificate stored on a special medium. If the certificate password is forgotten or lost, it can be recovered. And for greater security, it is recommended to replace the standard password with a custom one.

Within a few seconds, an SMS will be sent to the phone with a code, which is the password for the certificate. It is entered in the appropriate window:

The received password is valid only for 5 minutes after receipt, so if there is a delay in entering, you need to update the link and repeat the whole process again. If the password has not arrived within a few minutes, you can request it again.

If all the data is correct, then you need to check the box next to "I confirm my consent to issue a certificate." If an error is found in the data, please contact technical support certification authority that issued the certificate. Sometimes at this stage an error occurs asking you to reconfigure the PC. If this happens, then you need to go to the settings page and repeat all the steps from the beginning.

Standard code from EP

The developers have come up with a number of standard factory codes that all users can use as a pin code from a secure medium. For EN Rutoken Lite/S/EDS version 2.0. it:

  • For administrator: 87654321;
  • For client: 12345678.

The eToken carrier uses the standard user code 1234567890. The eSmart/JaCarta LT and JaCarta devices work with the code 12345678, while the JaCarta SE (used to work with EGAIS) uses several codes:

  • For administrator: 00000000;
  • For client: 11111111.

For the part responsible for GOST, this token requires different passwords for the administrator and user, respectively: 1234567890 and 0987654321.

Replacing the electronic signature code

For reliability and greater protection of information, it is better not to use the default codes, but to change them to personal ones. To change the password to Rutoken Lite/S/EDS version 2.0. need to:

  • Go to the menu, select "Control Panel" and "Rootoken Management";
  • Press "Enter PIN code" (a standard code is entered);
  • In the control tab that opens, click "Change" and enter a new password.

For a JaCarta Se/LT carrier, the procedure is slightly different:

  • In the JaCarta client, you need to switch to user mode;

  • Click opposite the selected section "Change PIN code";

  • Enter the current and new password, then click "Run".

The administrator password is changed accordingly. If everything is done correctly, a message will appear on the successful change of information.

Password recovery procedure

When working with a token, the password on the PC is set only once. Pin rutoken remembers automatically, and in the future its introduction is not required. However, when reinstalling the OS or in case of replacing a part of the PC equipment, it is necessary to reinstall the ES and enter the code.

Where to get the password to access the electronic signature certificate depends on the features of the system. If the ES key is built into the OS, then you can use the installed activated program CryptoPro CSP version 3.6 and higher. The first step in password recovery is opening the directory where CryptoPro is installed. If let remained unchanged, then the folder with the application is located in the Program Files directory section on the OS disk. Then you need to find the csptest file, which will allow you to find out the password from the pinned certificate. After launching the utility, the following command is entered in a new window: Program FilesCrypto ProCSP -keyset -enum_cont -fqcn -verifycontext.

The window will show all installed EDS containers. Then the user enters the command: csptest -passwd -showsaved -container with the code of the container whose password is required. After confirming the input, information about the key is displayed.

If the password was changed and lost, and the key was not built into the OS, then the user will no longer be able to work with this electronic signature. It is necessary to re-apply to the CA to stop the validity of this signature and apply for the production of a new requisite. The inability to recover a password reduces the risk of EDS being compromised by third parties. Even if the token was stolen or lost, it will not be possible to change the EDS password through the factory settings or contacting the CA.

Code word recovery

The code word recovery procedure is simpler. To change it, you need to contact the certification center that issued the EDS certificate with a passport. The client writes an application to replace the code word, where he indicates a new one. When filling out the questionnaire, you need to pay attention to the accuracy of writing, the number capital letters and numbers.

EDS authentication tools

The information security of the electronic signature is provided by special means of authentication - tokens or USB keys. In Russia, two connected tokens are popular: JaCarta and Rutoken.

JaCarta SE/LT

The devices of this identification system include smart cards, USB tokens and security blocks for creating and verifying digital signatures, encrypting transmitted information and secure database storage. Jakarta is Russian product, created by the Aladdin R.D. company. The token is used in the electronic document management system, on electronic trading floors and in the remote banking system, at customs, for reporting to the Federal Tax Service, Pension Fund, etc.

The device can also be used to store CIPF containers, certificates, passwords and licenses. The company's latest development is the JaCarta PKI/GOST/SE USB dongle. The token provides high-precision two-phase authentication of the ES in information system narrow focus. This token has 2 functions:

  • It is used as a means of electronic signature and for access to protected information of specialized systems;
  • It is used as a secure storage of keys and key containers.

The USB token has all the safety certificates of the FSB of Russia and the FSTEC.

JaCarta U2F is a token equipped with a mechanical button and FIDO U2F authentication support. It provides for the possibility of using one token to gain access to various social and specialized resources. This token has also received FSB and FSTEC RF certificates, as well as international security certificates such as Common Criteria EAL 5+.

Rutoken S Lite / EDS 2.0

The Rutoken product is being released Russian company"Asset", which also has a patent for the invention. It visually differs from JaCarta by its red body. The device is designed to use an electronic signature key and an EDS verification key. The base of cryptographic algorithms of the ES was involved in the development of the token.

Rutoken EDS 2.0 is needed to ensure the safety of electronic signature keys in the built-in secure memory, and does not have the ability to export them. Use the USB key electronic document management and remote banking. Rutokens are the first means of user authentication that have been certified by the FSB for compliance with:

  • GOST R 34.10-2012 on the formation and verification of an electronic signature;
  • GOST 34.11-2012 on the algorithm and procedure for calculating the hash function;
  • VKO to GOST R 34.10-2012 on the algorithm for creating a session key.

Rutoken S was created to provide two-phase user authentication, secure storage of encryption keys, etc. The carrier has a built-in and securely protected memory for storing access codes, keys and other confidential information. This model is used for corporate networks public corporations, because built-in cryptographic algorithms ensure full compliance of IP with the requirements of regulators.

The Bluetooth EDS token model stores the signature certificate and is able to certify electronic documents on mobile devices(required OS IOS/Android). The USB key combines the functions of an EDS token and the possibility of using it on smartphones and tablets via Bluetooth.

The high reliability of cryptographic information protection and token operation algorithms do not allow recovering a lost password. If the user changed the PIN code and forgot it without registering it in the OS, then you need to purchase another electronic signature. When changing the code information, it is recommended to write down the new pin in a safe place.

RELATED ARTICLES