Instructions for the planned change of the electronic signature. Instructions for the planned change of the Vipnet csp electronic signature forgotten key container password

When generating requests for a certificate and keys in the "AWS for generating keys" program, a window appears where this program (or rather Crypto Pro) prompts you to enter a password (Fig. 8). Offers, but does not force the same. If the fields are left blank, no password will be set. But users probably think differently and, of course, fill in these fields. Everything would be fine, but then they happily forget what password they entered during generation, and when the first time they have to sign something, the person falls into a stupor. Then, of course, there is a call to the Treasury with a request for help.

Today, in this article, I will show you how you can remove or change this password. There are two options for removing a password. The first is when the user remembers the old password, the second is when he does not remember. Let's start with the first one. As I mentioned at the beginning of the article, the Crypto Pro program is responsible for the password for the key container. Let's run it by going to the computer control panel (Fig. 1):

To open the same window as mine, in the upper right corner of the window select the "Small icons" view mode. Launch Crypto Pro, a window opens (Fig. 2):

Click on the "Service" tab to get into the following window (Fig. 3):

At the bottom of the window there is a button labeled "Change Password". Click on it and get into the next window (Fig. 4):

Here we are offered to select the key container by clicking the "Browse" button. Do not forget to insert a USB flash drive or other medium into your computer with your keys beforehand. When you click on the button, the following window will open (Fig. 5):

Select the key carrier we need and click "OK". The following window will open (fig. 6):

We make sure that we have indeed selected the container of the private key we need, and click the "Finish" button, after which the password entry window will open (Fig. 7):

Here you need to enter the password that you entered when generating keys and requesting a certificate in the "AWS for generating keys" program. It is assumed that you remember it :). Enter, click "OK", you do not need to check the "Remember password" checkbox, and we get to the window for entering a new password (Fig. 8):

Here you can not only change the password, but also delete it if you leave the fields blank. If you want to change the password, then come up with and enter it twice.

We figured out the case when the user remembers the old password for the container. Let's try to remove the password from the container when it is safely forgotten. Here we will be helped by the csptest.exe utility, which is included in the installation kit of the Crypto Pro program starting from version 3.6. If you have this program installed, then you have this utility and it is located along the program installation path, i.e. C: \ Program Files (x86) \ Crypto Pro \ CSP (I have a 64-bit OS, if you have 32 bit, then (x86) will be absent in the path). We need to run it from the command line.

To open the command line in Windows 7, you need to get to the desired folder through the explorer, press the "Shift" key on the keyboard, and while holding it, right-click on the desired folder. Everything is illustrated in the picture below (Fig. 9):

In the context menu that appears, select "Open command window" with the left mouse button. In the command window, you must first enter the following command: without square brackets, of course. This command will show us all the available private key containers as: [\\. \ media name \ container name]... When we know the name of our private key container, we need to enter another command: ... Again, no square brackets. In quotes, you must enter the name of your private key container, which you learned in the previous step. Enter quotation marks NECESSARILY... This command will show us the saved password, knowing it, we can use the first method to delete or change the password.

All of the above actions were done by me, as evidenced by Figure 10:

I want to note right away that I was not able to "find out" the password using this method (red line in Fig. 10). But I think this is due to the fact that the container that I specified in the second command was obtained by copying from media to media using the "Copy" menu item of the Crypto Pro program (Fig. 3). The private keys were generated on a different medium that was no longer available to me. But the method is working.

If you also fail to remove the password in this way, then the only way remains is to revoke the current certificate and generate new keys and a new certificate request. And if you are more serious about password protection, then passwords will not be "forgotten". That's all. Good luck!

And finally ... If you liked this article and you learned something new from it for yourself, then you can always express your gratitude in monetary terms. The amount can be anything. This does not oblige you to anything, everything is voluntary. If you nevertheless decided to support my site, then click on the "Thanks" button, which you can see below. You will be redirected to the page of my website, where you can transfer any amount of money to my wallet. In this case, a gift awaits you. After a successful money transfer, you can download it.

« Infotecs Internet Trust »


"___" __________ 2011

Instructions for the planned change of the electronic signature

I. Frequently Asked Questions (FAQ) 3

II. Introduction. 4

III. Planned change of electronic code .. 5

IV. Changing the password for access to the container of the ES private key .. 12


This section is necessary to quickly find answers to frequently asked questions.

1. Question:

I formed a container with a private key and received a certificate.
Which pin code (password) is the default required to enter when prompted?


When creating a new private ES key, a default access password was set on the container - 123456 ... It is recommended to change the container access password from the standard 123456 to a more stable one, which only you will know. To do this, use Section IV of this manual.

2. Question:

What means of cryptographic information protection (CIP) should be used to work with the Astral Report PC?


Internet Trust "guarantees the stable operation of the PC" Astral Report "and provides appropriate technical support only when using the cryptographic information system ViPNet CSP.

The procedure for determining the presence of ViPNet CSP on a computer is described in Section III of this manual.

The procedure for migrating ViPNet CryptoService software to ViPNet CSP is described in the document "Astral_Instructions for migrating from ViPNet CryptoService software to ViPNet CSP".

3. Question:

What should I do if I encounter problems that are not described in this manual?


In most cases, problems arising during a planned change of electronic signature and not described in this manual are solved by restarting the Astral Report PC.

If after restarting the Astral Report PC the problem persists, contact the Internet Trust technical support service (www. *****).

For the fastest solution of emerging problems, please be ready to provide remote access to your computer desktop using the "Ammyy Admin" software (http: // www. / Ru /).


ü The document is intended for users carrying out a planned change of electronic signature (hereinafter referred to as ES). A planned change of ES is understood as a change of the private key of the ES and the corresponding certificate of the ES key (hereinafter referred to as the ESK) due to the expiration of its validity period.

ü The procedure described in this manual assumes that the ViPNet CSP cryptographic protection tool is already installed on the user's computer. If you have installed the ViPNet CryptoService software, then before the planned change of the electronic signature, switch from the ViPNet CryptoService software to the ViPNet CSP in accordance with the document

The procedure for determining the presence on the computer ViPNet CSP described in Section III of this manual.

ü In the certification center "Internet Trust" (hereinafter - TC "IIT"), the validity period of the electronic signature intended for submission of reports to the regulatory authorities of the Russian Federation is set equal to 1 year.

ü If, during the validity period of the ES in your organization, the credentials of the organization and / or the owner of the ES have changed, in particular:

Credentials of the head of the organization / owner of the electronic signature;

Name of the organization;

TIN / KPP of the organization;

Code of the supervisory authority to which the reporting is carried out

or the e-signature was compromised, including:

Lost access to the key carrier (forgot the PIN code);

Lost key carrier;

There is a possibility that your electronic signature has been copied and used / used by other persons;

You need to make unscheduled change of electronic signature... An unscheduled change of electronic signature is made by agreement with the IIT manager upon personal arrival of the user (owner of the electronic signature) at the IIT TC and is not described in this manual.

ü For the correct operation of the Astral Report software after the planned change of the electronic signature, it is necessary to complete all the points of this manual in the specified sequence.

ü Pay particular attention to notes marked with.


III.Planned change of electronic code

ü Make sure that you have already reinstalled ViPNet CryptoService software on ViPNet CSP. To do this, open the "Start" menu à Open the "Control Panel" à Run "Uninstall Programs" (Figure 1, 1a).
In the list of programs, make sure that ViPNet CryptoService is absent and ViPNet CSP(Figure 1b).

Picture 1

Figure 1a

Figure 1b

If there is no program in the list ViPNet CSP and ViPNet CryptoService is present, then you need to make the transition in accordance with the document "Astral_Instructions for migrating from ViPNet CryptoService software to ViPNet CSP". "width =" 503 "height =" 356 id = ">

Picture 2

If, for some reason, ViPNet CSP does not detect the presence of containers or when the ViPNet CryptoService question "Do you want to delete the user's folder" was selected "YES", then you need to use the key copies (Section III of the instructions Astral_Instructions for migrating from ViPNet CryptoService software to ViPNet CSP).

ü Click the "Add" button in the "Containers" tab. "width =" 646 "height =" 277 src = ">

Figure 4

ü ViPNet CSP will notify you “Container has been added successfully” and ask a question about installing the certificates found in the container into the system storage. Click "Yes" and proceed to the next step of the instruction (Figure 5).

Figure 5

ü Upon expiration 2 working days from the moment of contacting the Internet Trust manager, you need to launch the Astral Report program using the icon from the Desktop (Figure 6).

ü Before starting the Astral Report program, check your Internet connection. When launched, the program automatically contacts the update server for up-to-date information.

Figure 6

ü The update system will start. Wait until all updates are downloaded (Figure 7).

Figure 7

ü After downloading the updates, the system will prompt you to sign in. To do this, click the "Login" button.

ü In the launched Initialization Wizard, click the "Next" button (Figure 8). "width =" 326 "height =" 303 ">

Figure 9

ü Electronic roulette starts (Figure 10). Move the mouse pointer within the window or press any keys on the keyboard.

Figure 10

ü A window will appear asking you to enter the password for the container of the buried ES key.
Enter the password set on the default container - 123456 , and click the "OK" button (Figure 11).

Figure 11

ü The master will automatically generate a request for EPDM and send it to the TC "IIT".
Click the Finish button to finish the Initialization Wizard (Figure 12).

Figure 12

ü After completing all the above procedures in the user selection window, the account status will change to "A request for a certificate has been sent" (Figure 13).

Figure 13

This completes the creation of a new ES private key and a request for ESDS.

Within 2 (two) working days a new EPDM will be generated for you and sent by being included in the update. To get a new EPDM, you need to start the Astral Report program as described earlier (Figure 6.7) and make sure that the account status in the user selection window (Figure 14) has changed to “Ready to work”. Click the "Login" button to get started (Figure 14). "alt =" * "width =" 12 "height =" 12 "> Attention! When creating a new private ES key, a default access password was set on the container - 123456 .
It is recommended to change the container access password from the standard 123456 to a more stable one, which only you will know. To do this, use the Section
IV of this manual.

IV.CChanging the password for access to the container of the ES private key

ü Launch ViPNet CSP from the Start panel (Figure 15).

100% "style =" width: 100.0%; border-collapse: collapse ">

Attention! Be sure to remember the new access password.
If you forget the set password, you will have to make an unscheduled change of your digital signature with a personal arrival at the IIT training center.

If errors occurred during the update process, i.e. a proxy server is configured at your workplace, follow the requirements specified in the file on the CD: Content \ Recommendations for the system administrator \ Recommendations for configuring the work of the Astral Report program through a proxy .