When generating requests for certificates and keys in the "Key Generation Workstation" program, a window appears where this program (or rather Crypto Pro) prompts you to enter a password (Fig. 8). He offers, but does not force. If the fields are left blank, then no password will be set. But users probably think differently and, of course, fill out these fields. Everything would be fine, but then they conveniently forget what password they entered when generating it, and when they have to sign something for the first time, the person falls into a stupor. Then, of course, comes a call to the Treasury asking for help.
Today, in this article, I will tell you how you can remove or change this password. There are two options for removing the password. The first is when the user remembers the old password, the second is when he does not remember. Let's start with the first one. As I already mentioned at the beginning of the article, for the password to key container answers the Crypto Pro program. Let's launch it by going to the computer control panel (Fig. 1):
To open the same window as mine, in the upper right corner of the window, select the “Small Icons” view mode. Launch Crypto Pro, a window opens (Fig. 2):
Click on the “Service” tab to get into the following window (Fig. 3):
At the bottom of the window there is a button labeled "Change Password". Click on it and you will be taken to the following window (Fig. 4):
Here we are asked to select a key container using the "Browse" button. First, do not forget to insert a flash drive or other media into your computer with your keys. When you click the button, the following window will open (Fig. 5):
Select the key media we need and click "OK". The following window will open (Fig. 6):
We make sure that we really have the container we need selected private key, and click the “Finish” button, after which the password entry window will open (Fig. 7):
Here you need to enter the password that you entered when generating keys and requesting a certificate in the "Workstation Key Generation" program. It is assumed that you remember it :). We enter it, click “OK”, there is no need to check the “Remember password” checkbox, and we get to the window for entering a new password (Fig. 8):
Here you can not only change the password, but also delete it if you leave the fields empty. If you want to change the password, then create and enter it twice.
We have dealt with the case where the user remembers the old password for the container. Let's try to remove the password from the container when it is safely forgotten. Here the csptest.exe utility will help us, which is included in the installation kit of the Crypto Pro program starting from version 3.6. If you have this program installed, then you have this utility and it is located along the program installation path, i.e. C:\Program Files (x86)\Crypto Pro\CSP (I have a 64-bit OS, if you have 32 bit, then (x86) will be missing on the way). We need to run it from the command line.
To open command line in Windows 7, you need to use Explorer to get to the desired folder, press the "Shift" key on the keyboard, and while holding it, right-click on the desired folder. Everything is illustrated in the picture below (Fig. 9):
In the appeared context menu, you need to select “Open command window” with the left mouse button. In the command window, you must first enter the following command: without square brackets, of course. This command will show us all available private key containers as: [\\.\media name\container name]. Once we know the name of our private key container, we need to enter another command: . Again, no square brackets. In quotes, you need to enter the name of your private key container, which you learned in the previous step. Enter quotation marks NECESSARILY. This command will show us the saved password, once we know it, we can use the first method to delete or change the password.
I carried out all the above actions, as evidenced by Figure 10:
I would like to note right away that I was unable to “find out” the password using this method (red line in Fig. 10). But I think this is due to the fact that the container that I specified in the second command was obtained by copying from media to media using the Crypto Pro program menu item “Copy” (Fig. 3). The generation of private keys was carried out on another medium that was no longer accessible to me. But the method works.
If you also fail to remove the password in this way, then the only way remains is to revoke the current certificate and generate new keys and a new certificate request. And if you take it more seriously password protection, then passwords will not be “forgotten”. That's all. Good luck!
And finally... If you liked this article and learned something new from it, you can always express your gratitude in monetary terms. The amount can be any. This does not oblige you to anything, everything is voluntary. If you still decide to support my site, then click on the “Thank” button, which you can see below. You will be redirected to a page on my website, where you can transfer any amount of money to my wallet. In this case, a gift awaits you. After a successful money transfer, you will be able to download it.
« InfoTex Internet Trust »__________________
"___" __________ 2011
Instructions for scheduled shift electronic signature
I. Frequently asked questions (FAQ) 3
II. Introduction. 4
III. Scheduled change of electrical equipment.. 5
IV. Changing the access password to the ES private key container.. 12
I.Frequently Asked Questions(FAQ)
This section is necessary to quickly find answers to frequently asked questions.
1. Question:
I generated a container with a private key and received a certificate.
Which pin code (password) by default required to be entered when prompted?
Answer:
During the creation of a new private ES key, a default access password was set for the container - 123456 . It is recommended to change the container access password from the standard 123456 to a more stable one that only you will know. To do this, use Section IV of this instruction.
2. Question:
What cryptographic information protection tool (CIPF) must be used to work with the Astral Report PC?
Answer:
Internet Trust guarantees stable work PC "Astral Report" and provides appropriate technical support only when using CIPF ViPNet CSP.
The procedure for determining the presence of ViPNet CSP on a computer is described in Section III of this manual.
Software migration procedure ViPNet CryptoService to ViPNet CSP is described in the document “Astral_Instructions for migrating from ViPNet CryptoService software to ViPNet CSP”.
3. Question:
What should I do if I encounter problems not described in this manual?
Answer:
In most cases, problems that arise during a scheduled EP change and are not described in this manual can be resolved by restarting the Astral Report PC.
If after restarting the Astral Report PC the problem does not go away, contact the service technical support Internet Trust" (www. *****).
To resolve any problems that arise as quickly as possible, please be prepared to provide remote access to the desktop of your computer using the “Ammyy Admin” software (http://www. /ru/).
II.Introduction
ü The document is intended for users carrying out a planned change of electronic signature (hereinafter referred to as ES). A planned change of an electronic signature means a change in the private key of an electronic signature and the corresponding electronic key certificate (hereinafter referred to as the EPKC) due to the expiration of its validity period.
ü The procedure described in this manual assumes that the ViPNet CSP cryptographic information protection tool is already installed on the user’s computer. If you have ViPNet CryptoService software installed, then before the planned change of electronic signature, make the transition from software ViPNet CryptoService on ViPNet CSP in accordance with the document
The procedure for determining availability on a computer ViPNet CSP described in Section III of this instruction.
ü At the Internet Trust certification center (hereinafter referred to as the IIT UC), the validity period of the electronic signature intended for submitting reports to regulatory authorities Russian Federation, set equal 1 year.
ü If during the period of validity of the electronic signature in your organization, the credentials of the organization and/or owner of the electronic signature have changed, in particular:
Credentials of the head of the organization/owner of the electronic signature;
Organization name;
TIN/KPP of the organization;
Code of the regulatory authority to which reporting is submitted
or the electronic signature has been compromised, including:
Lost access to key carrier(forgot your PIN code);
The key media is lost;
There is a possibility that your electronic signature has been copied and used/is being used by others;
You need to produce unscheduled change of electrical equipment. An unscheduled change of electronic signature is carried out in agreement with the IIT manager upon personal arrival of the user (owner of the electronic signature) at the IIT Training Center and is not described in this instruction.
ü For the correct operation of the Astral Report software after a scheduled change of electronic signature, it is necessary to complete all points of this manual in the specified sequence.
ü It is necessary to pay special attention to notes marked with .
DIV_ADBLOCK138">
III.Planned change of electronic signature
ü Make sure that you have already reinstalled ViPNet CryptoService software on ViPNet CSP. To do this, call the “Start” menu à Open “Control Panel” à Run “Uninstall programs” (Figure 1, 1a).
In the list of programs, make sure that ViPNet CryptoService is not present and that ViPNet CSP(Figure 1b).
Figure 1
Figure 1a
Figure 1b
If the program list is missing ViPNet CSP and ViPNet CryptoService is present, then you need to make the transition in accordance with the document “Astral_Instructions for migrating from ViPNet CryptoService software to ViPNet CSP.”
https://pandia.ru/text/78/389/images/image006_106.jpg" width="503" height="356 id=">
Figure 2
If for some reason ViPNet CSP does not detect the presence of containers or “YES” was selected when asked by ViPNet CryptoService “Do you want to delete the user folder”, then you need to use copies of the keys ( section III instructions Astral_Instructions for migrating from ViPNet CryptoService software to ViPNet CSP).
ü Click the “Add” button in the “Containers” tab.
https://pandia.ru/text/78/389/images/image008_92.jpg" width="646" height="277 src=">
Figure 4
ü ViPNet CSP will display a notification “The container has been added successfully” and will ask about installing the certificates found in the container into the system storage. Click “Yes” and proceed to the next step in the instructions (Figure 5).
Figure 5
ü Upon expiration 2 working days from the moment you contact the Internet Trust manager” You need to launch the “Astral Report” program using the icon from the Desktop (Figure 6).
ü Before starting the Astral Report program, check your Internet connection. When launched, the program automatically contacts the update server for up-to-date information.
Figure 6
ü The update system will start. You should wait until all updates are downloaded (Figure 7).
Figure 7
ü After downloading the updates, the system will prompt you to log in. To do this, click the “Login” button.
ü When the Primary Initialization Wizard starts, click the “Next” button (Figure 8).
https://pandia.ru/text/78/389/images/image013_75.jpg" width="326" height="303">
Figure 9
ü Electronic Roulette will start (Figure 10). Move your mouse pointer around the window or press any keys on your keyboard.
Figure 10
ü A window will appear asking you to enter the password for the private key container.
Enter the default password for the container - 123456
, and click the “OK” button (Figure 11).
Figure 11
ü The wizard will automatically generate a request for EPCS and send it to the IIT Training Center.
Click the “Finish” button to complete the Initialization Wizard (Figure 12).
Figure 12
ü After completing all the above procedures in the user selection window, the status account will change to “Certificate request sent” (Figure 13).
Figure 13
This completes the creation of a new private key for the electronic signature and a request for the EPCS.
Within 2 (two) working days A new EPMS will be generated for you and sent by inclusion in the update. To obtain a new EPCS, you need to launch the “Astral Report” program in the manner described earlier (Figure 6.7) and make sure that the account status in the user selection window (Figure 14) has changed to “Ready for work”. Click the “Login” button to get started (Figure 14).
https://pandia.ru/text/78/389/images/image001_293.gif" alt="*" width="12" height="12"> Attention! During the creation of a new private ES key, a default access password was set for the container - 123456
.
It is recommended to change the container access password from the standard 123456 to a more stable one that only you will know. To do this, use the SectionIV of this instruction.
IV.CChanging the access password to the private key container
ü Launch ViPNet CSP from the Start panel (Figure 15).
100%" style="width:100.0%;border-collapse:collapse">
Attention! Be sure to remember New Password access.
If you forget the set password, you will have to make an unscheduled change of electronic signature with a personal arrival at the IIT Training Center.
If errors occurred during the update process, i.e. a proxy server is configured at your workplace, follow the requirements specified in the file on the CD: Content\Recommendations system administrator\ Recommendations for setting up the Astral Report program through a proxy .
Instructions
