Charging device 

Rutoken is not detected. Etoken is not visible in PKI Client. Most likely reasons

In order to check the readiness of the Rutoken key identifier for configuration for working with EGAIS, open the "Rutoken Control Panel" - the "Administration" tab - the "Information" button - and check the status opposite the "Microsoft Base Smart Card Crypto Provider" field:

  • Supported

This status means that the Rutoken electronic identifier is already ready to be configured by the default crypto provider. Go to the second point of this instruction - “Changing the default crypto provider”

If the status is Supported, go to

If the status next to the "Microsoft Base Smart Card Crypto Provider" field is Activate or Not supported, go to point 2.

2. Enabling crypto provider support for Rutoken digital signature

To check the readiness of the Rutoken key identifier for configuration for working with EGAIS, open the "Rutoken Control Panel" - the "Administration" tab - the "Information" button - and check the status opposite the "Microsoft Base Smart Card Crypto Provider" field:

  • Activate

If the User or Administrator has a non-default PIN, it will be required to be entered during activation.

Please note that if both PIN codes do not correspond to the default values, to activate you will need to enter the Administrator PIN code, then the User PIN code.

If one or both PINs are unknown, you will need to contact the company that provided you with the Key ID to obtain the PINs.

If it is not possible to find out the current PIN code values, the only option left is to format the Rutoken identifier to set new PIN code values. Please note that when formatting a key ID, all content is permanently deleted.

After the activation procedure, the status in the "Microsoft Base Smart Card Crypto Provider" field should change to "Supported"

To continue setting up the Rutoken key identifier, go to Step 2.

  • Not supported

The "Not supported" status is displayed if an attempt is made to configure a Rutoken model that is not intended to work with EGAIS, for example or. Only the model is suitable for working with EGAIS

3. Change the default crypto provider

Open "Start" - ("Settings") - "Control Panel" - "Rutoken Control Panel" - "Settings" tab - in the "Crypto provider settings" item, click the "Settings..." button

In the "Crypto Provider Settings" window for the electronic ID Rutoken EDS 2.0 you need to select "Microsoft Base Smart Card Provider".

If your computer will generate an RSA key pair, set Microsoft Enhanced RSA and AES Cryptographic Provider in the lower field

To save changes, click "OK".

4. Setting up a workplace for working with the EGAIS portal.

detailed instructions You can see how to generate a transport key in your EGAIS personal account and install a universal transport module.

If none of the solutions suggested below fix the problem, the key media may have been damaged and requires recovery (see). It is impossible to recover data from a damaged smart card or registry.

If there is a copy key container on another medium, you must use it to work by first installing a certificate.

Diskette

If you are using a floppy disk as the key container, you must complete the following steps:

1. Make sure that in the root of the floppy disk there is a folder containing the files: header, masks, masks2, name, primary, primary2. Files must have a .key extension and the folder name format must be xxxxxx.000.

the private key container has been corrupted or deleted

2. Make sure that in CryptoPro CSP the “Disk Drive X” reader is configured (for CryptoPro CSP 3.6 - “All removable drives"), where X is the drive letter. To do this:

  • Select the “Start” menu > “Control Panel” > “CryptoPro CSP”;

?).

3. In the CryptoPro CSP window “Selecting a key container”, select the “Unique names” radio button.

4.

  • Select the “Start” menu > “Control Panel” > “CryptoPro CSP”;
  • Go to the “Service” tab and click on the “Remove remembered passwords” button;

5. How to copy a container with a certificate to another medium?).

Flash drive

If as key carrier If you are using a flash drive, you must complete the following steps:

1. Make sure that in the root of the media there is a folder containing the files: header, masks, masks2, name, primary, primary2 . Files must have a .key extension and the folder name format must be as follows: xxxxxx.000 .

If any files are missing or their format is incorrect, then the private key container may have been damaged or deleted. It is also necessary to check whether it contains this folder with six files on other media.

2. Make sure that the “Disk drive X” reader is configured in CryptoPro CSP (for CryptoPro CSP 3.6 - “All removable drives”), where X is the drive letter. To do this:

  • Select the “Start” menu > “Control Panel” > “CryptoPro CSP”;
  • Go to the “Equipment” tab and click on the “Configure readers” button.

If the reader is missing, you need to add it (see How to configure readers in CryptoPro CSP?).

3.

4. Remove remembered passwords. For this:

  • Select the “Start” menu > “Control Panel” > “CryptoPro CSP”;
  • Select the “User” item and click the “OK” button.

5. Make a copy of the key container and use it for work (see How to copy a container with a certificate to another medium?).

6. If CryptoPro is installed at your workplace CSP versions 2.0 or 3.0, and Drive A (B) is present in the list of key media, then it must be removed. For this:

  • Select the “Start” menu > “Control Panel” > “CryptoPro CSP”;
  • Go to the “Equipment” tab and click on the “Configure readers;” button
  • Select the reader “Disk Drive A” or “Disk Drive B” and click on the “Delete” button.

After removing this reader, working with the floppy disk will be impossible.

Rutoken

If a Rutoken smart card is used as a key carrier, you must complete the following steps:

1. Make sure that the light on the rutoken is on. If the light does not light, then you should use the following recommendations.

2. Make sure that the “Rutoken” reader is configured in CryptoPro CSP (for CryptoPro CSP 3.6 - “All smart card readers”). To do this:

  • Select the “Start” menu > “Control Panel” > “CryptoPro CSP”;
  • Go to the “Equipment” tab and click on the “Configure readers” button.

If the reader is missing, you need to add it (see How to configure readers in CryptoPro CSP?).

3. In the “Select a key container” window, select the “Unique names” radio button.

4. Remove remembered passwords. For this:

  • Select the “Start” menu > “Control Panel” > “CryptoPro CSP” ;
  • Go to the “Service” tab and click on the “Remove remembered passwords” button;
  • Select the “User” item and click the “OK” button.

5. Update the support modules required for Rutoken to work. For this:

  • Disconnect the smart card from the computer;
  • Select the Start menu > Control Panel > Add or Remove Programs (for Windows Vista\ Seven "Start" > "Control Panel" > "Programs and Features");
  • Select “Rutoken Support Modules” from the list that opens and click on the “Delete” button.

After removing modules you need to restart your computer .

  • Download and install latest version support modules. The distribution is available for download on the Active company website.

After installing the modules, you must restart your computer.

6. You should increase the number of Rutoken containers displayed in CryptoPro CSP using the following instructions .

7. Update the Rutoken driver (see How to update the Rutoken driver?).

8. You should make sure that Rutoken contains key containers. To do this you need to check the quantity free memory on the media by following these steps:

  • Open “Start” (“Settings”) > “Control Panel” > “Rutoken Control Panel” (if this item is missing, you should update the Rutoken driver).
  • In the “Rutoken Control Panel” window that opens, in the “Readers” item, select “Activ Co. ruToken 0 (1,2)" and click on the "Information" button.

If the rutoken is not visible in the “Readers” item or when you click on the “Information” button, the message “ruToken memory status has not changed” appears, then the media has been damaged, you need to contact the service center for an unscheduled key replacement.

  • Check what value is indicated in the line “Free memory (bytes)”.

As a key carrier in service centers root tokens with a memory capacity of about 30,000 bytes are issued. One container takes up about 4 KB. The amount of free memory of a rootken containing one container is about 26,000 bytes, two containers - 22,000 bytes, etc.

If the free memory of a root token is more than 29-30,000 bytes, then there are no key containers on it. Therefore, the certificate is contained on a different medium.

Registry

If the Registry reader is used as a key medium, you must perform the following steps:

1. Make sure that the “Register” reader is configured in CryptoPro CSP. For this:

  • Select the “Start” menu > “Control Panel” > “CryptoPro CSP”;
  • Go to the “Equipment” tab and click on the “Configure readers” button.

If the reader is missing, you need to add it (see How to configure readers in CryptoPro CSP?).

2. In the “Select a key container” window, select the “Unique names” radio button.

3. Remove remembered passwords. For this:

  • Select the “Start” menu > “Control Panel” > “CryptoPro CSP”;
  • Go to tab « Service" and click on the "Delete remembered passwords" button;
  • Select the “User” item and click the “OK” button.

Hello everyone, today I want to tell you about my three-day battle with the problem that Etoken is not visible in the PKI Client. The story is this: our company is introducing encryption of letters and for this purpose certificates for encrypting and signing letters were issued by our Certification Center (). The certificates were issued on Etoken and they installed fine for everyone, but he refused to see the accountant. Next I will describe the solution to the problem.

Workplace had an accountant great amount special accounting software. There were already 3 root tokens connected to the computer. This is what the PKI management console looked like. We see 3 empty readers, but in the end they were not empty, but as it turned out they were roottokens that simply could not be identified PKI client.

This is what the eToken properties looked like. We see 3 empty devices.

The first thing you need to do is add the number of simultaneously working keys, this is done like this. Right-click on Devices and select Manage Reader Devices

and increase the number of hardware readers.

After this action, you need to reboot and the token should be determined. If you are undecided, read on :)

In the event viewer you may find an error like this.

Smart card reader 'Aladin Token JC0' rejected IOCTL GET_STATE: The I/O operation was aborted due to the end of the command stream

This miracle most often pops up for two reasons: the drivers were installed crookedly and the registry needs to be removed and rearranged or edited.

To reinstall, you need to uninstall PKI Client and download PKI Client and then reinstall it. Let me remind you that when installing the Etoken client, all Etokens must be disconnected from the computer. After installation, the token should light up and Windows should install drivers for it and identify it. If you are undecided, try turning off all unnecessary tokens and leaving only that one. If that doesn't help, edit the registry. Open the registry editor. Go to the branch: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Calais

right click on it and select permissions

And set full Creator-Owner rights

Reboot should work. If it doesn’t appear, write to me and we’ll think about it together. This is how the problem that Etoken is not visible in the PKI Client is simply solved.

To work correctly in the EGAIS system, you need to gain access to the organization’s personal account on the official website. Already at this stage, many users encounter serious problems. One of them is that the EGAIS website does not see the key.

Most likely reasons

There may be several reasons for this problem to occur. Most often the token cannot be found due to technical problems with a computer, lack of drivers or necessary add-ons. How to solve each of these problems?

Invalid media inserted

Many entrepreneurs are confused jacarta key With electronic signature to submit declarations to FSRAR, and try to go to Personal Area precisely using the latter. There are several ways to check whether you inserted the correct media.

  • Examine the electronic signature certificate issued by the certification center. It must indicate serial number type JC-xxxxxxxxx and media type Jacarta PKI/GOST.
  • open Jacarta Unified Client. If the flash card is detected, but the connected tokens are not displayed in the program window, you are probably using the wrong media.

If you haven't purchased egais yet, where can you get jacarta with an electronic signature? Contact the certification center in your region that is authorized to sell CEPs of this type.

The driver for the egais hardware key is not installed

Perhaps you are trying to use egais key, driver which has not yet been installed. When you connect to jacarta for the first time, it happens automatic installation main programs. This is a standard procedure for any new flash card and takes from 1 to 5 minutes.

After installation is complete, a notification indicating successful completion appears in the lower right corner.

Do not try to log into your personal account before the drivers appear - your computer has not yet established a connection with the electronic signature at this moment!

"Unified Jacarta Client" is not installed

The program was released by the token developer and is required to be installed. You can download it and other drivers for secure media on the website of the Aladdin - RD token manufacturer.

USB port doesn't work

There are two solutions:

  • Insert the token into another port and run the scan again;
  • check that the USB port is working properly.

To check, connect any other working flash card to USB. If it is also not detected, then the problem is in USB. Contact your organization's technical specialist or repair person.

When the Jacarta media is correctly inserted into the computer, an indicator on its case lights up. Depending on the model, it may be green or orange. If the indicator is off, then the key cannot be found by the egais because it is not connected.

The Rutoken EDS 2.0 add-on is disabled

When you try to log in, a message about the Rutoken web authentication library add-on may appear at the bottom of the browser screen. This software provided by FSRAR, is safe and necessary for correct operation of the site. To run, click “allow” in the pop-up window, and then repeat the check again.

How to use the EGAIS hardware key correctly?

So, the first problems are solved, and you have successfully logged into your personal account. How to avoid recurrence similar situations? Insert the EPC only for work and do not use it at other times to prevent the media from overheating. Before starting work, always check the indicator - it signals that the token is working correctly.