When generating requests for certificates and keys in the "Workstation for Key Generation" program, a window appears where this program (or rather Crypto Pro) prompts you to enter a password (Fig. 8). He offers, but does not force. If the fields are left blank, then no password will be set. But users probably think differently and, of course, fill out these fields. Everything would be fine, but then they conveniently forget what password they entered when generating it, and when they have to sign something for the first time, the person falls into a stupor. Then, of course, comes a call to the Treasury asking for help.
Today, in this article, I will tell you how you can remove or change this password. There are two options for removing the password. The first is when the user remembers the old password, the second is when he does not remember. Let's start with the first one. As I already mentioned at the beginning of the article, the Crypto Pro program is responsible for the password for the key container. Let's launch it by going to the computer control panel (Fig. 1):
To open the same window as mine, in the upper right corner of the window, select the “Small Icons” view mode. Launch Crypto Pro, a window opens (Fig. 2):
Click on the “Service” tab to get into the following window (Fig. 3):
At the bottom of the window there is a button labeled "Change Password". Click on it and you will be taken to the following window (Fig. 4):
Here we are asked to select a key container using the "Browse" button. First, do not forget to insert a flash drive or other media into your computer with your keys. When you click the button, the following window will open (Fig. 5):
Select the key media we need and click "OK". The following window will open (Fig. 6):
We make sure that we actually have the private key container we need selected, and click the “Finish” button, after which the password entry window will open (Fig. 7):
Here you need to enter the password that you entered when generating keys and requesting a certificate in the Key Generation Workstation program. It is assumed that you remember it :). We enter it, click “OK”, there is no need to check the “Remember password” checkbox, and we get to the window for entering a new password (Fig. 8):
Here you can not only change the password, but also delete it if you leave the fields empty. If you want to change the password, then create and enter it twice.
We have dealt with the case where the user remembers the old password for the container. Let's try to remove the password from the container when it is safely forgotten. Here the csptest.exe utility will help us, which is included in the installation kit of the Crypto Pro program starting from version 3.6. If you have this program installed, then you have this utility and it is located along the program installation path, i.e. C:\Program Files (x86)\Crypto Pro\CSP (I have a 64-bit OS, if you have 32 bit, then (x86) will be missing on the way). We need to run it from the command line.
To open the command line in Windows 7, you need to go through Explorer to the desired folder, press the "Shift" key on the keyboard, and while holding it down, right-click on the desired folder. Everything is illustrated in the picture below (Fig. 9):
In the context menu that appears, you need to select “Open command window” with the left mouse button. In the command window, you must first enter the following command: without square brackets, of course. This command will show us all available private key containers as: [\\.\media name\container name]. Once we know the name of our private key container, we need to enter another command: . Again, no square brackets. In quotes, you need to enter the name of your private key container, which you learned in the previous step. Enter quotation marks NECESSARILY. This command will show us the saved password, once we know it, we can use the first method to delete or change the password.
I carried out all the above actions, as evidenced by Figure 10:
I would like to note right away that I was unable to “find out” the password using this method (red line in Fig. 10). But I think this is due to the fact that the container that I specified in the second command was obtained by copying from media to media using the Crypto Pro program menu item “Copy” (Fig. 3). The generation of private keys was carried out on another medium that was no longer available to me. But the method works.
If you also fail to remove the password in this way, then the only way remains is to revoke the current certificate and generate new keys and a new certificate request. And if you take password protection more seriously, then passwords will not be “forgotten.” That's all. Good luck!
And finally... If you liked this article and learned something new from it, you can always express your gratitude in monetary terms. The amount can be any. This does not oblige you to anything, everything is voluntary. If you still decide to support my site, then click on the “Thank” button, which you can see below. You will be redirected to a page on my website where you can transfer any amount of money to my wallet. In this case, a gift awaits you. After a successful money transfer, you will be able to download it.
The Jacarta PKI/GOST carrier is blocked when multiple attempts are made to enter an incorrect PIN code. In this case, the connection with the FSRAR server is lost, and invoice data does not enter your accounting system. How to quickly unlock the key and restore work with EGAIS?
By default, all new media have the following passwords:
| PKI | 11 11 11 11 |
| PKI Administrator | 00 00 00 00 |
| GOST | 0987654321 |
| GOST Administrator | 1234567890 |
To remove the lock, the Jacarta Unified Client must be installed on your computer. If the configuration and installation of EGAIS was carried out by our specialists, then you already have this program.
Run the program and wait until information about the Jacarta PKI/GOST media appears in the Unified Client window.
Removing the GOST lock
The GOST section contains the KEP certificate issued by the certification center. be careful- You cannot remove any components from this section. After deletion, you will have to contact the certification center again to issue a key.
To unlock the GOST PIN code, in the top menu “Application Operations” select the first item “Unblock user PIN code”. A notification will appear on the screen that removing the lock will reset the counter of incorrect input attempts.
Click “OK” and in the newly opened window enter Jacarta administrator pin code GOST 1234567890. After resetting the error counter, enter the standard user PIN code GOST 0987654321.
Important: this procedure will only help reset the counter, but will not change the forgotten password to a new one. If you changed the default GOST password and forgot it, you will have to initialize and record the key again at the certification center.
Unblocking PKI
The PKI container contains an RSA key, which is generated in your personal account on the website egais.ru. If you lose your PIN code, this section can be initialized (completely cleared), since you can re-write the key yourself and for free, without contacting a certification center.
Hello everyone, today I will remind you what the password is for eToken and Rutoken. They seem simple, but sometimes I forget them. We will also look at how Rutoken differs from eToken, since not everyone knows this, but this knowledge is very, very useful. I will also tell you how, if necessary, you can change this password.
The first thing you need to explain is what eToken and Rutoken are > these are special flash media whose task is to securely store a signing or encryption certificate (private key), which is equivalent to a person’s paper signature and the whole thing is password protected. Manufacturers issue tokens with a standard password already set:
The difference between etoken and rutoken
And so, we found out what this whole thing is used for, now let’s talk about the difference between etoken and rutoken. Firstly, rutoken is red, and etoken is red. Secondly, they have different amounts of memory:
- Rutoken memory capacity varies from 32 kb to 126 kb
- Etoken has a maximum volume of 72Kb, where the user can only use 47Kb
I would like to note right away that in CryptoPRO both media work the same
Summary table of differences between etoken and rutoken
Etoken default password
I would like to note that if you received a token from some certification center, then with one hundred percent probability its password has been changed and you need to clarify it with the technical support that generated it. Please note that if you enter the wrong combination a certain number of times, the token may be blocked.
These codes are also called pin codes, so don’t be surprised if you hear the phrase root pin by default, techies have their own language.
- for eToken – 1234567890
- for Rutoken and Rutoken EDS:
- user: 12345678
- administrator: 87654321
Now you all know what etoken’s default password is; to be honest, I constantly confuse them. Although they make them simple, apparently this information is not very important for me, and the memory reacts in its own way. Programs for changing and setting a new password Etoken PKI Client or SafeNet Authentication Client.
Tokens, electronic keys for accessing important information, are becoming increasingly popular in Russia. A token is now not only a means of authentication in a computer operating system, but also a convenient device for storing and presenting personal information: encryption keys, certificates, licenses, identifications. Tokens are more reliable than the standard “login/password” pair due to the two-factor identification mechanism: that is, the user must not only have a storage medium (the token itself), but also know the PIN code.
There are three main form factors in which tokens are issued: USB token, smart card and key fob. PIN code protection is most often found in USB tokens, although recent models of USB tokens are available with the ability to install an RFID tag and with an LCD display for generating one-time passwords.
Let’s take a closer look at the principles of operation of tokens with a PIN code. A PIN code is a specially defined password that splits the authentication procedure into two stages: attaching a token to the computer and entering the PIN code itself.
The most popular token models on the modern Russian electronic market are Rutoken, eToken from the Aladdin company, and an electronic key from the Aktiv company. Let's look at the most frequently asked questions regarding PIN codes for tokens using the example of tokens from these manufacturers.
1. What is the default PIN?
The table below provides information about the default PIN codes for Rutoken and eToken tokens. The default password is different for different owner levels.
| Owner | User | Administrator |
| Rutoken | 12345678 | 87654321 |
| eToken |
1234567890 | By default, no administrator password is set. Can be installed via the control panel only for eToken PRO, eToken NG-FLASH, eToken NG-OTP models. |
| JaCarta PKI | 11111111 | 00000000 |
| JaCarta GOST | Not specified | 1234567890 |
| JaCarta PKI/GOST |
For PKI functionality: 11111111
When using JaCarta PKI with the "Backward Compatibility" option - PIN code - 1234567890 For GOST functionality: No PIN has been set |
For PKI functionality: 00000000
When using JaCarta PKI with the "Backward Compatibility" option - no PIN is set For GOST functionality: 1234567890 |
| JaCarta PKI/GOST/SE |
For PKI functionality: 11111111
For GOST functionality: 0987654321 |
For PKI functionality: 00000000
For GOST functionality: 1234567890 |
| JaCarta PKI/BIO | 11111111 | 00000000 |
| JaCarta PKI/Flash | 11111111 | 00000000 |
| ESMART Token | 12345678 | 12345678 |
| IDPrime card | 0000 | 48 zeros |
| JaCarta PRO/JaCarta LT | 1234567890 | 1234567890 |
2. Do I need to change the default PIN? If yes, then at what point in working with the token?
3. What should I do if the PIN codes on the token are unknown and the default PIN code has already been reset?
The only way out is to completely clear (format) the token.
4. What should I do if the user's PIN is blocked?
You can unlock the user's PIN through the token control panel. To perform this operation, you must know the administrator PIN.
5. What should I do if the administrator PIN is blocked?
The administrator PIN cannot be unlocked. The only way out is to completely clear (format) the token.
6. What security measures have manufacturers taken to reduce the risk of password guessing?
The main points of the security policy for PIN codes of USB tokens of the Aladdin and Aktiv companies are presented in the table below. After analyzing the table data, we can conclude that eToken will presumably have a more secure PIN code. Rutoken, although it allows you to set a password of just one character, which is unsafe, in other respects it is not inferior to the product of the Aladdin company.
| Parameter | eToken | Rutoken |
| Minimum PIN length | 4 | 1 |
|
PIN code composition |
Letters, numbers, special characters | Numbers, letters of the Latin alphabet |
| Greater than or equal to 7 | Up to 16 | |
|
Administering PIN Security |
Eat | Eat |
| Eat | Eat |
The importance of keeping the PIN code secret is known to all those who use tokens for personal purposes, store their electronic signature on it, and trust the electronic key with information of not only a personal nature, but also the details of their business projects. Tokens of the companies “Aladdin” and “Active” have pre-installed security properties and, together with a certain amount of caution that will be exercised by the user, reduce the risk of password guessing to a minimum.
Rutoken and eToken software products are presented in various configurations and form factors. The offered assortment will allow you to choose exactly the token model that best meets your requirements, be it
Smart cards Rutoken and Rutoken Light are used as carriers of key information. Detailed information about these media can be found on the website of the Aktiv company, a developer of Russian authentication tools.
Rutoken Rutoken Light
Standard pin codes
12345678 - custom PIN code for Rutoken and Rutoken Light, installed by the manufacturer.
When a window appears asking you to enter a PIN code, you must enter the value 12345678.
For the Rutoken carrier, if the standard PIN code (12345678) was independently changed using the “Rutoken Control Panel”, then in this window you should indicate the new PIN code assigned during the change. Information about the new PIN code is stored only by the subscriber and is not known to the special communications operator.
How to unlock Rutoken PIN code?
The PIN code is blocked after 10 incorrect entry attempts.
You can unlock Rutoken or Rutoken Light in 2 ways:
How to Unblock PIN via Rutoken control panel
1. Open the “Start” menu > “Control Panel” > “ Rutoken control panel" Go to the “Administration” tab and click on the “Enter PIN code” button, select the item “Administrator”, enter the standard PIN od - 87654321, click OK.
2. After entering the administrator PIN, the “Unblock” button will become available, you need to click on it, a message will appear about successful unlocking.
How to unlock a pin code viaCrypto Pro CSP
1. Open the Start menu > Control Panel > Crypto Pro CSP. Go to the “Hardware” tab and click on the “Configure media types” button.
2. Select Rutoken or Rutoken Lite and click on the “Properties” button. If such media are not in the list, you should update the support module. To do this, it is recommended to use the Diagnostics service.
3. Go to the “Information” tab and click the “Unblock PIN” button. If the Information tab is missing, you should update the support module. To do this, it is recommended to use the Diagnostics service.
The Unblock PIN button will be grayed out if the smart card is not locked. In this case, information about the remaining number of attempts to enter the PIN code will be displayed.
4. A message indicating successful unlocking will appear.
It is impossible to unlock the admin pin code without losing data.