Accounts 

In cryptopro, you cannot select a key container. The required container is not displayed - Contour.Extern. How to solve the problem that cryptopro does not see the USB key

If none of the solutions suggested below fix the problem, the key media may have been damaged and requires recovery (see). It is impossible to recover data from a damaged smart card or registry.

If there is a copy of the key container on another medium, then you must use it for work, having first installed the certificate.

Diskette

If you are using a floppy disk as the key container, you must complete the following steps:

1. Make sure that in the root of the floppy disk there is a folder containing the files: header, masks, masks2, name, primary, primary2. Files must have a .key extension and the folder name format must be xxxxxx.000.

the private key container has been corrupted or deleted

2. Make sure that the “Disk drive X” reader is configured in CryptoPro CSP (for CryptoPro CSP 3.6 - “All removable drives”), where X is the drive letter. To do this:

  • Select the “Start” menu > “Control Panel” > “CryptoPro CSP”;

?).

3. In the CryptoPro CSP window “Selecting a key container”, select the “Unique names” radio button.

4.

  • Select the “Start” menu > “Control Panel” > “CryptoPro CSP”;
  • Go to the “Service” tab and click on the “Remove remembered passwords” button;

5. How to copy a container with a certificate to another medium?).

Flash drive

If a flash drive is used as the key media, you must complete the following steps:

1. Make sure that in the root of the media there is a folder containing the files: header, masks, masks2, name, primary, primary2 . Files must have a .key extension and the folder name format must be as follows: xxxxxx.000 .

If any files are missing or their format is incorrect, then the private key container may have been damaged or deleted. You also need to check whether this folder contains six files on other media.

2. Make sure that the “Disk drive X” reader is configured in CryptoPro CSP (for CryptoPro CSP 3.6 - “All removable drives”), where X is the drive letter. To do this:

  • Select the “Start” menu > “Control Panel” > “CryptoPro CSP”;
  • Go to the “Equipment” tab and click on the “Configure readers” button.

If the reader is missing, you need to add it (see How to configure readers in CryptoPro CSP?).

3.

4. Remove remembered passwords. For this:

  • Select the “Start” menu > “Control Panel” > “CryptoPro CSP”;
  • Select the “User” item and click the “OK” button.

5. Make a copy of the key container and use it for work (see How to copy a container with a certificate to another medium?).

6. If CryptoPro CSP version 2.0 or 3.0 is installed at your workplace, and Drive A (B) is present in the list of key media, then it must be removed. For this:

  • Select the “Start” menu > “Control Panel” > “CryptoPro CSP”;
  • Go to the “Equipment” tab and click on the “Configure readers;” button
  • Select the reader “Disk Drive A” or “Disk Drive B” and click on the “Delete” button.

After removing this reader, working with the floppy disk will be impossible.

Rutoken

If a Rutoken smart card is used as a key carrier, you must complete the following steps:

1. Make sure that the light on the rutoken is on. If the light does not light, then you should use the following recommendations.

2. Make sure that the “Rutoken” reader is configured in CryptoPro CSP (for CryptoPro CSP 3.6 - “All smart card readers”). To do this:

  • Select the “Start” menu > “Control Panel” > “CryptoPro CSP”;
  • Go to the “Equipment” tab and click on the “Configure readers” button.

If the reader is missing, you need to add it (see How to configure readers in CryptoPro CSP?).

3. In the “Select a key container” window, select the “Unique names” radio button.

4. Remove remembered passwords. For this:

  • Select the “Start” menu > “Control Panel” > “CryptoPro CSP” ;
  • Go to the “Service” tab and click on the “Remove remembered passwords” button;
  • Select the “User” item and click the “OK” button.

5. Update the support modules required for Rutoken to work. For this:

  • Disconnect the smart card from the computer;
  • Select the “Start” menu > “Control Panel” > “Add or Remove Programs” (for Windows Vista\Seven “Start” > “Control Panel” > “Programs and Features”);
  • Select “Rutoken Support Modules” from the list that opens and click on the “Delete” button.

After removing modules you need to restart your computer .

  • Download and install the latest version of support modules. The distribution is available for download on the Aktiv website.

After installing the modules, you must restart your computer.

6. You should increase the number of Rutoken containers displayed in CryptoPro CSP using the following instructions .

7. Update the Rutoken driver (see How to update the Rutoken driver?).

8. You should make sure that Rutoken contains key containers. To do this, you need to check the amount of free memory on the media by following these steps:

  • Open “Start” (“Settings”) > “Control Panel” > “Rutoken Control Panel” (if this item is missing, you should update the Rutoken driver).
  • In the “Rutoken Control Panel” window that opens, in the “Readers” item, select “Activ Co. ruToken 0 (1,2)" and click on the "Information" button.

If the rutoken is not visible in the “Readers” item or when you click on the “Information” button, the message “ruToken memory status has not changed” appears, then the media has been damaged, you must contact the service center for an unscheduled key replacement.

  • Check what value is indicated in the line “Free memory (bytes)”.

Service centers issue root tokens with a memory capacity of about 30,000 bytes as key media. One container takes up about 4 KB. The amount of free memory of a root token containing one container is about 26,000 bytes, two containers - 22,000 bytes, etc.

If the free memory of a root token is more than 29-30,000 bytes, then there are no key containers on it. Therefore, the certificate is contained on a different medium.

Registry

If the Registry reader is used as a key medium, you must perform the following steps:

1. Make sure that the “Register” reader is configured in CryptoPro CSP. For this:

  • Select the “Start” menu > “Control Panel” > “CryptoPro CSP”;
  • Go to the “Equipment” tab and click on the “Configure readers” button.

If the reader is missing, you need to add it (see How to configure readers in CryptoPro CSP?).

2. In the “Select a key container” window, select the “Unique names” radio button.

3. Remove remembered passwords. For this:

  • Select the “Start” menu > “Control Panel” > “CryptoPro CSP”;
  • Go to tab « Service" and click on the "Delete remembered passwords" button;
  • Select the “User” item and click the “OK” button.

Good afternoon!. For the last two days I have had an interesting task of finding a solution to this situation: there is a physical or virtual server, probably well-known to many people, CryptoPRO, is installed on it. Connected to the server , which is used to sign documents for VTB24 DBO. Everything works locally on Windows 10, but on the server platform Windows Server 2016 and 2012 R2, Cryptopro does not see the JaCarta key. Let's figure out what the problem is and how to fix it.

Description of the environment

There is a virtual machine on Vmware ESXi 6.5, Windows Server 2012 R2 is installed as the operating system. The server is running CryptoPRO 4.0.9944, the latest version at the moment. A JaCarta dongle is connected from a USB network hub using USB over ip technology. Key in the system it seems, but not in CryptoPRO.

Algorithm for solving problems with JaCarta

CryptoPRO very often causes various errors in Windows, a simple example (Windows installer service could not be accessed). This is what the situation looks like when the CryptoPRO utility does not see the certificate in the container.

As you can see in the UTN Manager utility, the key is connected, it is seen in the system in smart cards as a Microsoft Usbccid (WUDF) device, but CryptoPRO does not detect this container and you do not have the opportunity to install the certificate. The token was connected locally, everything was the same. We began to think about what to do.

Possible reasons with container definition

  1. Firstly, this is a problem with the drivers, for example, in Windows Server 2012 R2, JaCarta should ideally be defined in the list of smart cards as JaCarta Usbccid Smartcard, and not Microsoft Usbccid (WUDF)
  2. Secondly, if the device is seen as Microsoft Usbccid (WUDF), then the driver version may be outdated, which is why your utilities will not detect a protected USB drive.
  3. Outdated version of CryptoPRO

How to solve the problem that cryptopro does not see the USB key?

We created a new virtual machine and began installing the software sequentially.

Before installing any software that works with USB drives that contain certificates and private keys. Need to NECESSARILY disable the token, if inserted locally, then disable it, if over the network, terminate the session

  • First of all, we update your operating system with all available updates, since Microsoft fixes many errors and bugs, including drivers.
  • The second point is, in the case of a physical server, to install all the latest drivers on the motherboard and all peripheral equipment.
  • Next, install the Unified JaCarta Client.
  • Install the latest version of CryptoPRO

Installing a single JaCarta PKI client

Single JaCarta Client is a special utility from the Aladdin company for proper work with JaCarta tokens. You can download the latest version of this software product from the official website, or from my cloud, if suddenly you can’t get it from the manufacturer’s website.

Next, you unpack the resulting archive and run the installation file for your Windows architecture, mine is 64-bit. Let's start installing the Jacarta driver. A single Jacarta client, it is very easy to install (I REMIND you that your token must be disabled at the time of installation). On the first window of the installation wizard, simply click next.

Accept the license agreement and click "Next"

In order for the JaCarta token drivers to work correctly for you, you just need to perform a standard installation.

If you choose "Custom installation", be sure to check the following boxes:

  • JaCarta Drivers
  • Support modules
  • Support module for CryptoPRO

After a couple of seconds, Jacarta Unified Client is successfully installed.

Be sure to restart the server or computer so that the system sees the latest drivers.

After installing JaCarta PKI, you need to install CryptoPRO, to do this, go to the official website.

https://www.cryptopro.ru/downloads

Currently, the latest version of CryptoPro CSP is 4.0.9944. Run the installer, leave the "Install root certificates" checkbox and click "Install (Recommended)"

The installation of CryptoPRO will be performed in the background, after which you will see a prompt to restart the browser, but I advise you to reboot completely.

After reboot, connect your JaCarta USB token. My connection is via the network, from a DIGI device, via . In the Anywhere View client, my Jacarta USB drive is successfully detected, but as Microsoft Usbccid (WUDF), and ideally it should be defined as JaCarta Usbccid Smartcard, but you need to check it anyway, since everything can work like that.

Having opened the Jacarta PKI Unified Client utility, no connected token was found, which means there is something wrong with the drivers.

Microsoft Usbccid (WUDF) is a standard Microsoft driver that is installed by default on various tokens, and sometimes it works, but not always. The Windows operating system by default puts them in mind due to its architecture and settings; I personally don’t need this at the moment. What we do is we need to remove the Microsoft Usbccid (WUDF) drivers and install the drivers for the Jacarta media.

Open Windows Device Manager, find "Smart card readers", click Microsoft Usbccid (WUDF) and select "Properties". Go to the "Drivers" tab and click Uninstall

Agree to remove the Microsoft Usbccid (WUDF) driver.

You will be notified that a system reboot is required for the changes to take effect; we must agree.

After rebooting the system, you can see the installation of the ARDS Jacarta device and drivers.

Open the device manager, you should see that your device is now identified as JaCarta Usbccid Smartcar and if you go to its properties, you will see that the jacarta smart card is now using driver version 6.1.7601 from ALADDIN R.D.ZAO, this is how it should be .

If you open the Jacarta unified client, you will see your electronic signature, which means that the smart card has been correctly identified.

We open CryptoPRO, and we see that CryptoPRO does not see the certificate in the container, although all the drivers have been identified as needed. There is one more trick.

  1. In the RDP session you will not see your token, only locally, that’s how the token works, or I haven’t found how to fix it. You can try following the recommendations to resolve the "Unable to connect to the smart card management service" error.
  2. You need to uncheck one box in CryptoPRO

BE SURE to uncheck the "Do not use outdated cipher suites" checkbox and reboot.

After these manipulations, CryptoPRO saw my certificate and the jacarta smart card became working, you can sign documents.

You can also see your JaCarta device in devices and printers,

If you, like me, have the jacarta token installed in a virtual machine, then you will have to install the certificate through the console of the virtual machine, and also give the rights to it to the responsible person. If this is a physical server, then you will have to give rights to the management port, which also has a virtual console.

When you have installed all the drivers for Jacarta tokens, you may see the following error message when connecting via RDP and opening the Jacarta PKI Unified Client utility:

  1. The smart card service is not running on the local machine. The architecture of the RDP session developed by Microsoft does not provide for the use of key media connected to the remote computer, so in the RDP session the remote computer uses the smart card service of the local computer. It follows from this that starting the smart card service inside an RDP session is not enough for normal operation.
  2. The smart card management service on the local computer is running, but is not available to the program within an RDP session due to Windows and/or RDP client settings.\

How to fix the error "Unable to connect to the smart card management service."

  • Start the smart card service on the local machine from which you are initiating the remote access session. Configure it to start automatically when your computer starts.
  • Allow the use of local devices and resources during the remote session (particularly smart cards). To do this, in the "Remote Desktop Connection" dialog, select the "Local Resources" tab in the parameters, then in the "Local devices and resources" group, click the "More details..." button, and in the dialog that opens, select "Smart cards" and click "OK", then "Connect".

  • Make sure your RDP connection settings are safe. By default, they are saved in the Default.rdp file in the “My Documents” directory. Make sure that this file contains the line “redirectsmartcards:i:1”.
  • Make sure that Group Policy is not activated on the remote computer to which you are making an RDP connection
    -[Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection\Do not allow smart card reader redirection]. If it is Enabled, then disable it and reboot the computer.
  • If you have Windows 7 SP1 or Windows 2008 R2 SP1 installed and you are using RDC 8.1 to connect to computers running Windows 8 or higher, then you need to install the operating system update https://support.microsoft.com/en-us/ kb/2913751

This was the troubleshooting for setting up the Jacarta token, CryptoPRO on the terminal server, for signing documents in VTB24 RBS. If you have any comments or corrections, please write them in the comments.

Not long ago, budgetary organizations, namely the administrations of village councils, began to contact me with a request to help them set up the Electronic Budget system. This is another project of our government, give_them_health, as part of the services of the Electronic Government of the Russian Federation project. Grandmothers and aunties in villages and rural councils have old computers and very slow Internet. Join our group on VK! Under repair! Smart workshop!

They are obliged, just like everyone else, to be able to install this according to the instructions and use it. Otherwise, the deadlines. Someone is waiting for fulfillment, so workers of rural administrations are reaching out to those who can help them with this. Naturally, they don’t have a full-time programmer. Well, okay, these are all lyrics. Let's get down to business. People have a disk in their hands, apparently with distribution kits, and a desire for this kind of Electronic Budget to work for them.

On the disk, in principle, everything is neatly laid out and it was not a problem to install the whole thing according to the instructions. By the way, the instructions are also on the Roskazna website itself. There were no special problems following the instructions to install a set of programs, certificates, etc. As a result, after the last reboot and setting up a proxy in the browser (Mozilla was selected). Trying to access the site http://lk.budget.gov.ru/ was not successful. After selecting a user certificate, the site began to complain: The root certificate was not found. Although I personally installed it, adding it to the trusted root certificates according to the instructions. After sitting for a while and looking through the instructions again, I discovered this interesting point, which I think other people may encounter.

But for me it stubbornly displays as:

As we can see, there is no Local Computer storage here. This is where the dog rummaged. Well, okay, apparently they know better there, and we’ll go around, adding where necessary. To do this, click Start and in the line Find programs and services we type: certmgr.msc.

The System Certificates management console opens. Let's go to Trusted Root Certification Authorities -> Local computer-> Right click on Certificates -> All tasks -> Import.

The Certificate Import Wizard will open. Click Next -> Browse -> and specify the path to the root certificate file. By the way, if you haven’t downloaded it according to the instructions, you can download it from the Roskazna website by choosing a qualified one.

If you opened certmgr.mscand you don’t even have branches there Local computer. Don’t get upset, there is still a way, click Start and in the line Find programs and services we type: mmc. If you are a Win 7 or higher user, I advise you to run mmc as an administrator. I wrote how to do this. In the console that opens, go to the menu File -> Add remove snap-in. We look for available equipment in the list Certificates. We sequentially add the equipment for the current user and the local computer.


And voila, going to http://lk.budget.gov.ru/ making sure everything works. The root certificate error should at least go away. But I can’t promise that everything will work. In general, I advise you to log in every time through http://budget.gov.ru/ After Entrance in the upper right corner, and on the large button Login to the personal account of the “Electronic Budget” system. Well, don’t be afraid of mistakes, etc. The system is currently running in test mode, and it is not the first time that it is logged in. We poke and we suffer :)

Join our group on VK!

List of documents for a legal entity:

1. Extract from the Unified State Register of Legal Entities (USRLE) no older than 30 days.

2. Passport

3. Company details

4. SNILS (Insurance Certificate of State Pension Insurance)

5. TIN certificate

List of documents for an Individual Entrepreneur (IP):

1. Extract from the Unified State Register of Individual Entrepreneurs (USRIP)

2. Passport

3. SNILS (Insurance Certificate of State Pension Insurance)

4. TIN certificate

List of documents for an individual:

1. Passport

2. TIN certificate

2. SNILS (Insurance Certificate of State Pension Insurance)

2. A window pops up: "Error! The CAPICOM library cannot be loaded, possibly due to low access rights on this local machine."

If, when working on the website roseltorg.ru, a window pops up: “Error! The CAPICOM library cannot be loaded, possibly due to low access rights on this local machine” You need:

1. Click on the yellow bar under the site address with the text “This website is trying to install the following add-on: “CAPICOM User Download v2.1.0.2” from “Microsoft Corporation”. If you trust this website and add-on and want to install it , click here...";

2. Select "Install ActiveX control";

3. Click on the "Install" button; This procedure must be performed until the window with this message stops popping up (this is individual for each computer). This is a one-time setup.

3. How to install a personal certificate?

Installing a personal certificate (your organization's certificate) can be done in the following way:

Via the "View certificates in container" menu

1. Select Start / Control Panel / CryptoPro CSP, go to the Service tab and click on the button View certificates in a container(see Fig. 1).

Rice. 1. “CryptoPro CSP Properties” window

2. In the window that opens, click the Browse button to select a container to view. After selecting the container, click on the OK button (see Fig. 2).

Rice. 2. Window for selecting a container to view

3. In the next window, click on the Next button.

Rice. 3. “Selected private key container” window

4. If the version of CryptoPro CSP 3.6 R2 (product version 3.6.6497) or higher is installed, then in the window that opens, click on the Install button, and then respond affirmatively to the notification about replacing the certificate (if it appears).

Rice. 4. Certificate viewing window

5. In the window that appears about the successful installation of the certificate, click OK

Rice. 5. Window “Message about successful certificate installation”

6. then press the ready button

Rice. 6. Window for viewing the selected certificate

5. Close the CryptoPro CSP window by clicking OK

Detailed information on installing the certificate is available at the following link.

4. How to set up email.

Configuring security settings for Outlook Express is carried out according to the following scheme:

1. Select the menu item Tools -> Accounts and open the Mail tab.

2. In the displayed list of accounts, select the one you want to configure and click the Properties button.

3. In the displayed dialog, select the Security tab, which allows the user to specify his personal certificates, which will be used when selecting the user’s personal keys for generating an electronic digital signature and decrypting incoming messages. The certificate selection dialog only displays certificates that have a matching email address and are allowed for email security

5. In the displayed dialog, select the Security tab:

6. In the displayed dialog, set the following modes:

a. Always encrypt messages when sending encrypted mail . Setting the enable mode allows the sender to decrypt the messages he has sent.

b. Include my digital ID when sending singed messages. Setting this mode to automatically add the sender's certificate to all messages. This mode allows you to exchange certificates using a signed message, and then use the resulting certificates to subsequently encrypt messages between recipients.

c. Send messages with an opaque signature / Encode message before signing. When Message Mode is enabled, all attachments will be combined into a single attachment with a digital signature included. If the mode is disabled, the signature is generated as one separate attachment for all attachments.

d. Automatically add sender certificates to my address book. When enabled, certificates sent as part of a signed message will be automatically added to the address book.

e. Check for revoked Digital Ds:

i. only when online. Installing a verification token means that each operation of generating or verifying an electronic digital signature will be accompanied by a certificate revocation check. To check for revocation, a Certificate Revocation List (CRL) is used, information about the location of which is recorded as an addendum in each user’s certificate. By default, this option is not enabled, and Outlook Express does not track whether user keys have been compromised.

ii. Never/Never.

No revocation check is performed.

5. How to sign a document.

There are 2 types of sending a signed document.

The first way is to sign the document itself and the second is to sign the entire letter.

To create and send a signed message:

1. Click the Create Mail button or select the menu item File -> New -> Mail message.

3. To send a signed message, check the status of the Sign button. It should be pressed and the signed message sign should be visible on the right side of the screen.

4. Once the message is ready to be sent, click on the Send button:

The second method is when the file itself is signed. Microsoft Office allows you to attach digital signatures to a specific document. To do this you need:

1. From the Tools menu, select Options, and then open the Security tab.

2. Click the Digital Signatures button.

3. Click the Add button.

4. Select the certificate you want, and then click OK.

For other data formats, you must use the CryptoArm program.

6. CryptoPro expires.

During installation, you did not enter the product serial number according to the license you purchased.

7. Mail does not see the certificate.

When setting up email, at the stage of signing the document, the email does not find the required certificate. This happens when the email address that is specified when producing the digital signature does not match the current email address.

8. When installing CryptoPro at the last step, the system displays a message about the incorrect installation of the program and rolls back. What should I do?

The problem occurs due to incomplete (or incorrect) removal of the previous version of Crypto Pro from the computer. To remove files remaining from the previous version, you must use the CryptoPro clear.bat trace cleaning program. You can download the program from here: ftp://ftp.cryptopro.ru/pub/CSP_3_6/clearing.zip

9. Where can I find the public digital signature signature key?

In all signatures issued by our company, the public key is located inside a container on a secure medium. In order to remove it from the container you need to:

When the media is included in the system unit Through the CryptoPro program Start à Control Panel à CryptoPro à Service à View the certificates in the container. In the dialog box that appears, select the required container through the overview à Next. In the window for viewing digital signature public key data, select properties à “Composition” tab à Copy to file and specify the path to save the certificate.

10. CryptoPro does not see the container on the flash drive. Prompts you to select another media.

Depending on what type of media you use, the solutions are different. If you use smart cards such as Rutoken, MSKey, Etoken, then most likely you do not have the drivers installed to work correctly with the key.

If your key is on a USB 2.0 flash drive, then you need to look at the version of the CryptoPro kernel. If you are using CryptoPro 3.0, then you have lost your way. In order to configure it you need to:

When the media is included in the system unit Through the CryptoPro program Start à Control Panel à CryptoPro à Equipment Configure readers Add. In the Reader Installation Wizard window that appears, select Floppy Drive on the right side of the screen (since in CryptoPro all USB drives are defined as floppy disks). In the next window, select the correct name of the flash drive, that is, the name under which the flash drive is identified in “My Computer”.

If you are using CryptoPro 3.6 and the container is not visible, then the media is damaged. It should be provided to the office to determine the status of the key.

11. We have received an electronic signature, what to do next? How to register on the trading platform?

The entire procedure for accreditation, filing an application for participation in the auction and conducting the auction itself is described in the operating regulations of a specific electronic trading platform, which can be found on the website of this platform. There are also various supporting video materials and instructions for working in the system. Or you can contact us to purchase our accreditation assistance service on any electronic platform.

12. To check what operating system is installed on your computer

- Go to My Computer in Explorer.

— Right-click on the display and select “Properties” from the menu that appears.

— The window that appears contains information about your system.

13. To find out which version of Internet Explorer is installed on your computer

— Launch Internet Explorer.

— Select Help from the horizontal menu at the top of the browser.

— The window that appears contains information about the current version of the browser.

— Possible option

14. To install a newer version of Internet Explorer 8

— Specify the following address on the command line:

— In the window presented, click “Download for free.”

— Click “Run” in the window that appears.

- Then click “Run” again.

— When installation is complete, you must restart your computer.

If none of the solutions suggested below fix the problem, the key media may have been damaged and requires recovery (see). It is impossible to recover data from a damaged smart card or registry.

If there is a copy of the key container on another medium, then you must use it for work, having first installed the certificate.

Diskette

If you are using a floppy disk as the key container, you must complete the following steps:


1. Make sure that at the root of the floppy disk there is a folder containing the following files: header, masks, masks2, name, primary, primary2. Files must have an extension. key xxxxxx.000.

the private key container has been corrupted or deleted


2. Drive X(for CryptoPro CSP 3.6 - All removable drives), Where X- drive letter. For this:

  • Select menu;
  • Go to tab Equipment and press the button Configure readers.

?).


3. In the window Selecting a Key Container set switch Unique names(see Fig. 1).

Rice. 1. Selecting a key container

4.

  • Select menu Start / Control Panel / CryptoPro CSP;
  • Go to tab Service and press the button Remove remembered passwords;
  • Mark item User and press the button OK(see Fig. 2).

Rice. 2. “Remove remembered passwords” window

5. How to copy a container with a certificate to another medium?).


Flash drive

If a flash drive is used as the key media, you must complete the following steps:


1. Make sure that in the root of the media there is a folder containing the files: header, masks, masks2, name, primary, primary2. Files must have the extension .key, and the folder name format should be as follows: xxxxxx.000.

If any files are missing or their format is incorrect, then the private key container may have been damaged or deleted. You also need to check whether this folder contains six files on other media.


2. Make sure that the reader is configured in CryptoPro CSP Drive X(for CryptoPro CSP 3.6 - All removable drives), Where X- drive letter. For this:

  • Select menu Start / Control Panel / CryptoPro CSP;
  • Go to tab Equipment and press the button Configure readers.

If the reader is missing, you need to add it (see How to configure readers in CryptoPro CSP?).


3. In the window Selecting a Key Container set switch Unique names.


4. Remove remembered passwords. For this:

Rice. 3. “Remove remembered passwords” window

5. Make a copy of the key container and use it for work (see How to copy a container with a certificate to another medium?).


6. If CryptoPro CSP version is installed at your workplace 2.0 or 3.0 , and Drive A (B) is present in the list of key media, then it must be removed. For this:

  • Select menu Start / Control Panel / CryptoPro CSP;
  • Go to tab Equipment and press the button Configure readers;
  • Select reader Drive A or Drive B and press the button Delete.

After removing this reader, working with the floppy disk will be impossible.


Rutoken

If a Rutoken smart card is used as a key carrier, you must complete the following steps:

1. Make sure that the light on the rutoken is on. If the light does not light, then you should use the following recommendations.

2. Make sure that the reader is configured in CryptoPro CSP Rutoken(for CryptoPro CSP 3.6 - All smart card readers). For this:

  • Select menu Start / Control Panel / CryptoPro CSP;
  • Go to tab Equipment and press the button Configure readers.

If the reader is missing, you need to add it (see How to configure readers in CryptoPro CSP?).

3. In the window Selecting a Key Container set switch Unique names.

4. Remove remembered passwords. For this:

Rice. 4. “Remove remembered passwords” window

5. Update the support modules required for Rutoken to work. For this:

  • Disconnect the smart card from the computer;
  • Select menu Start / Control Panel / Install and remove programs mm (for Windows Vista\Seven Start / Control Panel / Programs and Features);
  • Select from the list that opens Rutoken Support Modules and press the button Delete.

After removing modules, you must restart your computer.

  • Download and install the latest version of support modules. The distribution is available for download on the Aktiv website.

After installing the modules, you must restart your computer.

6. You should increase the number of Rutoken containers displayed in CryptoPro CSP using the following instructions .

7. Update the Rutoken driver (see How to update the Rutoken driver?).

8. You should make sure that Rutoken contains key containers. To do this, you need to check the amount of free memory on the media by following these steps:

  • Open Start (Settings) / Control Panel / Rutoken Control Panel(if this item is missing, you should update the Rutoken driver).
  • In the window that opens Rutoken control panels in point Readers should choose Activ Co. ruToken 0 (1,2) and press the button Information(see Fig. 5).

If the root token is not visible in the item Readers or when you press a button Information The message appears The ruToken memory state has not changed, this means that the media has been damaged, you need to contact the service center for an unscheduled key replacement.

Rice. 5. Program window Rutoken Control Panel.

  • Check what value is specified in a string Free memory (bytes).

As a key carrier in service centers root tokens with a memory capacity of about 30,000 bytes are issued. One container takes up about 4 KB. The amount of free memory of a root token containing one container is about 26,000 bytes, two containers - 22,000 bytes, etc.

If the free memory of a root token is more than 29-30,000 bytes, then there are no key containers on it (see Fig. 6). Therefore, the certificate is contained on a different medium.

Rice. 6. “Information about Rutoken” window.


Registry

If the Registry reader is used as a key medium, you must perform the following steps:


1. Make sure that the reader is configured in CryptoPro CSP Registry. For this:

  • Select menu Start / Control Panel / CryptoPro CSP;
  • Go to tab Equipment and press the button Configure readers.

If the reader is missing, you need to add it (see How to configure readers in CryptoPro CSP?).


2. In the window Selecting a Key Container set switch Unique names.


3. Remove remembered passwords. For this:

  • Select menu Start / Control Panel / CryptoPro CSP;
  • Go to tab Servi with and press the button Remove remembered passwords;
  • Mark item User and press the button OK(see Fig. 5).

Rice. 5. “Remove remembered passwords” window