The experience of obtaining a private key token for the Unified Portal of State Services
All of the following applies to individuals of the Russian Federation.
As you may know, authorization on the public services portal is possible in three ways - using a login and password (where the SNILS number plays the role of a login), using a USB digital signature key (cryptographic token), and using CSP.
It is easier for me to remember a small PIN to the token than to keep the SNILS card with numbers on the numbers each time and remember the password (and the requirements for the password at the EPGU are serious). So I decided to get a hardware token with an EDS key.
Up to a heap - a qualified signature token can be used in addition to the public services portal.
Essentially, this is the GOST eToken device, which combines JavaCard / PKCS11 smart cards and USB HID readers in one package, so it doesn’t need drivers.
When issuing a token, the public key certificate is tied to your registration data: SNILS, full name, E-Mail. Valid year. It costs 660 rubles. It allows you to create a qualified (ie, certified by an accredited CA) electronic signature, which is a legally significant analogue of the handwritten.
At the time of the decision, I was already registered on the portal of public services, and had an activated account. This makes the procedure for getting trivial.
So, go to the customer service office of Rostelecom, authorized to issue tokens and activate accounts to the portal of public services.
The list is available for download on the portal itself.
It is assumed that you already have an activated account on the portal, or at least you are registered there and have chosen the activation method “In the office of Rostelecom”. That is, at home, register on the portal, then go to the office of Rostelecom.
If the account is not activated - there, in the office, activate it by presenting the SNILS and passport.
After activation, you pay 660 rubles to the cashier, and sign four or five leaves - consent to the processing of personal data, an application for issuing a key, an act of acceptance, and something else.
You are given a memo on the use of electronic signature, a copy of the act, and a form of a public key certificate. The latter is essentially a dump of the certificate loaded into the token. Yes, and of course, the token itself is issued - a small purple flash drive.
Everything, I congratulate. Now you can sign legally relevant documents right and left.
')
There were no misunderstandings. The token is issued with the default pin-code "1234567890", which is strongly recommended to change. And this is understandable. So, from the memo did not follow how it can be done. I had to disturb the pretty girls from the contact center of Rostelecom.
In short - you need to go to your personal account on the portal of public services, and go to the "My Details" section, which is immediately available on the main page. This is the “PIN code change” widget.
Other problems include the fact that eToken PKI client versions 5.1 and 4.55 stubbornly refuse to display the contents of the token, considering it uninitialized. The boy from Aladdin support said that the token is proposed to steer through the CryptoPro CSP / JCP. Which costs about 2000 rubles. Together with AWP to work with PKCS # 7 documents (trusted.ru) - as many as 3500.
When issuing, I was warned that the key is for signing only (GOST private keys are really of two types - a signing key and an exchange (approval) key - to generate a common encryption key on the certificate). But in the form of the certificate it is unambiguously written - "[Digital signature, Invalidability, Encryption of keys, Data encryption]".
So we'll see.
When you first try to log in to the public services portal using a token, you will be prompted to install a browser plugin. Chrome on 32-bit and 64-bit Windows 7 works without problems. Allegedly, there are for Linux and Mac OS X. Not tested.
After the plugin is installed - you can enter the portal. Administrator rights to install, by the way, does not require. Put under a specific user.
Why is this necessary?
As you may know, authorization on the public services portal is possible in three ways - using a login and password (where the SNILS number plays the role of a login), using a USB digital signature key (cryptographic token), and using CSP.
It is easier for me to remember a small PIN to the token than to keep the SNILS card with numbers on the numbers each time and remember the password (and the requirements for the password at the EPGU are serious). So I decided to get a hardware token with an EDS key.
Up to a heap - a qualified signature token can be used in addition to the public services portal.
What is it?
Essentially, this is the GOST eToken device, which combines JavaCard / PKCS11 smart cards and USB HID readers in one package, so it doesn’t need drivers.
When issuing a token, the public key certificate is tied to your registration data: SNILS, full name, E-Mail. Valid year. It costs 660 rubles. It allows you to create a qualified (ie, certified by an accredited CA) electronic signature, which is a legally significant analogue of the handwritten.
Like this?
At the time of the decision, I was already registered on the portal of public services, and had an activated account. This makes the procedure for getting trivial.
So, go to the customer service office of Rostelecom, authorized to issue tokens and activate accounts to the portal of public services.
The list is available for download on the portal itself.
It is assumed that you already have an activated account on the portal, or at least you are registered there and have chosen the activation method “In the office of Rostelecom”. That is, at home, register on the portal, then go to the office of Rostelecom.
If the account is not activated - there, in the office, activate it by presenting the SNILS and passport.
After activation, you pay 660 rubles to the cashier, and sign four or five leaves - consent to the processing of personal data, an application for issuing a key, an act of acceptance, and something else.
You are given a memo on the use of electronic signature, a copy of the act, and a form of a public key certificate. The latter is essentially a dump of the certificate loaded into the token. Yes, and of course, the token itself is issued - a small purple flash drive.
Everything, I congratulate. Now you can sign legally relevant documents right and left.
')
Be careful, rake!
There were no misunderstandings. The token is issued with the default pin-code "1234567890", which is strongly recommended to change. And this is understandable. So, from the memo did not follow how it can be done. I had to disturb the pretty girls from the contact center of Rostelecom.
In short - you need to go to your personal account on the portal of public services, and go to the "My Details" section, which is immediately available on the main page. This is the “PIN code change” widget.
Other problems include the fact that eToken PKI client versions 5.1 and 4.55 stubbornly refuse to display the contents of the token, considering it uninitialized. The boy from Aladdin support said that the token is proposed to steer through the CryptoPro CSP / JCP. Which costs about 2000 rubles. Together with AWP to work with PKCS # 7 documents (trusted.ru) - as many as 3500.
When issuing, I was warned that the key is for signing only (GOST private keys are really of two types - a signing key and an exchange (approval) key - to generate a common encryption key on the certificate). But in the form of the certificate it is unambiguously written - "[Digital signature, Invalidability, Encryption of keys, Data encryption]".
So we'll see.
Use with the public service portal
When you first try to log in to the public services portal using a token, you will be prompted to install a browser plugin. Chrome on 32-bit and 64-bit Windows 7 works without problems. Allegedly, there are for Linux and Mac OS X. Not tested.
After the plugin is installed - you can enter the portal. Administrator rights to install, by the way, does not require. Put under a specific user.
Source: https://habr.com/ru/post/151462/
All Articles