The CryptoPro CSP message “Insert key media” or “Another key media has been inserted” appears. "Key media is not inserted. Another media is inserted." Cryptopro csp insert key media cryptopro net

List of documents for a legal entity:

1. Extract from the United state register legal entities(Unified State Register of Legal Entities) no older than 30 days.

2. Passport

3. Company details

4. SNILS (Insurance certificate of state pension insurance)

5. TIN certificate

List of documents for an Individual Entrepreneur (IP):

1. Extract from the Unified State Register of Individual Entrepreneurs (USRIP)

2. Passport

3. SNILS (Insurance Certificate of State Pension Insurance)

4. TIN certificate

List of documents for an individual:

1. Passport

2. TIN certificate

2. SNILS (Insurance Certificate of State Pension Insurance)

2. A window pops up: "Error! The CAPICOM library cannot be loaded, possibly due to low access rights on this local machine."

If, when working on the website roseltorg.ru, a window pops up: “Error! The CAPICOM library cannot be loaded, possibly due to low access rights on this local machine” You need:

1. Click on the yellow bar under the site address with the text “This website is trying to install the following add-on: “CAPICOM User Download v2.1.0.2” from “Microsoft Corporation”. If you trust this website and add-on and want to install it , click here...";

2. Select "Install ActiveX control";

3. Click on the "Install" button; This procedure must be performed until the window with this message stops popping up (this is individual for each computer). This is a one-time setup.

3. How to install a personal certificate?

Installing a personal certificate (your organization's certificate) can be done in the following way:

Via the "View certificates in container" menu

1. Select Start / Control Panel / CryptoPro CSP, go to the Service tab and click on the button View certificates in a container(see Fig. 1).

Rice. 1. “CryptoPro CSP Properties” window

2. In the window that opens, click the Browse button to select a container to view. After selecting the container, click on the OK button (see Fig. 2).

Rice. 2. Window for selecting a container to view

3. In the next window, click on the Next button.

Rice. 3. “Selected private key container” window

4. If the version of CryptoPro CSP 3.6 R2 (product version 3.6.6497) or higher is installed, then in the window that opens, click on the Install button, and then respond affirmatively to the notification about replacing the certificate (if it appears).

Rice. 4. Certificate viewing window

5. In the window that appears about the successful installation of the certificate, click OK

Rice. 5. Window “Message about successful certificate installation”

6. then press the ready button

Rice. 6. Window for viewing the selected certificate

5. Close the CryptoPro CSP window by clicking OK

Detailed information on installing the certificate is available at the following link.

4. How to set up email.

Configuring security settings for Outlook Express is carried out according to the following scheme:

1. Select the menu item Tools -> Accounts/ Accounts and open the Mail tab.

2. In the displayed list of accounts, select the one you want to configure and click the Properties button.

3. In the displayed dialog, select the Security tab, which allows the user to specify his personal certificates, which will be used when selecting the user’s personal keys for generating an electronic digital signature and decrypting incoming messages. The certificate selection dialog displays only certificates that have a matching address Email and allowed for email protection

5. In the displayed dialog, select the Security tab:

6. In the displayed dialog, set the following modes:

a. Always encrypt messages when sending encrypted mail . Setting the enable mode allows the sender to decrypt the messages he has sent.

b. Include my digital ID when sending singed messages. Setting this mode to automatically add the sender's certificate to all messages. This mode allows you to exchange certificates using a signed message, and then use the resulting certificates to subsequently encrypt messages between recipients.

c. Send messages with an opaque signature / Encode message before signing. When Message Mode is enabled, all attachments will be combined into a single attachment with a digital signature included. If the mode is disabled, the signature is generated as one separate attachment for all attachments.

d. Automatically add sender certificates to my address book. When enabled, certificates sent as part of a signed message will be automatically added to the address book.

e. Check for revoked Digital Ds:

i. only when online. Installing a verification token means that each operation of generating or verifying an electronic digital signature will be accompanied by a certificate revocation check. To check for revocation, a Certificate Revocation List (CRL) is used, information about the location of which is recorded as an addendum in each user’s certificate. By default, this option is not enabled, and Outlook Express does not track whether user keys have been compromised.

ii. Never/Never.

No revocation check is performed.

5. How to sign a document.

There are 2 types of sending a signed document.

The first way is to sign the document itself and the second is to sign the entire letter.

To create and send a signed message:

1. Click the Create Mail button or select the menu item File -> New -> Mail message.

3. To send a signed message, check the state of the Sign button. It should be pressed and the signed message sign should be visible on the right side of the screen.

4. Once the message is ready to be sent, click on the Send button:

The second method is when the file itself is signed. Microsoft package Office lets you attach digital signatures to a specific document. To do this you need:

1. From the Tools menu, select Options, and then open the Security tab.

2. Click the Digital Signatures button.

3. Click the Add button.

4. Select required certificate, and then click OK.

For other data formats, you must use the CryptoArm program.

6. CryptoPro expires.

Was not entered during installation serial number product according to the license you purchased.

7. Mail does not see the certificate.

When setting up email, at the stage of signing the document, the email does not find the required certificate. This happens when the email address that is specified when producing the digital signature does not match the current email address.

8. When installing CryptoPro at the last step, the system displays a message about the incorrect installation of the program and rolls back. What should I do?

The problem occurs due to incomplete (or incorrect) removal previous version Crypto Pro from a computer. To remove files remaining from the previous version, you must use the CryptoPro clear.bat trace cleaning program. You can download the program from here: ftp://ftp.cryptopro.ru/pub/CSP_3_6/clearing.zip

9. Where can I find the public digital signature signature key?

In all signatures issued by our company, the public key is located inside a container on a secure medium. In order to remove it from the container you need to:

When turned on system unit media Through the CryptoPro program Start à Control Panel à CryptoPro àService à View the certificates in the container. In the dialog box that appears, select the required container through the overview à Next. In the window for viewing digital signature public key data, select properties à “Composition” tab à Copy to file and specify the path to save the certificate.

10. CryptoPro does not see the container on the flash drive. Prompts you to select another media.

Depending on what type of media you use, the solutions are different. If you use smart cards such as Rutoken, MSKey, Etoken, then most likely you do not have the drivers installed to work correctly with the key.

If your key is on USB flash drive 2.0, then you need to look at the version of the CryptoPro kernel. If you are using CryptoPro 3.0, then you have lost your way. In order to configure it you need to:

When the media is included in the system unit Through the CryptoPro program Start à Control Panel à CryptoPro à Equipment Configure readers Add. In the Reader Installation Wizard window that appears, select Floppy Drive on the right side of the screen (since in CryptoPro all USB drives are defined as floppy disks). In the next window, select the correct name of the flash drive, that is, the name under which the flash drive is identified in “My Computer”.

If you are using CryptoPro 3.6 and the container is not visible, then the media is damaged. It should be provided to the office to determine the status of the key.

11. We have received an electronic signature, what to do next? How to register on the trading platform?

The entire procedure for accreditation, filing an application for participation in the auction and conducting the auction itself is described in the operating regulations of a specific electronic trading platform, which can be found on the website of this site. There are also various supporting video materials and instructions for working in the system. Or you can contact us to purchase our accreditation assistance service on any electronic platform.

12. To check what operating system is installed on your computer

- Go to My Computer in Explorer.

— Click right click mouse on the display and select “Properties” from the menu that appears.

— The window that appears contains information about your system.

13. To find out which version of Internet Explorer is installed on your computer

— Run Internet Explorer.

— Choose from horizontal menu At the top of the browser is the “Help” item.

— The window that appears contains information about the current version of the browser.

— Possible option

14. To install a newer version of Internet Explorer 8

— Please indicate in command line the following address:

— In the window presented, click “Download for free.”

— Click “Run” in the window that appears.

- Then click “Run” again.

— When installation is complete, you must restart your computer.


If the error appears when logging in, you need to follow these steps to resolve it:

1. Make sure that the medium with the certificate is inserted (the medium with the certificate is usually a floppy disk or a ruToken smart card). The media must match the selected certificate.

2. Open Start / Control Panel / CryptoPro CSP/tab Service/ button Remove remembered passwords(see Fig. 1). In the window that opens, select the item User In chapter Delete all remembered passwords private keys and press the button OK.

Rice. 1. Removing remembered passwords

3. Next, you need to reinstall the personal certificate through CryptoPro (see How to install a personal certificate?).

If, when reinstalling a certificate, the window Selecting a Key Container will be empty, or the required container will not be displayed in it, then use the following recommendations.

4. If a floppy disk is used as a key media, it should not be write-protected (on a write-protected floppy disk, both slots located in the corners of the media are open).

5. If a flash drive whose name has been changed is used as a key media, then you must return the previous name.

6. If a floppy disk or flash drive is used as the key container, you must ensure that at the root of the media there is a folder containing files: header, masks, masks2, name, primary, primary2. Files must have the extension .key, and the folder name format should be as follows: xxxxxx.000.

If any files are missing or their format is incorrect, then the private key container may have been damaged or deleted. The container may also be damaged if these files cannot be copied, for example, to the Desktop.

If the folder with the listed files is not on the floppy disk (flash drive), then the certificate is missing on it. You need to check whether the certificate is contained on other media.


If an error appears while working in the system, you must follow these steps to resolve it:

1. If this message occurs when trying to open a document, it is often accompanied by error when decrypting data. To solve it, use the following recommendations.

2. When opening a document, try pressing the button several times Cancel in the key media request window that opens.

3. It is likely that the document that causes the error to open was encrypted with multiple certificates. If one of the key media with an outdated certificate is lost or damaged, then this certificate can be deleted from the storage Personal And Other users.

To do this you need to select the menu Start / Control Panel / Internet Options. Go to tab Content and press the button Certificates(see Fig. 2).

Rice. 2. Internet Options.

Rice. 3. “Personal” tab

After this you need to go to the tab Other users, if there are personal certificates in the list, they must be deleted. Only certificates from regulatory authorities should remain on this tab.
Remove certificates from storage Other users can also be done using

Thank you very much, Mikhail, everything was done quickly and most importantly it was clear to me... Since we found it with you mutual language. I would like to continue to communicate with you in the future. I hope for fruitful cooperation.

Olesya Mikhailovna - General Director LLC "VKS"

On behalf of the State Unitary Enterprise "Sevastopol Aviation Enterprise" we express our gratitude for the professionalism and efficiency of your company! We wish your company further prosperity!

Guskova Liliya Ivanovna - manager. State Unitary Enterprise "SAP"

Thank you, Mikhail, very much for your help with the design. Very qualified employee +5!

Nadiya Shamilyevna - entrepreneur IP Anoshkina

On behalf of the AKB-Auto company and on my own behalf, I express my gratitude to you and all the employees of your company for the productive and high-quality work, sensitivity to client requirements and efficiency in the execution of ordered work.

Nasibullina Alfira - Senior Manager"AKB-Auto"

I would like to thank consultant Mikhail for great job, timely and complete consultations. He is very attentive to the client’s problems and questions, promptly solving the most difficult situations for me. It's a pleasure to work with Mikhail!!! Now I will recommend your company to my clients and friends. And the technical support consultants are also very polite, attentive, and helped with the difficult installation of the key. Thank you!!!

Olga Sevostyanova.

Purchasing the key turned out to be very easy and even pleasant. Many thanks to manager Mikhail for his assistance. Explains complex and difficult-to-understand things succinctly, but very clearly. Besides, I called the hotline toll free line and submitted an application online, together with Mikhail. They made a key for me in 2 business days. In general, I recommend it if you are saving your time, but at the same time want to have an understanding of what you are buying and what you are paying for. Thank you.

Levitsky Alexander Konstantinovich Samara

Personal thanks to consultant Mikhail Vladimirovich for prompt consultation and work on expediting the receipt of an electronic signature certificate. During the preliminary consultation, the optimal set is selected individual services. The end result is received immediately.

Stoyanova N.L. - Chief Accountant LLC "SITECRIM"

thanks for operational work and competent help! I was very pleased with the consultation!

Dmitry Fomin

Expert System LLC thanks consultant Mikhail for his prompt work! We wish your company growth and prosperity!

Sukhanova M.S. - AppraiserExpert System LLC, Volgograd

Thanks to the consultant, who introduced himself as Mikhail, for his efficiency in working with clients.

Ponomarev Stepan Gennadievich

Many thanks to consultant Mikhail for his assistance in obtaining the digital signature. For prompt work and advice on issues arising during the registration process.

Leonid Nekrasov

The company, represented by consultant Mikhail, does the impossible! Acceleration of accreditation in less than 1 hour! Payment upon delivery of the service. I thought this wouldn't happen. With full responsibility, I can advise you to contact the Center for Issuing Electronic Signatures.

Good afternoon!. For the last two days I have had an interesting task of finding a solution to this situation, whether there is a physical or virtual server, it probably has the well-known CryptoPRO installed on it. Connected to the server , which is used to sign documents for VTB24 DBO. Everything works locally on Windows 10, but on the server Windows platform Server 2016 and 2012 R2, Cryptopro doesn't see JaCarta key . Let's figure out what the problem is and how to fix it.

Description of the environment

There is a virtual machine on Vmware ESXi 6.5, as operating system Windows Server 2012 R2 installed. The server is running CryptoPRO 4.0.9944, the latest version at the moment. A JaCarta dongle is connected from a USB network hub using USB over ip technology. Key in the system it seems, but not in CryptoPRO.

Algorithm for solving problems with JaCarta

CryptoPRO very often calls various errors in Windows, a simple example (Windows installer service could not be accessed). This is what the situation looks like when the CryptoPRO utility does not see the certificate in the container.

As you can see in the UTN Manager utility, the key is connected, it is seen in the system in smart cards as a Microsoft Usbccid (WUDF) device, but CryptoPRO does not detect this container and you do not have the opportunity to install the certificate. The token was connected locally, everything was the same. We began to think about what to do.

Possible reasons with container definition

  1. Firstly, this is a problem with the drivers, for example, in Windows Server 2012 R2, JaCarta should ideally be identified in the smart card list as JaCarta Usbccid Smartcard, and not Microsoft Usbccid (WUDF)
  2. Secondly, if the device is seen as Microsoft Usbccid (WUDF), then the driver version may be outdated, which is why your utilities will not detect the protected device. USB storage device.
  3. Outdated version of CryptoPRO

How to solve the problem that cryptopro does not see the USB key?

We created a new virtual machine and began installing the software sequentially.

Before installing any software working with USB drives containing certificates and private keys. Need to NECESSARILY disable the token, if inserted locally, then disable it, if over the network, terminate the session

  • First of all, we update your operating system, everyone available updates, since Microsoft fixes many errors and bugs, including drivers.
  • The second point is, in the case of a physical server, to install all the latest drivers on the motherboard and all peripheral equipment.
  • Next, install the Unified JaCarta Client.
  • Install the latest version of CryptoPRO

Installing a single JaCarta PKI client

Single JaCarta Client- This special utility from the Aladdin company, for proper operation with JaCarta tokens. Download the latest version of this software product, you can from the official website, or from the cloud, if suddenly you can’t get it from the manufacturer’s website.

Next, you unpack the resulting archive and run it installation file, for my Windows architecture, mine is 64-bit. Let's start installing the Jacarta driver. Single Jacarta client, it is very easy to install (I REMIND you that your token must be disabled at the time of installation). On the first window of the installation wizard, simply click next.

We accept license agreement and click "Next"

For JaCarta token drivers to work correctly for you, just run standard installation.

If you choose "Custom installation", be sure to check the following boxes:

  • JaCarta Drivers
  • Support modules
  • Support module for CryptoPRO

In a couple of seconds, Single client Jacarta, installed successfully.

Be sure to reboot the server or computer so that the system sees fresh drivers.

After installing JaCarta PKI, you need to install CryptoPRO, to do this, go to the official website.

https://www.cryptopro.ru/downloads

Currently the most latest version CryptoPro CSP 4.0.9944. Run the installer, leave the "Install" checkbox root certificates" and click "Install (Recommended)"

The installation of CryptoPRO will be performed in the background, after which you will see a prompt to restart the browser, but I advise you to reboot completely.

After reboot, connect your JaCarta USB token. My connection is via the network, from a DIGI device, via . In the Anywhere View client, my Jacarta USB drive is successfully detected, but as Microsoft Usbccid (WUDF), and ideally it should be defined as JaCarta Usbccid Smartcard, but you need to check it anyway, since everything can work like that.

By opening the "Single Client" utility Jacarta PKI", no connected token was detected, which means there is something wrong with the drivers.

Microsoft Usbccid (WUDF) is a standard Microsoft driver that is installed by default on various tokens, and sometimes it works, but not always. operating room Windows system by default, sets them in view of its architecture and settings, I personally like this moment this is not necessary. What are we doing, we need to delete Microsoft drivers Usbccid (WUDF) and install drivers for Jacarta media.

Open the manager Windows devices, find the item "Smart card readers" click on Microsoft Usbccid (WUDF) and select "Properties". Go to the "Drivers" tab and click Uninstall

Agree to remove the Microsoft Usbccid (WUDF) driver.

You will be notified that a system reboot is required for the changes to take effect; we must agree.

After rebooting the system, you can see the installation of the ARDS Jacarta device and drivers.

Open the device manager, you should see that your device is now identified as JaCarta Usbccid Smartcar and if you go to its properties, you will see that the jacarta smart card is now using driver version 6.1.7601 from ALADDIN R.D.ZAO, this is how it should be .

If you open the Jacarta unified client, you will see your electronic signature, which means that the smart card has been correctly identified.

We open CryptoPRO, and we see that CryptoPRO does not see the certificate in the container, although all the drivers have been identified as needed. There is one more trick.

  1. In the RDP session you will not see your token, only locally, that’s how the token works, or I haven’t found how to fix it. You can try following the recommendations to resolve the "Unable to connect to the smart card management service" error.
  2. You need to uncheck one box in CryptoPRO

BE SURE to uncheck the "Do not use outdated cipher suites" checkbox and reboot.

After these manipulations, CryptoPRO saw my certificate and the jacarta smart card became working, you can sign documents.

You can also see your JaCarta device in devices and printers,

If you, like me, have the jacarta token installed in the virtual machine, then you will have to install the certificate via console virtual machine, and also give the rights to it to the responsible person. If this physical server, then you will have to give rights to the management port, which also has virtual console.

When you have installed all the drivers for Jacarta tokens, you may see the following error message when connecting via RDP and opening the Jacarta PKI Unified Client utility:

  1. The smart card service is not running on the local machine. The architecture of the RDP session developed by Microsoft does not provide for the use of key media connected to the remote computer, so in the RDP session the remote computer uses the smart card service of the local computer. It follows from this that running the smart card service inside an RDP session is not enough to normal operation.
  2. Smart Card Management Service on local computer launched, but is not accessible to the program inside the RDP session due to Windows settings and/or RDP client.\

How to fix the error "Unable to connect to the smart card management service."

  • Start the smart card service on the local machine with which you are initiating the session remote access. Set it up automatic start when the computer starts.
  • Allow the use of local devices and resources during the remote session (particularly smart cards). To do this, in the "Remote Desktop Connection" dialog, in the parameters, select the "Local Resources" tab, then in the " Local devices and resources" click the "More details..." button, and in the dialog that opens, select "Smart cards" and click "OK", then "Connect".

  • Make sure your RDP connection settings are safe. By default, they are saved in the file Default.rdp in the "My Documents" directory. Make sure that in this file there was a line "redirectsmartcards:i:1".
  • Make sure that the remote computer, to which you are making an RDP connection, is not activated group policy
    -[Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection\Do not allow smart card reader redirection]. If it is Enabled, then disable it and reboot the computer.
  • If you have Windows 7 SP1 or Windows 2008 R2 SP1 installed and you are using RDC 8.1 to connect to computers running Windows control 8 and higher, then you need to install an update for the operating system https://support.microsoft.com/en-us/kb/2913751

This was the troubleshooting for setting up the Jacarta token, CryptoPRO on the terminal server, for signing documents in VTB24 RBS. If you have any comments or corrections, please write them in the comments.