Installation of key generation arm and key creation. Key generation arm Key generation arm 1.0 0.41 n


If you came to this page, most likely you need to generate a certificate for the Bus Gov website (bus.gov.ru). This site is supervised by the Federal Treasury of Russia and is required primarily for posting information about state (municipal) institutions. The small amount of information on the Internet and the constant congestion of the Treasury telephone lines, coupled with the not always predictable work schedule, prompted this article to be written. In it we will learn - how independently in the program AWP Key generation generate signature certificates for the Bus Gov website and what data must be specified during generation.

We form a certificate for the site bus.gov.ru

The current version of the AWP key generation program at the time of this writing is 1.0.0.44n... You can download it, or you can - from the website of the Federal Treasury. Unpack the archive to a place convenient for you, go to the AWP GK 44 folder and run the install.exe file.

After installation, a folder will appear on your desktop OTR, and in it a subfolder: EDMS client with label AWS Key Generation... Run it. If an error appears Exception EoleSysError in module vcl50.bpl (Error while accessing the OLE registry)- follow the recommendations described and proceed directly to the key generation.

After successfully launching the shortcut AWS Key Generation a window will appear at the top of the screen asking you to create a certificate request.

Push Create certificate request and choose from the menu Request for an applicant certificate.

The next generation window will open, in which it is imperative to put three checkboxes (in addition to the checkbox Client Authentication), indicating what type of certificate will be generated and what it will be used for. Click on the + item icon Working with GMU and check the boxes as in the following picture.

Next, a window will appear in which you will need to enter information about the applicant - the head of the organization for which you plan to obtain an access certificate. Required fields are underlined in the picture.

The registration number of the GMU organization can be found on the Bus Gos website itself by following the link bus.gov.ru/pub/registry and entering the TIN of the required organization. Below in the search results, if the TIN coincides with the existing company, a link will be given in which you should click on the "Registration data" tab and in the 8th field Registry number in the list of GMU you will find the required sequence number.

Press the D button more and make sure that the check mark Print an application for an EDS key certificate stood. Next, click Execute and indicate the medium on which the key will be written. It is desirable that it be a removable flash drive. Next, the biological random number sensor will start. Move your mouse non-stop over this window and randomly press the number and letter buttons of your keyboard to help the system generate a key. When the line of the generation process reaches the end, you just have to come up with a password for the certificate and repeat it in the next window. By pressing the button OK you will be prompted to select the path for the key file with the .req extension. By default, this is C: \ FkClnt1 \ EXE \.

After the document will be generated Application for obtaining a qualified certificate of the electronic signature verification key at the Certification Center of the Federal Treasury to print in 2 copies, signed by the responsible person and taken to the Treasury department along with the flash drive on which the key file was recorded. After activating the key, you will be able to work with the Bus Gov website (bus.gov.ru).

In general, this article applies to all versions of the GK AWP (stands for Automated Workstation for Generating Keys), and not only to 1.0.0.37n. I was very surprised to learn that someone is having difficulty installing this product. And yet, nevertheless it is so ... I allowed myself to add something here, namely, how I installed this program myself, of course in pictures. So let's get started ...

You should immediately make a reservation: Two programs of this type do not live on the same computer. More precisely, they live, but only after small "dances with a tambourine", namely by editing the Windows registry. But we will not touch on this, so as not to endure the brain of the audience of this site who have a problem installing this program.


Find the program on the internet. Download and unzip it somewhere on your computer, and as a result you will get a folder with files (picture # 1):


In this folder, we are interested in the setup.exe file. In the picture above, a red arrow points to it. Let's start it by double-clicking on it, and we will see the installer's greeting:





We accept the license agreement and get into the next window, where you need to figure it out a little:



First of all, we select the "Full" installation type so as not to bother with "Custom". Otherwise, you will have to answer a number of questions. We leave the checkbox "Install with default parameters" for the same reason. Here is the directory where the program will be installed, you can choose another. I don't recommend it though. Suddenly a new version will be released (and it will come out sooner or later). Then you have to remember: "Where did you install it?" And so you don't need to remember ... In general, click "Next" and get into the next window:



Here the installer informs us that in the list of computer programs "All programs", the folder OTR \ SED client will be created, and that from there it will be possible to launch it. Click further:



Well, everything is clear here. The installer has accepted all of our changes and is ready to install to the folder of your choice. Click "install":



Well, it remains only to wait for the installation of the program. If you see the following window, then everything is fine:



It should be noted that the installer does not create a shortcut to launch the program on the desktop. This can be done manually, as I did. The picture below shows which file the shortcut will refer to:



That's all. The installation of the program is complete. I wish you success in further mastering it ...

And finally ... If you liked this article and you learned something new for yourself from it, then you can always express your gratitude in monetary terms. The amount can be anything. This does not oblige you to anything, everything is voluntary. If you nevertheless decided to support my site, then click on the "Thanks" button, which you can see below. You will be redirected to the page of my website, where you can transfer any amount of money to my wallet. In this case, a gift awaits you. After a successful money transfer, you can download it.

Instructions for generating an electronic signature key

(version from 20.09.2016)

On September 1, 2016, a new version of the regulations of the Certification Center of the Federal Treasury, approved by order No. 280 dated July 25, 2016, entered into force. Please familiarize yourself with the updated stages of obtaining certificates
19.09.2016 released a new version 1 AWS for generating keys 10.0.0.44 n, it must be installed, after removing the previous version.

List of abbreviations used:


AWP

Automated workplace

ASFK

Automated system of the Federal Treasury

Gus

State automated system

GMU

State municipal institution

PPO

Application software

PC

Personal electronic computer

CIPF

Cryptographic information protection tool

SUFD

Remote financial document management system

TOFK

Territorial body of the Federal Treasury

FC

Federal Treasury

  1. Before starting work, make sure that the workstation is installed:

  • CIPF "Crypto PRO CSP" (version 3.6 or newer);

  • AWS for Key Generation (the current version of the AWS for Key Generation can be downloaded at ftp://ftp.ufk39.ru/RCR/Distrib/ or with the "Continent AP" cryptographic protection system connected on the start page of the SUFD-portal ( http://10.39.4.123). Attention, in the case of installing the "AWS for Generating Keys" on a workstation designed to work in the application software "SUFD", you must use the instructions for setting up an additional AWP.
ATTENTION!!! Key generation must be performed in the Key Generation AWP of version no lower than 1.0.0.44 n... Before installing the specified version, it is recommended to uninstall the previous one.
Skilled a certificate is required to work in all systems (SUFD, SKZI Continent AP, Procurement website within the framework of 223-FZ, EIS (unified information system in the field of procurement) within 44-FZ, GMU, GAS "Management", GIIS "Electronic budget", portal "Gosuslugi", etc.).

Connect a clean formatted key carrier (flash drive, floppy disk, Ru-token, etc.) to the PC system unit.

The media must be accounted for in the "Journal of accounting of machine data carriers" (the form is approved by order of the FAPSI dated 13.06.2001 No. 152), a form with an example of filling can be downloaded from the website of the Office.


  1. In the AWS for Generating Keys, click the "Create a Certificate Request" button (see Fig. 1).

Fig. 1 AWS for generating keys


  1. Select the type of request (see Fig. 2).
To create a request for an individual - "Request for the applicant's certificate"

Fig. 2 Dialog box with the choice of the type of request for key generation


  1. If you already have there is a certificate with dataTIN of an individual, then select "Generate a certificate request based on an existing certificate" (see Fig. 3) and click "Next".
When lack of certificate, select the required option, and click "Next", then go to clause 7 of these Instructions.

IMPORTANT if in your previous certificate there was a TIN of a legal entity, and you need a certificate for an individual, then NOT select the type "Generate a certificate request based on an existing certificate" because in this case, only a certificate for a Legal entity will be created, in this case, you need to select the "Request for the applicant's certificate" item and fill in all the parameters manually.

Fig. 3 Dialog box with the choice of the type of request for key generation


  1. In the window that appears, click the "Find" button (see Fig. 4) and select the previous certificate file (with the CER extension) or the request file (with the REQ extension) (see Fig. 5, Fig. 6, Fig. 7) and click button "Next".

Fig. 4 Dialog box for file selection

Fig. 5 Dialog box for file selection

Fig. 6 Dialog box for file selection

Fig. 7 Dialog box with the choice of the type of request for key generation


  1. In the window that appears, specify the required user roles (see Fig. 8). If the organization has several powers in the field of placing orders (for example, the Customer and the Financial Authority), generation of SEPARATE KEY . IMPORTANT: for certificate Legal entity only the Client Authentication role is required, which is mandatory for all types of certificates... Examples of the choice of roles for common information systems are given in Appendix 1 to these Instructions.
IMPORTANT: for clients, working in the SUFD: if an employee needs to work (for example, create documents) in the SUFD, but he is not included in the "Signature Samples Card", then such an employee needs to obtain a certificate for himself without the right to sign, with the following powers: "Client authentication" and "ASFK" (only external check mark see Appendix 1, Fig. 2).

Fig. 8 Dialog box. User roles


  1. In the window that appears, fill in all the necessary open to write the field (see Fig. 9).

Fig. 9 Dialog box with the applicant's data


  1. "Surname" - fill in the Applicant's Surname.

  2. "First Name Patronymic" - fill in the Name and Patronymic of the Applicant (if any), as indicated in the identity document.

  3. "E-mail" - fill in the e-mail address of the Applicant, personal information will be sent to this address, for example, the login and password for the first entry into the information system.

  4. "Position" - to be filled in only for a request for a certificate of a Legal entity. When filling out this field for the heads of the organization, it is necessary to take into account the data of the Unified State Register of Legal Entities; for other employees of the organization, it is necessary to be guided by the staffing table.

  5. "Formalized position" - the field becomes active when you select roles from the "ASFK" group. You must choose from 2: " Supervisor"(If the right of first signature) or" Chief Accountant"(If the right of the second signature), the right of the first or second signature is defined in the document" Card of samples of signatures "submitted by your organization to the Department of the Federal Treasury in the Kemerovo region at the place where your account is serviced. The only exceptions are cases when an employee turned off to the "Sample Signatures Card", but he signing of separate documents is required(non-settlement) in terms of cash services - you must select " Teller».

  6. "Surname First name Patronymic" - the field is filled in automatically.

  7. "Organization" - fill in only FULL name of company, name should character by character coincide with information from the Unified State Register of Legal Entities. THE EXCEPT IS THE NAME OF THE ORGANIZATION ONLY for certificate Legal entity , you need to fill in the short name, provided that the full name is longer 164 characters, in other cases, the full name is filled in if it does not exceed 164 characters.

  8. "Subdivision of the 1st level" - to be filled in only when generating a certificate Legal entity.

  9. "Subdivision of the 2nd level" - to be filled in only when generating a certificate Legal entity... This field is filled only if the organization (Legal entity) has separate subdivisions, for example, Kemerovo State University (the full name is filled in in the field "Organization") has a branch in the city of Belovo (the name of the branch is filled in the field "Subdivision of the 1st level") which has structural subdivisions "Accounting" (to be filled in "Subdivision of the 2nd level") (see Fig. 10).

  10. “Name of the settlement” - fill in the name of the settlement where the applicant Organization is located, for example, “Tashtagol”.

  11. Address (street, house) - to be filled in only when generating a certificate Legal entity... This field indicates the address of the location of the Legal entity of the applicant Organization.

  12. "Country" - fill in with the value "RU".

  13. "Name of the subject" - choose from the list "Kemerovo region".

  14. "TIN" - for a certificate of an individual, fill in the value of the TIN (12 characters) of the Applicant, for the certificate of a Legal entity, fill in the value of TIN (10 characters, with 2 zeros in front, for example, 004205654585) of a Legal entity.

  15. "OGRN" - to be filled in only when generating a certificate Legal entity... The value of the OGRN of the Legal entity is indicated.

  16. "SNILS" - indicates the value of the SNILS of the Applicant.

  17. "Account number of the UIS organization" - the field becomes active only when selected in the previous step when choosing roles from the section "Working with the UIS". The field is filled in with the value of the SDR code (code of the customer's consolidated list), this value can be viewed on the website http:// www. zakupki. gov. ru to search for YOUR organization, in the register of organizations: tab "Additional information" - the value "Unique account number of the organization" (11 digits), if there is no specified tab, then in the information "Registration data of the organization" value: "SDR code" (11 digits) ... (see Fig. 11 or Fig. 12)

  18. "Account number of GMU" - the field becomes active when selected in the previous step when selecting roles from the section "Working with GMU". The field is filled in with the value of the account number of the GMU of the applicant organization, this value can be viewed on the website http:// www. bus. gov. ru in the information about the organization "PGMU Code" (see Fig. 13) or "Registry number in the list of GMU" (see Fig. 14).

  19. "Protection class" - select the value "KC1", if at your workplace (computer) NOT installed hardware protection means "Sable", "Accord", etc. (hardware protection with a random number sensor), "KC2" - if the specified protection devices are installed.

  20. Exported Private Key - Always set to Yes.
Obtaining an ES certificate by certain types of legal entities

In accordance with the clarifications of the Federal Treasury ( Letter of the Federal Treasury dated July 21, 2016 No. 07-04-05 / 12-529), representatives the following legal entities due to non-placement of the procurement regulation in accordance with Federal Law No. 223-FZ dated July 18, 2011, it is necessary in the field “ Registration number of the EIS organization"Indicate the value" 00000000000 »:


  1. Operator of the electronic platform

  2. Information system operator

  3. Organization providing services for servicing users of the UIS

  4. A legal entity carrying out procurement in accordance with part 4 of article 5 of the Federal Law of December 30, 2008 N 307-FZ "On Auditing"
After filling in and checking all the fields, press the "Next" button.

Fig. 10. An example of filling in data for a legal entity

Fig. 11 Dialog box from the site http: // www. zakupki. gov. ru

Fig. 12 Dialog box from the site http: // www. zakupki. gov. ru

Fig. 13 Dialog box from the site www. bus. gov. ru... Register of organizations

Fig. 14 Dialog box from the site www. bus. gov. ru... Organization registration data


  1. In the window that appears, click "Run" (see Fig. 15)

Fig. 15 Dialog box AWS for generating keys


  1. At the next step, you need to select the type of media, depending on the media prepared in the first step, see item 1.
IMPORTANT:FORBIDDEN write the private key to " Registry».

  1. In the next window (see Fig. 16), enter the password and its confirmation. ATTENTION! Remember the entered password, if you lose it, recovery is impossible. These fields can be left blank, then the password will not be requested when signing with an electronic signature.

Fig. 16 Entering a password for the generated private key


  1. The next step, the system will offer to save the certificate request file (see Fig. 17).

Fig. 17 Dialog box. Saving the certificate request to a file
This request file must be brought on a removable medium (flash drive, floppy disk, etc.), does not contain key containers (private keys) of users , to the registration point of the Certification Center of the Federal Treasury, according to the territorial location of your organization.

Both copies of the application must be filled out and submitted to the Certification Center of the Federal Treasury, according to the territorial location of your organization.

Fig. 18. Printed application form

Samples of certification documents are posted on the information resource on the Internet ftp: // ftp. ufk39. ru, information portal at http://10.39.4.123(in the protected network segment, section of the Certification Center), on the official website of the Federal Treasury Department for the Kemerovo Region http://kemerovskaya.roskazna.ru. (GIS section - Certification center)

Contact details of the department of secrecy and information security

Department of the Federal Treasury for the Kemerovo region:
head of department: Opalev Kirill Nikolaevich (384-2) 719-005, e-mail: opalevkn@ ufk39. ru

Deputy Head of Department: Rodionov Stanislav Nikolaevich (384-2) 719-022,

certificate issuing specialists: (384-2) 719-034,719-164, 719-163,

specialists in work with means of EP and CIPF: (384-2) 719-161, 719-162, 719-022.

e-mail: uuc@ ufk39. ru
The contact details of operators of remote regional registration centers are posted on the website of the Office on the Internet in the section GIS-Certification Center-Contacts

Annex 1

Common examples of the distribution of roles for work in various information systems
For all certificates, the Client Authentication role is required. The specified role is the only one for certificate Legal entity.

IMPORTANT only for the section "Working with the UIS" !!! for one certificate, only one group of roles from the section "Working with the UIS" can be used, for example, "Customer" or "Financial authority" or so on.

Please note that the roles previously required are "Email Protection" and "Server Authentication" are not mandatory roles.

Rice. 1. Mandatory user roles for working in a FMS with signing rights

Rice. 2. Mandatory user roles for working in the SUFD WITHOUT signing rights

Rice. 3. Possible user roles for working on the site http:// www. bus. gov. ru

Rice. 4. Possible user roles for working on the site http:// www. zakupki. gov. ru within the framework of the Federal Law No. 44. Personal account - the Customer.

Rice. 5. Possible user roles for working on the site http:// www. zakupki. gov. ru within the framework of work under Federal Law No. 44. Personal account - Financial authority.

Rice. 6. Mandatory role of users for work in the GIIS "Electronic budget"
Change registration sheet


Date of changes

Difficulties associated with installation and operation (generalization):

SOLVING PROBLEMS WITH PRINTING IN WORD (author Alex67, comment on 10/17/2015 20:54 and comment on 11/03/2016 15:22)

Problems with entering OGRN or TIN. On some computers, an error occurs when generating an ES key. The error indicates that the OGRN or TIN was entered incorrectly.

Run cmd as Administrator Run: cd c: \ windows \ syswow64 Run: regsvr32 C: \ FkClnt1 \ SYSTEM \ midas.dll

Solution: Most likely Avast antivirus software is installed. It is necessary: ​​- Add the directory with the program to the exclusions (Avast - settings - exclusions); - Copy the file. cbmain.ex to the exe directory from the distribution kit (or restore from quarantine, if it remains there);

Exception EOleSysError in module vcl50.bpl at 0001a239. An error occurred when accessing the ole registry or vcl50.bpl was not found or an error when accessing the ole registry or problems with filling in the INN field

Solution: To fix it, you need to run the command on your computer. Click the Start button. In the Find Programs and Files text box, enter regsvr32 C: \ FkClnt1 \ SYSTEM \ midas.dll. Then press the Enter key. A message should appear stating that the library was registered successfully.

Regsvr32 is a command-line utility for registering and unregistering OLE controls such as ActiveX and DLLs in the Windows registry. Regsvr32.exe is installed in the% systemroot% \ System32 folder on Windows XP and later versions of Windows. On 64-bit versions of Windows, there are two versions of the Regsv32.exe file:% systemroot% \ System32 \ regsvr32.exe. % systemroot% \ SysWoW64 \ regsvr32.exe. Therefore, for the x64 platform, the following actions are required:

Run cmd as Administrator Run: cd c: \ windows \ syswow64 Run: regsvr32 C: \ FkClnt1 \ SYSTEM \ midas.dll Next, you need to go: "Start" - "Control Panel" - "User Accounts" - "User Accounts ". Select "Change User Account Control Settings" and move the slider to the bottom position. After that, you need to restart your computer.

I talked with the developers of the excellent AWP GC (who needs tel .: 8-800-100-22-55). So, the whole point is that you need to: 1. go to the C: \ FkClnt1 folder of the EXE subfolder. 2. in this folder, right-click on the cbank.exe file in the "Compatibility" tab, check the box and select compatibility with Windows XP (why XP, but because, as the developers said, this program was written by order of the Treasury for XP and paid at the same time, they do not want to pay extra for improvements for new versions of the operating system, so it works under the rest of the Axes thanks to our skill and ingenuity)))), click "Apply". 3. Launch again the AWS shortcut in the OTR folder on the desktop and ... voila! Runs and runs under Windows 8.1. x64! Recommendations from Alex_04 (comment, forum):

Windows 8.1 / x64 SL (monolingual, looks like an analogue of Home in 7?), There are no local security policies, UAC is disabled, the built-in admin account, the installation of the GK workstation h / w PKM - on behalf of the administrator, there were no errors. All recommendations from Ekaterina to item 3 "Difficulties associated with installation and operation (generalization)" (regarding launch under Win-8.1 / x64) have been fulfilled - Workstation GK simply silently does not start without any errors, flashing a black DOS screen. This helped: the file cbank.exe - PCM - Correcting compatibility problems - (I don't remember literally, not in front of my eyes, so about the meaning) - Previously started and worked - under Windows XP (SR2 or 3) - the process of configuring compatibility .. - wait for the end and finish. On the file! Cbank.bat - RMB - Properties -Compatibility - checkbox "Run the program in compatibility mode with Windows XP (SP2 or 3)". Workstation GK launch - OK! Batch label on the desktop, FSE. Recommendations from Alex_04 (comment):

On Win-7 / x64 under a user without administrator rights, none of the above in step 3 helped. The specialist from the OIS UFK helped: regedit with admin rights - HKEY_CURRENT_USER \ Software \ BSSystems and HKEY_CLASSES_ROOT \ Type.lib - RMB - Permissions - Users (or a specific user, if not - add) - Full access - OK. Only after that the errors of accessing the registry ole and vcl50.bpl at 0001a239 disappeared.

Generation error # 9. The specified encryption provider was not found.

Solution: Start - Settings - Control Panel - CryptoProCSP - Hardware - "Configure RSC" button. Install "Biological RFS".

Generation error # -2146893792. An internal error occurred. system last error message: Internal error.

Solution: Start - Settings - Control Panel - CryptoProCSP - Hardware - "Configure RSC" button.

Remove the "Sable RNG", install the "Biological RSC"

AWS for generating keys is required to create EDS keys (for example, to connect to the Electronic Budget). This article discusses both the installation of the AWS software for generating keys and the solution of the problems encountered.

The latest version of the AWP program for generating keys (1.0.0.44n) can be downloaded from this link: http://sedkazna.ru/download/prg/ARM_ECP_1_0_0_44n.zip

Installing AWS Key Generation

  • Run the setup file setup.exe
  • Leave the program installation path as default.

  • Click Next to proceed with the installation

  • Install.

The installation of the AWS for generating keys is completed.

Possible mistakes:

Error Exception EOleSysError in module vd50.bpl at 0001A239. An error occurred while accessing the OLE registry.

Very often the error Exception EOleSysError in module vd50.bpl at 0001A239 appears. This is due to the fact that the program was developed for Windows XP, and in Windows 7, 8, 10, it must be run in compatibility mode.

Solution(Error Exception EOleSysError in module vd50.bpl at 0001A239. Error accessing the OLE registry.):

  • Run: regsvr32 C: \ FkClnt1 \ SYSTEM \ midas.dll

Solution 2(Error Exception EOleSysError in module vd50.bpl at 0001A239. Error accessing the OLE registry.)

  1. Go to the C: \ FkClnt1 folder and then to the EXE folder;
  2. On the cbank.exe file, right-click Property.
  3. In the "Compatibility" tab, check the box and select compatibility with Windows XP (SP2).

Installing AWS for generating keys in Windows 10

The installation of the AWS for generating keys in Windows 10 is no different from the usual installation described above, but after installation the program simply does not start.

To run the AWS software package for generating keys in Windows 10 after installation, you must:

  1. Run cmd as Administrator
  2. Run the command in the command line: regsvr32 C: \ FkClnt1 \ SYSTEM \ midas.dll
  3. Restart your computer and start the program.