Rutoken documentation

Page tree

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 15 Next »

General information

Signs of Rutoken devices' correct connection to a computer

The main signs of Rutoken devices connection are listed in Table 1.

Table 1

Device name

Sign

Token, Bluetooth-Token, Token with Type-C, Token with NFC

an indicator lights up on a device

Smart Card

an indicator lights up on a smart card reader

During operations with Rutoken do not disconnect it from your computer in no case. This may lead to an error.

Rutoken Control Panel

Rutoken Control Panel is a software tool designed to maintaine Rutoken devices in Microsoft Windows OS. The Rutoken Control Panel is installed in the system along with the "Rutoken Drivers for Windows" kit.

Types of users in the Rutoken Control Panel:

  • User;
  • Administrator.

User's PIN code

The User's PIN code is a password that is used to access the main functions of the Rutoken device.

The default User's PIN code is 12345678.

Administrator's PIN code

The Administrator's PIN code is a password that is used to access the administrative functions of the Rutoken device.

The default Administrator PIN  is 87654321.

Connecting Rutoken devices to a computer

Connecting a token

Insert the token into a USB port of the computer to connect it. If a token is connected correctly, its indicator lights up.

Connecting a smart card

A smart card reader is used to connect a smart card to a computer.

Both, an empty reader and a reader with an inserted smart card, can be connected to a USB port of your computer.

To connect a smart card to a computer:

  1. Insert a smart card into a reader.
  2. Connect a reader to a computer's USB port. If a smart card is connected correctly, an indicator on a reader lights up. If a smart card is inserted into a reader incorrectly, an indicator on a reader may start flashing. 

Connecting a Bluetooth-token

A Bluetooth-token is connected to a computer via a microUSB cable. If a Bluetooth-token is connected correctly, its indicator lights up.

Connecting a Rutoken with a Type-C connector to a computer

A Rutoken with a Type-C connector connects to a computer that has a specific USB Type-C port. On some computers this port is indicated as a Thunderbolt 3 (USB-C).

If a Rutoken with Type-C is connected correctly, its indicator lights up.

Launching Rutoken Control Panel

There are several ways to launch the Rutoken Control Panel:

Method 1.  Launching from a desktop of your computer (use it if there is a Rutoken Control Panel icon on a desktop)

Double-click with the left mouse button on a Control Panel icon located on a dekstop of a computer.

Method 2.  Launching from a Start menu (use it if there is no Rutoken Control Panel icon on a desktop)

For Windows 10:

  1. Click on Start.
  2. Type "Rutoken" into a search box and press enter. 
  3. Left-click on the icon of the found program.

For  Windows 7:

  1. Click on Start.
  2. Type "Rutoken" into a search box and press enter. 
  3. Left-click on the icon of the found program.

For  Windows XP:

  1. Click on Start.
  2. Left-click on Search.
  3. On the left side of the Search results window left-click on Files and Folders.
  4. Type "Rutoken" In a field for specifying the file name.
  5. Click on Find
  6. In the right part of the window double left-click on the name of the found program.

Method 3.  Launching from a computer Control Panel (use it if a taskbar is hidden)

  1. Launch a dialog box. Press Win+R.
  2. In a dialog box, type "control panel" and press OK.  
  3. In Control Panel click on the link Equipment and sound.
  4. Click on the link Rutoken Control Panel.

Device selection in Rutoken Control Panel

If several Rutoken devices are connected to your computer at the same time, before starting to work you need to select a device with which operations will be performed.

To select a device:

  1. Launch Rutoken Control Panel.
  2. Select needed device on the Administration tab in the Connected Rutoken drop-down list.

Checking if a device selection is correct

To check if a device collection is correct:

  1. Launch Rutoken Control Panel.
  2. Select needed Rutoken device.
  3. Click Information. The Information about Rutoken window will open.
  4. If a Bluetooth-token is selected, then it's necessary to compare the value in the ID field (the last 5 numbers) with the numbers on the token's body.
  5. If a token is selected, then it is necessary to compare the value in the ID field with the numbers indicated on the token's body.

Viewing information about the Rutoken device

To view information about the Rutoken device:

  1. Launch the Rutoken Control Panel.
  2. Select the Rutoken device.
  3. Click on Information. The Information about Rutoken window will open.

The description of information about the Rutoken devices is given in Table 2.

Table 2

Field

Description

Name

Personalized device name

Model

General device name

System name

Name used to designate the device in other applications

ID

Unique digital device identifier

Version

Device's firmware version and status flags

Total memory (bytes)

The total amount of memory of the selected device

Free memory (bytes)

The amount of device memory (available to use)

User's PIN code can be changed

The policy selected to change the User's PIN on the device

Using UTF-8 in PIN codes

The possibility to safely use сyrillic symbols when setting a PIN code

CryptoPro FKC Support

The device supports the work with CryptoPro Rutoken CSP via a secure FKC channel

Microsoft Base Smart Card Crypto Provider

The device supports the work with a standard cryptography provider for Microsoft's smart cards

The device is connected via RDP

If the device is connected via a RDP protocol

Viewing the version of the installed kit "Rutoken Drivers for Windows"

To view the version of the installed kit "Rutoken Drivers for Windows":

  1. Launch the Rutoken Control Panel.
  2. Go to the tab About the program. The current version of the "Rutoken Drivers for Windows" installed on the computer is indicated in the field Version of the Rutoken drivers

Entering the User's PIN code to work with a Rutoken device

After entering an incorrect User's PIN code several times in a row, the Rutoken device with be blocked. Only the device's Administrator can unlock it.

To enter the User's PIN code:

  1. Launch the Rutoken Control Panel.
  2. Select the Rutoken device.
  3. Check the correctness of the device selection.
  4. Click on Enter the PIN code.
  5. Check that the switch is set to User.
  6. Enter the User's PIN.
  7. Click OK.
  8. If an incorrect PIN code is entered, a message about it will be displayed on the screen. The maximum number of attempts to enter the PIN code is indicated in the attempts left field. 

The choice of the crypto provider used by default for the Rutoken device

Crypto provider is a dynamically connected library that implements cryptographic functions with a standardized interface.

Each cryptographic provider can have their own sets of algorithms and their own requirements for the format of keys and certificates.

To select the crypto provider used by default for the Rutoken device:

  1. Launch the Rutoken Control Panel.
  2. Go to the Settings tab.
  3. Click on Configuration.
  4. Select the name of the crypto provider from the drop-down list next to the device model.
  5. To apply the changes and continue working with the settings, click on Apply
  6. To confirm the choice of a cryptographic provider, click OK.
  7. In the window requesting permission to make changes on the computer, click Yes.

Selection of the method for generating RSA key pairs (for the Rutoken EDS device)

You should not use Microsoft crypto provider to generate key pairs if you are not sure about the security of your computer.

To select a cryptographic provider to generate RSA key pairs:

  1. Launch the Rutoken Control Panel.
  2. Go to the Settings tab.
  3.  Click on Settings
  4. In the section Settings of the Aktive Co. Rutoken CSP v1.0 crypto provider  select a method for generating RSA 2048 bit key pairs for Rutoken EDS. To do this, set the switch to the desired position.
  5. To apply the changes and continue working with the settings, click on Apply
  6. To confirm the choice of a cryptographic provider, click OK.
  7. In the window requesting permission to make changes on the computer, click Yes.

Selecting PIN settings

You can set the settings for the PIN code in the Rutoken Control Panel. The list of settings is specified in Table 3.

Table 3

Setting

Result of setting selection

Remember the PIN code from the app...

The PIN code is entered once when using the Rutoken device for the first time in the application

Offer to change the PIN code every time...

Every time after entering the PIN code, a message is displayed on the screen with a suggestion to change the PIN code (if the user has not changed the default PIN code)

Encoding the PIN code in UTF-8...

The PIN code can consist of Cyrillic characters

The Remember PIN-code setting allows you to reduce the number of PIN-code entries in applications due to their short-term storage by the crypto provider in encrypted memory. Do not use this setting if you are not sure about the security of the computer.

The Encoding the PIN code in UTF-8 setting allows you to safely use PIN codes containing cyrillic characters. 

To select the settings for the PIN code:

  1. Launch the Rutoken Control Panel.
  2. Go to the Settings tab.
  3. Click on Settings. 
  4. Check the boxes next to the names of the required settings.
  5. To apply the changes and continue working with the settings, click on Apply
  6. To confirm the selection of settings, click OK.
  7. In the window requesting permission to make changes on the computer, click Yes.

Changing the User's PIN code

By default, the User's PIN code set for the Rutoken device is 12345678. For security reasons, before using the Rutoken device for the first time, it is recommended to change the default PIN code.

The recommended length of the PIN code is 6-10 characters. Using a short PIN (1-5 characters) significantly reduces the level of security, and a long PIN (more than 10 characters) can lead to an increase in the number of errors when entering it.

Access to the certificates stored on the device is possible only after specifying the PIN code. If the PIN code has been changed, then it must be remembered.

To change the PIN code:

  1. Launch the Rutoken Control Panel.
  2. Select the Rutoken device.
  3. Check the correctness of the device selection.
  4. Click Enter the PIN code and specify the User's PIN code.
  5. Click OK.
  6. Click on Change.
  7. Enter the new PIN in the fields Enter the new PIN and Confirm the new PIN. If the PIN security indicator located next to the field Enter a new PIN code is highlighted in red, then the PIN code is "weak", if yellow — then "medium", and if green - then "reliable".
  8. Click OK.

Indication of the Rutoken device name by the User

In order to distinguish Rutoken devices from each other, you should set a name for each device. It will not always be displayed in third-party applications.

It is recommended to specify the first and last name of the owner of the device or a short name of the scope of the device use.

To specify the Rutoken device name:

  1. Launch the Rutoken Control Panel.
  2. Select the Rutoken device.
  3. Check the correctness of the device selection.
  4. Click on Enter the PIN code.
  5. Set the switch to User.
  6. Enter the User's PIN.
  7. Click OK.
  8. Click on Change.
  9. Enter the name of the Rutoken device in the Name field.
  10. Click OK.

Entering the Administrator's PIN code to work with the Rutoken device

After entering the wrong Administrator PIN code several times in a row, the device is blocked. The Administrator's PIN code cannot be unlocked. If the Administrator's PIN code is blocked, it is necessary to format the Rutoken device, but all data stored on it will be permanently deleted.

To enter the Administrator's PIN code:

  1. Launch the Rutoken Control Panel.
  2. Select the Rutoken device.
  3. Check the correctness of the device selection.
  4. Click on Enter the PIN code.
  5. Set the switch to Administrator and enter the Administrator PIN.
  6. Click OK.

Changing the Administrator's PIN code

By default, the Administrator PIN code set for the Rutoken device is 87654321. For security reasons, it is recommended to change the default PIN code before using the Rutoken device for the first time.

The recommended length of the PIN code is 6-10 characters. Using a short PIN (1-5 characters) significantly reduces the level of security, and a long PIN (more than 10 characters) can lead to an increase in the number of errors when entering it.

To change the Administrator's PIN code:

  1. Launch the Rutoken Control Panel.
  2. Select the Rutoken device.
  3. Check the correctness of the device selection.
  4. Click on Enter the PIN code.
  5. Set the switch to Administrator and enter the Administrator PIN.
  6. Click OK.
  7. Click on Change.
  8. Make sure that the switch is set to the Administrator position.
  9. Enter the new PIN code in the fields Enter the new PIN and Confirm the new PIN code. If the PIN security indicator located next to the field Enter a new PIN code is highlighted in red, then the PIN code is "weak", if yellow - then "medium", and if green - then "reliable". 
  10. Click OK.

Change of the User's PIN code by the Administrator

The Administrator can change the User's PIN code only if the "User and Administrator" ("Administrator") PIN change policy was selected when formatting the device.

To view the current PIN change policy, open the Rutoken device details.

The recommended length of the PIN code is 6-10 characters. Using a short PIN (1-5 characters) significantly reduces the level of security, and a long PIN (more than 10 characters) can lead to an increase in the number of errors when entering it.

To change the User's PIN code:

  1. Launch the Rutoken Control Panel.
  2. Select the Rutoken device.
  3. Check the correctness of the device selection.
  4. Click on Enter the PIN code.
  5. Set the switch to Administrator and enter the Administrator PIN.
  6. Click OK.
  7. Click on Change.
  8. Set the switch to User.
  9. Enter the new PIN in the fields Enter the new PIN and Confirm the new PIN
  10. Click OK.

Unlocking the User's PIN code by the Administrator

The User's PIN code is blocked if the user has entered it with an error several times in a row. The User's PIN code can only be unlocked by the administrator.

After the User's PIN code is unlocked, the counter of failed authentication attempts will take its original value (set when formatting the Rutoken device).

After unlocking, the User's PIN code will not change. The Administrator can set a new User PIN code only when formatting the Rutoken device.

In order to unlock the User's PIN code:

  1. Launch the Rutoken Control Panel.
  2. Select the Rutoken device.
  3. Check the correctness of the device selection.
  4. Click on Enter the PIN code.
  5. Set the switch to Administrator and enter the Administrator PIN.
  6. Click OK
  7. In the section PIN Management click Unlock. In the window with the message about the successful completion of the operation, click OK.  As a result, the User's PIN code will be unlocked.

Formatting by the Administrator of the Rutoken device

During the formatting of the device, all objects created on it will be deleted. Only those objects that have been stored in protected memory (for Rutoken EDS Flash) will remain. Also, when formatting, new PIN values are set or default values are selected. If the user has exhausted all attempts to enter the Administrator's PIN code, then it is possible to return the device to the factory-fresh state. For such formatting, the Administrator's PIN code is not required. When returning the Rutoken EDS Flash device to the factory-fresh state, the contents of the Flash memory will also be cleared, and the information recorded in it will be permanently deleted.

When formatting a Rutoken device, all data on it, including keys and certificates, will be permanently deleted.
During the formatting process, do not disconnect the Rutoken device from the computer, as this may lead to its breakdown.

To start the Rutoken device formatting process:

  1. Launch the Rutoken Control Panel.
  2. Select the Rutoken device.
  3. Check the correctness of the device selection.
  4. Click on Enter the PIN code.
  5. Set the switch to Administrator and enter the Administrator PIN.
  6. Click OK.
  7. Click Format. A window called Formatting the token will open.
  8. Specify the name of the Rutoken device.
  9. Change the policy.
  10. When working with a Bluetooth token, specify the method of encrypting the radio channel.  In the Security section, set the switch to the desired position.
  11. Enter the new PIN code of the User (Administrator).
  12. Specify the minimum length of the User's (Administrator's) PIN code.
  13. Specify the maximum number of attempts to enter the PIN code of the User (Administrator).
  14. Click Start.
  15. In the window with a warning about deleting all data on the Rutoken device, click OK.
  16. Wait for the formatting process to finish.
  17. In the window with the message about successful formatting of the Rutoken device, click OK.

Specifying the name of the Rutoken device when formatting

To specify the name of the Rutoken device when formatting specify a new device name in the Token name field.

Changing the policy when formatting

Depending on the policy selected when formatting the Rutoken device, the User's PIN code may be changed:

  • only by the User (if the switch is set to "User");
  • by User and Administrator (if the switch is set to "User and Administrator");
  • only by the Administrator (if the switch is set to "Administrator").

In order to understand which policy to choose, follow the link "Which policy should I choose?" (located in the section the user's PIN code can be changed).

To change the policy in the section the user's PIN code can be changed, set the switch to the desired position.

Specifying the new PIN code of the User (Administrator) when formatting

In order to set a new PIN code of the User (Administrator), which will be available only after the formatting process is completed:

  1. in the corresponding section, uncheck the box Use the default PIN;
  2. enter the new PIN code in the fields New PIN code and Confirmation.

Specifying the minimum length of the User's (Administrator's) PIN code when formatting

The recommended length of the PIN code is 6-10 characters. Using a short PIN (1-5 characters) significantly reduces the level of security, and a long PIN (more than 10 characters) can lead to an increase in the number of errors when entering it.

In order to set the minimum length of the PIN code of the User (Administrator), select the desired value in the corresponding section in the drop-down list Minimum PIN code length.

Specifying the maximum number of attempts to enter the PIN code of the User (Administrator) during formatting

To increase the security level, you should change the original value. The recommended number of attempts to enter the PIN code is 5 times. A small number of attempts (1-4 times) can lead to accidental PIN code blocking, a large number (more than 5 times) - will reduce the level of information security.

In order to set the maximum number of attempts to enter the PIN code of the User (Administrator), select the desired value in the corresponding section in the drop-down list Attempts to enter the PIN code.


Working with PIN quality policies

PIN quality policies allow you to increase the level of PIN security.

In the Rutoken Control Panel, all PIN codes are divided into three categories by quality:

  • weak;
  • medium;
  • reliable.

There is a choice of policies that will be taken into account when assessing the quality of the PIN.

The following policies are used to control the quality of the PIN code:

  1. The minimum length of the PIN code.
  2. The policy of using the default PIN code.
  3. The policy of using a PIN code consisting of a single repeated character.
  4. The policy of using a PIN code consisting only of digits.
  5. The policy of using a PIN code consisting only of letters.
  6. The policy of using a PIN code that matches the previous PIN code.

When installing the "Rutoken Drivers for Windows" kit, the policy settings are set by default.

By default, all previously specified PIN quality policies are selected. 

By default, a password is considered "weak" if its length is less than one character.

PIN quality policies can be changed in the Rutoken Control Panel by a user with operating system administrator rights or a domain administrator.

Each new PIN must comply with the selected quality policies.

PIN quality policies are set in the Rutoken Control Panel for a specific computer.

In order to select the policies that will be taken into account when assessing the security level of the PIN:

  1. Launch the Rutoken Control Panel.
  2. Go to the Settings tab.
  3. Click on Setting.
  4. In the drop-down list called Consider the PIN code as "weak" when the length is less than select the required number.
  5. In the section Policies check the boxes next to the policy names.
  6. In order to have a message warning that the PIN code does not comply with the selected policies displayed on the screen when entering an incorrect PIN code, select the value "Warn" in the drop-down list If a "weak" ("medium") PIN code is set.
  7. In order to prohibit the use of a "weak" password, select the value "Prohibit use" in the drop-down list If "weak" PIN code is set.
  8. To set the default policies and behavior when changing the PIN code, click Set Default.
  9. To confirm the changes, click OK.
  10. To apply the changes and continue working with the policies, click on Apply.
  11. In the window requesting permission to make changes on the computer, click Yes.

View key pairs and certificates stored on the Rutoken device

In the Rutoken Control Panel, a personal certificate is a container consisting of: a certificate, a public key and a private key.

To view certificates and key pairs stored on the Rutoken device:

  1. Launch the Rutoken Control Panel.
  2. Select the Rutoken device.
  3. Check the correctness of the device selection.
  4. Go to the Certificates tab.

The certificates, key pairs and personal certificates stored on the Rutoken device are displayed on the Certificates tab.

Icons are displayed to the left of the names of certificates, personal certificates and key pairs. They mean the following:

- personal certificate

- CryptoPro CSP certificate

- key pair

- CryptoPro CSP key pair

Bold indicates personal certificates installed by default. Each cryptographic provider has its own personal certificate installed by default. In the Rutoken Control Panel, you can set only a personal RSA certificate by default.

If, when clicking the left mouse button on the name of the personal certificate, there are notifications about the fact that the personal certificate is unreliable, displayed in the upper part of the panel window, then it is necessary to install a trusted root certificate of the certification center for it.

The wording of such notifications may be as follows:

  • "The certificate is unreliable";
  • "Review status could not be verified";
  • "The root certificate is not set."

To update the list of certificates, personal certificates and key pairs, click on the button next to the field Connected Rutoken.

Registration of the root certificate of the certification center as a trusted root certificate

Before registering the root certificate of the certification center as a trusted root certificate, check its presence inside the personal certificate recorded on the Rutoken device.

To check the presence of a root certificate:

  1. Launch the Rutoken Control Panel.
  2. Select the Rutoken device.
  3. Check the correctness of the device selection.
  4. Go to the Certificates tab.
  5. Left-click on the name of the personal certificate for which you want to check the presence of the root certificate of the certification center.
  6. Click on Features
  7. Go to the tab Certification path in the window with the certificate name.
  8. If in the section Certification path only one certificate is displayed or several certificates with an error message are displayed, then you need to contact the certification center that issued this certificate to obtain a root certificate.
  9. If in the section Certification path two certificates are displayed and one of them with an error message, then you need to register the root certificate of the certification center as a trusted one by yourself.

For self-registration of the root certificate of the certifying center as a trusted one:

  1. Launch the Rutoken Control Panel.
  2. Select the Rutoken device.
  3. Check the correctness of the device selection.
  4. Go to the tab Certificates.
  5. Left-click on the name of the personal certificate for which you want to register the root certificate of the certification center as a trusted one.
  6. Click on the "Install" link.
  7. In the window warning that, after registering the root certificate of the certification center, Windows will trust any certificate issued by this certification center, click Yes.  
  8. Right-click on the name of the personal certificate for which the root certificate of the certification center was registered as a trusted certificate. The message "The certificate is valid" will be displayed at the top of the panel. 

Viewing information about the certificate (key pair, personal certificate) stored on the Rutoken device

To view information about the certificate (key pair, personal certificate) stored on the Rutoken device:

  1. Launch the Rutoken Control Panel.
  2. Select the Rutoken device.
  3. Check the correctness of the device selection.
  4. Go to the tab Certificates.
  5. Right-click on the name of the required certificate (key pair, personal certificate).
  6. Select the Features menu item.

The following points are specified on the General tab: 

  • supported certificate usage methods;
  • name of the certificate recipient;
  • name of the certification center that issued the certificate;
  • certificate validity period;
  • additional information about the certificate (Vendor Statement button).

Full description of the certificate is indicated on the tab Composition:

  • unique serial number assigned to the certificate by the certification center;
  • the hashing algorithm used by the certification center to digitally sign the certificate;
  • type and length of the public key;
  • summary of the data (thumbprint) of the certificate.

The path from the selected certificate to the certification authorities that issued the certificate is specified on the Certification path tab. By clicking on View the certificate, you can get additional information about the certificates of each certification center in the path.

Exporting a certificate to a file

Sometimes there is a need to transfer the certificate stored on the Rutoken device to another user. To do this, the certificate must be exported to a file.

The Rutoken Control Panel supports the following certificate file formats:

  • CER;
  • P7B.

There are two ways to export a certificate to a file in the Rutoken Control Panel:

Method 1

To export a certificate from a Rutoken device to a file:

  1. Launch the Rutoken Control Panel.
  2. Select the Rutoken device.
  3. Check the correctness of the device selection.
  4. Go to the tab Certificates.
  5. Left-click on the certificate name.
  6. Click Export.
  7. If you need to export only the certificate, then select the switch next to the name of the file format to export.
  8. If you need to export the certificate together with the key pair, then set the switch to Personal Information Exchange File PKCS #12 (.PFX), enter the password twice or check the box Without a password (if you don't want to set a password).
  9. Click on Review next to the field Path and select a file on your computer.
  10.  Click on Export. As a result, the certificate will be exported to the specified file.

Method 2

To export a certificate from a Rutoken device to a file:

  1. Launch the Rutoken Control Panel.
  2. Select the Rutoken device.
  3. Check the correctness of the device selection.
  4. Go to the tab Certificates.
  5. Right-click on the certificate name.
  6. Select the Export menu item.
  7. If you need to export only the certificate, then select the switch next to the name of the file format to export.
  8. If you need to export the certificate together with the key pair, then set the switch to Personal Information Exchange File PKCS #12 (.PFX), enter the password twice or check the box Without a password (if you don't want to set a password).
  9. Click on Review next to the field Path and select a file on your computer.
  10.  Click Export. As a result, the certificate will be exported to the specified file.

To export a root trusted certificate:

  1. Launch the Rutoken Control Panel.
  2. Select the Rutoken device.
  3. Check the correctness of the device selection.
  4. Go to the Certificates tab.
  5. Left-click on the name of the personal certificate.
  6. Click on Features.
  7. Go to the tab Composition.
  8. Click on Copy to file.
  9. Click on Next.
  10. Select the switch next to the name of the required format and click on Next.
  11. Click on Review.
  12.  Select the file on your computer or external carrier and click Next.
  13. Click Done. As a result, the certificate will be exported to the specified file.

Importing an RSA certificate and an RSA key pair to a Rutoken device

This operation allows you to import a key pair to the Rutoken device along with a certificate from the following file formats:

  • PFX;
  • P12;

If a file in PFX or P12 format is selected for import, the private key and the corresponding RSA certificate will be copied to the Rutoken device.

If the PFX file is protected with a password, a password entry window will appear on the screen.

If a file in CER format is selected for import, the Rutoken Control Panel will check whether the device has a private key corresponding to this RSA certificate. If there really is a private key, then the imported RSA certificate will be binded with this key.

To import an RSA certificate and an RSA key pair from a file to a Rutoken device:

  1. Launch the Rutoken Control Panel.
  2. Select the Rutoken device.
  3. Check the correctness of the device selection.
  4. Go to the tab Certificates.
  5. Click on Import.
  6. Specify the path to the file for import and click on Open. As a result, the RSA certificate and the RSA key pair will be imported to the Rutoken device.

Assigning a certificate for a key pair

If the user has a certificate corresponding to a key pair, then after creating a key pair on the Rutoken device, it is necessary to assign a certificate for it.

This operation allows you to assign a certificate in CER format to a key pair located on the Rutoken device.

To assign a certificate to a key pair:

  1. Launch the Rutoken Control Panel.
  2. Select the Rutoken device.
  3. Check the correctness of the device selection.
  4. Go to the tab Certificates.
  5. Right-click on the name of the key pair and select Assign a certificate to a key pair...
  6. Select the certificate file on your computer and click Open. As a result, the certificate will be assigned to the key pair.

Assigning a new RSA certificate for the RSA key pair

This operation allows you to assign a new RSA certificate for the RSA key pair located on the Rutoken device.

To assign a new RSA certificate for the RSA key pair:

  1. Launch the Rutoken Control Panel.
  2. Select a device.
  3. Check the correctness of the device selection.
  4. Go to the tab Certificates.
  5. Right-click on the name of the RSA personal certificate and select Assign a certificate to a key pair.
  6. Select the file with the RSA certificate on the computer and click Open. As a result, a new certificate will be assigned to the key pair.

Setting the "default" attribute for a personal RSA certificate

If the "default" attribute is not set for any of the personal certificates, then when working with the Rutoken device, the certificate recorded in the device memory before all others will be used.

If there is a personal certificate on the Rutoken device, for which the "default" attribute was previously set and another RSA personal certificate must be used instead, then it is enough to set the "default" attribute for another certificate.

For each cryptographic provider, the "default" attribute can be set for only one personal certificate.  

To set the "default" attribute for a personal RSA certificate:

  1. Launch the Rutoken Control Panel.
  2. Select the Rutoken device.
  3. Check the correctness of the device selection.
  4. Go to the tab Certificates.
  5. Left-click on the name of the personal RSA certificate.
  6. Click By default. 
  7.  Enter the User's PIN and click OK. As a result, the personal RSA certificate will be used by default.

Removing the "default" attribute for a personal RSA certificate

To remove the "default" attribute for a personal RSA certificate:

  1. Launch the Rutoken Control Panel.
  2. Select the Rutoken device.
  3. Check the correctness of the device selection.
  4. Go to the Certificates tab.
  5. Left-click on the name of the personal RSA certificate.
  6. Click By default.
  7. Enter the User's PIN and click OK. As a result, the RSA personal certificate will not be used by default. 

Registration of a personal certificate in the local storage

In order for various applications of the Windows operating system to access the personal certificate stored in the memory of the Rutoken device, it is necessary to register it in the local storage of the workstation. In some cases, a personal certificate is registered automatically.

This procedure allows you to register a personal certificate in the local storage.

To register a personal certificate in the local storage:

  1. Launch the Rutoken Control Panel.
  2. Select the Rutoken device.
  3. Check the correctness of the device selection.
  4. Go to the tab Certificates.
  5. Select the checkbox in the line with the certificate name in the Registered column. 

Deleting a personal certificate from the local storage

To delete a personal certificate from the local storage:

  1. Launch the Rutoken Control Panel.
  2. Select the Rutoken device.
  3. Check the correctness of the device selection.
  4. Go to the tab Certificates.
  5. Uncheck the box in the line with the name of the personal certificate in the Registered column.

Deleting the RSA certificate (RSA key pair, RSA personal certificate) from the memory of the Rutoken device

After deleting the RSA certificate (the RSA key pair, the RSA personal certificate), it will be impossible to restore.

To delete the RSA certificate (RSA key pair, RSA personal certificate):

  1. Launch the Rutoken Control Panel.
  2. Select the Rutoken device.
  3. Check the correctness of the device selection.
  4. Go to the tab Certificates.
  5. In the line with the name of the RSA certificate (RSA key pair, RSA personal certificate) click on the left mouse button.
  6. Click on Delete.
  7. Click Yes in the window with the request to confirm the operation. 
  8.  Enter the User's PIN and click OK. As a result, the selected RSA certificate (RSA key pair, RSA personal certificate) will be permanently deleted from the Rutoken device's memory.

Connecting a Rutoken to an Android device

Rutokens that can be connected to an Android device

You can connect to an Android device:

  • Rutoken with Type-C connector;
  • dual smart card with NFC support;
  • token with NFC.

Installing the Rutoken Control Panel app on Android

The Rutoken Control Panel application allows you to:

  • view information about connected Rutoken devices;
  • change PIN codes and device labels;
  • track the battery charge of the Bluetooth token.

To install the Rutoken Control Panel application:

  1. Launch Google Play Store on your device.
  2. Find the Rutoken Control Panel application. To do this, enter the name of the application in the Google Play Store search bar and press ENTER.
  3. Select the Rutoken Control Panel in the list of search results. A page with detailed information about the application will open.
  4. Click Install.
  5. Read the list of rights that the application needs.
  6. If you agree to grant the application the required rights, click Accept. The download and installation of the application will begin.
  7. If you do not agree to grant the required rights to the application, click Back. In this case, the installation of the application will be canceled.

Connecting a Rutoken with a Type-C connector to an Android device

A Rutoken with a Type-C connector connects to an Android device with a special USB Type-C port. If the token is connected correctly, an indicator will start to light on it and its name will be displayed in the Rutoken Control Panel application.

To check whether the name of the Rutoken is displayed correctly in the Rutoken Control Panel application:

  1. Connect the Rutoken with the Type-C connector to the device.
  2. Launch the Rutoken Control Panel app.
  3. Click on the device name in the application window. A window with basic information about the token will open.

Connecting a dual smart card with NFC support (NFC token) to an Android device

To connect a dual smart card with NFC support (a token with NFC), you need a mobile device with an NFC module.

To connect a dual smart card with NFC support (NFC token), put the Rutoken to the NFC module of the mobile device. If the mobile device has made a sound, then Rutoken has connected to it.  Also, in case of correct connection, the name of the Rutoken will be displayed in the Rutoken Control Panel application.

To work with a dual smart card (NFC token) on a mobile device, put it to the NFC module of the mobile device for the entire period of working with it.

To check the display of the name of a dual smart card with NFC support (a token with NFC) in the Rutoken Control Panel application:

  1. Connect a smart card with NFC support (NFC token) to the device.
  2. Launch the Rutoken Control Panel app.
  3. Click on the device name in the application window. A window with basic information about the Rutoken will open.

Working with the Rutoken Control Panel application

Changing the PIN code

  1. Connect the Rutoken to your Android device.
  2. Launch the Rutoken Control Panel application.
  3. To open the menu, click on the icon in the upper right corner of the Rutoken card .
  4. Select the menu item called Change the PIN code. The application will display a window for entering a new PIN code.
  5. Go to the tab User (to enter a new User PIN) or Administrator (to enter a new Administrator PIN).
  6. Enter the current PIN.
  7. Enter the new PIN code twice.
  8. Click OK.

Changing the Rutoken device label

To change the device label:

  1. Connect the Rutoken to your Android device.
  2. Launch the Rutoken Control Panel application.
  3. To open the menu, click on the icon in the upper right corner of the Rutoken card .
  4. Select the menu item called Change the token label. The application will display a window for entering the User's PIN code and a new label.
  5. Enter the User's PIN.
  6. Enter a new label.
  7. Click OK.

Unlocking the PIN code

To unlock the User's PIN code:

  1. Connect the Rutoken to your Android device.
  2. Launch the Rutoken Control Panel application.
  3. To open the menu, click on the icon in the upper right corner of the Rutoken card .
  4. Select the Unlock menu item. The application will display a window for entering the Administrator's PIN code and a button for unlocking the User's PIN code.
  5. Enter the Administrator's PIN.
  6. Click OK.

Specific features related to working with the Rutoken EDS Flash device

An important feature of the Rutoken EDS Flash device is the presence of managed Flash memory. It can be divided into sections, access to which is delimited using PIN codes. Such memory is called protected and its state remains unchanged during the formatting of the device.

  • No labels