A USB token (or USB key) is not only a means of authentication in a computer OS, but also a convenient device for storing and presenting personal information: encryption keys, certificates, licenses, identifications.
Currently, tokens are very widespread. USB keys are much more reliable than the standard “login/password” pair due to the two-factor authentication mechanism, since the owner of the key must have the key itself (token), but also know the PIN code (password) for it.
The most popular models of USB tokens used in Russia are Rutoken, eToken from the Aladdin company, as well as JaCarta. Let's look at the most frequently asked questions and situations regarding PIN codes for tokens used in Russia.
Question: What is the default PIN?
Answer: Information about the default PIN codes for Rutoken and eToken and JaCarta tokens can be found in the table I specially prepared below:
Token model |
PIN-User codes |
PIN-Administrator codes |
|
Rutoken |
12345678 |
87654321 |
|
eToken |
1234567890 |
By default, there is no administrator password. Password can be set via control panel |
|
JaCarta PKI |
11111111 |
00000000 When using JaCarta PKI with the option |
|
JaCarta GOST |
Not specified |
1234567890 |
|
JaCarta PKI/GOST |
For PKI functionality: 11111111 When using JaCarta PKI with the option For GOST functionality: No PIN has been set |
For PKI functionality: 00000000 When using JaCarta PKI with the option For GOST functionality: 1234567890 |
|
JaCarta PKI/GOST/SE (Usually |
For PKI functionality: 11111111 For GOST functionality: 0987654321 |
For PKI functionality: 00000000 For GOST functionality: 1234567890 |
|
JaCarta PKI/BIO |
11111111 |
00000000 |
|
JaCarta PKI/Flash Question: What should I do if the PIN codes on the token are unknown and the default PIN code has already been reset? Answer: The only way out is to completely format the token (this will destroy the information on it). Question: What should I do if a user's PIN is blocked? Answer: You can unlock a user's PIN through the token management snap-in. To unlock, you need to know the administrator PIN code. Question: What should I do if the administrator PIN is blocked? Answer: It is not possible to unlock the administrator PIN. The only way out is to completely format the token (this will destroy the information on it). I hope with this article I helped answer questions about USB tokens, and also created an excellent online cheat sheet for all the most popular tokens that are used in Russia. For today, that's all I wanted to talk about. Good luck to everyone and see you again! In contact with Classmates |
Hello everyone, today I will remind you what the password is for eToken and Rutoken. They seem simple, but sometimes I forget them. We will also look at how Rutoken differs from eToken, since not everyone knows this, but this knowledge is very, very useful. I will also tell you how, if necessary, you can change this password.
The first thing you need to explain is what eToken and Rutoken are > these are special flash media whose task is to securely store a signing or encryption certificate ( private key), which is equivalent to a person’s paper signature and the whole thing is password protected. Manufacturers issue tokens with already installed standard password:
The difference between etoken and rutoken
And so, we found out what this whole thing is used for, now let’s talk about the difference between etoken and rutoken. Firstly, rutoken is red, and etoken is red. Secondly, they have different amounts of memory:
- Rutoken memory capacity varies from 32 kb to 126 kb
- Etoken has a maximum volume of 72Kb, where the user can only use 47Kb
I would like to note right away that in CryptoPRO both media work the same
Summary table of differences between etoken and rutoken
Etoken default password
I would like to note that if you received a token from some certification center, then with one hundred percent probability its password has been changed and you need to clarify it with the technical support that generated it. Please note that if you enter the wrong combination a certain number of times, the token may be blocked.
These codes are also called pin codes, so don’t be surprised if you hear the phrase root pin by default, techies have their own language.
- for eToken – 1234567890
- for Rutoken and Rutoken EDS:
- user: 12345678
- administrator: 87654321
Now you all know what etoken’s default password is; to be honest, I constantly confuse them. Although they make them simple, apparently this information is not very important for me, and the memory reacts in its own way. Programs for changing and setting a new Etoken password PKI Client or SafeNet Authentication Client.
The JaCarta token may be blocked, the error may be CKR_PIN_LOCKED, if you enter the wrong PIN code several times in a row, this can happen even if you did not enter it, because the program in which you process documents remembers the entered PIN code and accesses the key every time.
The default pin code on the new Jakarta carrier is:
- User PIN code (without spaces): 0987654321
- Administrator PIN (without spaces): 1234567890
- Open the management program: JaCarta Unified Client
- Open the GOST tab
- Then select Unblock user PIN
4. A warning will appear stating that this unlock only resets the error counter. If you changed the standard PIN code and forgot it, then only generating a new qualified electronic signature (CES) at the Certification Center will help in your case. 
5. In the window that opens, enter the administrator PIN code 1234567890 in the field. Click Run
6.If everything is done correctly, a window will appear with the message Unlocking successful.
7. Close the program. Now you can try to enter your PIN code again. The user's standard PIN code is 0987654321. If you have changed the standard PIN code and do not remember it, you will have to generate a new qualified electronic signature(KEP).
Tokens, electronic keys for access to important information, are becoming increasingly popular in Russia. A token is now not only a means of authentication in a computer operating system, but also a convenient device for storing and presenting personal information: encryption keys, certificates, licenses, identifications. Tokens are more reliable than the standard “login/password” pair due to the two-factor identification mechanism: that is, the user must not only have a storage medium (the token itself), but also know the PIN code.
There are three main form factors in which tokens are issued: USB token, smart card and key fob. PIN code protection is most often found in USB tokens, although recent models of USB tokens are available with the ability to install an RFID tag and with an LCD display for generating one-time passwords.
Let’s take a closer look at the principles of operation of tokens with a PIN code. A PIN code is a specially defined password that splits the authentication procedure into two stages: attaching a token to the computer and entering the PIN code itself.
The most popular token models on the modern Russian electronic market are Rutoken, eToken from the Aladdin company, and an electronic key from the Aktiv company. Let's look at the most frequently asked questions regarding PIN codes for tokens using the example of tokens from these manufacturers.
1. What is the default PIN?
The table below provides information about the default PIN codes for Rutoken and eToken tokens. The default password is different for different owner levels.
| Owner | User | Administrator |
| Rutoken | 12345678 | 87654321 |
| eToken |
1234567890 | By default, no administrator password is set. Can be installed via the control panel only for eToken PRO, eToken NG-FLASH, eToken NG-OTP models. |
| JaCarta PKI | 11111111 | 00000000 |
| JaCarta GOST | Not specified | 1234567890 |
| JaCarta PKI/GOST |
For PKI functionality: 11111111
When using JaCarta PKI with the "Backward Compatibility" option - PIN code - 1234567890 For GOST functionality: No PIN has been set |
For PKI functionality: 00000000
When using JaCarta PKI with the "Backward Compatibility" option - no PIN is set For GOST functionality: 1234567890 |
| JaCarta PKI/GOST/SE |
For PKI functionality: 11111111
For GOST functionality: 0987654321 |
For PKI functionality: 00000000
For GOST functionality: 1234567890 |
| JaCarta PKI/BIO | 11111111 | 00000000 |
| JaCarta PKI/Flash | 11111111 | 00000000 |
| ESMART Token | 12345678 | 12345678 |
| IDPrime card | 0000 | 48 zeros |
| JaCarta PRO/JaCarta LT | 1234567890 | 1234567890 |
2. Do I need to change the default PIN? If yes, then at what point in working with the token?
3. What should I do if the PIN codes on the token are unknown and the default PIN code has already been reset?
The only way out is to completely clear (format) the token.
4. What should I do if the user's PIN is blocked?
You can unlock the user's PIN through the token control panel. To perform this operation, you must know the administrator PIN.
5. What should I do if the administrator PIN is blocked?
The administrator PIN cannot be unlocked. The only way out is to completely clear (format) the token.
6. What security measures have manufacturers taken to reduce the risk of password guessing?
The main points of the security policy for PIN codes of USB tokens of the Aladdin and Aktiv companies are presented in the table below. After analyzing the table data, we can conclude that eToken will presumably have a more secure PIN code. Rutoken, although it allows you to set a password of just one character, which is unsafe, in other respects it is not inferior to the product of the Aladdin company.
| Parameter | eToken | Rutoken |
| Minimum PIN length | 4 | 1 |
|
PIN code composition |
Letters, numbers, Special symbols | Numbers, letters of the Latin alphabet |
| Greater than or equal to 7 | Up to 16 | |
|
Administering PIN Security |
Eat | Eat |
| Eat | Eat |
The importance of keeping the PIN code secret is known to all those who use tokens for personal purposes, store their electronic signature on it, and trust electronic key information not only of a personal nature, but also details of their business projects. Tokens of the companies “Aladdin” and “Active” have pre-installed security properties and, together with a certain amount of caution that will be exercised by the user, reduce the risk of password guessing to a minimum.
Rutoken and eToken software products are presented in various configurations and form factors. The offered assortment will allow you to choose exactly the token model that best meets your requirements, be it
Description of the problem. For EGAIS two certificates are used: GOST certificate for the legal significance of TTN; RSA certificate to identify the counterparty.
Each certificate is valid for one year from the date of its formation.
The GOST certificate is issued by a certification center, so to renew it, contact the certification center.
The RSA certificate is generated on the EGAIS portal, so you can replace it yourself.
To solve the problem of, you need to clear the PKI section from the old RSA certificate and write a new one there.
Step-by-step instructions on how to renew an RSA certificate
Step 1. Switch to administration mode
In the Start menu, find the application " Single client JaCarta" and open it.
Rice. 1. Single JaCarta client
The program workspace will open.
Rice. 2. Switch to administration mode
The program workspace will re-open. Go to the PKI tab.
Rice. 3. Token information
NOTE: Before proceeding, make sure the PKI section is not locked.
Order a consultation with a specialist on working with EGAIS
Step 2. Cleaning the PKI partition
On the PKI tab in the Application Operations panel, click the Initialize... link.
Rice. 4. Application Operations
To initialize, obtain permission and provide user data:
1. Administrator PIN - default 00000000
2. User PIN - default 11111111
Rice. 5. Initializing the application
After entering the data, click "Run".
A notification will appear stating that the old PKI certificate will be deleted during initialization. Click Continue to complete.
Rice. 6. Deletion warning
Once you have cleared the PKI partition, it is ready to write a new certificate.
Step 3: Write a new certificate
Rice. 11. Enter the PIN code of the hardware key
The system will show your certificate. Click on it to enter the portal.
Rice. 12. Certificate for entering the portal
In the left vertical menu, select “Get key”.
Rice. 13. Obtaining a key
Dots with addresses that are registered in the EGAIS system will appear in the center of the page. Find the one you need and click the “Generate key” button.
The certificate creation process will begin.
To generate a certificate, enter the user's PIN code - the default is 11111111. Click on the "Generate key" button.
Rice. 14. Generating an RSA certificate
In some cases operating system will additionally ask you to enter the PKI user PIN code of the section – by default 11111111.
Rice. 15. Additional PIN entry
Wait until the RSA certificate is generated.
After successful completion, the following message will appear: “The certificate has been successfully written to the token.”
Rice. 16. Certificate generation
This completes the replacement of the RSA certificate, continue working with EGAIS.
