It just so happened that last year, by the will of fate, I joined the state structure. And immediately received the task to establish electronic digital signatures in the management of the municipal order for participation in electronic auctions. Before that, I had never come across EDS in practical application before. And more recently, since January 1, the zakupki.gov.ru portal has been launched, through which all government purchases must go.
In this article, I will describe what problems I encountered during the setup steps and how I overcame them. I will try to write simply about the complex - EDS, cryptography, public and private keys. To some extent, this applies to work on all authorized electronic sites.
On the example of a real situation, we will consider all stages of installing an EDS and setting up a workplace. I hope my material will help those who are just starting to work with EDS, and in particular with electronic procurement.
Quote: “Article 16 of Law No. 94-FZ from 01/01/2011 provides for the commissioning of a single information resource on state and municipal procurement - the official website of the Russian Federation (www.zakupki.gov.ru) on the Internet to post information on placing orders for supply of goods, performance of work, provision of services for federal needs, needs of constituent entities of the Russian Federation and municipal needs”.
In words, as usual, everything is fine. But in fact, the opposite is true. Users are afraid of new technologies, so for them the transition to digital signature should be as painless as possible. All work with the EDS on the part of the user should look like this - he inserted the electronic key and started working with the portal.
In my practice, there was a very interesting moment when one mega-user friend claimed that an EDS is just a scanned personal signature that must be attached to a document as an attachment through any email client when sending a letter.
Also, users should not get the impression that the medium, be it a Token, a floppy disk or a flash drive, is a full-fledged EDS. Without a private key inside and setting up a key bundle, these are just useless little things that look like a flash drive.
So, now there will be some terminology.
2. Download and install Capicom object version 2.1.0.2. It is necessary for the correct work with sites. It lies on the Microsoft website -.
3. If necessary, install drivers for the correct operation of media (Tokens, smart cards). They can be found on the official websites. We use RuTokens.
4. Installing root certificates. We place them in the storage of root certification authorities.
5. Create a keychain through crypto pro. This is done quite simply. We launch crypto-pro, select “Service -> install personal certificate”. We indicate the public key, indicate the carrier of the private key, enter the pin code, place the certificate in the personal vault.
That's all, the EDS is configured. Congratulations! But ... there are still some manipulations with the browser left to do. Browser, by the way, for working with trading platforms - only Internet Explorer.
First, we enter the electronic platform into safe nodes, exactly as on the screen.
Secondly, for secure sites, we allow the use of all ActiveX components. Yes, and do not add dangerous ones to safe nodes!
Thirdly, allow all flying add-ons on the sites, otherwise various problems will arise.
How to check the work of the EDS? There is a test page on the MICEX electronic platform, where you can check the performance of the EDS and understand what is missing for full-fledged work.
Now I will describe one nuance that relates to the zakupki.gov.ru portal. There is a Lanit signature generation component, without which it is not possible to sign anything on the portal. It pops up as an unknown add-on on the site, and when downloaded it is called sign.cab. It is easy to install, unpack the cab-file and run the installer. Just! However, this nuance is very easy to miss. Download from here.
I would also like to note that the work of the portal still leaves much to be desired, various system errors pop up, it is very difficult to contact technical support. However, it is possible and necessary to work with it, and I hope that all problems will be eliminated soon.
That's all for today. I hope this article will help you understand some aspects of working with electronic platforms and EDS. Thanks to everyone who made it.
Tags: Add tags
March 18, 2011 at 01:32 pmDigital signature and e-procurement
- Information Security
It just so happened that last year, by the will of fate, I joined the state structure. And immediately received the task to establish electronic digital signatures in the management of the municipal order for participation in electronic auctions. Before that, I had never come across EDS in practical application before. And more recently, since January 1, the zakupki.gov.ru portal has been launched, through which all government purchases must go.
In this article, I will describe what problems I encountered during the setup steps and how I overcame them. I will try to write simply about the complex - EDS, cryptography, public and private keys. To some extent, this applies to work on all authorized electronic sites.
On the example of a real situation, we will consider all stages of installing an EDS and setting up a workplace. I hope my material will help those who are just starting to work with EDS, and in particular with electronic procurement.
Quote: “Article 16 of Law No. 94-FZ from 01/01/2011 provides for the commissioning of a single information resource on state and municipal procurement - the official website of the Russian Federation (www.zakupki.gov.ru) on the Internet to post information on placing orders for supply of goods, performance of work, provision of services for federal needs, needs of constituent entities of the Russian Federation and municipal needs”.
In words, as usual, everything is fine. But in fact, the opposite is true. Users are afraid of new technologies, so for them the transition to digital signature should be as painless as possible. All work with the EDS on the part of the user should look like this - he inserted the electronic key and started working with the portal.
In my practice, there was a very interesting moment when one mega-user friend claimed that an EDS is just a scanned personal signature that must be attached to a document as an attachment through any email client when sending a letter.
Also, users should not get the impression that the medium, be it a Token, a floppy disk or a flash drive, is a full-fledged EDS. Without a private key inside and setting up a key bundle, these are just useless little things that look like a flash drive.
So, now there will be some terminology.
2. Download and install Capicom object version 2.1.0.2. It is necessary for the correct work with sites. It lies on the Microsoft website -.
3. If necessary, install drivers for the correct operation of media (Tokens, smart cards). They can be found on the official websites. We use RuTokens.
4. Installing root certificates. We place them in the storage of root certification authorities.
5. Create a keychain through crypto pro. This is done quite simply. We launch crypto-pro, select “Service -> install personal certificate”. We indicate the public key, indicate the carrier of the private key, enter the pin code, place the certificate in the personal vault.
That's all, the EDS is configured. Congratulations! But ... there are still some manipulations with the browser left to do. Browser, by the way, for working with trading platforms - only Internet Explorer.
First, we enter the electronic platform into safe nodes, exactly as on the screen.
Secondly, for secure sites, we allow the use of all ActiveX components. Yes, and do not add dangerous ones to safe nodes!
Thirdly, allow all flying add-ons on the sites, otherwise various problems will arise.
How to check the work of the EDS? There is a test page on the MICEX electronic platform, where you can check the performance of the EDS and understand what is missing for full-fledged work.
Now I will describe one nuance that relates to the zakupki.gov.ru portal. There is a Lanit signature generation component, without which it is not possible to sign anything on the portal. It pops up as an unknown add-on on the site, and when downloaded it is called sign.cab. It is easy to install, unpack the cab-file and run the installer. Just! However, this nuance is very easy to miss. Download from here.
I would also like to note that the work of the portal still leaves much to be desired, various system errors pop up, it is very difficult to contact technical support. However, it is possible and necessary to work with it, and I hope that all problems will be eliminated soon.
That's all for today. I hope this article will help you understand some aspects of working with electronic platforms and EDS. Thanks to everyone who made it.
Tags:
- digital signature
- electronic digital signature
- electronic purchases
Error: "Failed to load module capicom.dll" Error: "The capicom object was not installed"
Errors from http://sberbank-ast.ru when logging in with an Electronic Digital Signature)
Solving these problems in 5 minutes. (Your attention is given to two methods, manual and automatic.) If the error persists in the automatic solution after installing the first component, use method No. 2 and write in the comments if you have any questions.
Automatic registrationcapicom_ 2.1.0.2 librariesMandatory component for working with EDS capicom_2.1.0.2_sdk capicom_dc_sdk.zip
If after installing the auto-installer you still get an error on platforms using the capicom.dll librariesyou need to remove previously installed libraries, go to the registry using the regedit command and delete all keys with an index capicom.dll. After that, restart the workstation and proceed to the procedure for manually installing the library according to the scheme described below. Current library as of January 10, 2012 v2.1.0.2
To install capicom.dll on Windows (XP), follow these steps:
Manual registration of the installation of the capicom_ 2.1.0.2 library download archive capicom_-dll_v2.1.0.2.zip unpack to C:\WINDOWS\system32\ (capicom.dll) . After placing the library in the desired directory, execute in the command line C:\WINDOWS\system32\regsvr32 capicom.dll
For installation CAPICOM.dll on Windows Vista, Windows 7, Windows 8, Windows 8.1do the following:
1. Download the file capicom_-dll_v2.1.0.2.zip
2. Unpack to "C:\windows\syswow64" directory
3. Register the dll library, for this, in the command line (Start - Run), enter: c:\windows\syswow64\regsvr32.exe capicom.dll
4. To create a vault, download the CreateOP file
5. Unzip the file createop_capicom.zip and copy the files from the folder
6. Go to C:\WINDOWS\syswow64\... and paste the copied files with file replacement
7. Run the CreateOP.bat file (if you do not see the ".bat" extension, then you need to run the file, which is displayed as "MS-DOS Batch File")
8. After running the file, a window should appear, click OK in it
9. In the next window, click OK again
All domain names with which you work through capicom must be added to trusted hosts in the browser properties!!! If this is not done, the error: "Failed to load module capicom.dll" and the error: "The capicom object is not installed" may appear regardless of the presence of Capicom in the system.!!!
The signature generation component is not installed or does not work (does not work correctly).
1) Make sure that no notification is displayed at the top of the browser window or tab to prevent the launch or installation of add-ons (ActiveX controls):
"All Internet Explorer add-ons are disabled. Click here to manage, disable, or remove add-ons."
"This website is attempting to install the following add-on... If you trust this website and this add-on and want to install it, click here..."
"This site requires the following add-on... If you trust and allow this website and this add-on to run, click here..."
"Security settings prevent ActiveX controls from running on this page. The page may not display correctly. Click here to select options."
"Running ActiveX controls on this web page is not allowed by the current security settings."
"This program has been blocked because the publisher cannot be verified."
"Internet Explorer has blocked ActiveX controls."
If such notifications are present, the corresponding action must be allowed.
If Internet Explorer 10 is used, it is recommended to additionally allow the launch of unsigned ActiveX controls.
For this you need:
- in the browser menu, select the “Tools” - “Browser Options” item (if the menu is not displayed by default, you must press Alt on the keyboard to display it). This will display the Browser Options window;
- go to the "Security" tab;
- select the "Trusted Sites" zone;
- in the "Security level for this zone" section, click the "Other" button. This will display the Security Options window;
- in the list of parameters, find the item "Download unsigned ActiveX controls" (block ActiveX controls and control modules) and switch this option to the "Enable" position.
2) Make sure that the launch of the installed signature generation component is not blocked due to insufficient trust in the bus.gov.ru website.
To do this, the https://bus.gov.ru node must be added to the Trusted Sites zone (Internet Options - Security - Trusted Sites - Sites) and low security restrictions are set for this zone (Internet Options - Security - Trusted Sites - Level security for this zone - Custom - Reset specific settings - Set to level - Low - Reset). As a result, in the category "ActiveX controls and plug-ins" in the security settings (Internet Options - Security - Trusted Sites - Security level for this zone - Other), the launch of ActiveX modules should be allowed (all items in this category should be set to "Enable ” or “Offer”).
Advanced: You must allow the installation and launch of ActiveX controls that have an invalid signature: "Internet Options" - "Advanced" - "Security" - "Allow the installation or execution of a program that has an invalid signature."
3) In other cases, it is necessary to install (reinstall) the sign.cab signature generation component.
C:\Program Files\Lanit\
Default install path:
C:\Program Files\Lanit\Lanit.Signature Generation Component
Installing the 64-bit version of the signature component is only available on a 64-bit OS.
Correct operation of the 64-bit version of the signature component is possible only when using the 64-bit version of the Internet Explorer browser.
Installation of the 32-bit version of the signature component is available in 32-bit and 64-bit OS versions. Correct operation of the 32-bit version of the signature component is possible only when using the 32-bit version of the Internet Explorer browser.
4) If after these steps the signing error continues to occur, make sure that the bit depth of the launched Internet Explorer browser matches the installed version of the signing generation component.
You can check the bit depth of the default version of the IE browser in "Help" - "About" (in the 64-bit version, after specifying the version number, "64-bit edition" should be indicated, if this indication is not present, the 32-bit version).
Also, for the correct operation of the signature generation component, the Microsoft .NET Framework version 2.0 (for Windows XP) or 3.5 (for later versions of Windows operating systems) is required.
5) In rare cases, the launch of the signature generation component may block anti-virus and proactive protection software.
Often, users are faced with the problem of confirming personal data during online transactions - Cannot sign data. Error description: The object does not support the "Sign" property or method. For example, such an error occurs on the web pages of official organizations or financial institutions: zakupki.gov.ru, bus.gov.ru, VTB 24, UIS. Specifically, this error appears when trying to install a digital signature or when confirming personal data.
Causes of Sing Error
The error message indicates problems with Sign.cab. This component is used in the formation of the signature itself and is a very important component. There can be many reasons for the error to appear. The source can be: an uninstalled sign.cab file, missing or outdated root certificates (CryptoPro, Kontur) for digital signature, incompatibility of Windows bitness with a browser, lack of a .NET Framework package, and others.
Error: Object does not support Sign property or method
How to fix Cannot sign data error
To fix such a failure on Windows 7/8/10, you should check or follow all the points in turn, which will be described below. We have collected all the most common solutions that are given on the official public procurement forums, bus.gov.ru and other communities.
First, let's test the site on a different browser. If you are performing operations through a specialized application, then check the settings, where set a different web access browser.
Correctly reinstall Lanit
Many advise first of all to reinstall the corresponding lanit - sign.cab. It is better to download it from the resource on which the failure occurs (contact the support), or from another popular source. Select the bit depth (x32, x64) corresponding to your system and browser (!), which is very important for working in Internet Explorer. Bitness plays an important role. Further:
We also recommend that you familiarize yourself with the solution to a failure when installing an EDS - Error calling method on NPObject .
Also worth checking out
Conclusion
Most often, the error “The object does not support the Sign property or method” is the result of inappropriate bit depth when installing software (lanita, browser, certificates), so pay close attention to this moment. In any case, if you cannot cope with the error, you should contact the resource support, but as practice shows, you can wait for answers there for a very long time.
