Key generation workstation is required to create EDS keys (for example, to connect to the Electronic Budget). This article discusses how to install the AWP key generation software and solve the problems encountered.
The latest version of the ARM key generation program (1.0.0.44n) can be downloaded from this link: http://sedkazna.ru/download/prg/ARM_ECP_1_0_0_44n.zip
Installing AWP Key Generation
- Run setup.exe
- Leave the program installation path as default.
- Click Next to continue installation
- Install.
The key generation workstation installation is completed.
Possible mistakes:
Error Exception EOleSysError in module vd50.bpl at 0001A239. An error occurred while accessing the OLE registry.
Very often the error Exception EOleSysError in module vd50.bpl at 0001A239 appears. All due to the fact that the program is designed for Windows XP, and in Windows 7, 8, 10, it must be run in compatibility mode.
Solution to the problem(Error Exception EOleSysError in module vd50.bpl at 0001A239. Error accessing OLE registry.):
- Run: regsvr32 C:\FkClnt1\SYSTEM\midas.dll
Solution 2(Error Exception EOleSysError in module vd50.bpl at 0001A239. Error accessing OLE registry.)
- Enter the C:\FkClnt1 folder, then go to the EXE folder;
- Right-click on the cbank.exe file and select Property.
- In the "Compatibility" tab, check the box and select compatibility with Windows XP (SP2).
Installing AWP Key Generation in Windows 10
Installing AWP key generation in Windows 10 is no different from the usual installation described above, but after installation, the program simply does not start.
To run the AWP key generation software package in Windows 10 after installation, you must:
- Run cmd as Administrator
- Run command in command prompt: regsvr32 C:\FkClnt1\SYSTEM\midas.dll
- Restart your computer and run the program.
INSTRUCTIONSon the formation of qualified keys
electronic signature (ES)
and sending a request and applications for KSPC
To generate an ES, the user needs to run the Key Generation Workstation (version 1.0.0.44n or later). In the workstation, select "Create a certificate request" (Figure 1): 
Picture 1.
A window will open Generating a Certificate Request and a Private Key(Figure 2).
Figure 2.
To generate a certificate of an individual, it is necessary to check the box "Request for the certificate of the Applicant"
In the window that appears (Figure 3), enter the value "Certificate Owner Roles".
To work with the SUFD (Remote Financial Document Management System) portal, the user specifies all the items, except for "Testing" from the "ASFC" block, as well as the item "Server Authentication" and "Client Authentication" (in the PPO "EDMS" the item "Server Authentication" is located in the ASFC block).
Roles required to work in SUFD.
It is mandatory to set marked roles. 
Figure 3
To proceed to the next step of the wizard, click the "Next" button.
In the window that appears (see Figure 4), enter the values:
"Last name" - the surname of the owner of the certificate is filled in with a capital letter in one word without spaces. Required field.
“Name Patronymic” – the name and patronymic of the certificate holder in the format “Name Patronymic” in two words separated by one space. Required field.
"Country" - filled in with a two-letter country code. For Russia, the default is RU. Required field.
"Name of the subject" - "Novosibirsk region". Required field
"Name of the settlement" - "Novosibirsk". Required field.
"Organization" - indicates the full or abbreviated name of the organization.
"Formalized position" - for the right of 1 signature, the formalized position "Head" is necessarily selected, for rights 2 signatures the formalized position "Chief Accountant" must be selected(a formalized position is chosen regardless of the real position of the applicant for the UPC).
"Level 1 division" - the field is not filled.
"Division of the 2nd level" - the field is not filled.
"E-mail" - letters about changing the status of the certificate and about the expiration of the certificate will be automatically generated to the specified e-mail.
"TIN" - individual taxpayer number. The field is required, the TIN of the owner of the electronic signature certificate (individual) is indicated.
"Exportable private key" - indicates the possibility of transferring the ES key to another medium (if the value "no" is selected, then the container with the key cannot be copied). The default is "yes".
"SNILS" - the field is required in accordance with paragraph 2 of article 17 of the Federal Law of 04/06/2011 No. 63-ФЗ "On Electronic Signature".
Figure 4
To proceed to the next step of the wizard, click the "Next" button.
In the next window (Figure 5) you need to set the flag in the field "Print an application for obtaining an EDS key certificate", since only with this printed form (Application for obtaining a certificate of an electronic signature verification key (hereinafter referred to as the Application)) a request for key registration will be accepted Regional Registration Center of the Administration (Territorial Authority of Administration) of the Federal Treasury. The requested document will be output in MS Word form, which can then be printed using standard MS Word tools. Before printing the Application, it is necessary to perform the "cut page" ("page trimming") function (Figure 8) and print the Application on one sheet (both sides).
Figure 5
To create an ES key and generate a request for a certificate, click the "Execute" button.
If a password is defined for the ES key, its entry will be required before each operation of accessing the cryptoprotection functions, if it has not been saved in the system.
Figure 6
When the ES key is generated (in this case, a container with the ES key will be created on the key carrier, and the ES key files will be placed in it (header.key, masks.key, masks2.key, name.key, primary.key, primary2.key ), the system will automatically generate a certificate request - file with *.req extension and display the path where it will be placed (Figure 7).
!!! You must remember the path or specify the directory to save the certificate request file .
Figure 7
After specifying the directory in which the certificate request file is saved, the certificate request generation wizard will complete its work, and to close it, you must click the "Finish" button. The generated Certificate Application will open in the MS Word window, then it must be printed in two copies using standard MS Word tools (see clause 5), signed and stamped by the Organization.
Figure 8
If the Application for a certificate is printed on 2 sheets, it is necessary to put the seal of the Organization on each sheet, the signature of the head of the Organization must also be affixed to each sheet of the Application.
After printing the Application, fill in the fields (Figure 9, Figure 10):
- “On the basis of the accession agreement (agreement) dated № to the regulation of the Certification Center of the Federal Treasury and the power of attorney* dated No. "- the details of the agreement and the power of attorney are indicated (the details of the power of attorney are not indicated in the application for the certificate of the head of the Applicant Organization);
A block of fields containing data about an identity document;
- "Information for the suspension of the UPC" - a code word or key phrase is indicated that allows you to identify the owner of the ES certificate without presenting an certifying document if it is necessary to suspend the ES certificate.
A request for a certificate in electronic form, together with a printed and completed Application for a certificate, is submitted to the Regional Registration Center (RCC) of the Office (Territorial Authority) of the Federal Treasury.
The RCR operator sends it to the UCA (Authorized Certification Center of the Federal Treasury) for confirmation, where a certificate of the ES verification key (a file with the *.cer extension) will be generated based on the certificate request sent.
If you have landed on this page, most likely you need to generate a certificate for the Bus Gov website (bus.gov.ru). This site is supervised by the Federal Treasury of Russia and is necessary primarily for posting information about state (municipal) institutions. The small amount of information on the Internet and the constant workload of the Treasury telephone lines, coupled with the work schedule that is not always predictable, prompted me to write this article. In it, we will learn - how to independently in the program AWP Key Generation generate signing certificates for the Bus Gov website and what data must be specified during generation.
We generate a certificate for the site bus.gov.ru
The current version of the APM key generation program at the time of this writing is 1.0.0.44n. You can download it, or you can - from the website of the Federal Treasury. Unpack the archive to a place convenient for you, go to the AWP GK 44 folder and run the install.exe file.After installation, a folder will appear on your desktop OTR, and in it a subfolder: EDMS Client with label AWP Key Generation. Run it. If an error occurs Exception EoleSysError in module vcl50.bpl (Error accessing OLE registry)- follow the recommendations described and proceed directly to generating the key.
After successfully launching the shortcut AWP Key Generation A window will appear at the top of the screen prompting you to create a certificate request.
Click Create a certificate request and choose from the menu Applicant Certificate Request.
The next generation window will open, in which it is necessary to put three checkmarks (in addition to the checkbox Client Authentication) indicating what type of certificate will be generated and what it will be used for. Click on the + icon Working with GMU and check the boxes as shown in the following picture.
Next, a window will appear in which it will be necessary to enter information about the applicant - the head of the organization for which it is planned to obtain an access certificate. Required fields are underlined in the picture.
The registration number of the GMU organization can be found on the Bus State website itself by following the link bus.gov.ru/pub/registry and entering the TIN of the required organization. Below in the search results, if the TIN matches the existing company, a link will be given in which you should click on the "Registration data" tab and in the 8th field Register number in the list of GMU you will find the required serial number.
Press button D alley and make sure that the tick Print an application for obtaining an EDS key certificate stood. Next click Run and specify the media on which the key will be written. It is desirable that it be a removable flash drive. Next, the biological random number generator will start. Move the mouse non-stop over this window and randomly press the number and letter buttons on your keyboard to help the system generate a key. When the line of the generation process reaches the end, you will have to come up with a password for the certificate and repeat it in the next window. Pushing a button OK you will see a prompt to select the path for the key file with the .req extension. The default is C:\FkClnt1\EXE\.
After the document is generated Application for obtaining a qualified certificate of the electronic signature verification key in the Certification Center of the Federal Treasury to be printed in 2 copies, sign by the responsible person and take it to the Treasury Department together with the flash drive on which the key file was recorded. After activating the key, you will be able to work with the Bus Gov website (bus.gov.ru).
Difficulties associated with installation and operation (generalization):
SOLVING PROBLEMS WITH PRINTING IN WORD (author Alex67, comment 10/17/2015 20:54 and comment 11/03/2016 15:22)
Problems with entering PSRN or TIN. On some computers, an error occurs when generating an ES key. The error indicates an incorrect entry of PSRN or TIN.
Run cmd as Administrator Run: cd c:\windows\syswow64 Run: regsvr32 C:\FkClnt1\SYSTEM\midas.dll
Solution: Avast antivirus software is most likely installed. It is necessary: - Add the directory with the program to the exceptions (Avast - settings - exceptions); - Copy file. cbmain.ex to the exe directory from the distribution kit (or restore from quarantine if it remains there);
Exception EOleSysError in module vcl50.bpl at 0001a239. Error accessing the ole registry or vcl50.bpl was not found or an error accessing the ole registry or problems filling in the TIN field
Solution: To fix it, you need to run a command on your computer. Click the Start button. In the "Search programs and files" text box, enter: regsvr32 C:\FkClnt1\SYSTEM\midas.dll. Then press the Enter key. You should see a message that the library registration was successful.
Regsvr32 is a command-line utility for registering and unregistering OLE controls such as ActiveX and DLLs in the Windows registry. The Regsvr32.exe tool is installed in the %systemroot%\System32 folder on Windows XP and later versions of Windows. On 64-bit versions of Windows, there are two versions of the Regsv32.exe file: %systemroot%\System32\regsvr32.exe; %systemroot%\SysWoW64\regsvr32.exe. Therefore, for the x64 platform, the following actions are necessary:
Run cmd as Administrator Run: cd c:\windows\syswow64 Run: regsvr32 C:\FkClnt1\SYSTEM\midas.dll Next you need to go: "Start" - "Control Panel" - "User Accounts" - "User Accounts ". Select "Change User Account Control Settings" and move the slider to the bottom position. After that, you need to restart your computer.
Communicated with the developers of the excellent AWP GK (who needs tel.: 8-800-100-22-55). So, the whole point is that you need to: 1. go to the folder C:\FkClnt1 subfolder EXE. 2. in this folder, right-click on the cbank.exe file in the "Compatibility" tab, check the box and select compatibility with Windows XP (why XP, but because, as the developers said, this program was written by order of the Treasury for XP and paid at the same time, they don’t want to pay extra for improvements to new versions of the operating system, so it works under the rest of the Axes thanks to our skill and ingenuity)))), click "Apply". 3. We launch again the AWP shortcut in the OTR folder on the desktop and ... voila! Runs and runs under Windows 8.1. x64! Recommendations from Alex_04 (comment, forum):
Windows 8.1/x64 SL (mono-lingual, similar to Home in 7?), no local security policies, UAC disabled, built-in admin account, installation of AWP GK via RMB - on behalf of the administrator, there were no errors. All recommendations from Ekaterina to item 3 "Difficulties associated with installation and operation (generalization)" (regarding the launch under Win-8.1 / x64) have been fulfilled - the ARM GK simply silently does not start without any errors, flashing a black DOS screen. This helped: the cbank.exe file - RMB - Correcting compatibility problems - (I don’t remember verbatim, not before my eyes, so it’s about the meaning) - It used to run and work - under Windows XP (SR2 or 3) - the process of setting compatibility .. .- wait for the end and finish. On the file! cbank.bat - RMB - Properties - Compatibility - checkbox "Run the program in compatibility mode for Windows XP (SP2 or 3)". Launch of ARM GK - OK! Shortcut to the batch file on the desktop, fso. Recommendations from Alex_04 (comment):
On Win-7/x64, under a user without admin rights, none of the things listed in paragraph 3 helped. A specialist from the OIS UVK helped: regedit with admin rights - HKEY_CURRENT_USER\Software\BSSystems and HKEY_CLASSES_ROOT\Type.lib - RMB - Permissions - Users (or a specific user, if not - add) - Full access - OK. Only after that did the errors of accessing the ole registry and vcl50.bpl at 0001a239 go away.
Generation error #9. The specified cryptographic provider was not found.
Solution: Start - Settings - Control Panel - CryptoProCSP - Equipment - "Configure RMS" button. Install "Biological RMS".
Generation error #-2146893792. An internal error occurred. system last error message: Internal error.
Solution: Start - Settings - Control Panel - CryptoProCSP - Equipment - "Configure RMS" button.
Delete "DSC "Sobol", install "Biological DSC"
Programs released by the Treasury are updated very infrequently and function very badly on modern operating systems - anyone who has come across Treasury software will tell you this. The situation is exactly the same with the APM Key Generation program, released by this government agency for independent generation of electronic digital signatures. One of the most common errors faced by users of Windows 7, Windows 8, Windows 8.1 and Windows 10 who have downloaded and installed any version of the ARM Key Generation program is: Exception EoleSysError in module vcl50.bpl (Error accessing the OLE registry) . Let's look at its causes and solutions.
Error when accessing the OLE registry - how to take?
The reason for the appearance of this error on operating systems released after Windows XP is a flaw in the program code. If you are working on any of the operating systems that came out later than XP (Windows 7, Vista, Windows 8, Windows 8.1 or Windows 10) - the main and main solution to this problem will be to set the compatibility mode for the file cbank.exe, which is located on your computer at C:\FkClnt1\EXE\cbank.exe. Click on it with the right mouse button and select the item from the drop-down menu Properties.
If it didn't help
If this option did not help, then you have problems registering the midas.dll library in the OLE registry. To solve this problem, you must register the library manually. Click Start, then in the "Search programs and files" field, enter: regsvr32 C:\FkClnt1\SYSTEM\midas.dll. Press Enter. A window will appear confirming the successful registration of the library.
In rare cases, the problem may be related to the account access control to the registry. To disable it, select: "Start" - "Control Panel" - "User Accounts" - "User Accounts". Select "Change User Account Control Settings" and move the slider to the bottom position. Reboot your computer and try running AWP Key Generation again.
