Connection to egais. Single client Jakarta from Aladdin R.D. Scanners for egais

JaCarta is a group of media and programs designed to recognize and enable the use of electronic signatures. This is also the place where the cryptographic keys are located. It is a product of the company "Aladdin R.D."

About the developer company

Company "Aladdin R.D." founded 20 years ago. Its activities are aimed at the development and implementation of USB tokens and smart cards (initialization means), electronic signatures for various services and systems. Another core area of ​​the company’s activities is ensuring the safety of storing information of any significance, including confidential information.

Most of the products and solutions offered by Aladdin R.D. throughout its existence, deserve attention. In addition, they became an advanced solution, receiving not only recognition from users, but also various awards.

Programs

The main programs are JaCarta SecurLogon and SAM. SecurLogon creates complex random passwords that are necessary to ensure the security of your information. The program is intended for those JaCarta users who work with Windows. To log into the system, you need to connect the device and enter your PIN code. The program also has an option to change the password regularly.

SAM or Safe Net Authentication Manager is a special software product designed for corporate users. The main advantage of SAM is the ability to manage the life cycle of keys and smart cards. This makes it quicker and easier to implement and use keys. In addition, it helps solve inventory problems.

How to install "Unified JaCarta Client"

In order for the Jacarta media to function, you must download the “Unified JaCarta Client”. It is a universal software package that works with all eToken and JaCarta token models. They are convenient for ordinary PC users who do not have special skills. Ensures full operation of the CryptoProCSP modules and allows devices with different cryptography to function normally.

Access to the program can be obtained on the official website of the company https://www.aladdin-rd.ru. Then you need to install it on your work computer. It is important to know that at this time the media must be disconnected from the PC and all programs and applications must be closed.

To download the archive with the software product from the developer’s website, you need to click “Download” (or “Download”). And clients can find the program on the system portal. When the archive is on your PC, you need to unpack it. After opening, you must select the required version to install - 32-bit or 64-bit.

The appearance of a window with the message “The hardware architecture of your computer does not match the product type” means that the choice of version was incorrect. You need to click on the “OK”, “Done” buttons, and select another version.

The installation of this product is similar to most others, so you need to follow the instructions in the pop-up windows.

You will need to accept the terms of the license agreement by checking the appropriate box. Then click “Install”. Once the operation is completed, click “Finish” and restart the computer.

To find JaCarta, you need to click the “Start” button and select and launch the appropriate one from the list of installed software products.

Causes of problems with the key

Users of the EGAIS system know that without Jakarta it will not be possible to work. Moreover, problems with the key may appear at the very beginning, when trying to register with . Typically, users are faced with the fact that the required driver is missing, or there are problems with the computer. In addition, the following reasons for a non-working key are common:

• If there are several carriers, it is easy to confuse them. If Jacarta Unified Client does not see the token, but finds the flash drive, then the wrong media is being used. Another way to identify a carrier is its certificate. It must indicate the JaCarta PKI/GOST type with the series number in the JC-xxxxxxxxx format;
• driver is missing. The hardware key is not always installed. Therefore, after connecting the JaCarta media for the first time, you should wait until the program is installed. It occurs automatically within a few minutes;
• there is no “Unified JaCarta Client”;
• USB port is faulty. To test this hypothesis, you need to use another working flash drive. If the computer does not detect it after it is inserted into the port, then the USB is not working;
• a message appeared on the screen: “Rutoken web authentication library,” meaning that the Rutoken add-on is disabled. To run the program, you need to click on the “Allow” button and log in to the system again.

One of the recommendations for EGAIS users is to use only one token on one computer. If there are, for example, two of them, there may be problems in their operation, since they can interfere with the full functioning of each other.

To be able to determine whether the key is working or not, the developers equipped it with a light bulb that lights up when connected.

If problems are detected in the operation of the equipment, you need to contact a technician who will fix the problem.

If problems with the software cannot be resolved, it is recommended to use the support service: https://www.aladdin-rd.ru/support/. On this page you can leave a message describing your problem, and also find a lot of information about problems that other users often encounter.

The equipment and software are thought out so carefully that it will not be difficult for a simple user to understand the settings and set up work on their own. If you have doubts about your own abilities, you should seek help from a professional.

0 User rating (0 Total rating)

Continuing the topic of connecting to EGAIS, let's move on to the practical part of the issue. Unfortunately, system developers change rules and technical conditions literally on the fly. This material was almost ready when the developers unexpectedly limited the list of supported browsers to just IE, and they had to redo the finished material. Therefore, despite the fact that all our articles are necessarily checked in practice, it may happen that this information turns out to be incorrect or outdated, at the same time we will try to promptly keep this material up to date.

First of all, make sure that your computer meets the system requirements to install the transport module. Specifically, you must be running Windows 7 or later and Internet Explorer 9 or later. As you can see, nothing special is required from the system if you use the latest versions of the OS and regularly update the system - you already have everything you need, otherwise you will need to bring the software into compliance. You will also need to install Java 8, which is required for the transport module to work.

Installing software for working with JaCarta crypto key

As we have already said, the JaCarta crypto key used in the system contains two GOST and PKI repositories, to work with each of them you need its own software, which can be downloaded and installed separately, there is also a single client that combines all the necessary tools in one package.

Let's go to the page http://www.aladdin-rd.ru/support/downloads/jacarta/ and take a look at the list of offered software. First on the list is offered Single Client JaCarta and JaCarta SecurLogon 2.7.0.1226, in our opinion, this is the most convenient solution and there is no reason to refuse it. Nowadays Single client does not support Windows 10, so if you are using this OS, you will need to download and install packages JaCarta GOST for Windows And JaCarta PKI for Windows.

Actually, the installation of the specified software is carried out in the usual way and does not pose any difficulties.

After installing the software, we connect the crypto key and make sure that it is detected in the system and all the necessary drivers have been installed.

Obtaining a test CEP

If you did not immediately receive a qualified electronic signature (CES) when purchasing a crypto key, which we strongly recommend doing, you can use a test CES during setup and verification. To do this, go to the page http://egais.ru/testkey/innkpp and enter the TIN and KPP of the organization.

All that interests us on this page is a link to the generator, download it.

We launch it, fill in the required fields and click Generate, the key will ask for a password from the GOST storage, by default it is 0987654321, enter it and wait for the request to be generated. The only subtlety is that you need to indicate as the postal address the one you used to register in your FSRAR personal account.

We upload the received request to the site, do not forget to select the request file before clicking the button Download and continue.

Now you can go have lunch or do other things, the certificate will be generated within some time and will be sent by mail. Download it to any convenient location and write it to the key using the generator utility.

Then run the JaCarta Unified Client or the utility for working with the GOST storage and make sure that the recording of the CEP certificate was successful.

RSA key generation

After you have received the CEP, you should generate certificates for retail outlets. To do this, go to the page https://service.egais.ru/checksystem and click the button Read the terms and conditions and check their compliance, a page for checking system requirements will appear. Unfortunately, there is no other way to your personal account and you will have to go through verification every time, fortunately you do not need to visit it so often.

If you have fulfilled all the software requirements, then you should pass the first two check points successfully. By the way, the mention in the first paragraph of Windows XP is quite interesting; theoretically, you can try to launch a transport module based on it.

Added. As of 12/13/15, Windows XP SP3 has been officially added to the list of supported systems.

The next step is installing the module Fsrar-Crypto 2, to do this, simply download and run the installer from the link.

After which, repeating the check once again, you will finally get to your personal account. First of all, you need to get an RSA key for a secure connection; to do this, go to the section of the same name and select the desired outlet. Please note that each key must be written to its own token, and this entire operation can be done on one computer.

The process is as simple as possible. Select a retail outlet and click Generate key, then enter the password for the PKI storage, by default 11111111, after which the key will be generated and written to the token.

After successfully writing the key, the token is completely ready for use and you can proceed to installing the transport module.

Installing the transport module

To receive the transport module, go to your personal account again. Please note that there are two versions of the transport module: test and production. All data transmitted via the working UTM is recorded in the Unified State Automated Information System and it is unacceptable to use it to check and test the work. At this stage, you should install a test transport module, and only after you have configured the entire system and are sure that it is working, should you reinstall the transport module to its working version.

Download the required distribution and start the installation; the first stage of installation should not cause any particular difficulties.

But then you will need a crypto key and a certain amount of attentiveness. First of all, it would be a good idea to find a permanent location for the crypto key, since if it is missing, the transport module will not load and its services will need to be started manually.

After unpacking the necessary files, the transport terminal will be installed, which uses encrypted files and requires a key. First, the installer will ask you for the password to the PKI storage (11111111) and ask you to select an RSA key. This is necessary to establish a secure connection with EGAIS servers.

Remember the certificate code, this is your FSRAR ID, you will need it later, when setting up merchandise accounting software, you can also always view it in the properties of the certificate.

Then you will need to specify the password to the GOST storage (0987654321), which contains the EPC, which is required to authenticate the data transmitted on behalf of your organization.

After which the installation will move to the final stage, at this stage the installer will connect to the EGAIS servers, receive the necessary data and perform the initial configuration of the software for a specific client. Subsequently, working with this transport module will be possible only if you have the copy of the crypto key with which the installation was carried out.

You can check the operation of the transport module by typing in the browser the IP address or host name indicating port 8080.

Setting up inventory software

In our example, we will use the inventory accounting software of the 1C:Enterprise system; if you use software products from other manufacturers, then refer to the technical documentation for them.

First of all, you should update the configuration to the current version with EGAIS support; today the certified configuration for EGAIS is 1C: Retail, but working with EGAIS is also supported in Trade Management. In the future, all examples will refer to 1C: Retail 1.0, however, other 1C configurations are configured in an identical way, the differences are insignificant.

After updating the configuration, go to the accounting parameters and on the tab Alcohol accounting check the box Consider alcohol products.

Then follow the link below Transport modules and create a setup for working with our UTM. You can choose the name arbitrarily, you need to correctly indicate your FSRAR ID and UTM network address. We remind you that the FSRAR ID can be found in the RSA key certificate number.

Below we will follow the second link Transport modules used and indicate the transport module used at this outlet. Let's explain, reference book Store transport modules contains information about all UTMs in all retail outlets, you need to select the one you need from this list. This setting makes an entry in the information register that connects the place of sale (Store in terms of 1C: Retail), the legal entity and the UTM related to them.

Finally, let's move on to setting up the schedule, since at the beginning of working with EGAIS you have to request data quite often, we set the task to repeat every 30 seconds, subsequently this value should be adjusted in accordance with real needs.

Finally, take a look at the tab Data exchange and make sure that it is enabled and the user is specified to perform routine tasks.

Having completed all the necessary settings, restart the program, now a new menu item will appear in it - EGAIS. The purpose of the sub-items is quite clear, and working with them is intuitive and should not cause any difficulties for any confident 1C user.

However, before starting work, you need to compare your own directories of counterparties and nomenclature with the EGAIS classifiers of organizations and alcoholic products. To do this, go to the appropriate menu item and complete the request indicating the counterparty’s TIN. To obtain a classifier of alcoholic products, you must indicate the TIN of the manufacturer or importer. Special attention should be paid to this point: it is the TIN of the manufacturer (importer), not the supplier.

Then, having received the requested classifier, you should compare it with the data from the program directories; to do this, select the appropriate items in the classifier (left) and directory (right) and press the button Compare. Matched items are highlighted in green.

As you can see, there is nothing particularly complicated in the practical implementation of EGAIS. Now, after making sure that everything works as it should, do not forget to get a working EPC (if you have not done this before) and reinstall the UTM from test to working.

Connecting wholesalers and retail stores to EGAIS begins with the purchase of a JaCarta SE media, followed by recording an electronic signature certificate on the media for working in EGAIS.

CTO KKM "Absolut-Service" carries out activities to connect participants of the alcohol market of St. Petersburg and the Leningrad region to the EGAIS system. The cost of a CEP certificate for EGAIS on JaCarta is 5,000 rubles at the end of 2015 (2,000 rubles for a JaCarta carrier and 3,000 rubles for a CEP for EGAIS). Since February 2016, prices for a certificate for EGAIS have decreased by 700 rubles (4,300 rubles - CEP Certificate for EGAIS on JaCarta or 2,500 rubles - CEP for EGAIS (if JaCarta already exists)) . At the beginning of 2017, you can buy an EGAIS certificate on a medium for 3,800 rubles.

Requirements for organization details for connecting to EGAIS

In order to connect to EGAIS, you must provide the details of your organization in accordance with the requirements of the FSRAR.

The FSRAR requirements are as follows:

1. EGAIS must be connected at the locations where the organization operates according to the table below.
2. Each division of the organization must have a unique checkpoint.
3. If the legal and actual addresses are different, then there must be a checkpoint at the actual address that is different from the legal one.
4. All addresses of places of activity and their checkpoints must be reflected in the FSRAR license register
5. The CEP certificate and JaCarta media are purchased for each department, i.e. for each unique combination of INN-KPP.

If these requirements are not met, your organization will not be able to successfully purchase CEP certificates and connect to EGAIS. If there is something missing or inaccuracies in your organization’s details, then the errors must be corrected in the following way:

• To assign a checkpoint, you must contact the Federal Tax Service.
• To change information in the license register, you must contact the place where you received a license to sell alcohol.

	Retail store (usually an LLC with strong alcohol)	Company Catering	Individual entrepreneur
Confirmation of purchase	JaCarta with CEP	A computer with software capable of confirming the fact of purchase JaCarta with CEP	A computer with software capable of confirming the fact of purchase JaCarta with CEP
Qty JaCart		Each store address needs its own copy of JaCart with CEP	1 copy of JaCart with CEP, installed at any point of sale address
AP accounting log	Can be kept on paper	Can be kept on paper	Can be kept on paper
Confirmation of sale	2D Scanner Cash register with the ability to print a QR code Software that can confirm the fact of sale	Not required	Not required
AP accounting log	Generated automatically in your personal account on the EGAIS website	Can be kept on paper	Can be kept on paper

Procedure for ordering a EGAIS certificate

How to get CEP and JaCarta with the help of specialists from the KKM Absolut-Service center

1. Prepare the documents necessary to purchase the EGAIS certificate.
2. At any office of the KKM "Absolut-Service" center, our specialist will help you place an order for a certificate for EGAIS.
3. From your personal account, we will print out an invoice and a set of documents for receiving CEP and JaCarta.
4. After paying the invoice, you will need to come to the service office indicated when ordering with the necessary documents and receive your order.

Procedure for ordering CEP and RSA key

1. Order media JaCarta SE PKI/GOST
2. The CEP certificate is recorded at the office of the Certification Center upon receipt of the order. You must first place an order for the CEP certificate and prepare a set of documents.
3. Obtain a certificate from the website egais.ru to establish a secure connection with EGAIS (RSA key). This certificate is issued free of charge; it is necessary to organize a secure connection to EGAIS and identify the organization in the system. To generate an RSA key, you must:
   • Log in to your personal account on the EGAIS portal egais.ru using the CEP certificate recorded on the JaCarta SE media.
   • Click on the CEP certificate in your personal account. Select the “Get key” section in the side menu.
   • The page that opens will list all the places where your organization operates.
   • Select from the list of locations the one for which a specific RSA key is intended.
   • The key will be generated within 3 minutes.
   • Write the generated RSA key to JaCarta SE media.

Thus, after receiving the required number of JaCarts with a qualified electronic signature recorded on them, you must independently register an RSA key for each medium from your personal account on the website egais.ru.

How to buy CEP and JaCarta

Dear Clients!

Documents for obtaining CEP and JaCarta

Documents ordered from your personal account:

1. Application for adherence to the offer to create a qualified electronic signature verification key certificate (KSKPEP).
2. Application to the Certification Center.
3. Consent to the processing of personal data (2nd page of the application).
4. Power of attorney to receive KSKPEP (If KSKPEP is received not by the owner of the certificate, but by his authorized representative). The authorized representative must have a passport with him.
5. Application and power of attorney on a medium (JaСarta).

Documents confirming the legitimacy and authority of the applicant:

1. Certificate of registration with the tax authority (TIN\KPP) (copy certified by the organization)

   • - Regulations on the creation of a branch or separate division (a copy of the order certified by the organization)
   • - Notification of tax registration at the location of the branch or separate division (a copy certified by the organization)

For a separate division:

2. Certificate of State Registration (OGRN) (copy certified by the organization)
3. Certificate of entry into the Unified State Register of Legal Entities (a copy certified by the organization)
4. A copy of the document confirming the authority of the Manager (a copy of the document on the appointment of the Manager, certified by the organization, protocol, decision, order (form T-1, etc. are not accepted!!!))
5. Copy of the Manager’s passport (copy of pages 2 and 3 of the passport, certified by the organization)
6. SNILS (green pension certificate) of the Manager (copy certified by the organization)
7. Power of attorney to receive EPC
8. Passport of the authorized person (Original and copy of 2 and 3 pages)

The manager’s signature on all documents must be the same as on the passport.

If the CEP is prepared not for the head of the organization, but for an authorized employee of the organization, then the following is required:

• Order on hiring an employee (copy certified by the organization)
• Copy of employee's passport (pages 2 and 3)
• SNILS of the employee (copy certified by the organization)

After you have received your digital signature from the Squaretrade CA, you need to install the certificate locally on your computer. The installation method depends on the crypto provider:

CryptoPro CSP

1. Install CryptoPro CSP (from the CryptoPro website https://www.cryptopro.ru/).
2. Insert JaCarta token.
3. Run CryptoPro as an administrator (or launch CryptoPro CSP and on the "General" tab click the "Run with administrator rights" button).
4. Go to the "Service" tab and click the "View certificates in the container..." button.
5. Click "Browse".
6. Select your key container from the "List of user key containers" list (usually its name begins with an underscore). And usually the key container is located on the ZAO JaCarta LT0 ARDS Reader. Click "OK"
7. Click "Next" --> Click "Install" --> "OK"

VipNet CSP

• Install ViPNet CSP (preferably version 3.2 or higher)
• Insert JaCarta into the USB port of your computer and wait for the driver to install automatically.
  (Attention(!): drivers for the smart card should not be installed during this auto-installation)
• Open the ViPNet CSP program. Go to the "Devices" tab. Click on the line that appears like “JCDS(ххххххх)” in the “Connected devices” window.
• Next, you will see your container in the “Key containers on device” window. Click on it once. Click the "View" button.
  • In the window that opens you should see that there are one Private Key and one Certificate each.
  • Click the "Certificate" button. Next, “Certificate” will appear. Here, on the “General” tab, you need to click the “Install certificate” button.
  • "Further"
  • Check "Install publisher certificates" and "Install SOS" and the "Next" button
  • If not, check the box "Specify container with private key", "Next"
  • Enter the password for the JaCarta crypto-media that you entered when receiving the digital signature.
    In this case, it is better not to save the PIN code.
  • Next, you agree to install (remove) the certificate from the root storage. Twice if necessary.
• The certificate is ready for use on portals

We decided to start selling alcohol, which means we are obliged to connect to EGAIS UTM and purchase special equipment. In our article we will help you understand the program and tell you how to use it.

Universal transport module EGAIS

EGAIS takes into account every commodity unit sold at retail or wholesale. This process is legislatively regulated by Federal Law No. 171 of November 22, 1995 “On state regulation of the production and circulation of ethyl alcohol, alcohol-containing products and on limiting the use (drinking) of alcoholic products.”

Now the sale of alcohol-containing drinks (including low-alcohol products and beer) is only possible using cash register equipment (cash register equipment).

The rule applies to everyone, including individual entrepreneurs working under UTII or having patents. Every drink containing alcohol must pass through the cash register.

Universal transport module EGAIS is a special computer program that communicates between the seller of alcoholic beverages and EGAIS. There is no need to buy it: the program is freely available.

After downloading, you will need to install EGAIS on a computer, for example, on the same one on which the accounting (accounting) program with which the store operates is installed.

To confirm purchases, the universal transport module (UTM) receives from EGAIS invoices issued to you by an alcohol supplier or wholesaler, and after confirmation, transfers the fact of this confirmation to EGAIS. If there is a discrepancy - a shortage of products or a surplus - UTM transfers prepared acts of disagreement to EGAIS.

The exchange of information and the signing of documents takes place using the jacarta crypto key with the enhanced qualified electronic signature (CES) of each individual alcohol retailer recorded on it.

To operate UTM, you need Internet with a speed of 256 Kbps. Moreover, UTM can also work in offline mode, for example, if there is a loss of communication, but no more than three days. During this time, UTM will accumulate information and, as soon as communication resumes, everything that has been accumulated will be transferred to EGAIS.

For normal operation of the UTM, the technical requirements must meet the following conditions:

• You cannot install any programs on the same computer that may affect the normal operation of the UTM universal transport module;
• The operating system on the computer must be Windows 7 or higher. The computer processor must be 32-bit with a clock speed of at least 2 GHz. RAM from 1 GB;
• Only one crypto key can be installed on a computer with UTM;
• You cannot make changes to the working folders and files of the installed UTM;
• You cannot change access rights to these folders and files;
• You cannot submit documents that differ from the standardized ones to UTM for EGAIS;
• You cannot use a CEP that has expired: the CEP is valid for 1 year.

The Business.Ru service has the entire necessary set of functions for integration and work with EGAIS. The program supports modern cash register equipment and also allows you to keep records of goods in accordance with the requirements of the Unified State Automated Information System.

Registration on the website EGAIS.ru and installation of UTM. Video

Jacarta crypto key

Documents are transferred to and received from EGAIS via a secure connection. Therefore, the seller’s connection with EGAIS through UTM occurs using a special jacarta crypto key, onto which an enhanced qualified electronic signature (CES) is recorded.

Using the key and CEP, the retailer is also identified in EGAIS. The crypto key looks like a flash card connected via a USB port to a computer on which the EGAIS UTM module is installed.

Jacarta keys come in different types. A key of the jacarta PKI type (jacarta GOST PKI) is suitable for working with EGAIS UTM. These are special programs for securely storing information.

It is also necessary to record an enhanced qualified electronic signature (CES) on the key. CEP is an electronic signature with which a retailer connects via UTM to EGAIS to exchange information with it.

To register a CEP, you need to provide documents.

Legal entities:

• Certificate of registration with the tax authority (TIN, for branches - notification of registration);
• Certificate of State Registration (OGRN);
• A document confirming the authority of the certificate owner (for the manager - a decision of the general meeting of participants, minutes, etc.);
• Certificate holder's passport;
• SNILS of the certificate owner.

Individual entrepreneurs:

• IP passport;
• Certificate of registration with the tax authority (TIN);
• Certificate of state registration (OGRNIP);
• SNILS.

Dual-chamber barcode scanners and fiscal recorders

Everyone who buys and sells alcohol at retail should download and install EGAIS retail equipment - the UTM module, buy a Jaсarta crypto key and write a qualified electronic signature CEP on it.

Also, alcohol retailers must record sales, that is, transmit information about each unit of alcohol sold to EGAIS.

To do this, you will need to worry about purchasing special equipment: scanners and fiscal recorders.

Also, when selling alcohol at retail, the fiscal registrar (cash register) must be able to print a QR code. With its help, the buyer, literally without leaving the checkout, can get all the information about the product being purchased:

• where and when it was made;
• at which plant the product was bottled;
• what license does the manufacturer have, etc.

A QR code can be generated in an accounting (cash, accounting) program and transferred to a fiscal registrar for printing. Or it is generated and printed directly by the device itself.

All alcoholic products must be marked with special two-dimensional PDF417 barcodes. This is necessary so that EGAIS receives information about the sale of a specific bottle of alcohol.

This function is also available in the Business.Ru service for working with EGAIS. Here you can control all movements and sales of goods, maintain full warehouse records and control mutual settlements with counterparties.

Scanners that can read PDF417 barcodes come in different models and brands. But especially for EGAIS in retail, the scanner must be approved by FSUE CenterInform. Approved scanners include:

• devices from Honeywel (models 1400/1450g, 1900g Xenon, MK7580 Genesis, Stratos™ 2700);
• Motorola (Symbol) (models DS4308-HD, DS9208).

How to choose a fiscal registrar in 2018. Video