How to Re-download XtraTrust DSC: XtraTrust Certificate Re-issuance Guide

XtraTrust Certificate Re-issuance Guide: losing or locking your Digital Signature Certificate (DSC) can be a major inconvenience. Whether your USB token is misplaced, locked due to too many incorrect PIN attempts, or simply broken, the result is the same: your digital signature becomes unusable, even if its validity period is still far from over.

So, what are your options in this situation? Is it possible to simply unlock the USB token? The answer is a firm no. Since July 1, 2023, the Certifying Authority (CCA) has completely banned USB token unlocking systems as a security measure.

However, this does not mean your DSC is lost forever. There is a secure and straightforward way to get a new copy of your digital signature certificate and prepare your old, locked token for reuse. This comprehensive guide will walk you through the entire process for XtraTrust, from re-issuing your certificate to initializing your USB token.

Understanding XtraTrust’s Certificate Re-issuance

Before we start, let’s understand the official solution for a compromised or lost DSC.

Important Note on Certificate Re-issuance

After formatting your USB token and re-downloading your digital signature certificate, it’s crucial to understand a key change: your new certificate will have a different serial number.

This means that wherever you had previously registered or associated your old DSC, you will need to re-register the new one. For example, if you were using your old DSC on the GST portal, and it got locked, you will need to register the new, re-downloaded DSC on the GST portal again.

This is because the new certificate is a unique entity with a different identity, even though its other details remain the same. Always remember to update your DSC on any and all portals where it was previously registered.

What is a Certificate reissuance?

A Certificate Re-issuance (also known as a Re-Key) is the process of generating a brand new digital signature certificate to replace a previously issued one. This new certificate has a different public key and serial number for enhanced security. Crucially, it retains the same characteristics and the exact same expiry date as your original certificate.

XtraTrust CA issues a new certificate to a subscriber when the original is compromised, subject to the requirements of the CCA. A key benefit of XtraTrust is that this re-issuance process is facilitated without any extra verification and is provided free of cost once per certificate, as long as it has appropriate remaining validity.

The XtraTrust Re-issuance Process: How to Re-download XtraTrust DSC

This is the first step where you will get a new digital certificate that can be downloaded onto a new or formatted USB token.

Step-by-Step Guide to Re-issuing Your XtraTrust DSC:

1. Visit the Official XtraTrust Re-issuance Page: Open your web browser and go to the official XtraTrust link: https://xtratrust.com/pages/reissuance
2. Enter Your Details: You will be prompted to enter your Application ID and Registered Mobile Number (for OTP) that you used when you first applied for the DSC.
   • Where to find your Application ID: When you first applied for your DSC, you would have received a text message and an email containing your unique Application ID. Search your phone and email for messages from XtraTrust.
   • What if you can’t find the Application ID? If you have deleted the original messages, you can find your Application ID by visiting the DSC Status link here: https://xtratrust.com/dsc-status. For Indian DSCs, you can simply enter your mobile number to find your application ID and other details, after validating with an OTP.
3. Validate with OTP: After entering your details, you will be prompted to enter a Captcha. Then, click on the validate button. A one-time password (OTP) will be sent to your registered mobile number. Enter this OTP to proceed.
4. Download Your DSC: Once the OTP is validated, you will be taken to the download page. You can now download your new digital signature certificate onto a new or a newly formatted USB token.

What to Do with , Locked Token?

After you have requested a re-issued digital certificate, you can prepare your old, locked USB token for reuse. As we mentioned, unlocking a token is no longer an option. However, you can format it to make it reusable.

What is Token Formatting (or Initialization)?

USB token formatting, or initialization, is a process that completely wipes all data and digital certificates from the device. This resets the token to its factory default state. After initialization, you can set a new password and download your re-issued digital signature certificate onto it.

Important Note: This process will permanently delete all digital certificates on the token. Make sure you don’t have any other important certificates on the token before you proceed.

The process for formatting a token varies depending on the brand. Below are step-by-step guides for the most common USB tokens.

Step-by-Step Guides to Initializing a USB Token, HYP2003 USB Token, WD Proxkey and mToken,

How to Unlock / Initialize HYP2003 Token

1. Connect the Token: First, install the HYP2003 drivers and then insert your HYP2003 USB token into your computer. Ensure it is detected by the HYP2003 Token management software.
2. Open the Initialization Tool: Download the HYP2003_Initialization_Tool file. Extract the ZIP file and open the HYP2003_Initialization_Tool.exe application.
3. Click “Initialize”: In the software interface, you will see an “Initialize” button. Click it. A warning pop-up will appear, reminding you that all data on the token will be erased.
4. Confirm and Proceed: Click “Yes” to proceed. Your HYP2003 token will now be initialized.
5. Set a New Password: After formatting, the default password for the HYP2003 token is “12345678“. You can now use your token management software to set a new, secure password and download your re-issued DSC.

How to Unlock / Initialize Proxkey Token

1. Insert the Token: Insert your WD Proxkey token into a working USB port on your computer.
2. Install Proxkey Driver: If you haven’t already, install the Watchdata Proxkey USB Token Driver.
3. Open the Driver and use the Command: Open the Proxkey Token Driver application. With the application open, press the following keyboard command: Ctrl + Alt + W.
4. Click “Admin” and “Initialize Token”: After pressing the command, an “Admin” option will appear. Click on it, then click “Initialize Token.” A warning pop-up will appear. Read it carefully and click “OK“.
5. Set a New Password: The Proxkey token will now be initialized. The default password for the formatted token will be “123456“. You can now download your new DSC onto it after setting a new password.

How to Unlock / Initialize mToken

1. Insert the Token: Plug your locked mToken into your computer’s USB port and ensure it is detected.
2. Download the Initialization Tool: Download the mToken Initialization Tool from the official source.
3. Extract and Open: The downloaded file will be in ZIP format. Extract the contents and locate the file named CryptoIDAInit.exe. Open this file.
4. Find the Password File: Inside the extracted folder, you will also find a file named password.txt. Open this file, copy the password, and paste it into the required field in the CryptoIDAInit tool.
5. Click “Initialize”: Click on the “Initialize” button within the tool.
6. Reinsert the Token: After the process is complete, remove the mToken from the port and plug it back in.
7. Set a New Password: Your mToken is now unlocked. The default password for the initialized mToken is “12345678“. You can now set a new password and download your re-issued DSC.

Conclusion

Now that you are equipped with the knowledge of how to re-download your XtraTrust DSC and initialize your USB token, it’s time to take action. Start by visiting the XtraTrust re-issuance portal to get your new certificate, then follow the steps to format your token. Don’t forget to re-register your new DSC on all relevant government portals. By following this guide, you can efficiently resolve the issue and ensure your digital signature is ready for use.