Electronic signature (EP) - also The most common signature, but in electronic form. It equates any electronic document to the paper origin.
Works with electronic documents
What is an electronic signature
In essence, the signature is a specially generated file with numbers, which is attached to the electronic document. This file responds to three main questions:
- Who has signed a document?
- When did you sign the document?
- Does this person have the authority?
The electronic signature guarantees that the document has signed an electronic signature owner. And the unqualified and qualified signature will be shown Lie has changed Document after signing.
Why do you need an electronic signature
The electronic signature will be needed to those who are going to use electronic documents in the work, take reporting and receive services on the Internet.
Here is how the e-signature of legal entities are used:
- Work with electronic documents that do not need to print on paper. The state recognizes such documents with legal force.
- Transmit electronic tax declarations in the IFTS.
- Register electronic applications for patents, deals with property, etc.
- Participate in electronic trading, where we sign applications for tenders and tender documentation in electronic form.
- Sign documents in the system of remote banking services, where you can remotely make a payment and get other banking services.
- Sign service electronic documents inside the organization.
- Register electronic real estate transactions.
- Make up labor relations with a remote employee.
All these operations are designed to ease the life of business representatives - save on document flow, less run on instances, receiving public services remotely and so on .
But what can be done with an electronic signature ordinary citizens:
- Get public services through the Internet - for example, to register or appeal to the municipal authorities using the State Service portal.
- Submit an e-mail application to the university, record a child in kindergarten or school.
- Share documents with a remote employer.
- Register or get a patent or permission - for example, for construction work.
- Submit a lawsuit or complaint in electronic form. This can be done through the GAS system "Justice".
Usually, individuals make an electronic signature to transmit state service documents - for example, remotely apply for registration at the place of residence or send a lawsuit or attorney to court. But in fact, an electronic signature can replace handwritten in any cases. Here is how, for example, it can be used:
- Sign a debt receipt if you want to take money from a person from another city.
- Apply, petition or complaint.
- Relaterate the power of attorney, including the one for which a notary needed.
- Conclude an agreement: purchase and sale, for the provision of services or any other.
- Sign any documents. Many of us have come across, for example, with remote banking services. It is all built on the principles of electronic signature. Entering the code obtained by SMS is equivalent to signing the document.
- Solve any question with the tax service. The FTS itself declares an electronic signature to solve such issues, it can be signed by any document for tax and not go to the FTS. This may be, for example, an application for a tax deduction, an application for the provision of benefits or complaint against the actions of the FTS staff.
- Must a business correspondence. Hack the mailbox is easier than fake EP. If two people agreed among themselves that they would consider reliable letters signed by electronic signatures, no one bothers them to do.
About how another ordinary person can use an electronic signature in practice, we told in another article.
Explain difficult in simple language
We disassemble the laws that concern you and your money. Once a month send letters with the most important
How EP is arranged
An electronic signature file generates a special program - a means of cryptographic information protection (SCJ). When you sign an electronic signature document, this program scans the document. As a result, it will create a unique combination of document data - Hash-sum . It is encrypted with a closed key - a special sequence of characters that generates a signature file. The key gives the owner of the signature.
A closed key certificate is stored by the owner on any convenient medium: on a computer, external disk or token - a special protected flash drive, which can be worn with you. Still the signature can be on the disk, Smart Map Simka, in the cloud storage etc .
You can view the signature using the open key certificate - an electronic document in which there is the following information:
- Who owns the signature.
- What is his authority.
- What organization issued a signature and what is her authority.
SPJ program checks Hash-sum and compares it with the content of the document. If all coincided, the document did not change and the signature of the Tsev. Missets mean that the document was changed after they signed. Then the signature is automatically considered invalid and the document loses legal force.
Types of EP and their differences
The law describes several types of electronic signatures: simple, unqualified and qualified.
Simple electronic signature is the most affordable. This is a login and password that confirm that the user logged in the system. With this signature, you can confirm the appeal to the authorities or sign an application for the service. She also can be used in the company's domestic document flow and sign office letters.
For example, you go to the Mobile Bank using a login and password or confirm payment on the Internet code from SMS. Under the terms of the contract with the Bank, such a signature is equivalent to a regular signature.
Simple electronic signature vulnerable, so it is not used everywhere. If you are working with property and financial documents, it is better not to use it. She will confirm that the document has signed, but does not guarantee that he did not change it and that he was signed by the right person. It will check the arbitration court if the disputed situation arises.
Unqualified electronic signature Forms using encryption tools. Encryption tools is a special program having a FSB certificate. It is believed to fake a signature created using such a program, it is impossible or very difficult. This signature says: Document has signed such something Man B. Such something Time and did not change it after.
This signature is used in electronic document flow. She signs contracts, contracts and agency reports, but only if the parties concluded an agreement on confidence in such signatures and electronic documents.
Unqualified signatures can be generated within the company or service using free tools. The state cannot control the unqualified signature: someone can give it away, anyone can own anyone and it is not protected by means that the state trusts. That is why there are no such signatures in judicial instances.
Qualified electronic signature - The most reliable type of electronic signature. From unqualified it is distinguished by what they give it in the Certification Center. This organization is authorized to issue electronic signatures and implement information on the cryptographic information. It was certified by the FSB and the accreditation from the Ministry of Communications and the state bodies trust it.
The integrity of the signature is checked in two ways:
- Watch a list of invalid certificates - it can be downloaded on the website of the Certifying Center. It helps to determine whether Signature is valid when it was used.
- Check the time stamp. This indicator says when the document signed.
So determines that the signature was not lost, stolen or overdue when it was used.
A qualified signature certificate must be updated every year: remember when it ceases to act and order a reissue in time.
A qualified signature has two important advantages.
Hack a qualified signature almost impossible - It will require too large computing resources. If you lose the private key, according to your signal, the Certification Authority responds the certificate - it will be impossible to sign documents with it.
It can be used in any operations with electronic documents. It is trusted by the Arbitration Court and the Tax Service, so the electronic invoices, tax declarations and contracts are most often signable for it.
Where you can use an electronic signature
|External and internal electronic documents||+||+||+|
|Document work with individuals||+||+||+|
|Documents for IFTS in the Personal Account of the Taxpayer||—||+||+|
|FIU and FSS||—||—||+|
|Court of Arbitration||—||—||+|
External and internal electronic documents
Document work with individuals
Documents for IFTS in the Personal Account of the Taxpayer
Unqualified or qualified
FIU and FSS
Court of Arbitration
How to start working with a qualified electronic signature
To start working with an electronic signature, you must prepare your workplace and acquire a certificate of signature. The certificate is issued quickly - within an hour.
Workplace is your computer where you will sign documents. It should have a Windows operating system or Macks and browser with access to the network. Linux is also suitable, but it will be necessary to configure it. It can be done for free in the certifying center, but there may have to take a computer.
Even to work with a qualified signature it will be necessary to establish a program for cryptographic information (SCJ). The most common means of cryptocrusts in Russia are "CSP cryptopro", Signal-Com. CSP, "Liss CSP", VIPNET CSP. All of them are approximately the same.
What specifically SCZi will need and what settings will be needed, you will be told in the certifying center or MFC.
How to acquire a signature to a legal entity and IP
Legal entities receive qualified signature certificates in the certifying center or MFC.
You can find a certifying center in the lists of accredited centers on the website of the Ministry of Communications or on the E-trust.gosuslugi.ru website. Choose the center that has a branch in your city. Remotely an electronic signature cannot be obtained, you will have to follow the signature personally.
To get an electronic signature, you will need the following documents:
- Application for the manufacture of electronic signature. In the certifying center you will be given a form of application, and in the IFC you will fill out the statement on the State Service website.
- Extract from the EGRUL or EGRIP. You can get it on the FTS website.
- Copy of the Charter for legal entities.
- Passport - for IP.
- SNILS - for IP.
If the signature receives a representative, it will be required to:
- Power of attorney authorized representative for signature.
- Recipient passport.
When you sign a statement, you will need to pay the bill. It is better to pay cash or bank card. If you pay bank transfer, you will have to wait when the payment will pass. The waiting time depends on how quickly the bank processes payment: you can wait a few minutes, and you can and for several days.
In different regions, the certificate is worth differently . In Moscow - from 1650 rubles, and in Khakassia, for example, it can cost from 1300 rubles.
After payment you will be recorded electronic signature on the token. It can be bought in the certifying center for 1200-1300 rubles . From this point on, the certificate begins to act.
How to acquire a signature to a physical face
Ordinary citizens can enjoy any signature - simple, unqualified and qualified. As a rule, a simple signature is used to authorize in public services, where you can order information services in electronic form. An unqualified signature can be used by agreement for the exchange of documents with legal entities. And with the help of a qualified signature, civil servants are obtained related to property operations. For example, it can be signed by the apartment purchase and sale agreement and submit it to state registration. Or to issue a legal entity without visiting the tax authorities, to appoint it directors and other officials.
Individuals are the easiest way to get a signature in the nearest MFC: Nearby may not be certified centers, and MFC is always there. To do this, make an appointment and prepare the following documents:
- Application for the manufacture of a qualified certificate - the template will be given to the MFC.
- Certificate of assigning the INN.
In Moscow, an electronic signature for citizens 900-950 rubles . Together with the carrier, the price will be 1500-1600. Р. Separately, the carrier will cost from 1,500 rubles. This price is different depending on the tariff of the certifying center and how much the protected signature you want to use.
Expenses for electronic signature in Moscow for individuals - 2150 Р
|Electronic signature||from 950. Рin year|
|Scycling program||0 Р|
from 950. Рin year
Expenses for electronic signature in Moscow for legal entities - 2700-3600. Р
|Electronic signature||from 1500. Рin year|
|Scycling program||0 Рor commercial SPII to the choice from 900 Р|
from 1500. Рin year
0 Рor commercial SPII to the choice from 900 Р
How to sign a document electronic signature
Your SCJ adds to the context menu of your operating system - Windows or Macks - Your special section. Thus, you can sign any document simply by pressing the right mouse button. On the site of each SKZI you can find detailed instructions, how to sign the document.
For example, the process of signing using the program " Crypto-Arm. ":
- Right-click on the document.
- Find the menu item " Crypto-Arm. "And click" Sign ".
- After that, the electronic signature creation wizard is launched, which will explain in detail all further steps.
- As a result, a new file will appear next to the document. Document.doc.sig - This is the e-signature file.
Documentation " Microsoft office "Sign even easier:
- In the Word in the "File" tab, open the "Details" item.
- Find the "Document Protection" button. In Excele, it will be called "Protection of the Book", in Powepoint - "Protection of Presentation".
- Next, in the menu that opens, click the Add Digital Signature button.
- Select the Signature Certificate from the list and click OK.
As a result, the document becomes inaccessible to change, and the file signature file will appear in the folder next to it Document.doc.sig .
Documents can be signed in e-mail and cloud storage facilities - for example, in "Dropbox" and on Yandex-disk. To do this, you need to install a special extension for the browser. Such an extension adds the "Sign" button to the interface of your file storage.
IN " Google-doct »Plugins for electronic signatures can be found in the" Add-on "tab.
How to check the authenticity of the signature
To verify the authenticity of the signature and the invariance of the document, use any of the free services:
- Portal "Cryptopro".
- Site State Service.
- Service "Contour-Crypto".
Is it possible to convey the signature to another
Theoretically can be. By law, you must prevent the signature to get into other people's hands without your consent. It turns out another person can use your signature if you agreed to it. But the responsibility for any signed document still carries the owner of the signature.
What if you lost an electronic signature
If you lose the key from the signature or stole it, contact the certificate center or MFC immediately, which issued you a certificate. The center responds your certificate so that scammers cannot use it. Be sure to report this to counterparties so that they knew that attackers can take advantage of your lost signature.
Restore the lost certificate or the EP key is impossible. You need to get a new one: collect documents and go to the Certification Authority.
How to re-care certificate
The validity period of the electronic signature certificate is a year. When it comes to an end, let's release a new certificate. To do this, refer to a statement to the Certification Center or MFC. If nothing has changed in the documents, you do not need to carry them again. If a Some Documents changed, you need to bring the originals of only these documents.
For this term there is an abbreviation "EP", which has other meanings: seeEP (values)
Electronic signature (EP), Electronic digital signature (EDS), Digital signature (CPU) Allows you to confirm the authorship of an electronic document (whether it is a real face or, for example, an account in the cryptocurrency system). The signature is associated with both the author and the document itself using cryptographic methods, and cannot be forged using normal copying.
EDS is the props of electronic document obtained as a result of cryptographic transformation of information using a closed signature key and allowing to check the lack of information distortion in the electronic document from the date of signature (integrity), the signature belonging to the certificate owner of the signature key (authorship), and in case of successful verification Confirm the fact of signing an electronic document (non-sensibility).
The currently used electronic signature technology is based on an open key asymmetric encryption and relies on the following principles:
- You can generate a pair of very large numbers (public key and private key) so that, knowing the public key, it is impossible to calculate the closed key for a reasonable time. The key generation mechanism is strictly defined and is well known. At the same time, each open key matches a specific closed key. If, for example, Ivan Ivanov publishes its public key, then you can be sure that the corresponding closed key is only with him.
- There are reliable encryption methods that allow you to encrypt the message with a closed key so as to decrypt it was only an open key. [Approx. one] . The encryption mechanism is well known.
- If the electronic document is amenable to decrypt using the open key [Approx. 2] , you can be sure that it was encrypted using a unique closed key. If the document is deciphered using the open key of Ivan Ivanov, it confirms its authorship: only Ivanov could encrypt this document, because He is the only owner of the closed key.
However, it would be inconvenient to encrypt the entire document, therefore only its hash is encrypted - a small amount of data, a rigidly attached to the document using mathematical transformations and identifying it. Encrypted hash and is an electronic signature.
In 1976, Whitfield Difffi and Martin Hellman was first proposed for the concept of "electronic digital signature", although they just assumed that the EDS schemes could exist. [one]
In 1977, Ronald Rivest, Adi Shamir and Leonard Adleman developed a cryptographic RSA algorithm, which can be used without additional modifications to create primitive digital signatures. 
Shortly after RSA, other EDS were developed, such as Rabin Digital Signature Algorithms, Merkel.
In 1984, Shafi Goldvasser, Silvio Mikali and Ronald Rivest were the first to strictly identified security requirements for digital signature algorithms. They described the attacks of the EDS algorithms, and the GMR scheme corresponding to the requirements described (Cryptosystem Goldvasser - Mikali) was proposed. 
In 1994, the first Russian standard of EDP - GOST R 34.10-94 "Information technology was developed. Cryptographic information protection. Procedures for developing and verifying an electronic digital signature based on an asymmetric cryptographic algorithm. "
In 2002, it was introduced to ensure greater cryptopic resistance of the algorithm in return for GOST R 34.10-94, based on the calculations in the group of points of the elliptic curve. In accordance with this standard, the terms "Electronic Digital Signature" and "Digital Signature" are synonymous.
On January 1, 2013, GOST R 34.10-2001 was replaced by GOST R 34.10-2012 "Information technology. Cryptographic information protection. Processes for forming and verifying electronic digital signature. "
There are several digital signature construct schemes:
- Based on algorithms for symmetric encryption. This scheme provides for the presence of a third party - an arbitrator that uses the confidence of both parties. The authorization of the document is the very fact of encryption by its secret key and the transfer of it to the arbitrator. [four]
- Based on algorithms for asymmetric encryption. At the moment, such EP schemes are most common and widely used.
In addition, there are other varieties of digital signatures (group signature, an indisputable signature, a trusted signature), which are modifications of the schemes described above. [four] Their appearance is due to a variety of tasks solved with EP.
Since the documents subscribed is an alternating (and as a rule, a largely large) volume, in the EP schemes often the signature is not put on the document itself, but on its hash. To calculate the hash, cryptographic hash functions are used, which guarantees identifying changes in the document when checking the signature. Hash functions are not part of the EP algorithm, therefore any reliable hash function can be used in the diagram.
The use of hash functions gives the following advantages:
- Computational complexity. Usually, the hash of a digital document is made many times less than the volume of the source document, and the hash calculation algorithms are faster than EP algorithms. Therefore, to form a hesh document and sign it is much faster than signing the document itself.
- Compatibility. Most algorithms operate with lines of data bits, but some use other views. Hash function can be used to convert an arbitrary input text to a suitable format.
- Integrity. Without using a hash function, a large electronic document in some schemes need to be divided into sufficiently small blocks for the use of EP. When verifying it is impossible to determine whether all blocks are obtained and in the correct order.
The use of a hash function is not necessary at an electronic signature, and the function itself is not part of the EP algorithm, so any hash function can be used any or not used at all.
In most early systems, EP used functions with a secret, which are close to one-sided functions in their intended purpose. Such systems are vulnerable to attacks using a public key (see below), since by selecting an arbitrary digital signature and applying the verification algorithm to it, you can get the source text. [five] To avoid this, a hash function is used with a digital signature, that is, the computing of the signature is carried out not relative to the document itself, but relative to its hash. In this case, as a result of verification, you can only get the hash of the source text, therefore, if the hash function is a cryptographically resistant function, then it will be computable to obtain the source text, which means the attack of this type becomes impossible.
Symmetric EP schemes are less common than asymmetrical, since after the concept of digital signature failed to implement effective signature algorithms based on symmetric ciphes known at that time. The first to drew attention to the possibility of a symmetric digital signature scheme was the founders of the very concept of EP Diffi and Hellman, who published a description of a single bit signature algorithm using a block cipher. [one] Asymmetric digital signature schemes are based on computationally complex tasks, the complexity of which has not yet been proven, so it is impossible to determine whether these schemes will be broken in the near future, as it happened with a scheme based on the task of stacking the wreck. Also, to increase the cryptopitude, it is necessary to increase the length of the keys, which leads to the need to rewrite programs that implement asymmetric schemes, and in some cases reflash the equipment. [four] Symmetric diagrams are based on well-studied block ciphes.
In connection with this, symmetric schemes have the following advantages:
- The resistance of symmetric EP schemes flows out of the durability of the used block ciphers, the reliability of which is also well studied.
- If the cipher resistance is insufficient, it can be easily replaced by more resistant with minimal changes in the implementation.
However, symmetric EP has a number of flaws:
- Each bit of transmitted information must be signed separately, which leads to a significant increase in the signature. Signature can exceed a message in size for two orders.
- The keys generated to signature can only be used once, since half the secret key is revealed after signing.
Due to the disadvantages considered, the symmetric diagram of Diffi-Helman's EDS does not apply, but its modification developed by Berezin and Doroshkevich, in which a group of several bits is immediately signed. This leads to a decrease in the sizes of the signature, but to an increase in the volume of calculations. To overcome the problem of "one-time" keys, the generation of individual keys from the main key is used. [four]
Scheme explaining signature and verification algorithms
Asymmetric EP schemes are open key cryptosystems.
But in contrast to asymmetric encryption algorithms in which encryption is made using the public key, and the decryption - using a closed one (decrypt can only know the sequence addressee), in asymmetric diagrams of digital signature, the signing is made using a closed key, and the signature test is applied. Open (decipher and check the signature can any addressee).
The generally accepted digital signature scheme covers three processes [The source is not specified 1634 days ]:
- Generation key pair. Using the key generation algorithm is equally sensitive, a private key is selected from a set of possible enclosed keys, the corresponding open key corresponds to it.
- Formation of signature. For a given electronic document using a closed key, a signature is calculated.
- Signature check (verification). For the data of the document and the signature using the open key, the validity of the signature is determined.
In order for the use of a digital signature makes sense, it is necessary to perform two conditions:
- The verification of the signature should be performed by the open key corresponding to that closed key that was used when signing.
- Without possession of a private key, it should be computationally difficult to create a legitimate digital signature.
It should be distinguished by an electronic digital signature from the message of the message (Mac).
As mentioned above, so that the use of EP makes sense, it is necessary that the calculation of a legitimate signature without knowledge of the closed key has been computationally computed.
Ensuring this in all asymmetric digital signature algorithms relies on the following computational tasks:
Calculations can also be carried out in two ways: on the basis of the mathematical apparatus of elliptic curves (GOST R 34.10-2012, ECDSA) and on the basis of Galois fields (GOST R 34.10-94, DSA)  . Currently [when? ]The fastest discrete logarithms and factorization algorithms are subexponential. The belonging of the tasks themselves for the NP-complete class is not proven.
EP algorithms are divided into conventional digital signatures and digital signatures with a document recovery.  . When verifying digital signatures with the restoration of the document, the document body is restored automatically, it is not necessary to attach it to the signature. Conventional digital signatures require the attachment of the document to the signature. It is clear that all algorithms sinking a hash document belong to ordinary ep. The EP with the recovery of the document refers, in particular, RSA.
Electronic signature schemes can be disposable and reusable. In one-time schemes, after checking the authenticity of the signature, it is necessary to replace the keys, in the reusable schemes it is not required.
Algorithms EP are also divided into deterministic and probabilistic  . Deterministic EP with the same input data calculate the same signature. The implementation of probabilistic algorithms is more complex, as it requires a reliable source of entropy, but with the same input data signatures may be different, which increases crypto resistance. Currently, many deterministic schemes are modified in probabilistic.
In some cases, such as streaming data transmission, the EP algorithms may be too slow. In such cases, a quick digital signature is applied. Signature acceleration is achieved by algorithms with fewer modular calculations and the transition to fundamentally different methods of calculation.
Based on asymmetric schemes, a digital signature modifications that meet various requirements are created:
- Group digital signature
- Unquestive digital signature
- "Sleeping" digital signature and fair "blind" signature
- Confidential digital signature
- Digital signature with refreshability
- Trusted digital signature
- One-time digital signature
Analysis of the possibilities of fake signatures is the task of cryptanalysis. An attempt to falsify the signature or signed document of cryptanalytics is called "Attack".
Attack models and their possible results [edit | Code ]
In his work, Goldvasser, Mikali and Rivest describe the following models of attacks that are relevant and currently  :
- Attack using a public key. Cryptanalitics has only an open key.
- Attack based on known messages. The enemy has admissible signatures of a set of electronic documents known to him, but not chosen by him.
- Adaptive attack based on selected messages. Cryptanalitics can receive signatures of electronic documents that he chooses himself.
Also in the paper describes the classification of possible results of attacks:
- Full hacking digital signature. Getting a closed key, which means a complete hacking algorithm.
- Universal fake digital signature. Finding an algorithm similar to the signature algorithm, which allows you to fake signatures for any electronic document.
- Selective fake digital signature. The ability to fake signatures for documents selected by cryptanalytics.
- Existential fake digital signature. The possibility of obtaining a permissible signature for a document not chosen by the cryptoanalytics.
It is clear that the most "dangerous" attack is an adaptive attack on the basis of selected messages, and when analyzing EP algorithms to crypto resistance, it is necessary to consider it precisely (if there are no special conditions).
With the unmistakable implementation of modern EP algorithms, obtaining a closed key of the algorithm is a practically impossible task due to the computational complexity of tasks on which ED is built. The cryptanalytics of collisions of the first and second birth is much more likely. The collision of the first kind is equivalent to the existential fake, and the collision of the second kind - selective. Taking into account the use of hash functions, finding conflicts for the signature algorithm is equivalent to finding collisions for the hash functions themselves.
Fallation of the document (the collision of the first kind) [edit | Code ]
The attacker may try to choose a document to this signature, so that the signature approached him. However, in the overwhelming majority of cases, such a document can be only one. The reason is as follows:
- The document is a meaningful text;
- The text of the document is decorated in the prescribed form;
- Documents are rarely made in the form of a TXT file, most often in Doc or HTML format.
If the fake set of bytes and the hash of the source document occurs, then the following three conditions must be completed:
- The random set of bytes must come under the complex structured file format;
- The fact that the text editor will read in the random set byte must form the text decorated in the prescribed form;
- The text must be meaningful, competent and relevant the topic of the document.
However, in many structured data sets, you can insert arbitrary data into some service fields without changing the document form for the user. This is what attackers use, fake documents. Some signature formats even protect the integrity of the text, but not service fields. [nine]
The probability of this incident is also negligible. It can be assumed that in practice it may not happen even with unreliable hash functions, since the documents are usually a large amount of kilobytes.
Getting two documents with the same signature (second-s) collision [edit | Code ]
There is much more likely to attack the second kind. In this case, the attacker fabricates two documents with the same signature, and at the right moment replaces one other. When using a reliable hash function, such an attack must also be computationally complex. However, these threats can be realized due to the weaknesses of specific hashing algorithms, signatures or errors in their implementations. In particular, in this way, you can take an attack on SSL certificates and the MD5 hashing algorithm. 
Social attacks are directed not at the breaking of digital signature algorithms, but on manipulation with open and closed keys [eleven] .
- An attacker who has stolen the closed key can sign any document on behalf of the key owner.
- An attacker can make a deception to make the owner sign any document, for example, using a blind signature protocol.
- The attacker can replace the open key of the owner on his own, giveing himself for him. Using key exchange protocols and closed key protection from unauthorized access reduces the risk of social attacks  .
An important problem of the entire cryptography with an open key, including EP systems, is to manage open keys. Since the public key is available to any user, you need a mechanism for verifying that this key belongs to its owner. It is necessary to ensure the access of any user to the authentic open key of any other user, protect these keys from the attacker substitution, as well as organize a tip of the key in case of its compromise.
The task of protection of keys from the substitution is solved using certificates. The certificate allows you to verify the data about the owner and its public key to the signature of any trustee. There are system certificates of two types: centralized and decentralized. In decentralized systems, a network of trust is built by a cross-signatory signature of certificates and trusted people by each user. Certification centers supported by trusted organizations are used in centralized certificate systems.
The certification authority generates a private key and its own certificate, generates certificates of end users and certify their authenticity to its digital signature. The center also conducts a review of expired and compromised certificates and maintains the database (lists) of issued and withdrawable certificates. By contacting the certification authority, you can get your own open key certificate, the certificate of another user and find out which keys are recalled.
Smart card and USB key rings
The closed key is the most vulnerable component of the entire digital signature cryptosystem. An attacker who stole the user's private key can create a valid digital signature of any electronic document on behalf of this user. Therefore, special attention should be paid to the method of storing a closed key. The user can store a closed key on its personal computer, protecting it with a password. However, this storage method has a number of disadvantages, in particular, the key security depends entirely on the security of the computer, and the user can sign documents only on this computer.
Currently, there are the following closed key storage devices:
Theft or loss of one of these storage devices can be easily seen by the user, after which the corresponding certificate must / may be immediately recalled.
The most protected storage method of a closed key is storage on a smart card. In order to use a smart card, the user needs not only to have it, but also enter a PIN code, that is, two-factor authentication is obtained. After that, the subscribed document or its hash is transmitted to the card, its processor will sign the hash and transmits the signature back. In the process of forming a signature, this method does not copy the closed key, so all the time there is only a single copy of the key. In addition, copying information from a smart card is a bit more complicated than from other storage devices.
In accordance with the Law "On Electronic Signature", the responsibility for keeping the closed key, the owner brings himself.
The use of EP is assumed to implement the following important areas in the electronic economy:
- Full control of the integrity of the transmitted electronic payment document: in case of any random or deliberate change of the document, the digital signature will become invalid, because it is calculated using a special algorithm based on the original state of the document and corresponds only to it.
- Effective protection against changes (fakes) of the document. EP gives a guarantee that in the implementation of integrity control, all kinds of fakes will be detected. As a consequence, fake documents becomes inappropriate in most cases.
- Fixing the impossibility of refusing the authorship of this document. This aspect follows from the fact that it is possible to re-create the correct electronic signature only in case of possession of a so-called private key, which, in turn, should be known only to the owner of this very key (the author of the document). In this case, the owner will not be able to form a refusal of his signature, and hence - from the document.
- Formation of evidence of confirmation of the authorship of the document: based on the fact that it is possible to create a correct electronic signature, as mentioned above, only knowing the closed key, and by definition it should be known only to the owner-author of the document, then the keys owner can definitely prove its signature authorship under the document . Moreover, only certain fields of the document can be signed in the document, such as the "author", "made changes", "time label", etc. That is, the authorship is not evidenced by the entire document.
The above properties of the electronic digital signature make it possible to use it in the following basic purposes of the electronic economy and electronic documentary and money circulation:
- Use in bank payment systems;
- E-commerce (trade);
- Electronic registration of transactions in real estate objects;
- Customs declaration of goods and services (customs declarations). The controlling functions of the state budget (if it comes to the country) and the execution of estimates and limits of budgetary obligations (in this case, if the conversation is about the industry or a specific budgetary institution). Management of state orders;
- In electronic systems for the appeal of citizens to the authorities, including economic issues (within such projects as the "Electronic Government" and "Electronic Citizen");
- The formation of mandatory tax (fiscal), budget, statistical and other reports to government agencies and extrabudgetary funds;
- Organization of legally legitimate internal corporate, intra-separable or national electronic document management;
- Application of EDS in various calculated and trading systems, as well as FOREX;
- Management of share capital and equity participation;
- EP is one of the key components of transactions in cryptocurrencies.
According to the Civil Code of the Russian Federation, a qualified electronic signature is intended to determine the person who has signed an electronic document and is an analogue of his own signature in cases provided by law.  .
A qualified electronic signature is used in the commission of civil transactions, the provision of state and municipal services, the execution of state and municipal functions, when committing other legally significant actions [fourteen] .
In Russia, a legally significant electronic signature certificate issues a certifying center. Legal conditions for the use of electronic digital signature in electronic documents regulates the Federal Law of the Russian Federation of April 6, 2011 No. 63-FZ "On Electronic Signature".
After the formation of EP, when used in electronic document flow, the infrastructure of electronic document management between tax authorities and taxpayers actively became active in 2005 in 2005. The order of the Ministry of Taxes and Cancellation of the Russian Federation dated April 2, 2002 No. BG-3-32 / 169 "The procedure for submitting a tax return on telecommunication channels of communication" began to work. It defines the general principles of information exchange in the presentation of the tax declaration in electronic form in telecommunication channels of communication.
In the Law of the Russian Federation of January 10, 2002 No. 1-FZ "On Electronic Digital Signature" describes the conditions for using EP, the features of its use in the fields of public administration and in the corporate information system.
Thanks to EP, in particular, many Russian companies carry out their trade and procurement activities on the Internet through electronic commerce systems, exchanging with the counterparties necessary documents in electronic form signed by EP. This greatly simplifies and accelerates the conduct of competitive trading procedures. [fifteen] . By virtue of the requirements of the Federal Law of April 5, 2013 No. 44-FZ "On the Contract System ..." State contracts concluded in electronic form should be signed by an increased electronic signature [sixteen] .
From July 13, 2012, according to Federal Law No. 108-FZ officially entered into force the legal norm extending the action of 1-FZ "On Electronic Digital Signature" until July 1, 2013. In particular, it was decided in part 2 of Article 20 of the Federal Law of April 6, 2011 No. 63-FZ "On Electronic Signature" (Meeting of the Legislation of the Russian Federation, 2011, No. 15, Art. 2036) The words "from July 1, 2012" should be replaced by "From July 1, 2013."  .
However, federal law of 02.07.2013 No. 171-FZ amended Article 19 of the Federal Law of 06.04.11 No. 63-FZ "On Electronic Signature". In accordance with this, an electronic document signed by an electronic signature, the certificate of the key of the verification of which was issued during the period of Federal Law No. 1-FZ, recognized as a signed qualified electronic signature. At the same time, it is possible to use an old certificate until December 31, 2013 inclusive. This means that in the specified period, documents can be signed with electronic digital signature, the certificate of the verification key of which was issued until July 1, 2013.
From July 1, 2013, the Federal Law of January 10, 2002 No. 1-FZ has failed to change the Federal Law of April 6, 2011 No. 63-FZ "On Electronic Signature". As a result, the determination of three types of electronic signatures was introduced:
- Plain electronic signature It is an electronic signature, which through the use of codes, passwords or other means confirms the fact of forming an electronic signature by a certain person.
- Reinforced unqualified electronic signature is an electronic signature that:
- obtained as a result of cryptographic information transformation using the electronic signature key;
- allows you to determine the person signed by an electronic document;
- allows you to detect the fact of making changes to the electronic document after the date of its signing;
- Created using electronic signature tools.
- Reinforced qualified electronic signature It is an electronic signature that meets all the signs of a unskilled electronic signature and the following additional features:
- The electronic signature check key is specified in a qualified certificate;
- To create and check the electronic signature, the electronic signatures that have received confirmation of compliance with the requirements established in accordance with 63-ФЗ
From January 1, 2013, citizens are issued a universal electronic card in which a reinforced qualified electronic signature is built (the release of cards has been terminated from January 1, 2017 [eighteen] ).
On September 8, 2015, the first certifying center was accredited in the Crimean Federal District (KFO) on the basis of the state unitary enterprise "Crimenechnology". The appropriate authority was approved by the Order of the Ministry of Communications and Mass Communications of the Russian Federation No. 298 "On the accreditation of certifying centers" of August 11, 2015. [nineteen]
EP is used in the control system over the volume of production and the turnover of ethyl alcohol, alcoholic beverages of the EGAIS.
Manipulations with electronic signatures in Russia [edit | Code ]
- Known illegal activities with electronic signatures through the Certification Centers of the Russian Federation [twenty] . College of Accounts Chaired by Tatiana Golikova revealed the participation of some UC in the unlawful use of the electronic signature of the Insured person in the interests of non-state pension funds, as well as paperwork without the participation of a citizen  . "Checking the Accounts Chamber once again revealed mass violations, even with enhanced electronic signature protection measures," President Pratf Sergey Belyakov commented on the situation  His adviser claims that the mass fraud of electronic signatures in re-statements was carried out by reuse by certifying the Customer Electronic Signature Center  . Similar method used in real estate fraud  However, in 2019, the State Duma adopted the law on the protection of citizens from the embezzlement of apartments on an electronic signature, which actually excluded the use of electronic signature under real estate transactions  .
- Another method of manipulation with electronic signatures is that the client offers a remote release of a qualified certificate without personal contact of the applicant and an employee of the registration department of the Certification Center, in this case the design of the electronic signature is made remotely, on the basis of the applicant's documents submitted through the Internet Certification Center  . As a result of such actions caused by, according to specialists of the legal system "Garant", the fact that "IT functions in the activities of the CCC prevail over its legal entity," an electronic signature can be used by unscrupulous third parties  . However, in 2017, the proposal of the Ministry of Communications to transfer the functions of issuing a strengthened qualified electronic signature (UEP) from private companies to the state did not find an understanding of other ministries and departments  .
In Ukraine, the use of electronic signature is governed by law, published in 2003, which coordinates relations appearing due to the use of electronic signatures. The system of operation of the Ukrainian EDS consists of a central certifying body issuing a key to centers for certification of keys (CSK) and providing access to electronic catalogs, a controlling body and key certification centers that give the EDS to the final consumer.
On April 19, 2007, a resolution was adopted "On approval of the procedure for submitting reports to the Pension Fund of Ukraine in electronic form." And on April 10, 2008 - Order No. 233 of the GNA of Ukraine "On Applying Electronic Digital Reporting". As a result of active explanatory activity of tax services, in 2008 the number of subjects submitting reporting on VAT in electronic form increased from 43% to 71%.
From July 16, 2015, Law No. 643-VIII began to be valid "On Amendments to the Tax Code of Ukraine regarding the improvement of the administration of value added tax". On August 31, 2015, draft law No. 2544a "On Electronic Trusting Services" was registered.
On June 16, 2015 earned the Ukrainian site of electronic public services Igov.org.ua. Here you can order a certificate of non-support for presenting to the MREO, to make an application for a subsidy, certificates of income, as well as fill out documents for a passport.
The electronic signature system is widely used in Estonia, where ID-cards are entered, which are equipped with more than 3/4 of the country's population. With the help of electronic signature in March 2007, elections were held in the local parliament - Riigikogu. When voting, electronic signature used 400,000 people. In addition, with the help of an electronic signature, you can send a tax declaration, a customs declaration, various questionnaires both in local governments and state bodies. In large cities using a ID card, it is possible to buy monthly bus tickets. All this is carried out through the central civilian portal Eesti.ee. The Estonian ID card is mandatory for all residents from 15 years living temporarily or permanently in Estonia. This, in turn, violates the anonymity of the purchase of travel tickets.
In the US, the use of electronic signature began in 2000. The first law regulating the electronic signature was UETA (a single law on electronic transactions). This law is focused on legal entities and commerce. It was prepared in 1999 and adopted by 48 states, District of Columbia and the Virgin Islands of the United States  . On October 1, 2000, the Federal Law ESIGN was adopted (the law on electronic signatures in international and domestic trade) [thirty] . ESIGN coordinates the legislation of different states, considers the interaction of individuals and legal entities.  .
The following is indicated in Esign: "Signature, contract or other entry related to such a transaction cannot be deprived of legal force, reality or claim only because it is in electronic form." Therefore, in practice in the US, an electronic signature made by the mouse, stylus, pressing the "I accept" button, has the same legal status with a handwritten signature  . Also, ESIGN indicates that the consumer must necessarily have the intention to leave a signature.
In Canada, the use of electronic signature regulates the Federal Law Pipeda (the Law on Protection of Personal Information and Electronic Documents), which entered into force in 2004  . But in Quebec, the use of electronic signature is governed by the Law on Creating a Legal Fundamental Technology  . The difference between these laws is to use and disclose personal information.  . And in Quebec, and in Canada, an electronic signature is not fully equal to handwritten, so additional evidence may be required in court  .
- ↑ The names of the keys open and closed are conditional. According to an open-key asymmetric encryption algorithm, the encryption key is made open, and the decoding is closed to provide the message to the recipient. In the case of EDS, the task is the opposite: to provide an easy way to decrypt - verification of the signature, it means Configuring key it should be Open .
- ↑ And provided that a meaningful result is obtained, and not a random data set.
- ↑ 1 2 Diffie W., Hellman M. E. New Directions in Cryptography (eng.) // IEEE TRANS. Inf. Theory. / F. Kschischang - IEEE, 1976. - Vol. 22, ISS. 6. - P. 644-654. - ISSN 0018-9448; 1557-9654 - DOI: 10.1109 / TIT.1976.1055638
- ↑ Rivest R., Shamir A., Adleman L. A Method for Obtaining Digital Signatures and Public-Key Cryptosystems (eng.) // COMMUN. ACM. - NYC, USA: ACM, 1978. - Vol. 21, ISS. 2. - P. 120-126. - ISSN 0001-0782; 1557-7317 - DOI: 10.1145 / 359340.359342
- ↑ 1 2 "A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks.", Shafi Goldwasser, Silvio Micali, and Ronald Rivest. Siam Journal On Computing, 17 (2): 281-308, Apr. 1988.
- ↑ 1 2 3 4 http://eregax.ru/2009/06/electronic-signature/ (inaccessible link)
- ↑ "Modern Cryptography: Theory & Practice", Wenbo Mao, Prentice Hall Professional Technical Reference, New Jersey, 2004, PG. 308. ISBN 0-13-066943-1
- ↑ Analysis of EDS algorithms
- ↑ 1 2 Electronic digital signature - Kryptomash company (Neopr.) (inaccessible link) . Calling date: November 8, 2009. Archived on December 26, 2009.
- ↑ - MGS (Neopr.) (inaccessible link) . www.easc.org.by. Date of handling: December 29, 2015. Archived on February 2, 2016.
- ↑ INLINE PGP SIGNATURES CONSIDERED HARMFUL
- ↑ Creating A Rogue CA Certificate < (Neopr.) (inaccessible link) . Date of handling: May 13, 2009. Archived on April 18, 2012.
- ↑ Ovcharenko MA National Mining University, Ukraine. Attacks on an electronic digital signature. Electronic digital signature
- ↑ Electronic Digital Signature (Electronic Digital Signature): Features of obtaining and its purpose
- ↑ Civil Code of the Russian Federation, Part 1, Chapter 9, Article 160
- ↑ Federal Law of the Russian Federation of April 6, 2011 N 63-FZ, Article 1
- ↑ Scope of Electronic Signature
- ↑ Federal Law on the Contract System in the Sphere of Procurement of Goods, Works, Services for State and Municipal Needs (Neopr.) . Consultant Plus.
- ↑ Federal Law of the Russian Federation of July 10, 2012 No. 108-FZ
- ↑ JSC "UEK" announces the closure of the project for the release of universal electronic cards (Neopr.) (inaccessible link) . Calling date: February 3, 2017. Archived on February 4, 2017.
- ↑ KRTECH.RU. The first certifying center is registered in Crimea (Neopr.) (09/04/2015).
- ↑ "The procedure for the transfer of pension savings from the FIU is risks, consider in the joint venture" Mia Russia today "from 27.06.2017.
- ↑ "Citizens do not have the opportunity to get topical information when concluding a contract with NPF" "Counting Chamber of the Russian Federation", June 27, 2017
- ↑ "Simple electronic signature will not protect the accumulation» Gazeta.ru from 07/31/2017,
- ↑ "Electronic signature emerged from trust" RBC № 108 (2604) (2306) June 23, 2017: "According to the counselor, Valery Vinogradova, the electronic signature, which forms in the certifying center, should be used by one. After its use, the center should remove it, he says. "However, at the end of December, these electronic subscription signatures were used secondary," the expert states " .
- ↑ "A new type of fraud: left without an apartment, faked an electronic signature" KP "from May 22, 2019
- ↑ "Sell agrees personally" rg.ru of 07/25/2019.
- ↑ "The release of the electronic signature without the personal presence of the applicant violates the law" "Garant" dated December 7, 2017
- ↑ "Registration of electronic signature without personal presence violates the law" Electronic Express ", 2018.
- ↑ "The Central Bank and the Ministry of Economic Development warned about the collapse of the electronic signature market" RBC dated July 21, 2017.
- ↑ Electronic Transactions Act. (Neopr.) . Uniform Law Comission . Date of handling: December 1, 2020.
- ↑ [https://www.fdic.gov/resources/supervision-and-examinations/consumer-compliance-examination-manual/documents/10/x-3-1.pdf The Electronic Signatures In Global and Nationalcommerce ACT (E-SIGN ACT)] (Neopr.) . Federal Deposit Insurance Corporation . Date of handling: December 1, 2020.
- ↑ E-Sign Versus State Electronic Signature Laws: The Electronic Statutory Battleground (Neopr.) . North Caroline Banking Institute . Date of handling: December 1, 2020.
- ↑ Legal Basis for Electronic Signature in USA (Neopr.) . Certified Translation . Date of handling: December 1, 2020.
- ↑ Personal Information Protection and Electronic Documents Act (S.C. 2000, p. 5) (Neopr.) . Justice Laws Website. . Date of handling: December 1, 2020.
- ↑ ACT to Establish a Legal Framework for information technology (Neopr.) . Legis Quebec. . Date of handling: December 1, 2020.
- ↑ Guide to Doing Business In Canada: Privacy Law (Neopr.) . Goowling WLG. . Date of handling: December 1, 2020.
- ↑ Are Electronic Signatures Legal In Canada? (Neopr.) . Signable . Date of handling: December 1, 2020.
- Ryabko B. Ya., Fionov A. N. Basics of modern cryptography for specialists in information technology - Scientific World, 2004. - 173 p. - ISBN 978-5-89176-233-6
- Alferov A. P., Zubov A. Yu., Kuzmin A. S., Cheremushkin A. V. Basics of cryptography. - Helios ARV, 2002. - 480 p. - ISBN 5-85438-137-0.
- Niels Ferguson, Bruce Schneier. Practical cryptography = Practical Cryptography: Designing and Implementing Secure Cryptographic Systems. - M. : Dialectic, 2004. - 432 p. - 3000 copies - ISBN 5-8459-0733-0, ISBN 0-4712-2357-3.
- B. A. Fowzan. Digital Signature Signature EL-Gamal // Managing Encryption Key and Network Safety / Per. A. N. Berlin. - Lecture course.
- Menezes A. J., Oorschot P. v., Vanstone S. A. Handbook of Applied Cryptography (eng.) - CRC Press, 1996. - 816 p. - (Discrete Mathematics and Its Applications) - ISBN 978-0-8493-8523-0
- Mao V. Modern cryptography: theory and practice / lane D.A. Koshev - M. : Williams, 2005. - 768 p. - ISBN 978-5-8459-0847-6
What is an electronic signature - a simple language for newcomers of the world of the digital economy
October 30, 2017.
The article gives answers to questions: "What an electronic signature looks like", "how the EDS works", its capabilities and main components are considered, and a visual step-by-step instruction of the e-signature file signing process.
What is an electronic signature?
The electronic signature is not an object that can be taken into hand, and the props of a document that allows you to confirm the owner's assistance to its owner, as well as to fix the status of information / data (availability, or no changes) in the electronic document from the moment of its signing.
Abbreviated name (according to Federal Law No. 63) - EP, but more often use the outdated abbreviation of EDS (electronic digital signature). This, for example, facilitates interaction with search engines on the Internet, as EP may also mean electric stove, passenger electric locomotive, etc.
According to the legislation of the Russian Federation, a qualified electronic signature is the equivalent of signatures affected by "by hand", which has a full legal force. In addition to qualified in Russia, two more types of EDS are presented:
- Unqualified - ensures the legal significance of the document, but only after the conclusion of additional agreements between the signatures on the rules for the application and recognition of the EDS, it allows you to confirm the authorship of the document and control its immutability after signing,
- simple - does not give the signed document to the informed value before the conclusion of additional agreements between the signatures on the rules of application and recognition of the EDS and without complying with the legislatively fixed conditions for its use (a simple electronic signature should be contained in the document itself, its key is applied in accordance with the requirements of the information system, where it is used, and so on according to the FZ-63, Article 9), does not guarantee its immutability from the moment of signing, it allows you to confirm the authorship. Its application is not allowed in cases associated with the state secret.
Opportunities of electronic signature
EDC individuals provide remote interaction with state, educational, medical and other information systems via the Internet.
Legal entities electronic signature gives admission to participate in electronic trading, it allows you to organize a legal and significant electronic document management (EDO) and the delivery of electronic reporting into controlling authorities.
Opportunities that provide EDS users made it an important component of everyday life and ordinary citizens, and representatives of companies.
What does the phrase "the client issued an electronic signature"? What does the EDS look like?
By itself, the signature is not the subject, but the result of cryptographic transformations of the document being signed, and it is impossible to "physically" to issue on any carrier (tokenet, smart card, etc.). Also, it can not be seen, in the direct value of this word; It does not look like a stroke of the feather or figured print. About, How "looks like" an electronic signature, Tell me a little lower.
Cryptographic transformation is an encryption that is built on the algorithm used secret key. The process of restoring the initial data after cryptographic transformation without this key, according to specialists, should take more time than the relevance of the relevant information.
Flash carrier is a compact storage medium, which includes Flash memory and adapter (USB flash drive).
The token is a device whose housing is similar to the USB Body Body, but the memory card is protected by a password. The token recorded information for the creation of EDS. To work with it, you need to connect to a USB computer connector and the password introduction.
Smart card is a plastic card that allows you to carry out cryptographic operations at the expense of the chip-built into it.
The SIM card with the chip is a mobile operator card equipped with a special chip on which a Java application is installed in a safe manner, expanding its functionality.
How should I understand the phrase "issued an electronic signature", which firmly entrenched in the conversational speech of market participants? What is the electronic signature?
The issued electronic signature consists of 3 elements:
1- The means of electronic signature, that is, the technical means necessary for the implementation of the set of cryptographic algorithms and functions. This can be either a cryptoproderder (CSP, VIPNET CSP cryptopro, VIPNET CSP), or an independent token with a built-in cryptoproprodder (RUCOCEN EDS, Jacarta GOST), or an "electronic cloud". You can read more about EDS technologies related to the use of an "electronic cloud", it will be possible in the next article of a single email portal.
The cryptoproderder is an independent module protruding the "mediator" between the operating system, which, using a specific set of functions, controls it, and a program or hardware complex that performs cryptographic transformations.
Important: Token and a qualified EDS agent on it should be certified by the FSB of the Russian Federation in accordance with the requirements of Federal Law No. 63.
2- key steam, which is two impersonal set bytes formed by means of electronic signature. The first one is the key of an electronic signature, which is called "closed". It is used to form the signature itself and must be kept secret. The placement of a "closed" key on a computer and Flash-carrier is extremely unsafe, tokenet - partly unsafe, on a token / smart card / SIM card in the most secure. The second is the electronic signature check key, which is called "open". It is not contained in secret, unambiguously tied to the "closed" key and is necessary that anyone can check the correctness of the electronic signature.
3- Certificate of the EDS audit key, which releases the Certification Center (UC). His appointment is to associate an impersonal set of the "open" key with the identity of the electronic signature owner (man or organization). In practice, it looks like this: for example, Ivan Ivanovich Ivanov (individual) comes to the certifying center, it makes a passport, and the CCT gives it a certificate confirming that Ivan Ivanovich Ivanovka Ivanovka Ivanov. It is necessary to prevent fraudulent schemes during the deployment of which an attacker during the transmission of the "open" code can intercept it and replace its own. Thus, the criminal will be able to issue himself for the signator. In the future, intercepting messages and making changes, he will be able to confirm their EDS. That is why the role of the electronic signature certificate of the electronic signature is extremely important, and the certification and administrative responsibility of the Certification Authority is credited to its correctness.
In accordance with the law, the Russian Federation distinguishes:
- "Certificate of the electronic signature key certificate" is formed for unqualified EDS and can be issued to the certificate center;
- "The qualified certificate of the electronic signature check key" is formed for a qualified EDS and can be issued only by the accredited Ministry of Communications and Mass Communications of the UC.
Conditionally, it can be designated that the electronic signature check keys (byte kits) - technical concepts, and the certificate of the "open" key and the certification center are the concepts of organizational. After all, the HC is a structural unit that is responsible for comparing "open" keys and their owners within their financial and economic activities.
Summing up the foregoing, the phrase "the client is issued an electronic signature" consists of three terms:
- The client acquired an electronic signature tool.
- He received the "open" and "closed" key, with the help of which the EDS is formed and is checked.
- The HC issued a certificate to the client confirming that the "open" key from the key couple belongs to this particular person.
Required properties of the subscribers:
- Authenticity (authenticity; "non-accuracy" from the authorship of information).
They provide cryptographic algorithms and protocols, as well as software-based software and software and hardware solutions for the formation of electronic signature.
With a certain amount of simplification, it can be said that the safety of electronic signatures and services provided on its basis is based on the fact that the "closed" keys of the electronic signature are stored in the secret, in a secure form, and that each user will respond to them and does not allow incidents.
Note: When purchasing a token, it is important to change the factory password, so no one can gain access to the EDS mechanism besides its owner.
How to sign an electronic signature file?
To sign the EDS file, you need to perform several steps. As an example, we consider how to put a qualified electronic signature on a certificate of a single email signature portal in .pdf format. Need to:
1. Click on the document with the right mouse button and select the cryptoproderder (in this case, cryptoarm) and the Count "Sign".
2. Complete the path in the Cryptoprovider dialog box:
Select the "Next" button.
At this step, if necessary, you can choose another file to sign, or skip this stage and immediately go to the next dialog box.
The "Encoding and Expansion" fields do not require editing. Below you can choose where the signed file will be saved. In the example, the Document with the EDS will be placed on the desktop (Desktop).
In the "Signature Properties" block, you choose "signed", if necessary, you can add a comment. The remaining fields can be excluded / choose at will.
From the repository of certificates you choose the desired one.
After checking the correct function, the "certificate owner", press the "Next" button.
In this dialog box, a final verification of the data required to create an electronic signature is performed, and then after clicking on the "Finish" button, the following message should pop up:
The successful ending of the operation means that the file was cryptographically transformed and contains props, which fixes the invariance of the document after its signing and providing its legal significance.
So, what does an electronic signature look like?
For example, we take a file signed by an electronic signature (stored in the .sig format), and open it through a cryptoprovider.
Desktop fragment. Left: File, signed by EP, Right: Cryptoprovider (for example, cryptoarm).
The visualization of the electronic signature in the document itself does not provide for its opening due to the fact that it is a props. But there are exceptions, for example, an electronic signature of the FTS upon receipt of an extract from the EGRUL / JRIP through the online service is conditionally displayed on the document itself. Screenshot can be found on the link.
But as in the end "Looks like" EDS Rather, how is the fact of signing is indicated in the document?
Opening through the cryptoproker window "Management signed data", you can see the file information and signature.
When you click on the "View" button, a window appears containing information about the signature and certificate.
The last screenshot clearly demonstrates What does the EDS look like on the document "From the inside."
You can purchase an electronic signature by reference.
Ask other questions on the topic of the article in the comments, experts of a single portal of the electronic signature will definitely answer you.
The article was prepared by the editors of a single portal of the electronic signature IECP.RU using the materials of Safetech.
With full or partial use of the material, the hyperlink on www.iecp.ru is obligatory.
August 23, 2017.
The digital economy rapidly displaces the old way in all areas of modern society activities. Private life and jobs are transformed, new professions and interaction tools appear. In the era, such a large-scale transformation is increasingly actual about the problem of information security in organizations. Executive Director of ATP Elijah Dimitrov and Deputy Director of the Academy of Information Systems Igor Eliseev commented on the issue of the formation of a digital economy and the main aspects of providing IB in modern companies.
Electronic digital signature is a relatively new technology that has significantly simplified the work of many public and private commercial organizations. Thanks to it, it became easier and safer to exchange data online, disappeared the need to visit other cities to sign documents.
How to get the EDS which kinds are suitable for specific organizations and how with its help you can assure data online, you will learn from our article.
What is an electronic digital signature?
EDS is information that complements the electronic document, confirming its authenticity and consent of the person with the data available in it. A qualified electronic digital signature is analogue handwritten and has legal force.
Therefore, if one of the parties assured the parties does not comply with the collaboration conditions, the second can use this document in court as proof of non-fulfillment of the obligations of the opponent.
The electronic digital signature has a number of important functions:
- Confirms the authorship . The electronic signature contains information about the certificate in which the data on its owner is written in detail. Thus, the data signed by the certificate of EP indicate the authorship of a certain person or organization
- It has legal force . The EDS allows you to operately in electronic form to sign contracts, pass reports, sell and buy securities. No need to confirm important documents personally, coming to the other end of the country.
- Protects against falsification . The attackers will not be able to take advantage of your signature or fake her
- Confirms the integrity of the document . Fix the contract will not fail: if your employee, the client or partner signed it, and then changed any information (randomly or deliberately), you will see it and you can take action.
Types of electronic digital signature
There are three types of EDS:
- Simple . Used by individuals to confirm personal data. For example, when entering the website of public services or contactless payments of purchases in shopping centers.
- Reinforced unqualified . It is applied by legal entities to identify the author of the document, tracking changes made to it after assurance. More reliable compared to simple EDS. Required in rare cases.
- Reinforced qualified . The most reliable and used from all types of EDS. It is an analogue of a personal handwritten signature and has full legal force. It is used in all areas of legal entities and IP - from signing contracts with counterparties prior to interaction with controlling and supervisory authorities.
What is it worth getting the EDS certificate?
- Participation in online bidding and auctions . Electronic digital signature may be required for commercial and public procurement. Only with it can be left on trading application platforms and assure contracts.
- Work on the website of the State Service . Receipt of EDS makes it possible to make an appointment with the public institution, submit applications for making many personal documents, pay fines and taxes, register a car, and much more.
- Delivery of reports to the tax . For the timely administration of revenue declarations in the Federal Tax Service of Russia or about alcohol and beer in Egas, it is also worth receiving the EDS. It may be needed to work on the websites of Rosstat and the Pension Fund of the Russian Federation.
- Remote document flow . With the help of electronic digital signature, you will be able to send reports, applications, contracts and other important paper in your organization and to other companies.
What makes the EDS?
To assign documents, an electronic digital signature requires 3 components:
|This is a unique code necessary to create a unique signature. He knows only the owner. The closed key guarantees the protection of EDS from falsification and hacking.||Encodes documents, forms a unique signature for each of them.||A document that confirms the subscription to a specific person. It contains an open key that allows the recipient to check the certified file.|
How does the EDP work?
When you assign an electronic digital signature document, a specific algorithm is activated:
- The program-encoder converts the file into the string of the symbol - hash. Different documents are translated into a different set of characters, and the same - to the same one.
- After hashing, the program encrypts the string using a closed key. The process is similar to how something is placed in the box and sealed by the lock. This is the EDS.
- The document is sent to the recipient, an encrypted hash and a certificate is applied to it, where the contact details of the sender are specified.
- Using the certificate, the destination "prints" hash and can see the document. If he has EDS, the reverse administration of the document also occurs according to the algorithm considered by us.
How to check the authenticity of the electronic digital signature?
As we have already found out earlier, the document enters the recipient in encrypted form. And to see it, a certificate is needed. This component is very important and is individual. Therefore, when receiving a document signed by you, the addressee may make sure that it was you who assured it by checking the certificate. Make it very simple:
- The recipient heshes the file, as the sender earned earlier.
- Decipheres the EDS using the open key that is in the certificate.
- Sees the hash that you sent together with the document.
- Compares with the one that came from him. If the hashies are the same, the document was not changed after the certification and is legal.
How to choose a suitable CEP?
There are many certificate tariffs intended for various needs. To select a suitable CEP, you should consider two important parameters:
- Capabilities of signature . There is no single EDS that could come to all areas right away. To work with public services, a basic CEP is required. For interaction with commercial portals, CEP is required with extensions (additions) for EP. In addition, for registration on some platforms, there are requirements for the receipt of CEP in certain certifying centers. Therefore, choose the signature that matters the most appropriate.
- Cost certificate . In addition to the capabilities of the signature, it is worth paying attention to its functionality. It makes no sense to overpay for unnecessary options: if you need EDS to transfer reports to the Federal Tax Service of Russia, there is no need to buy a certificate with access to trading areas - it is enough to get a standard CEP. The value of the signature also affects the cost. For individuals who need to work only with the public service site, the EDS will cost almost 10 times cheaper than organizations involved in trading on large sites.
How to get CEP?
- Apply to the Certification Authority. The UC is accredited by the Ministry of Communications of the Organization, which have the right to issue electronic signatures. The company "Signal-com" is one of them. You can contact us by leaving an application on the website or by calling 8 (495) 259-40-21.
- You will be sent a list of necessary documents to obtain EDS and samples of their fill. UC staff will also send an account for payment.
- You make to the account of the certifying center required amount and provide copies of documents (later the originals will be required):
- For individuals:
- For legal entities and IP:
- Constituent documents.
- Certificate EGRUL / EGRIP.
- Inn applicant.
Important : If you want to receive an electronic signature for another person or a whole organization, a notarized power of attorney will be required.
- The certifization center checks the received documents and confirms the payment. Typically, the procedure takes no more than 3 days. If the CEP is urgently required, the process can be reduced for an additional fee to several hours.
- After checking the documents, you are invited to the office, where you bring the originals of all of the above documents and certified copies.
- You get a flocheten flash drive, which contains a key, certificate and program to create a signature.
What is the certifying center?
This is an organization that has received an official permission from the FSB to carry out activities related to the production and sale of electronic digital signatures.
The certifization center performs several functions:
- Creates personal certificates . The CCC generates keys and certificates for creating electronic signatures that contain the contact details of the owner and technical information on the composition of EP. With the help of a personal certificate, the recipient of a certified document can check the EDS to make sure its accessories to a specific person.
- Provides EDS . You can only get a qualified electronic signature in an accredited certifying center. His staff will create a closed key and provide it only to you - the owner of the EDS.
- Provides verification certificates . The certifying center has its own base, which contains all the CEP issued. If you doubt the authenticity of the signature of a person who sent you a document, you can contact representatives of the CCC and make sure its loyalty.
EDS and federal law №54-ФЗ
Electronic digital signature helps to simplify work with online cash desks. It allows you to:
- Register a CCT through online . No longer need to come to the FTS with a cashier and wait for the end of the procedure for several days. All necessary documents can be sent to the site of the Federal Tax Service. And registration takes only 15 minutes.
- Work with the site . To conclude a contract with a fiscal data operator, you must obtain the EDS certificate. To do this, you can contact the partner of the OFD, come to his office and put a manual signature. But more convenient and faster to do it online.
- Interact with Egas . Get EDS stands for and to send data and signing documents related to alcoholic beverages.
Electronic signature - species, methods of application and receipt
Electronic signature (Earlier EDS) - own signature in electronic form, which you can sign documents. Federal Law No. 63-FZ dated 04/06/2011 identified three types of electronic signatures: simple, unqualified and qualified. They have a different level of protection and legal significance, so they are used in different situations.
Simple electronic signature
Simple EP is a login / password or code from the SMS that you enter for authorization in the online store, the Public Services portal or an internal corporate network, confirming your identity. A simple electronic signature has legal force in the provision of insurance, state and municipal services, as well as if the participants in the document management will agree on its recognition.
Unqualified electronic signature
Unqualified EP is an encrypted combination of characters, which confirms the identity of the user and allows you to detect changes to the document after signing it. Suitable for domestic workflow and work on the portal Nalog.ru. It is drawn up independently or in the certifying center. A document signed by unqualified EP receives legal significance if there is an indication of the law or an agreement has been reached between the parties.
Qualified electronic signature
The most secure signature, which has the same capabilities as unqualified. Unlike her, a qualified signature is created using encryption tools certified by the FSB. A qualified EP is issued only in certifying centers accredited by the Ministry of Communications of Russia. Any document that law is not prohibited in electronic form can be signed by a qualified electronic signature. It will have full legal force.
What are the most important differences between electronic signatures?
Properties of electronic signature
Method of receipt
Alone, when registering on the site
In any UTS
In accredited uz
Protection of signed document
Does not protect the document from the fake
Protects the document from the fake
Protects the document from the fake
Requires an agreement on recognition
Requires an agreement on recognition
Equal to his own signature
Where are stored
On any carrier
On any carrier
Protected Media (Ructane, Etoken)
Free or from 200 rubles
From 500 rubles
How to find out what you have a signature?
If you have only the physical medium of an electronic signature, then this means that you are unqualified or qualified EP.
To find out what exactly call to the technical support of the certifying center. If you received a signature in the UC "Tensor", please inform your Inn technical support specialist and it will tell you the type of EP.
When and what electronic signature to use
Simple electronic signature Suitable to any individuals who use Internet services for purchases of goods and services, fund management in the bank. It can be used to pay for the traffic police fines and get some services on the Public Services portal.
Unqualified electronic signature I need employees of companies to exchange documents with partners and domestic workflow (for signing orders, instructions, applications, certificates). Used to work in the personal account of the taxpayer.
Qualified electronic signature It is required by anyone who gives reports to FSS, FTS, FFR and other state bodies, signs contracts with counterparties, participates in state procurement and other types of trading. With the help of a qualified EP, you can register an online cashier in the FTS, submit to court or conclude an employment contract with a remote employee without a personal meeting.
Qualified electronic signature universal, it is suitable for work at most sites. However, some trading platforms impose additional requirements for electronic signatures. For example, in order for the signature certificate, an object identifier (OID) containing additional information about the owner of the EP and its powers. In the "Tensor" will be given EP for any trading platform.
Each person can use one or more electronic signatures. There are no restrictions on the number and variety of EP used.
What you need to receive an electronic signature
1. Create an application for a signature by one of three ways:
- To come personally into the offices of the company "Tensor" with the necessary documents. The grade of the signature is 1 hour.
- Submit an online application for EDS from the UC site. The manager will check the application, requests the scans of documents and will agree with you the date and time of the visit to the office to receive an electronic signature.
- Create an application from a personal account if you are already working in SBI. Attach the scans of documents and select the visit time to the office.
2. Pick up ready signature
If you have applied to remotely, go to the UC to the designated day and provide the original documents to make sure the personality. The manager will verify with the attached scans and, if everything is true, will release a qualified electronic signature certificate and give you a completely ready-to-use media.
You can get a qualified electronic signature in the office of the company "Tensor" or our partners in the region. Signature will make within an hour. And you can send Online application . The manager will check the application, after which will invite you to the office to receive EP.
You can order the delivery of electronic signature to the house or office. Our specialist who has been trained and certified according to the requirements of the FSB will bring EDS without allowing compromising.
Yandex maps do not support the version of your browser.Download Distribution
To update the browser.
What else may be required to work with the EDS
Cryptographic Protection Tool (SCJ) - a program responsible for working with signature and encryption documents. Cost from 1 200 rubles.
Media is a protected device in the form of a USB flash drive, which is set to an electronic signature certificate. Write the CEP on the usual USB flash drive. Cost from 1,400 rubles.
Views of media:
- Ructogen, Etoken (European version of the media) - are used to work on public portals, trading platforms, for reporting, for Edo. Cost: 1 400 rubles.
- Ructane EDS 2.0, Jacarta-2 SE - are intended only for sellers and alcohol manufacturers. Cost: 1,600 rubles.
What documents are needed for the release of signature?
In accordance with paragraph 2 of Article 18 of the Federal Law No. 63-FZ, the certifying center for the release of the signature will require the following documents:
- Citizens of the Russian Federation - Passport and SNILS.
- From foreigners - an identity document: passport, permission for temporary accommodation, residence permit, etc., and any document with the SNILS number: Insurance certificate itself, a certificate from the FIU with the number of SNILS or the accompanying statement in the form of adi-5.
- From representatives of the owner of the EP - power of attorney for receipt, originals or certified copies of documents of the owner of the signature, a passport of a representative or a document certifying personality.
How to assure copies of documents?
Individuals must assign copies of documents to obtain a signature only notarially. If you are in the territory of another country, you can assure copies in the consulate of the Russian Federation.
Legal entities and IP can assign copies on their own. If the organization or IP has a print, any employee of the company can assure copies. To do this, you must specify on the copy:
- The inscription "Copy of Verne" or "True";
- the position of the assured person with signature and decoding;
- certificate date;
- Print organization or IP.
If there is no print:
- For Jurlitz: Only the head of the manager should stand on copies, plus the charter is applied, in which there is no record that the organization works with the seal;
- For IP: Only the entrepreneur's signature should be on copies, plus "Certificate of State Registration of an individual as an individual entrepreneur" either "Head of Entity Entry" is applied.
A copy of the multi-page document can be certified in two ways:
- Separately assure each sheet of copies;
- To flash all the sheets, numb them and assure them on the reverse side of the last sheet at the firmware site, indicating the number of sheets.
Replaced the head - what to do?
In this case, you will need to release a new key of the electronic signature, and the old one is to cancel, contacting your manager in the certifying center.
How to withdraw a signature?
Contact your certifying center manager. It will issue an application for a feedback and send you an application for a signature. If you work in the SBI, then you can send an invoice on your own.
How to extend the signature?
The electronic signature certificate has a limited validity period, on average - 12 months. To extend the signature you need in advance, it is better 30 days before the expiration, contact your certifying center to extend.
If you received EP in the Certification Center "Tensor", then you will receive an automatic reminder with reference to the application to extend EP. Click on the application and follow the system prompts.
You can extend only the active EP. If her term has already ended, you will have to release a new one.
What carriers allowed to produce a signature?
The carriers can be: a protected flash drive (Jacarta-2, Ructane, Ructane EDP 2.0, etc.), flash drive and registry.
In accordance with Art. 27.3 Annex 2 To order of the FSB dated 12.27.2011 No. 796, the company "Tensor" issues EP keys on protected media. They also comply with the regulations of the Federal Antimonopoly Service on EP for State Procurement.
In addition, such devices:
- Support many cycles of rewriting, which increases the service life;
- Have a feature of information security - to access a container with a key, you need to enter a password.
How to check the EDS certificate?
You can check the authenticity of the electronic signature certificate on our website at the serial number or according to the owner.
Electronic signature is an electronic document attribute that allows you to establish authorship and immutability after signing. Depending on its type, the electronic signature can be fully equal to handwritten and provides legally binding files.
Functions of electronic signature
Sign any electronic signature files can sign, and individuals. Electronic signature:
- Identifies the author
- Allows you to determine whether changes made to the document after signing it (not all types of signature),
- confirms the legal force of the signed document ( Not available to all types signatures).
In Russia, three types of signatures are used.
Simple electronic signature, or PEP
A simple signature is a familiar pair of a login password in personal offices, SMS code, codes on scratch cards. Such a signature confirms the authorship, but does not guarantee the invariability of the document after signing, therefore, does not guarantee its legal significance. A simple electronic signature is most often used to obtain a civil servitude, with bank transactions, authentication on sites.
Unqualified electronic signature, or NEP
Due to the cryptographic NEP algorithms, not only allows you to identify the author of the signed document, but also to prove the invariance of information contained in it. An unqualified signature should be obtained in certifying centers on a special key carrier - tokene.
The NEP is suitable for electronic document management inside the company and with external counterparties. Only in this case, the parties will need to conclude an agreement on the mutual recognition of the legal force of electronic signatures.
Qualified electronic signature, or CEP
Just like the NEP, a qualified signature is created using cryptographic algorithms, but differs in the following:
A qualified electronic signature empowers documents with legal force and allows you to check whether the document changed after signing.
Cap for bidding is the widest application and is used:
- For reporting to controlling authorities,
- To participate in electronic trading on 44-FZ companies with a state institution as a supplier,
- For electronic document management, which has legal force without additional agreements between participants,
- for the organization and participation in procurement on 223-ФЗ,
- To work with state information systems (for example, on the portals of Rosreestra, FTS, FCS, in the SMEV systems, GIS GMP, GIS Housing and Hospital, ACCOT, filing information on the ERFSB portal, EPRSFDUL, for interaction with FGIS Rosaccreditism, etc.) ..
Some trading platforms require a qualified certificate to contain a special identifier (OID). So, to work at the UTender sites or the implementation center, you will have to buy a separate OID for each site. Places can refuse OIDs or enter them - accurate information about whether the site needs an additional identifier, you need to specify in the technical support of the site or read in its regulations.