Just about the electronic signature. How to get an electronic signature - a step-by-step algorithm Questions for readers

An electronic signature is such a phenomenon in modern life that it is easier to talk about how it works than to describe it. At least, the legislator's attempt to give the concept of an electronic signature can hardly be called successful.

"Electronic signature - information in electronic form, which is attached to other information in electronic form (signed information) or is otherwise associated with such information and which is used to determine the person signing the information ”(Article 2 of the Law of 06.04.2011 N 63-FZ).

And yet, from this description, we can conclude that an electronic signature, like a regular one, identifies the person to whom it belongs and expresses his agreement with the content of the signed document.

To be widely adopted, an electronic signature must have advantages that a personal signature on paper documents does not have. EP does have such advantages, and we will consider them below.

Legal regulation of electronic signature

The first law on electronic signature was adopted in January 2002 (No. 1-FZ of 10.01.02). True, the signature was called not just an electronic, but an electronic digital signature or EDS. Such an abbreviation is still found, although it is correct to use another combination - ES (electronic signature).

Now the use of electronic signature regulates new law- dated 06.04.2011 No. 63-FZ. ES is also mentioned in other regulatory legal acts, for example, in the law of July 27, 2006 No. 149-FZ, where it is called an analogue of the handwritten signature of an individual.

The Federal Security Service also took care of the regulation of the electronic signature, which, by Order No. 796 of December 27, 2011, approved the Requirements for electronic signature tools and certification center tools.

Everyone can get acquainted with the primary sources (frankly, not easy to understand) by following the links, and in this article we will answer practical questions: why do we need an electronic signature, and how to get it.

Why do you need an electronic signature?

First of all, such a signature to a much greater extent confirms the fact of signing the document (in this case, only an electronic document) by a certain person. The usual personal signature on paper, with the current development of technology, is quite easy to fake.

The tax authorities also like to announce that documents have been signed by an unidentified person, and this often entails an increase in the tax base, fines and other sanctions. An independent examination of a personal signature under significant documents cannot always help, because. not in all situations allows you to confirm or deny the fact of authenticity due to the small number of characters in the signature. If the document is signed with an electronic signature, then there is no longer any doubt about its authorship.

Please note that only handwritten signatures are recognized as equivalent enhanced qualified electronic signature.

The second advantage of using ES is the protection of an electronic document from unauthorized changes. Paper documents, even if they have a genuine signature, can be forged or supplemented. In addition, they can be accidentally damaged, lost, stolen, etc., and the absence of paper documents will not allow you to confirm any significant fact, because you can’t sew a word into action.

The third reason why the use of electronic signatures will continue to develop is the ability to perform actions or receive information without leaving home. EP allows:

  • apply for or;
  • make civil law transactions;
  • receive state and municipal services;
  • maintain a secure document flow;
  • hand over;
  • work with bank documents and manage funds on the current account;
  • participate in, bidding and;
  • carry out other legally significant actions.

Finally, while leading entrepreneurial activity in some cases, an electronic signature is no longer enough. So, reporting on and on employees (if there are more than 25 people) is now accepted only in electronic form.

Submission of reports in electronic form will only continue to develop, because this method reduces the labor and time costs of those who accept and submit reports; reduces the number of technical errors when filling out forms; protects reporting from unauthorized editing or viewing.

Where can I get an electronic signature?

Invent and create electronic signature you can’t do it yourself, specialized organizations are engaged in its issuance - certification centers. The requirements for them are established by Article 16 of Law No. 63-FZ, and among them:

  • price net assets organizations must be at least one million rubles;
  • financial security for liability for losses caused to third parties must be at least one and a half million rubles;
  • the number of qualified employees directly involved in the creation and issuance of certificates of electronic signature verification keys must be at least two.

Certification centers must be accredited by the Ministry of Communications. You can find a suitable regional certification authority or check its accreditation here:

By clicking on the name of the selected certification authority, you will be taken to a page with brief information about him, and from there - to the website of the organization itself.

For some time, it was possible to obtain an electronic signature in some branches of Rostelecom, but now its certification center reports that for technical reasons it has temporarily suspended the provision of this service.

Types of electronic signatures

Article 5 of Law N 63-FZ distinguishes three types of electronic signature: simple, enhanced unqualified and enhanced qualified.

A simple signature is a combination of characters, codes and passwords that allow you to establish the fact of the formation of an electronic signature by a certain person. Such a signature is quite easy to crack.

An enhanced signature (unqualified and qualified) is generated using an external medium - a flash drive or a floppy disk. Additional protection of the enhanced qualified signature is the ES verification key specified in the qualified certificate. Reporting and legal significant documents must be signed only with an enhanced qualified signature.

Certification centers offer different electronic signatures depending on the ability to access various resources. So, an ES for an ordinary individual for only 450 rubles allows you to maintain a secure legally significant document flow, receive state and municipal services online, and pay taxes through your personal account.

Universal electronic signatures provide maximum opportunities, including participation in and.

How to get an electronic signature?

Usually, all certification centers provide detailed advice on their websites to everyone who wants to receive an electronic signature. We briefly describe this process here:

1. Select a certification authority from organizations accredited by the Ministry of Communications.

2. Submit the necessary package of documents along with the application, which will vary depending on the type of ES owner - an ordinary individual, individual entrepreneur or organization. The minimum package of documents will be for an ordinary individual - a copy of the passport, SNILS and a certificate of TIN. You should familiarize yourself with the requirements for paperwork in the center itself, because some of them only accept notarized copies, while others request original documents for verification.

3. To identify the identity of the applicant - by appearing in person at the certification center or by sending a certified telegram through the Russian Post.

4. At the agreed time, come to the point of issue of the ES to receive qualified certificate and electronic signature keys.

How to check the authenticity of an electronic signature?

A special service has been created on the State Services portal that allows you to verify the authenticity of the ES. For verification, it is necessary to upload an electronic document, the authenticity of the signature of which must be confirmed, and the file of the electronic signature itself.

If the signature is authentic and the document remains unchanged, the service will issue a message about the verification, as well as information about the owner and publisher of the ES and its validity period.

With the help of which it is possible to establish whether the information contained in an electronic document has been distorted since the moment the signature was formed, and also allows you to confirm that a particular document belongs to the owner.

Deciphering the basic concepts

Each electronic signature must be confirmed by a special certificate that certifies the identity of the owner. You can get a certificate in a special center or from a trusted representative.

The owner of the certificate is an individual to whom the certification center has issued an electronic signature certificate. Each owner has two signature keys: public and private. The ES private key allows you to sign electronic documents, it can be used to generate an electronic signature. It is kept secret, like a pin code from a bank card.

The function of the public key is to verify the authenticity of the signature on documents. It is associated with a closed "colleague" in a one-to-one order.

In law

The Federal Law "On Electronic Digital Signature" subdivides ES into several types: simple ES, enhanced unqualified and qualified ES. Using a simple electronic signature, you can confirm the fact of creating an ES for a specific person. This is done through the use of passwords, codes, and other means.

An enhanced unqualified digital signature is the result of a cryptographic transformation of information, which is performed using the private key of the electronic signature. With the help of such a signature, it is possible to establish the identity of the signer of the document, as well as to detect, if any, changes that have occurred since the signing of the papers.

Qualified signature

The enhanced qualified ES has the same features, however, to create it, the DS is checked using certified Federal Service security of cryptoprotection means. Certificates of such a signature can only be issued in an accredited certification center, and nowhere else.

According to the same law, signatures of the first two types are equivalent to a handwritten signature on a paper document. Between people performing any operation using ES, it is necessary to conclude an appropriate agreement.

The third type (qualified digital signature) is an analogue of not only a handwritten signature, but also a seal. Thus, documents certified by such a signature have legal force and are recognized by regulatory authorities (FTS, FSS and others).

Application for legal entities

Currently, EDS is most commonly used for legal entity. The technology of digital signatures in electronic document management is widely used. The purpose of the latter can be different: external and internal exchange, documents can be of a personnel or legislative nature, organizational, administrative or commercial and industrial, in a word, everything that can get by with only a signature and a seal. EDS registration must be carried out in an accredited center.

For internal workflow digital signature useful in that it allows you to quickly initiate the fact of approval of papers that organize internal processes. EDS allows the director not only to sign documents while out of the office, but also not to store piles of papers.

In inter-corporate document management, an electronic digital signature is one of the most important conditions, because without it, digital papers have no legal force and cannot be used as evidence in the event of a lawsuit. An electronic document signed with an enhanced electronic signature retains its legitimacy even when stored in an archive for a long time.

Electronic reporting

EDS is indispensable for reporting to regulatory authorities. Many documents can be submitted electronically instead of carrying a whole pile of forms. The client can not only choose the time and not stand in line, but also submit reports in a way convenient for him: through 1C programs, portals public institutions or separate software specifically designed for this. EDS will be a fundamental element in such a process. For a legal entity that has received an electronic signature certificate, the main criterion should be the reliability of the certification center, but the method of its delivery is unimportant.

public services

Most citizens have come across the term "electronic signature" on various sites. One of the ways to verify an account, for example, on a portal that provides access to a set of public services, is confirmation by electronic signature. Moreover, the EDS for individuals allows you to sign any digital documents sent to a particular department, or receive signed letters, contracts and notifications. If the executive authority accepts electronic documents, then any citizen can send an application signed with a digital signature and not waste their time filing papers on a first-come, first-served basis.

UEC

An analogue of an EDS for individuals is a universal electronic card into which an enhanced qualified electronic signature is embedded. UEC has the form plastic card and is the identity of the citizen. It is unique, like a passport. Through this card, you can carry out many actions - from paying and receiving public services, to replacing documents such as a medical policy and a SNILS card.

A universal electronic card can be combined with an electronic wallet, bank account and even a travel ticket, in a word, with any of the documents that can be accepted digitally. Is it convenient to carry only one document? Or is it easier to keep everything in paper form? This issue will have to be resolved by every citizen in the near future, because technology is becoming more and more firmly rooted in our lives.

Other applications

Also, documents signed by ES are used to conduct electronic trading. The presence of a digital signature in this case guarantees buyers that the offers at the auction are real. In addition, contracts not signed with the help of the EOC have no legal force.

Electronic documents can be used as evidence when considering cases in an arbitration court. Any certificates or receipts, as well as other papers certified by a digital signature or other analogue of a signature, are written evidence.

Document flow between individuals occurs mainly in paper form, however, it is possible to transfer papers or conclude contracts using ES. Remote workers can use a digital signature to electronically submit acceptance certificates.

How to choose a certificate

Since there are three types of electronic signature, citizens often have a question about which certificate is better. It should be remembered that any ES is an analogue of a handwritten signature, and on this moment The legislation of the Russian Federation establishes that a person has the right to use them at his own discretion.

The choice of a digital signature directly depends on the tasks that will be solved through it. If reports are being prepared for submission to regulatory authorities, a qualified signature will be required. For inter-corporate document management, a qualified electronic signature is also most often required, because only it not only gives documents legal force, but also allows you to establish authorship, control changes and the integrity of papers.

Internal document flow can be carried out with all types of digital signatures.

How to sign an EDS document?

The main question for those who need to use for the first time digital signature, is how the document is signed. Everything is simple with papers - I signed and gave it away, but how to do it on a computer? Such a process is impossible without the use of special software. The program for EDS is called cryptographic provider. It is installed on a computer, and various activities with forms are already carried out in its environment.

There are a fairly large number of crypto providers, both commercial and free. All of them are certified by government agencies, however, if interaction with 1C:Enterprise is required, then the choice should be made on one of two products: VipNet CSP or CryptoPro CSP. The first program is free, and the second will need to be bought. You should also be aware that when installing two crypto providers at the same time, conflicts are inevitable, therefore, for correct operation, one of them will have to be removed.

Convenient, according to user reviews, an application for generating digital signatures is called CyberSafe. It not only allows you to sign documents, but also works as a certification center, that is, this program checks the digital signature. Also, the user can upload documents to the server, so the signed agreement or certificate will be available to all enterprise specialists who have access to the program, and there will be no need to send it to everyone by e-mail. On the other hand, you can also make it so that only a certain group of people get access.

EDO - mandatory or not?

Many enterprises have already appreciated that EDS is a convenience, and electronic document management(EDI) saves time, but whether or not to use it is entirely a personal choice. For the implementation of EDI, it is not necessary to connect the operator, by agreement, you can use regular e-mail or any other method of electronic transmission of information, it all depends on the agreement between the participants in the exchange.

The organization of any electronic document management is associated with certain costs, in addition, you will have to install and configure a program for signing documents - a cryptographic provider. This can be done both on your own and use the services of specialists who install the software remotely, even without a visit to the client's office.

EPC in internal EDI

In the case of intercorporate turnover, the pros and cons are immediately clear, and positive sides in the clear majority. Among the shortcomings, one can note only the costs of the EDS key, the organization of software (even if this is a one-time waste), as well as minimizing personal meetings of company representatives and managers, but if necessary, a meeting can be organized.

But what will be useful electronic document management within the enterprise? How will the costs of supplying all employees with EDS keys be paid off?

Using digital documents saves time: instead of first printing out the necessary paper and then looking for it among a pile of printouts or even going to another office if a network printer is used, an employee can sign and send everything without getting up from the table. In addition, when switching to EDI, the cost of paper, toner and Maintenance printers.

Digital documents can also be a tool for maintaining confidentiality. An electronic signature cannot be forged, which means that even if an employee or manager has ill-wishers inside the company, they will not be able to perform any substitution of documents.

Often, innovations move slowly, so that it may be difficult for employees to get used to the new format of filing documents at first, but once they appreciate the convenience of the EDS, they will no longer want to return to running around with pieces of paper.

Psychological barrier

Electronic digital signatures have appeared relatively recently, so it is difficult for many to perceive them as a real analogue of familiar paper documents. At many enterprises, a similar problem arises: employees simply do not consider the contract signed until the paper has a real seal and signature. They use scans from paper documents and easily lose their EDS key. Get over this psychological barrier help ... one more piece of paper. Officially certified by a "wet" signature, the provision on electronic document management will let employees understand that this is a serious thing, and digital documents should be treated the same way as analog ones.

Another problem may arise in the educational part. Many companies employ older workers. They are valuable personnel, experienced in their field, have a long history, but it can be quite difficult for them to explain how to use an electronic digital signature, because they have just recently been developing Email, but here everything is much more complicated, and even there are many nuances.

The task of training can be transferred to the IT department or to resort to the help of third-party specialists. Many companies provide computer training and courses for their employees, where they are explained the basics of working with e-mail and various programs. Why not include an application for generating digital signatures in this list?

More Russian enterprises are implementing electronic document management systems, already on their own experience, evaluating the advantages of this technology for working with documents. Electronic data exchange is carried out through information systems, computer networks, the Internet, e-mail and many other means.

And an electronic signature is an attribute of an electronic document designed to protect information from forgery.

Using an electronic signature allows you to:

  • take part in electronic auction, auctions and tenders;
  • build relationships with the population, organizations and government structures on a modern basis, more efficiently, at the lowest cost;
  • expand the geography of your business by remotely performing various operations, including economic ones, with partners from any regions of Russia;
  • significantly reduce the time spent on processing the transaction and the exchange of documentation;
  • build corporate system exchange of electronic documents (being one of its elements).

With the use of an electronic signature, work according to the scheme "development of a project in electronic form - creation of a paper copy for signature - sending a paper copy with a signature - consideration of a paper copy" is a thing of the past. Now everything can be done electronically!

Varieties of electronic signature

The following types are established and regulated: simple electronic signature and enhanced electronic signature. At the same time, an enhanced electronic signature can be qualified and unqualified.

Table

What is the difference between 3 types of electronic signature

Collapse Show

It is very difficult to forge any electronic signature. And with an enhanced qualified signature (the most secure of the three) with modern level computing power and the required time resources, this is simply impossible to do.

Simple and unqualified signatures on an electronic document replace a paper document signed with a handwritten signature, in cases stipulated by law or by agreement of the parties. An enhanced qualified signature can be considered as an analogue of a document with a seal (i.e. "suitable" for any occasion).

An electronic document with a qualified signature replaces a paper document in all cases, except when the law requires the document to be exclusively on paper. For example, with the help of such signatures, citizens can apply to government bodies to receive government and municipal services, and public authorities can send messages to citizens and interact with each other through information systems.

We sign with the private key, with the open key we verify the electronic signature

To be able to sign documents with an electronic signature, you must have:

  • ES key(so-called closed key) - it is used to create an electronic signature for the document;
  • ES verification key certificate (open ES key) - with its help the authenticity of the electronic signature is checked, i.e. the ownership of the electronic signature by a certain person is confirmed.

Organizations that carry out the functions of creating and issuing certificates of ES verification keys, as well as a number of other functions, are called certification centers.

In the process of creating an ES verification key certificate, an ES key and an ES verification key are generated for each user. Both of these keys are stored in files. So that no one except the owner of the signature could use the ES key, it is usually written down on secure key carrier(as a rule, together with the electronic signature verification key). Its just like a bank card, for additional protection supply PIN code. And just like with card transactions, before using the key to create an electronic signature, you must enter correct value PIN code (see picture).

Secure key media are manufactured by various manufacturers and usually look like a flash card. It is the provision by the user of the confidentiality of his ES key that guarantees that attackers will not be able to sign the document on behalf of the certificate owner.

To ensure the confidentiality of the ES key, you must follow the recommendations on the storage and use of the ES key, contained in the documentation, usually issued to users in the certification center - and you will be protected from illegal actions performed with the electronic signature key on your behalf. It is best if your private key is available exclusively to you. This idea is very important to convey to every owner of the key. This is best achieved by issuing guidance materials on this account and familiarizing employees with them against signature.

Drawing

The program asks for a password (PIN-code) in order to sign the document with an electronic signature using the ES key contained on the “flash drive” connected to the computer

Collapse Show

Example 1

Fragment of the Guidelines for ensuring the security of using a qualified electronic signature of Electronic Moscow OJSC

Collapse Show

When creating an electronic signature, electronic signature means must:

  1. show the person signing the electronic document the content of the information that he signs;
  2. create an electronic signature only after the person signing the electronic document confirms the operation to create an electronic signature;
  3. clearly show that the electronic signature has been created.

When verifying an electronic signature, electronic signature means must:

  1. show the content of an electronic document signed with an electronic signature;
  2. show information about making changes to an electronic document signed with an electronic signature;
  3. indicate the person using whose electronic signature key the electronic documents are signed.

The ES verification key certificate contains all necessary information to verify the electronic signature. The data of the certificate is open and public. Typically, certificates are stored in a store operating system in the certification center that produced it indefinitely (in the same way as a notary public stores all the necessary information about the person who performed the notarial act for him). In accordance with the provisions of Law No. 63-FZ verification Center who produced the certificate of the electronic signature verification key, is obliged to provide free of charge to any person at his request information contained in the register of certificates, incl. information about the cancellation of the certificate of the electronic signature verification key.

Collapse Show

Oleg Komarsky, IT specialist

The certification center that issued the electronic signature stores the certificate of the verification key of this ES indefinitely, more precisely, during the entire time of its existence. As long as the certification authority is working, there are no problems, but since center is commercial organization, it may cease to exist. Thus, in the event of termination of the activities of the CA, there is a possibility of losing information about certificates, then electronic documents signed with electronic signatures issued by the closed CA may lose their legal significance.

In this regard, it is planned to create a kind of state repository of certificates (both valid and revoked). It will be something like a state notary center, where data on all certificates will be stored. But for now, such information is stored in the CA indefinitely.

What should employers consider when equipping their employees with electronic signatures?

In the ES key certificate Necessarily there is information about the full name its owner, there is also the possibility inclusion additional information, such as Company name And job title. In addition, the certificate may contain object identifiers (OIDs), defining the relations in the implementation of which an electronic document signed by an ES will have legal significance. For example, an OID may state that an employee has the right to post information on the trading floor, but cannot sign contracts. Those. with the help of OID it is possible to delimit the level of responsibility and authority.

There are subtleties in the transfer of authority upon dismissal or transfer of employees to another position. They should be taken into account.

Example 2

Collapse Show

When the commercial director Ivanov, who signed the documents with an electronic signature, is dismissed, a new key carrier must be ordered for the new person who replaced Ivanov in this chair to work with the electronic signature. After all, Petrov cannot sign documents with Ivanov's signature (albeit electronic).

Usually, upon dismissal, re-issuance of ES keys is organized; as a rule, for this, employees themselves visit a certification center. The organization that pays for issuing the keys is also the owner of the key, so it has the right to suspend the validity of the certificate. Thus, the risks are minimized: the situation when the dismissed employee could sign documents on behalf of the former employer is excluded.

Collapse Show

Natalia Khramtsovskaya, Ph.D., leading expert in document management of the EOS company, ISO expert, member of the GMD and ARMA International

The effective business activity of an organization depends on many factors. One of the key elements of the entire management system is the principle of employee interchangeability. You should think in advance about who will replace employees who are temporarily not fulfilling their official duties due to illness, business trip, vacation, etc. If your organization deals with the signing of documents with electronic signatures, this aspect must be considered separately. Anyone who neglects this organizational issue runs the risk of running into serious trouble.

Indicative in this sense is case No. A56-51106/2011, which was considered by the Arbitration Court of St. Petersburg and the Leningrad Region in January 2012.

How did the problem occur:

  • In July 2011, Tvernefteprodukt Sales Association LLC submitted a single application for participation in an open auction in electronic form for the supply of gasoline using fuel cards for the Upper Volga branch of the Federal State Budgetary Scientific Institution “State Research Institute of Lake and River Fisheries” (FGNU "GosNIORKh"). The auction commission of the customer decided to conclude a state contract with the only participant in the auction.
  • The draft state contract was sent by the customer to the operator of the electronic platform on July 12, 2011, and the latter transferred it to the LLC. Within the period established by law, the LLC did not send the draft contract signed by the electronic signature of the person entitled to act on behalf of the order placement participant to the operator of the electronic site, because this official was on sick leave.
  • In July 2011, the St. Petersburg Department of the Federal Antimonopoly Service (UFAS) considered the information provided by the customer about the LLC's evasion from concluding a contract and it was decided to include it in the register unscrupulous suppliers.

Disagreeing with the decision of the OFAS, the LLC went to court. All three courts found LLC guilty of contract evasion. And in the last instance in October 2012, it emerged that the LLC applied to the customer on August 10, 2011 and called not the illness of its employee, but his negligence, as the reason for not signing the contract.

Another interesting case occurred when signing a state contract with an electronic signature of an unauthorized person. This case was considered by the Arbitration Court of the Kaluga Region in September 2011 (case No. A23-2637/2011).

The circumstances were:

  • In March 2011, SEL TEHSTROY LLC was declared the winner of an open auction. By this time, the LLC had a change in the general director: the former general director V. became the deputy of the new general director P. But the new general director had not yet had time to issue an EDS. Therefore, on March 14, 2011, we decided to “simplify our lives” and sign a government contract using the EDS of V. who left his post. However main mistake was that V. signed the document as CEO SEL TECHSTROY LLC.
  • Information about the dismissal of General Director V. and the appointment of P. as General Director, as well as the power of attorney to act on behalf of the participant in the order, issued by V. already as Deputy General Director, were posted on the website of the electronic trading platform only 03/24/2011, i.e. after signing and sending the contract to the customer.
  • This oversight was noticed by the customer, believing that the contract was signed by an unauthorized person, and in April 2011 he turned to the OFAS. As a result, OFAS included LLC in the register of unscrupulous suppliers for a period of 2 years due to evasion from concluding a state contract.

When considering this case in the first court instance, the court noted that the new general director of the company, P., in his explanations to the OFAS, firstly, confirmed the readiness to sign the state contract, and secondly, admitted the mistake, without disputing the authority of V., indicated in power of attorney. In addition, the fact that the power of attorney was posted on the official website of the electronic platform, albeit belatedly, was regarded by the court as active actions by the company to eliminate the mistake made. As a result, the Arbitration Court ordered the OFAS to exclude LLC from the register of unscrupulous suppliers. In December 2011, the 20th Arbitration Court of Appeal upheld the position of the trial court.

But Federal arbitration court The Central District in March 2012 judged otherwise. In his opinion, on March 14, 2011, V. used the EDS in violation of the provisions of Art. 4 federal law"On electronic digital signature" and the conditions specified in the signature key certificate (after all, an electronic document with an EDS that does not comply with the conditions included in the certificate has no legal significance). Ultimately, the court concluded that government contract was signed by an unauthorized person, and recognized as lawful the decision of the OFAS to recognize LLC as an unscrupulous supplier.

Similar cases are often heard by the courts. Then the director, who has an ES key certificate and has the right to sign documents on behalf of the company, is dismissed, and new director does not have time to make an electronic signature for himself and sign a contract on time. They try to sign documents with the signature of an employee who has already left (or transferred to another position in the same organization). Then there are problems with the negligence of employees or their illness (as in the first of the described cases), and again they do not have time to delegate authority to another person and issue him an ES. And the result is the same - the organization falls into the list of unscrupulous suppliers and loses the right to conclude contracts financed from the budget.

The receipt by an employee of an organization of an ES key, ensuring its safety and actions with it are usually regulated by an order for an organization with the approval of instructional materials. They define the procedure for using ES keys for signing documents, obtaining, replacing, revoking the certificate of the ES verification key, as well as the actions performed when the ES key is compromised. The latter are similar to the actions performed when a bank card is lost.

How to choose a certification authority?

Law No. 63-FZ provides for the division of certification centers into those that have passed and those that have not passed the accreditation procedure (now it is carried out by the Ministry of Communications and mass communications RF). An accredited certification center is issued an appropriate certificate, and in order to obtain a qualified certificate of the ES verification key, it is necessary to apply to such a CA. Non-accredited CAs can only issue other types of signatures.

When choosing a CA, it should be taken into account that not every one of them uses all possible crypto providers. That is, if partners organizing electronic document management need electronic signatures generated using a specific cryptographic provider, then you should choose a certification center that works specifically with this cryptographic information protection tool (CIPF).

The procedure for obtaining an EP and the necessary documents

To organize the exchange of electronic documents between organizations, you must perform the following steps:

  • determine the goals and specifics of the document flow between your and another organization. This should be formalized in the form of an agreement or contract that defines and regulates the operations and composition of documents with an electronic signature transmitted electronically (such standard contracts sign, for example, banks with clients, allowing them to use the client-bank system);
  • to exchange certificates of ES verification keys of persons whose signatures will be transferred between organizations. It is clear that partners can receive such certificates not only from each other, but also from the certification authority that issued these certificates;
  • issue internal instructions regulating the procedure for transferring and receiving electronic documents to another organization, including the procedure for verifying the electronic signature of received documents and actions in case of detection of the fact of making changes to the document after signing it with an electronic signature.

For the production of electronic signature keys and certificates of ES verification keys, users must submit to the certification center application documents, documentation confirming the accuracy of the information to be included in the ES verification key certificate, as well as the corresponding powers of attorney.

To ensure the proper level of user identification, the procedure for obtaining certificates of ES verification keys requires the personal presence of its owner.

True, there are exceptions. For example, today for employees of government and budget organizations, as well as employees of the executive authorities of the city of Moscow, the certification center of Electronic Moscow JSC developed a system for the mass issuance of certificates of electronic signature verification keys (EPCEP), which, while maintaining a high level of user identification reliability, makes it unnecessary to visit the certification center by each employee personally, which significantly reduces money and time costs of the organization in comparison with the issuance of SCPE, organized according to the traditional scheme.

How much does an electronic signature cost?

It is a mistake to think that a certification center simply sells media for storing keys and certificates, the service is complex, and the media with key information is one of the components. Price full package of electronic signature depends on:

  • region;
  • pricing policy certification center;
  • types of signature and its scope.

Typically, this package includes:

  • services of a certification center for the production of an ES verification key certificate;
  • transfer of rights to use the respective software(SKZI);
  • providing the recipient with the necessary software for work;
  • supply of a secure key carrier;
  • technical support users.

On average, the cost varies from 3,000 to 20,000 rubles per full package with one carrier of key information. It is clear that when an organization orders a dozen or hundreds of key certificates for its employees, the price per one "signer" will be significantly lower. Reissue of keys is carried out in a year.

Currently, in Russia, the circulation of electronic documents using an electronic signature is rapidly gaining momentum. Electronic signature is widely implemented in government organizations as well as in private businesses. At the same time, it should be taken into account that different types of ES have different prices, that a document certified by an ES is legally significant, so the transfer of key carriers along with a PIN code to other persons is unacceptable.

Most importantly, an electronic signature significantly saves time, eliminating paperwork, which is extremely important in a highly competitive environment and when partners are located remotely.

The problem so far remains only in the plane of confirming the authenticity of such a signature and a document with it throughout its long period of storage.

Footnotes

Collapse Show


Hello! In this article we will talk about electronic digital signature.

Today you will learn:

  1. What is an EDS and in what areas can it be applied;
  2. On the legal force of a signature of this format;
  3. About the benefits that its presence provides.

EDS has been a tool for some time, thanks to which the movement of documentation is simplified. And this happens not only within the company, but also outside it. How to become its owner, consider today.

EDS - what is it in simple words

Everyone knows that any document is signed by a person who has such authority. This is done in order to give the document legal force. Thanks to modern technologies, the entire document flow becomes electronic form. And it turned out to be extremely convenient!

What is EDS in simple terms?

EDS this is an analogy to a conventional signature, which is used to give legal effect to documentation located on an electronic medium.

It is usually stored on a flash drive.

Advantages:

  1. Simplifies and speeds up the process of data exchange (when there is cooperation with foreign companies);
  2. Reducing the costs associated with document management;
  3. Increasing the level of security for information of a commercial nature.

Terms related to EDS

Two other concepts are closely related to this concept: key And electronic signature certificate.The certificate confirms that the ES belongs to a specific person. It is strong and ordinary. An enhanced certificate is issued either by a certification authority or by the FSB.

The key is the characters in the sequence. They are usually used in pairs. The first is the signature itself, the other confirms that it is genuine. For everyone's signature again created document, a new key is generated.

The information that is received at the CA is not a digital signature, it is a means to create it.

A bit of history

The first EPs began to be used in Russia in 1994. And the law to regulate their use was adopted in 2002. It was extremely vague and ambiguous in its terminology. The issue of obtaining a signature was also practically not covered in it.

Since 2011, state structures have switched to electronic document management. And all officials received an EDS.

In 2012, this process took on a global scale, and thanks to this, we can now become the owners of universal modern signatures.

How to get an electronic digital signature

Consider a situation in which a person has evaluated all the advantages of this tool and a decision has been made to obtain an EDS. So, the question arose: what needs to be done for this? Let's talk about this in more detail.

To obtain an electronic digital signature, you need to go through several important steps:

  • Decide on the type of signature;
  • Select a certification authority;
  • Fill out an application;
  • Pay the invoice;
  • Collect the necessary documentation package;
  • Get an EDS.

Now we will discuss each step in detail.

Step 1. Choose the type of signature that best suits you.

Over the past period of time, the number of those who want to receive an enhanced electronic signature has increased. This is due to the fact that it can confirm not only the identity of the sender of the document, but is also protected to the maximum. According to a number of experts, simple EDS will soon cease to exist completely.

Let's present in the form of a table in which areas they are used different kinds signatures.

No. p / p Where apply simple view Unskilled Skilled
1 Maintaining internal paperwork V small companies meets Yes Yes
2 Maintaining external documents rare Yes Yes
3 At the Arbitration Court Yes Yes Yes
4 When accessing the State Services website Yes No Yes
5 In the regulatory authorities No No Yes
6 When conducting electronic trading No No Yes

Step 2 Select a certification authority.

If you need to get an EDS in order to submit reports, choose a qualified one, but if you just keep a document flow, then a simple one.

Let us clarify that the CA is a legal entity, the purpose of which is the formation and issuance of an EDS.

In addition, the UC carries out the following activities:

  • Verifies that the signature is valid;
  • If necessary, blocks the EDS;
  • Acts as a mediator if a conflict situation suddenly arises;
  • Provides technical support;
  • Provides required software to clients.

There are about 100 UTs in the Russian Federation. It is better to choose the one that suits your location and capabilities. You can first check if there are any in your city. It's easy to do: just look at the information on the official website.

Step 3. Making an application.

To do this, either visit the office of the center, or fill it out online. The remote method allows you to avoid a personal visit to the CA, that is, save a certain amount of time.

As soon as the submission of the application is completed, the CA specialist contacts the client to clarify the data specified in it. You can ask questions and get advice.

Step 4. We pay.

You will have to pay for the service in advance. As soon as the application is accepted, all the details are agreed, the client is billed. The cost may vary, as it depends on the region where the client lives, on the company itself and on what kind of EDS you want to receive.

Moreover, the price range is quite large - from 1500 to 8000 rubles.

Documents for EDS

When collecting documents, an important nuance is the following: an EDS is needed for an individual, an EDS for a legal entity, or for an individual entrepreneur. Therefore, we will characterize the documentation separately.

To obtain a signature, individuals must collect the following set of documentation:

  • Completed application form;
  • Passport with photocopy;
  • SNILS;
  • Receipt confirming the payment of the invoice.

If the recipient has a trustee, they can handle the submission of documents. The only thing you need is a power of attorney to perform such actions.

Legal entities need to prepare:

  • Completed application;
  • Certificate of OGRN;
  • Certificate of TIN;
  • (not overdue);
  • Passport with a copy of the person who will use the EDS;
  • Payment receipt;
  • SNILS of the person who will use the EDS;
  • If the signature will be used by the director, an order must be provided on the basis of which he holds this position;
  • For other employees, powers of attorney are required so that they can use the EDS.

IP provide:

  • Completed application;
  • Certificate of OGRNIP;
  • Certificate of TIN;
  • An extract from the register of entrepreneurs, which is not more than 6 months old (a copy is possible);
  • Receipt confirming payment.

If the application was submitted remotely, required documents sent to the CA by mail, if personally, then along with the application.

Electronic signature for individuals

For individuals, there are 2 types of signatures: qualified and unqualified. The procedure for obtaining, when compared with legal entities, is much simpler.

Individuals usually use ES to sign certain papers.

Currently, such systems have been developed for its application, such as:

  • Unified portal of public services;
  • ESIA network, for various information.

For the ESIA, a simple type of ES is sufficient, but for the public services portal, a qualified one is used.

To obtain an EDS, a citizen also applies to the CA, with all the documents and an application. You also need to have a flash drive with you, on which the private part of the key, known only to the owner, will be written.

The procedure looks like this:

  • Apply to the CA for a certificate and to obtain an EDS key;
  • Choose a password;
  • Filling out forms for obtaining keys;
  • Submission of all documents;
  • Obtaining a certificate for keys.

Electronic signature for legal entities

The receipt algorithm is practically the same as obtaining a signature by an individual. In the same way, a CA is selected, all the necessary documents are collected, and the invoice is paid. The only thing to remember is that the extract from the Unified State Register of Legal Entities must be received on time, since the process of its preparation takes about 5 days.

Hash function: why you need it

hash function is a unique number that is obtained from the document by converting it using an algorithm.

It has an increased sensitivity to various kinds of distortions of the document, if at least one character in the original document changes, most of the characters of the hash value will be distorted.

The hash function is designed in such a way that it is impossible to restore the original document by its value, and it is also impossible to find 2 different electronic documents that have the same hash value.

To form an EDS, the sender calculates the hash function of the document and encrypts it using a secret key.

talking in simple words, it is designed to facilitate the exchange of data between users. It is a key data protection tool.

The file being signed goes through the hashing procedure. And the recipient will be able to verify the authenticity of the document.

Legal force of EDS

An EDS has the same legal force as an ordinary signature in a paper version of a document, if it was applied without violations. If deviations were found, the document is not valid. The state regulates the process of using EDS by the Federal legislation.

EDS validity period

The EDS is valid for 12 months from the day it was received. As soon as this period ends, it is extended or another one is received.

Summing up. EDS use brings the greatest benefit large companies and businesses. Thanks to it, the document flow becomes cheaper, wide horizons for business open up.

It is also beneficial for ordinary citizens to have it. No need to stand in lines, order the state. services without leaving home. EDS is a modern, convenient and profitable tool.

Hello dear colleague! In this article, we will talk in detail about how to obtain an electronic signature and what is required of you for this. This is most likely not an article, but step by step algorithm, in which I tried to answer all the most important questions on this topic. Now I will not tell you about what a digital signature is and why it is needed. I talked about this in sufficient detail in my . You can go and read it, and then return to the study of this article. So, let's get started...

Algorithm for obtaining an electronic signature

I decided to start my article with a description of the sequence of steps that you need to complete in order to obtain an EDS.

  1. Choose which electronic signature (ES) you need.
  2. Select a Certification Authority (CA).
  3. Fill out and send the application to the UC.
  4. Get an invoice and pay it.
  5. Submit all necessary documents (scans) to the CA.
  6. Arrive at the CA with the original documents to receive the ES.

Let's now take a closer look at each step.

Step 1. Selecting an ES

At this stage, you must determine for what purposes and tasks you need an ES. This may be the key to work with EPGU (Unified Portal of State and Municipal Services); key for reporting to Rosalkogolregulirovanie, Rosfinmonitoring, Pension Fund, tax authorities, etc.; or a key to work on electronic platforms and participate in electronic auctions.

Step 2. Selecting a Certification Authority

The current list of Certification Authorities for obtaining an EDS is always available on the official website of the Ministry of Telecom and Mass Communications of the Russian Federation - www.minsvyaz.ru .

To do this, you need to go to this site, and on the main page in the "Important" column, find the "Accreditation of certification centers" section.

This format is opened with Microsoft programs excel or other spreadsheet editor. As of May 26, 2015, 361 CAs were included in this list.

One of these CAs is the Certification Center of Internet Technologies and Communications LLC.

This is the certifying authority that I know personally and whose quality of services I can vouch for. Good team, excellent and quality service, use modern technologies, as well as the speed of service and reasonable prices.

Step 3. Filling out the application

After you have chosen a suitable CA, you must fill out and send an application for issuing an electronic signature. This can be done remotely - on the center's website, or directly at the office.

In this form, you need to specify your name, e-mail address (e-mail), contact phone number and comment: "I need an electronic signature", as well as enter "captcha" - an alphabetic code located to the left of the input field. After that, click on the "Submit Application for EDS" button.

Within one hour from the moment of submitting the application, the manager of the center will contact you to clarify the details, and will advise you on all available questions.

Step 4. Paying the bill

I think this step will not cause you any difficulties. Pay the bill and send the supporting document to the CA.

Step 5. Submission of documents to the CA

When submitting an application for the production of an ES key certificate to a certification center, the applicant must provide the necessary package of documents.

Documents for obtaining an EDS

List of documents for individuals:

- an application for the issuance of an EP;

— insurance certificate of state pension insurance (SNILS).

List of documents for legal entities:

- an application for the issuance of an EP;

- certificate of state registration legal entity (OGRN);

- certificate of registration with the tax authority (TIN);

- extract from the Unified State Register of Legal Entities, for a period of not more than six months from the date of its receipt (original or notarized copy);

Note: Requirements for the expiration date of an extract may differ for different CAs.

- passport of a citizen of the Russian Federation of the future owner of the electronic signature (copies of the page with a photo and a page with a registration);

- insurance certificate of state pension insurance (SNILS) of the owner of the electronic signature;

If the ES is made in the name of the head of the organization, then it is also necessary to provide a document on the appointment of the head with his signature and seal of the organization;

If the owner of the ES is not the first person, but an employee of the organization (its authorized representative), then it is necessary to provide as part of the documents a power of attorney to transfer powers to such an employee with the signature of the head and the seal of the organization;

If the documents are submitted or received by an electronic signature not by the owner of the electronic signature, but by an authorized representative of a legal entity, then it is necessary to provide a power of attorney to transfer functions to him with the signature of the head and the seal of the organization, as well as an identity card (passport of a citizen of the Russian Federation) of such a representative.

List of documents for individual entrepreneurs (IP):

- an application for the issuance of an EP;

- certificate of state registration of IP;

- certificate of registration with the tax authority (TIN);

– extract from the USRIP, for a period of not more than six months from the date of its receipt (original or notarized copy);

Note: Requirements for the expiration date of an extract may differ for different CAs.

- passport of a citizen of the Russian Federation (copies of the page with a photo and a page with a residence permit);

— insurance certificate of state pension insurance (SNILS);

If the documents are submitted or received by an electronic signature not by the owner of the ES, but by his authorized representative, then it is necessary to provide a power of attorney certified by a notary for this representative.

If the owner of the ES transfers all functions for its receipt to his authorized representative, then the list necessary documentation also includes an identity card (passport of a citizen of the Russian Federation) of this authorized representative.

Step 6. Obtaining an ES

You can get an electronic signature at any CA issuing point convenient for you, providing the originals of all required documents. The originals will only be needed to verify the information and will then be returned to you.

So we have considered the whole procedure for obtaining an EDS, as you can see, there is nothing complicated about it.

How much does an electronic signature cost?

It is rather difficult to answer this question precisely, since the cost of an EP depends on the following parameters:

- type and scope of EP;

— CA pricing policy;

- the region of issue of the EP.

It is also worth clearly understanding what this cost consists of:

— execution and issue of the ES key certificate;

— granting rights to work with specialized software;

– issuance of software tools necessary for working with ES;

— transfer of the security key of the electronic signature carrier;

- technical support.

The range of prices for issuing an electronic signature for participation in electronic auctions ranges from 5 to 7 thousand rubles.

Time limit for making an electronic signature

The production time of the EP is completely up to you, i.e. on how quickly the necessary package of documents is prepared and submitted to the CA and payment for this service is made. Someone can get an EDS in 1 hour, and for someone it can take from several days to one week. But the average time for issuing an EDS for most CAs is 2-3 business days. The term for making an extract from the Unified State Register of Legal Entities or EGRIP in the Federal Tax Service is 5 working days. Therefore, take care of receiving it in advance.

EDS validity period

Keep in mind that the EDS is valid for exactly 1 year. Those. EDS must be reissued every year. You can renew the EDS at the same CA where you received it, or apply for issuance at another CA.

What does an electronic signature look like?

Most of us are used to the fact that an electronic signature looks like a regular flash drive. This is the so-called key carrier (ruToken or eToken). Inside, this flash drive consists of a crypto program (CryptoPro CSP), a private key and a public key. You can read about this in more detail.

Electronic signature verification

Verifying the authenticity of an electronic signature is quite simple. To do this, you need to follow a simple sequence of actions, which is described in this video tutorial:

EDS pin code

Key carriers or USB keys (eToken, ruToken, ruToken EDS) are issued with standard passwords (pin codes) already installed:

- For eToken this password is 1234567890;

- For ruToken And ruToken EDS these are: user - 12345678; administrator - 87654321.

After receiving this key carrier and installing the drivers on your computer, you can change these pin codes.

This concludes my article. I hope I was able to answer all your questions. If not, then ask them below in the comments. Like and share information with your friends and colleagues.

P. S.: If you need an electronic signature great price from a trusted Certification Authority, then leave your application.

© 2023 vangoghlife.ru. How to make money without investment.