(EDS) electronic signature for government services, creation and receipt. Just about electronic signature What is an electronic digital signature key

This is a detail of an electronic document obtained as a result of cryptographic transformation of information using a private signature key. An electronic digital signature (EDS) allows you to confirm that the EDS belongs to its owner, as well as to record the state of information or data (the presence or absence of information distortions) in an electronic document from the moment of its signing.

In fact, an electronic signature is an analogue of the owner’s handwritten signature. Therefore, it can be used when signing electronic documents of any level.

Each owner of an electronic signature must have a certificate. In fact, this document confirms that the public key of the electronic signature belongs to the owner of the certificate. Such paper is issued by certification centers or their authorized representatives.

How and where to obtain an EDS certificate?

To obtain an electronic signature certificate, you just need to register on the certification authority’s website. Next, indicate the legal status of the organization for which you need to purchase an electronic signature, the region and point of issue of the certificate, and enter information about your organization. After completing the registration, the user will be provided with a digital act, agreement, invoice and a list of required documents. All that remains is to go to the specified digital signature issuing point, pay the bill, provide the required set of documents and get a signature.

You can register on any website of the certification authority; there are many of them on the Internet.

What are the advantages of using an electronic signature?

If we talk about individuals, then in this case it is convenient because it allows remote interaction with government, educational, medical and other information systems via the Internet.

EDS opens up more opportunities for legal entities. They can participate in electronic auctions, organize legally significant electronic document flow and submit electronic reports to regulatory authorities.

Moreover, according to certification centers, having a qualified electronic signature can solve everyday problems without visiting government agencies and without presenting a passport. It is enough to register on the gosuslugi.ru portal, where the user will have access to a wide range of services: from replacing a passport to filing a tax return, paying traffic police fines and much more.

Types of digital signatures and their differences

According to Federal Law No. 63-FZ “On Electronic Signatures,” there are several types of digital signatures:

• Simple electronic signature. Such a signature, through the use of codes, passwords and other means, confirms the fact that the electronic signature was created by its owner.
• Enhanced unqualified signature. It is obtained as a result of cryptographic transformation of information using a private signature key. A strengthened unqualified electronic signature allows you to identify the person who signed the electronic document, as well as detect the fact of making changes to the document after its electronic signing.
• Strengthened qualified signature. In many ways it duplicates the previous type of signature, but its advantage is that cryptographic protection certified by the Federal Security Service of the Russian Federation is used to create and verify it.

Moreover, qualified signature certificates are issued by strictly accredited certification centers.

If we compare the advantages of the last and two previous signatures, the advantage is definitely in favor of the latter. According to the aforementioned Federal Law No. 63 “On Electronic Signatures,” an electronic document signed with a simple or enhanced unqualified electronic signature is recognized as equivalent to a document on paper, but only under one condition: if the participants in electronic interaction have entered into an appropriate agreement among themselves.

An enhanced qualified signature on an electronic document is a 100% guarantee of a handwritten signature and seal on a paper document. So, regulatory authorities like the Federal Tax Service, the Pension Fund of the Russian Federation, the Social Insurance Fund recognize the legal force of an electronic document signed with an enhanced qualified signature.

Electronic digital signature is now widely known - many modern companies are slowly switching to electronic document management. Yes, and in everyday life you have probably come across this thing. In a nutshell, the essence of digital signature is very simple: there is a certification center, there is a key generator, a little more magic, and voila - all documents are signed. It remains to figure out what kind of magic allows a digital signature to work.

Roadmap

This is the fifth lesson in the “Dive into Crypto” series. All lessons in the series in chronological order:

1. Key generation

The reason for RSA's strength lies in the difficulty of factoring large numbers. In other words, it is very difficult to brute-force to find such prime numbers that in the product give modulus n. Keys are generated the same way for signing and encryption.

Once the keys have been generated, you can begin to calculate the electronic signature.

2. Calculation of electronic signature

3. Electronic signature verification

RSA, as we know, is about to retire because computing power is growing by leaps and bounds. The day is not far when a 1024-bit RSA key can be guessed in minutes. However, we will talk about quantum computers next time.

In general, you should not rely on the strength of this RSA signature scheme, especially with such “crypto-strong” keys as in our example.

Continuation is available only to members

Option 1. Join the “site” community to read all materials on the site

Membership in the community within the specified period will give you access to ALL Hacker materials, increase your personal cumulative discount and allow you to accumulate a professional Xakep Score rating!

An electronic signature is a digital analogue of a person’s handwritten signature, created using cryptographic information protection and allowing one to accurately determine the authorship of the owner of the signature on electronic documents. Thanks to the development of information technology, electronic document management has become increasingly used, and there is a need to give it legal significance. Electronic digital signature became such a tool. Let's figure out why an electronic signature is needed, in what cases it is used and how to obtain it.

What is digital signature

At first, digital signatures were used exclusively by legal entities, because its presence greatly simplified the work with documents. Today, an individual can also obtain this signature. Possessing it, almost any person has the opportunity to use all the benefits of the information society for personal purposes.

Why do you need an electronic signature? Using an electronic digital signature, identification and confirmation of the originality of documents received in electronic form are carried out. At the legislative level, the issue of using Electronic Signatures is regulated by 44-FZ, which came into force on January 1, 2014.

Why do you need an electronic signature and what is its convenience?

An electronic digital signature is a modern way of confirming the authenticity of documents. Serves as an analogue of a citizen’s personal signature. An electronic document certified by such a signature acquires legal force. EDS is information that is stored on flash media.

The most important advantage of an digital signature is that it is almost impossible to fake. Correct use of an electronic signature eliminates the possibility of fraud and fraud.

• name of the signature public key file;
• information about the individual who formed the signature;
• date of formation of the digital signature.

Thanks to cryptographic modification, the document becomes a set of characters generated using software that creates the digital signature. This file can only be opened by the person to whom it is addressed.

With the help of Electronic Signature, you can solve problems much faster and without queues. An individual issues an electronic signature verification key certificate for the following actions:

1. Get access to the services of the Unified Portal of State Services gosuslugi.ru (receiving and recalculating pension savings, obtaining a foreign passport and a passport of a citizen of the Russian Federation, obtaining citizenship and visas, working on the nalog.ru portal, registering at the place of residence, applying for benefits, receiving benefits, registering transport funds, obtaining a driver's license).
2. Register a legal entity/individual entrepreneur and not pay the state fee.
3. Safely formalize your employment relationship.
4. Participate in electronic trading (purchase/sale of real estate, purchase/sale of parking spaces, etc.).
5. Apply for a patent for an invention.
6. Submit an application to the university.
7. Submit an application to the registry office.
8. Complete an online loan application.

Friends, VALUE YOUR TIME!

Where can an individual obtain an electronic signature?

EDS key certificates are produced and issued to individuals by a Certification Center licensed by the FSB of the Russian Federation, whose responsibilities include recording all users who contact it, as well as canceling, renewing and terminating the validity of issued key certificates. The certification center provides its clients with all the necessary support in matters of working with digital signatures. A person who wishes to obtain such a signature must contact any Certification Center, where a specialist will take the form from him and also offer to sign a consent to the processing of personal data and an agreement for the provision of services of the Certification Center.

You can also fill out an application on the CA website. Once your request has been processed you will be contacted. As a rule, the production time for an electronic signature is about three working days. And the cost of services for its production depends on the area in which it will be used, as well as on anti-virus protection. The addresses of the nearest CAs in the desired region can be found on the Internet and on the Ural Federal District portal.

There are many certification centers in each region. A complete list of them (those that are accredited and can be trusted) can be found on the website of the Federal Tax Service of the Russian Federation.

There is also a special service for verifying the authenticity of an electronic signature on the State Services website.

You can also obtain a certificate for an individual using a Universal Electronic Card. You can obtain an electronic signature for the UEC at the customer service center when receiving the card. To do this, you need to inform the employee about your desire to use an electronic signature.

What documents are needed to complete an application for an electronic signature?

You can obtain an EDS certificate by providing original documents, as well as making copies of them:

• passport of a citizen of the Russian Federation, as well as copies of pages 2 and 3 of the passport and pages with current registration;
• TIN certificate and its copy;
• SNILS;
• application for issuance of digital signature.

If the documents for issuing an electronic digital signature are provided not by the owner, but by his legal representative, then a notarized power of attorney, as well as the representative’s passport and a copy thereof, must be attached to the list of documents.

How to use an electronic signature

The question of how to use an electronic signature can be answered complexly (by explaining the technical details of the process of working with an electronic signature) or simply (by telling what you can do with it in practical use). We'll take the simple route:

1. EDS can be used as an analogue of your own signature on a document. It is in this way that a digital signature is most often used in electronic document management.
2. EDS is also used to sign computer programs; in this case, it serves as a guarantee of the reliability of the source from which the program was received.
3. Using digital signature, you can establish authorship.
4. Using an electronic signature, you can coordinate electronic documents between specialists from one company and different enterprises. In this case, the text will be protected from unauthorized changes. The signature will indicate on the document the employee's full name, his position, as well as the time and date.

After receiving the certificate, you need to install a cryptoprovider program on your computer. It can be purchased at the certification center that issued the electronic signature. Using a crypto provider, the user will be able to perform actions such as: suspending the digital signature, checking it, encrypting, decrypting, etc.

Where can I use digital signature?

Using an electronic signature, you can do many different tasks:

• receive government services on a single portal (make an appointment with a doctor through an electronic registry, register a car, etc.), as well as on other websites of government agencies;
• take part in public organizations;
• use the taxpayer's personal account;
• submit documents for consideration by the admissions committee for admission to educational institutions;
• take advantage of online lending for individuals;
• undergo accreditation on the FSIS RosAccreditation portal;
• send documents for registration as an individual entrepreneur.

Executive bodies in which digital signatures can be used

• archives issuing archival certificates and extracts;
• issuing certificates to unemployed citizens;
• registration of documents for financial support of disabled people;
• assignment of state targeted social assistance;
• registration of preschool children for placement in kindergartens;
• accounting of foreign media distributed in the region.

Legal aspects of working with digital signature

The term “electronic digital signature” is found in various legislative acts. The large number of regulatory documents in which it is contained indicates the wide possibilities of using digital signatures in various branches of law: civil, administrative, tax, customs, as well as other branches of law. They regulate the process of obtaining it, identifying the owner of the digital signature, describing why an electronic signature is needed specifically and how it should work.

For example, customs legislation allows for declarations in electronic form, which is stipulated in the Customs Code of the Russian Federation (Articles 63, 132, 423). The legislation on accounting in the Russian Federation allows you to put an electronic digital signature in primary accounting documents (Article 9 of the Federal Law of the Russian Federation dated November 21, 1996 No. 129-FZ “On Accounting” and letter of the Ministry of Finance of the Russian Federation dated May 26, 2004 No. 04-02 -05/2/28). In judicial practice, experience continues to accumulate in the field of protecting individuals participating in electronic circulation. This allows you to analyze ways to ensure the safety of electronic documents and improve the operation of electronic document management in general.

Thanks to the progress and development of information technology, more and more problems can be solved without leaving home. It is obvious that using an electronic signature will save not only time, but also the money of its owner.

In Russia, three types of signatures can be used in electronic document management: simple, enhanced unqualified and enhanced qualified. Let's see how they differ from each other, under what conditions they are equivalent to handwritten documents and give the signed files legal force.

Simple electronic signature, or SES

A simple signature is the familiar access codes from SMS, codes on scratch cards, login-password pairs in personal accounts on websites and in email. A simple signature is created by means of the information system in which it is used, and confirms that the electronic signature was created by a specific person.

Where is it used?

A simple electronic signature is most often used for banking transactions, as well as for authentication in information systems, for receiving government services, and for certifying documents within corporate electronic document management (hereinafter referred to as EDI).

A simple electronic signature cannot be used when signing electronic documents or in an information system that contain state secrets.

Legal force

A simple signature is equivalent to a handwritten signature if this is regulated by a separate legal act or an agreement has been concluded between the EDF participants, which stipulates:

• rules by which a signatory is determined by his simple electronic signature.
• the user’s obligation to maintain the confidentiality of the private part of the PES key (for example, the password in the “login-password” pair or the SMS code sent to the phone).

In many information systems, the user must first confirm his identity during a visit to the system operator in order for his PEP to have legal force in the future. For example, to obtain a confirmed account on the State Services portal, you need to personally come to one of the registration centers with an identification document.

Unqualified electronic signature, or NEP

An enhanced unqualified electronic signature (hereinafter referred to as NEP) is created using cryptographic programs using the private key of the electronic signature. The NEP identifies the owner and also allows you to check whether changes were made to the file after it was sent.

A person receives two electronic signature keys from the certification center: private and public. The private key is stored on a special key medium with a PIN code or on the user’s computer - it is known only to the owner and must be kept secret. Using the private key, the owner generates electronic signatures with which he signs documents.

The public key of the electronic signature is available to everyone with whom its owner conducts EDI. It is associated with the private key and allows all recipients of the signed document to verify the authenticity of the electronic signature.

The fact that the public key belongs to the owner of the private key is stated in the electronic signature certificate. The certificate is also issued by a certification authority. But when using NEP, you don’t have to create a certificate. The requirements for the structure of a non-qualified certificate are not established in Federal Law No. 63-FZ “On Electronic Signatures”.

Where is it used?

NEP can be used for internal and external EDI if the parties have previously agreed on this.

Legal force

EDI participants must comply with additional conditions so that electronic documents certified by NEP are considered equivalent to paper documents with a handwritten signature. The parties must necessarily enter into an agreement between themselves on the rules for using the NEP and the mutual recognition of its legal force.

Hello! In this article we will talk about electronic digital signature.

Today you will learn:

1. What is digital signature and in what areas can it be used?
2. About the legal force of a signature in this format;
3. About the advantages that its presence provides.

For some time now, digital signature has been a tool that simplifies the movement of documentation. Moreover, this happens not only within the company, but also outside it. Let's look at how to become its owner today.

EDS - what is it in simple words

Everyone knows that any document is signed by a person who has such authority. This is done in order to give the document legal force. Thanks to modern technologies, all document flow is moving into electronic form. Moreover, it turned out to be extremely convenient!

What is digital signature in simple terms?

EDS – This is an analogy to a regular signature, which is used to give legal force to documentation located on electronic media.

It is usually stored on a flash drive.

Advantages:

1. Simplify and speed up the process of data exchange (when collaborating with foreign companies);
2. Reducing costs associated with document flow;
3. Increased security level for information of a commercial nature.

Terms related to digital signature

Closely related to this concept are two others: key And electronic signature certificate.The certificate confirms that the digital signature belongs to a specific person. It can be enhanced or normal. An enhanced certificate is issued either by a certification authority or by the FSB.

The key is the characters in the sequence. They are usually used in pairs. The first is the signature itself, the other confirms that it is genuine. To sign each newly created document, a new key is generated.

The information that is received at the CA is not an electronic digital signature, it is a means to create it.

A little history

The first electronic devices began to be used in Russia in 1994. And the law regulating their use was adopted in 2002. It was extremely vague and ambiguously interpreted the terminology. The issue of obtaining a signature was also practically not covered.

Since 2011, government agencies have switched to electronic document management. And all officials received an electronic signature.

In 2012, this process acquired a global scale and thanks to this, we can now become the owners of universal modern signatures.

How to get an electronic digital signature

Let's consider a situation in which a person has assessed all the advantages of this tool and decided to obtain an electronic signature. So, the question arose: what needs to be done for this? Let's talk about this in more detail.

To obtain an electronic digital signature, you need to go through several important steps:

• Decide on the type of signature;
• Select a certification authority;
• Fill out an application;
• Pay the invoice;
• Collect the necessary documentation package;
• Receive an electronic signature.

Now we will discuss each step in detail.

Step 1. Choose the type of signature that suits you best.

Over the last period of time, the number of those who want to receive an enhanced electronic signature has increased. This is explained by the fact that it can not only confirm the identity of the person who sent the document, but is also protected to the maximum. According to a number of experts, simple digital signatures will soon cease to exist completely.

Let us present in the form of a table the areas in which different types of signatures are used.

No.	Where is it used?	Simple view	Unskilled	Skilled
1	Maintaining internal document flow	found in small companies	Yes	Yes
2	Maintaining external document flow	rarely anymore	Yes	Yes
3	In the Arbitration Court	Yes	Yes	Yes
4	When accessing the State Services website	Yes	No	Yes
5	In regulatory authorities	No	No	Yes
6	When conducting electronic trading	No	No	Yes

Step 2. Select a certification center.

If you need to obtain an electronic signature to submit reports, choose a qualified one, but if you just need to manage paperwork, then choose a simple one.

Let us clarify that the CA is a legal entity whose purpose is to generate and issue an electronic signature.

In addition, the CA carries out the following activities:

• Confirms that the signature is authentic;
• If necessary, blocks the digital signature;
• Serves as a mediator if a conflict situation suddenly arises;
• Provides technical support;
• Provides necessary software to clients.

There are about 100 CAs in the Russian Federation. It is better to choose the one that suits your location and capabilities. You can first check to see if there are any in your city. This is easy to do: just look at the information on the official website.

Step 3. Fill out the application.

To do this, we either visit the center’s office or fill it out online. The remote method allows you to avoid a personal visit to the CA, that is, save some time.

As soon as the submission of the application is completed, a CA specialist contacts the client to clarify the data specified in it. You can ask him questions and get advice.

Step 4. Pay.

You will have to pay for the service in advance. As soon as the application is accepted, all details are agreed upon, the client is issued an invoice. The cost may vary, as it depends on the region where the client lives, on the company itself and on what kind of digital signature you want to receive.

Moreover, the price range is quite large - from 1,500 to 8,000 rubles.

Documents for digital signature

When collecting documents, an important nuance is the following: an electronic signature is needed for an individual, an electronic signature for a legal entity or for an individual entrepreneur. Therefore, we will characterize the documentation separately.

To obtain a signature, individuals must collect the following set of documentation:

• Completed application form;
• Passport with photocopy;
• SNILS;
• A receipt confirming payment of the invoice.

If the recipient has an authorized representative, he or she can handle the submission of documents. The only thing is that you need a power of attorney to perform such actions.

Legal entities need to prepare:

• Completed application;
• OGRN certificate;
• TIN certificate;
• (not expired);
• Passport with a copy of the person who will use the digital signature;
• Payment receipt;
• SNILS of the person who will use the digital signature;
• If the director will use the signature, you must provide an order on the basis of which he holds this position;
• Other employees need powers of attorney so that they can use digital signatures.

IPs are provided by:

• Completed application;
• OGRNIP certificate;
• TIN certificate;
• An extract from the register of entrepreneurs, which is no more than 6 months old (a copy is possible);
• A receipt confirming payment.

If the application was submitted remotely, the necessary documents are sent to the CA by mail, if in person, then along with the application.

Electronic signature for individuals

For individuals there are 2 types of signatures: qualified and unqualified. The obtaining procedure, when compared with legal entities, is much simpler.

Private individuals usually use electronic signatures to sign certain papers.

Nowadays systems such as:

• Unified portal of public services;
• ESIA network for obtaining various information.

For the unified identification and authentication system, a simple type of electronic signature is sufficient, but for the government services portal, a qualified one is used.

To obtain an electronic signature, a citizen also applies to the CA with all documents and an application. You also need to have a flash drive with you on which the private part of the key, known only to the owner, will be written.

The procedure looks like this:

• Contact the CA for a certificate and to receive an EDS key;
• Find a password;
• Filling out forms to obtain keys;
• Submission of all documents;
• Obtaining a certificate for keys.

Electronic signature for legal entities

The obtaining algorithm is practically no different from obtaining a signature by an individual. In the same way, a CA is selected, all the necessary documents are collected, and the invoice is paid. The only thing you must not forget is that the extract from the Unified State Register of Legal Entities must be received on time, since the process of preparing it takes about 5 days.

Hash function: why is it needed?

Hash function is a unique number that is obtained from a document by transforming it using an algorithm.

It is highly sensitive to various types of document distortions; if at least one character in the original document changes, most of the hash value characters will be distorted.

The hash function is designed in such a way that it is impossible to restore the original document using its value, and it is also impossible to find 2 different electronic documents that have the same hash value.

To generate an electronic digital signature, the sender calculates the hash function of the document and encrypts it using a secret key.

In simple terms, it is designed to simplify the exchange of data between users. This is a key data protection tool.

The signed file goes through a hashing procedure. And the recipient will be able to verify the authenticity of the document.

Legal force of digital signature

An electronic digital signature has equal legal force with a regular signature on a paper version of a document, if it was applied without violations. If deviations are identified, the document is not valid. The state regulates the process of using digital signatures by Federal legislation.

Validity period of the digital signature

The digital signature is valid for 12 months from the day it was received. As soon as this period ends, it is extended or another one is received.

Let's sum it up. The use of digital signatures brings the greatest benefits to large companies and enterprises. Thanks to it, document flow becomes cheaper and broad horizons for business open up.

It is also beneficial for ordinary citizens to have it. No need to stand in lines, order state. services are available without leaving your home. EDS is a modern, convenient and profitable tool.