The advent of the Internet has made dramatic changes in many areas of human life, creating new opportunities. These include remote implementation of legal actions and electronic document management. In addition, in recent years, a system of remote provision of public services has been increasingly introduced in our country. The performance of such operations is possible only if there is a tool that allows for accurate identification of an individual and legal entity that is one of the parties to the transaction, or another action that involves a certain responsibility before the law.
What is EDS
As you know, any paper document has legal force only after it is affixed with the signature of the person having the appropriate authority. Obviously, in the case of electronic document management this approach is not suitable. In this regard, a digital analogue of the human stroke - EDS, was invented. It represents the requisite of an electronic document, which is obtained as a result of encryption of information using a cryptographic algorithm with a private key. An electronic signature allows you to:
- make sure that there is no distortion of the information contained in the source from the moment of formation of the digital signature (integrity);
- confirm the fact of signing the document by the person who owns the electronic signature (non-repudiation);
- establish the digital signature as the holder of the certificate of electronic signature key (authorship).
In our country, this technology for verifying electronic documents received official recognition in 1994, when the corresponding GOST was developed for it. Later, a law was passed regulating issues related to the issuance of EDS and its use.
Electronic CPU Usage
The presence of EDS allows you to register and participate in tenders and auctions on electronic platforms, as well as use public services via the Internet. However, first of all, such a virtual signature allows you to confirm the authorship and authenticity of documents, etc. At the moment, no company that is involved in commerce over the Internet can do without EDS. The scope of its application is expanding from year to year.
Federal Law on Electronic Signatures
The current Federal Law on EDS was adopted in 2011. It replaced the Federal Law on Electronic Signatures of 2002, which for almost 10 years was constantly criticized for declarative and excessive and unreasonable saturation with technical terminology.
According to the new document, EDS can be of three types:
- Simple electronic signatures are codes, passwords, and other means confirming that this document has been signed by a specific person.
- Enhanced unskilled EP is generated through special programs. It allows you to identify the person who signed the document in order to protect it from unauthorized changes. An unqualified EP (NEP) can certify documents that are stamped in paper form.
- An enhanced qualified electronic signature (CEP) differs from the NEP in that it is issued by certification authorities (CA). Their accreditation is carried out in the Ministry of Communications of the Russian Federation. To use the CEP, a qualified certificate of an electronic signature verification key (KSKEPP) is required. It is a document of specific content on paper or digital media.
An application for a certificate of an electronic signature verification key is submitted in the form of an appendix to the contract for the purchase of the corresponding document for the digital signature key itself.It must be drawn up in accordance with accepted standards.
The law also defines the obligations of the parties to online interaction when they use enhanced electronic signatures. In particular, they must ensure the confidentiality of the keys of their digital signatures, and if it is violated, inform the CA and other participants in electronic interaction about this.
Qualified Electronic Signature Verification Key Certificate
According to the Federal Law of April 6, 2011 (revised June 23, 2016) KSKEPP is created using the funds of an accredited CA. It should indicate:
- Unique number of KSKP EP.
- Date of its entry into force and expiration.
- Surname, name and patronymic of the owner of KSKEPP (for an individual who does not have the status of an individual entrepreneur). For an individual who is an individual entrepreneur, his main state registration number must also be indicated. For a legal entity from the Russian Federation, the name, location and main state registration number of the owner of the COP must be indicated in KSKEPP. In the case of the issuance of a qualified certificate of an electronic signature key of a foreign organization, a tax identification number should be issued.
KSKEPP Generation
Any electronic signature is created by special programs. It combines public and private keys. They are used only in pairs, and the second is required to ensure the strictest confidentiality.
The generation of a qualified certificate certificate key electronic signature of an individual or legal entity is carried out in a certification center. When transferring a package of documents for obtaining electronic signature to the CA, it is required to submit an identity document. Electronic signature keys are generated using specialized equipment. For this, reliable cryptographic algorithms are used.
As a result of this generation procedure, the applicant receives a unique copy of the private key, which should be stored on a securely protected digital storage medium. Then, the EDS certificate is registered, which is entered in the CA register.
Confidentiality
Electronic documents that require an electronic digital signature are certified by encryption with a private key (ZK). However, it can only work if there is a corresponding public key. Store ZC digital signature should be on the device RuToken, which corresponds to the Russian standard for encryption of information according to GOST 28147-89. As for the public key, it is publicly available and is used to verify the authorship of the signature.
As a key information carrier, not only a token can be used, but also other devices, for example, a flash memory drive, smart card, or registry. They should not be used, since they do not provide the required level of protection against unauthorized access to information.
Digital Signature Installation: Preparation
Technically, such a procedure is quite simple. Consider how to install an EDS with a private key on eToken media on a PC running Windows 7 Professional. Used by CryptoPro CSP.
It should be noted that in this context there is not much difference between RuToken and eToken. Both devices work exactly the same with CryptoPro CSP. However, the first of them allows you to sign electronic messages so that the private key remains in the token.
EDS installation begins with preparation. First of all, the installation of the token driver and the CryptoPro CSP program is required (version 3.6 or higher is recommended).
Installation process
The algorithm of actions is quite simple:
- launch the CryptoPro CSP program;
- open the tab "Service";
- go to the section "View certificates in the container".
- click on the "Browse" button;
- choose the right owner;
- Click on "OK" and "Next";
- in the opened window “Certificates in the private key container” click on “Install” and then on “Yes”.
Along with messages from the CryptoPro CSP program, a message from eToken PKI will appear on the screen with a request to click on the “OK” button to write the certificate to eToken. However, this is not necessary and you should select "Cansel".
Then click on "Finish" after which the certificate of the electronic signature key is in a special store. Moreover, the process cannot be considered completed.
Installing a CA root certificate
Corresponding file with the extension .cer open with a double click. Then you need:
- click on the "Install Certificate" button and click "Next" in the window that opens;
- point to the action "Put the certificate in the next store";
- Use the Browse tool to specify the Trusted Root Certification Authorities folder.
- click “OK” and complete the installation;
- wait for a message about the successful completion of the operation.
Testing
Verification of the electronic signature certificate is carried out as follows:
- launch the CryptoPro CSP program;
- having opened "Service", click on the "Test" command;
- through the tool "Browse" or by certificate find the key container and select "Next";
- in response to the request that appears, enter the pin code and click on "OK".
At the same time, the user has the opportunity not to enter secret data every time it is necessary to access the container containing the key. To do this, simply check the "Remember pin-code" button. However, experts do not recommend using this opportunity, as this may violate the protection of the container from unauthorized access.
But back to the testing process. After entering the pin code, a window with error information opens. If they are not there, then you just need to click "Finish".
Installing ES in the registry
In some situations, it becomes necessary to duplicate the electronic signature key (private) in order to use it on several PCs. In such cases, it is recommended to install it in the registry. Such a measure is justified when, for example, the same signature is used by several employees of one department or another organization.
Digital signature can also be used through Microsoft Word 2003, after saving the document. To do this, successively choose: “Service”, “Settings”, “Security” and “Digital Signatures”. Go to the "Certificate" section and click on the "OK" tab.
In Microsoft Word 2007, the following actions: the buttons "Office", "Prepare", "Add CPU". Next, click on the buttons "Prescribe the purpose of signing the document" and "Select signature". Complete the procedure by clicking on “Sign”.
Now you know what an EDS and a digital signature key certificate are, a sample of which can be requested from the CA. Using these tools will facilitate many operations related to your business and save you a lot of time and effort.