Everything and about everything
Creation of keys for electronic digital signatures. How to make an electronic signature for working with digital documents

Creation of keys for electronic digital signatures. How to make an electronic signature for working with digital documents

30.05.2019 Business

An electronic signature (how to make it will be described in the article) is a specific attribute. It can only be applied to a certain category of documents. This, in turn, is evidence of their legality and legal force. Next, we’ll take a closer look at what an electronic signature is, how to make one yourself, and under what conditions to use it.

general information

This attribute is a powerful means of monitoring the reliability of information of a certain type. An electronic signature ensures data integrity. At the same time, it confirms their relevance and authorship. It is an information object that is created to verify data. An electronic signature was developed to certify the authenticity and integrity of the information. How can I make a document that is not in paper form protected using this attribute?

Classification

There are only 3 types of electronic signatures. This is fixed in Federal Law 63. Each attribute has its own distinctive properties and characteristic features. An electronic digital signature (we’ll look at how to do this or that in more detail below) can be of three types:

  1. Strengthened qualified.
  2. Simple.
  3. Reinforced unskilled.


Simple type

This attribute has the abbreviation EP. It differs in that it can confirm the fact that a document has been certified by a specific person. However, in in this case there is no guarantee that no changes will be made to it, despite the presence of an electronic signature. How to make a document more secure? To do this, you should use improved options.

Reinforced Qualified Type

This attribute guarantees that the document is protected from any amendments or adjustments. This is fixed in the provisions of Article 63 of the Law on electronic signature. This attribute provides the ability to identify the person who certified a particular document. In this case, the use of special recognition cryptographic algorithms is implied.


Qualified type

The main difference between this attribute is that it is guaranteed by special cryptographic security measures. They are certified by the FSB.

Issue features

Where can I make an electronic signature? It is issued only by an accredited certification center. He, in turn, must fulfill all the rules and criteria for the registration procedure. They are regulated by the Ministry of Communications. According to established rules, new accreditation must be carried out every five years. At the same time, certification centers are obliged to strictly comply with all requirements related to their activities.

Electronic signature certificate

An unqualified element may not be supported by a special document. It indicates that the electronic signature key belongs to a specific person. A qualified element necessarily requires the presence of the above document. It contains the main information about the organization, the certification center. The verification key for the legal attribute and the validity period of the signature are also additionally specified.

Introduction of new rules

Since 2014, the digital signature has the highest legal force. Accordingly, it is similar to a real hand signature. It provides documents with full legal significance.

Types of attribute embedding in a document

The following options are available:

  1. Affiliated.
  2. Disconnected.
  3. Inside the data.

Attached view

To create this attribute, a new file is generated. All data that will be signed is placed in it. This process is similar to placing documentation in an envelope and sealing it. Before removing it, you must check that the seal is intact. In the case of an electronic signature, make sure that the format is correct.

The attached attribute has a lot of advantages. For example, the ease of further manipulation with information is noted. This is due to the fact that it is contained in the same file as the electronic signature. How to make such a document open? It should be noted that it is not possible to read and use the information in the file without using CIPF tools. This shows a certain analogy with an ordinary envelope. You cannot remove the contents without first unsticking them. It, in turn, can be forwarded, copied, etc.


Detached View

An additional file is required to create this attribute. The point is that it is separate from the person being signed. Moreover, the latter is not subject to any changes. The advantages of such a signature include the fact that the file can be read without using CIPF. However, you will need several elements to check.

These include the file and the electronic signature itself. This attribute also has its drawbacks. The fact is that signed information must be stored in the form of several files. Data and signatures are implied. In this case, the use of the latter becomes significantly more complicated. The fact is that any actions with signed information will have to carry out procedures for copying and transferring several files.

Location within data

An attribute can be associated with the application that uses it. For example, the signature may be inside documents opened using Acrobat Reader or Microsoft Word. In this case, there is a dependency on the application in which the attribute was created. The fact is that without knowing its structure it is quite difficult to verify the authenticity of the data.

Electronic signature: how to do it?

The cost of producing an attribute depends on its subsequent use. For example, to participate in electronic trading, its cost is from 6,400 rubles. If the signature is used in the Interdepartmental Interaction System, then the payment can range from 3,650 rubles. Where to make an electronic signature? You must contact a certification center.

The signature can be useful when trading on a foreign exchange exchange or when writing important electronic documentation. This requisite is especially necessary for a novice trader. The fact is that the future development of foreign exchange trading depends on the electronic market. This is an excellent opportunity to make large transactions over long distances, since the signature guarantees its integrity. The following will provide step-by-step instructions.

Step 1

You need to find a certification center in your region of residence. It is a specialized institution with an appropriate license. It allows you to issue an electronic signature.

Step 2

To obtain this attribute, you must submit the appropriate application. It takes time to process and accept it. After this, a center employee contacts the person who submitted the application. He provides him with information about the procedure that will need to be performed in order to obtain an electronic signature. All this is aimed at confirming the authenticity of the data provided by the applicant. In order to minimize the number of verification procedures, it is necessary to provide a scanned color copy of the documents.

Step 3

Next you need to get two digital keys. One of them is open and the other is closed. The certification center also provides the applicant with a corresponding certificate. It is also available in two types. The certificate is presented in paper and in electronic format. The latter will be certified by a specific certification authority.

Step 4

In order to start using an electronic signature, you need to install an additional software. Certification center specialists can advise the applicant on this issue. The user can also install it himself or invite programmers. After downloading the necessary components, you can start using the signature.

Procedure for remote receipt

In order to receive an electronic signature at a distance, you must fill out and leave an application on the appropriate website. As a rule, the operator gets in touch at the specified phone number during the day. In this way, the applicant will be able to coordinate and clarify all the details that interest him. They will also tell him about the procedure for obtaining an electronic signature.


The applicant will be sent an application form and an invoice. You must fill out all the information and make payment. You will also need to prepare a package necessary documents. In order to speed up the procedure for obtaining a certificate, you need to provide pre-prepared scans to the certification center.

It is also where the issuance takes place. You will need to come in person to obtain an electronic signature. You must have the original documents with you, as well as a copy of the payment order, which is certified by the bank. If the scans were sent in advance, the signature can be collected immediately. Otherwise, it will be ready within three days.

Application area

This attribute guarantees the reliability of the documentation. It is analogous to a handwritten signature or seal on paper. This attribute is widely used in electronic document management systems. In particular, it is often used when certifying individual modules or programs. In this case, the user, downloading applications from the network, can verify the correctness and correctness of their operation. This attribute also confirms the reliability of the download source. This signature allows you to confirm the integrity and establish the authorship of any electronic documentation.

For example, a user may receive a letter with distorted or fake information from scammers. When using an electronic signature, this possibility is excluded. During business correspondence, the attribute can act as a kind of sealed “envelope”. In this case, it is also possible to verify the accuracy of the information received before opening it. Electronic versions of documents are approved using a signature. For example, these could be contracts concluded within one company or between several. The text of all documentation will be reliably protected from any unauthorized changes.

Electronic digital signature is a reliable modern alternative to traditional signature on documents. The use of digital signature significantly reduces document flow, ensures the protection of transmitted information, and minimizes time and material costs. All documents signed with an electronic digital signature have indisputable legal force. Legal aspects of the use of secure document flow are regulated by the Civil Code of the Russian Federation, as well as the Law “On Electronic Digital Signature”.

For persons using digital signature, a special individual key is created, with the help of which the transmitted information is encrypted. It consists of two components - secret and open. The secret key is required to encrypt and sign documents for subsequent sending to the recipient by means of Email. It is recorded on a flash storage medium and transferred to the owner of the digital signature. The public key is provided to verify the authenticity of the electronic digital signature. It is confirmed by a special public key certificate that is freely available. For the digital digital signature to function, special software is required - Key System Control Center. Signing keys are created by the administrator of this system. Information on the procedure for using an electronic signature is included in the documentation package of the Delo system. Optionally, the digital signature can be of two types - for corporate document flow or for legally significant electronic document flow. The first option is used to exchange information within one company, often with an extensive system of divisions and branches. It is also possible to use this type of digital signature within a system of independent organizations that carry out document flow in significant volumes.


To obtain the right to an electronic digital signature, you must send an order to any of the numerous digital signature issuing centers. The specialist of the selected certification center provides an invoice for payment of services and a questionnaire in which the recipient indicates the exact data to obtain a signature. After paying the invoice, the completed application form along with the necessary package of documents is sent to the certification center. To speed up the process, you can send scanned copies of documents, and provide the originals in paper form upon receipt of the digital signature certificate.


Different categories of EDS recipients require different packages of documents. For legal entities, this is, as a rule, an application, a certificate of state registration, a charter and other constituent documents, a certificate of registration with the federal tax service, insurance certificate Pension Fund, passport of an authorized representative and an extract from the Unified State Register of Legal Entities. To obtain an electronic digital signature, an individual must submit to the certification center a passport, an insurance certificate from the Pension Fund, a certificate of registration with the federal tax service and an application.


Documents must be submitted in original. It is possible to provide copies certified by a notary or an authorized representative of the relevant government agency. You can receive a certificate in person or through a representative based on a power of attorney at the issuing center.


The use of digital signatures is carried out using special software: the Delo system version no lower than 8.8.0, CIPF CryptoPro CSP 3.0, Signal-Com 3.0.

Modern entrepreneurs are trying to transfer all their document flow into electronic format. Each document must be endorsed, so businessmen need to know how to make an electronic signature certifying the relevance and validity of the documentation. Its creation will not take too much time, but you will have to spend a certain amount.

An electronic digital signature usually refers to encrypted information that must be attached to data sent via telecommunication channels. Using an electronic digital signature, it is possible to identify the person who signed the electronic information (files) and is responsible for it.

An electronic digital signature, according to existing legislation, must ensure correct and secure interaction between individuals and government agencies.

The law provides for the use of three types of digital signatures:

  • reinforced,
  • simple.

Using a simple signature allows you to simply indicate the owner of the document. Thanks to it, it is impossible to change the information in the document after approval. All other signatures allow information to be changed after approval, but information about who exactly and when entered the new data remains in the document.

An electronic digital signature can be issued to individuals who have Russian citizenship. At the same time, each digital signature owner must be a user of the government services portal and have his own account in the certification center. For information about which center you can register at, please visit tax office at the place of residence.

With help, you get the opportunity to use municipal and government services in electronic format. We are talking about those services that require identification and approval of applications, in particular, participation in tenders for the supply of goods.

How to create an electronic signature

The first question that entrepreneurs have when mentioning an electronic signature is how to create such an attribute for themselves? Creating an electronic digital signature is free. Its owner will only have to pay for the purchase of electronic media in the amount of 700 to 3,000 rubles. The service for creating an electronic digital signature can be provided if the client contacts the office of the certification center.

After filling out all the necessary documentation, the user receives a USB drive. With its help, it becomes possible to perform operations on the website of government services that must be legally confirmed.

Most often, an electronic digital signature is used to participate in government tenders, when an enterprise intends to supply certain goods and services to the customer. Applications for participation in the competition, signed with a current electronic digital signature, usually have a certain priority over the rest.

Creating an electronic signature will require its future owner to provide the following documents:

  • passport;
  • SNILS (it is indicated on the pension certificate);
  • email information.

You can use any mail service, the main thing is that the mailbox must be up to date. If a citizen cannot provide this information, regulatory authorities have the right to refuse to issue an electronic digital signature.

You can receive government services using an electronic signature using only installed terminal devices. Laptops, home and work computers all need to have a standard browser, as well as the appropriate software.

In addition, you can use digital signatures from access points that are equipped with regular browsers or other specialized software. As soon as the user, he is provided with special instructions for its operation.

Common situations

If you don’t understand the details, like the signature, and you urgently need them, you can contact a certification center. The specialists of this institution will help you understand this situation and register your digital signature in as soon as possible. The address of the current center can be clarified at the local branch of the Pension Fund of the Russian Federation.

An electronic signature is an important part of an electronic document. She certifies the absence of distortions in the document drawn up and certified by her, and makes it possible to establish that it belongs to the owner of the electronic signature key. Using a private key, a cryptographic transformation of the information contained in the electronic signature is performed.

You can order an electronic digital signature at a certification center. Its further use is possible when carrying out various financial transactions. For example, when participating remotely in exchange trading and in other cases. The future of the global financial market lies in participation in trading in electronic form. Many leading companies are already taking an active part in them. A certification center is a special institution that has a license to issue an electronic digital signature. Find such an institution in your area, contact them and apply. You can submit your application electronically. The certification authority's website must indicate its mailbox.


The center manager will contact you at the phone number you provided, inform you what package of documents needs to be prepared, and the further procedure for your actions. Tell him who the electronic signature is being issued for: an individual or legal entity and the type of electronic signature. The set of documents may differ for each case. It is enough to provide the institution with scanned copies of original documents and a receipt confirming payment for this service. After verifying the authenticity of the documents, a center employee will invite you to obtain an electronic signature.


To obtain an electronic signature, you can contact the government services website in the section “Obtaining an electronic digital signature certificate.” There is a single digital signature portal on the network in Russian Federation– here you can also make a request for an electronic signature. Take the originals of the prepared documents with you when you go to the electronic signature issuance center.


The certification center will complete the registration of your electronic signature. On external media(usually a flash drive) they will generate two types of keys for you - public and private, and write special software. You will receive a digitally signed and stamped certificate certified by the center in paper and electronic form.


At this point, the stage of obtaining an electronic signature is completed. Now you can use it for its intended purpose. To do this, install the software provided to you on an external memory device on your computer. Certification center specialists can help you set up this program for an additional fee. You can find instructions for installing the program on the Internet and do it yourself.


Having become the owner of an electronic digital signature, you can submit tax reports via the Internet, register an individual entrepreneur, use the services of the Rosreestr portal, conduct transactions and work remotely, participate in auctions, carry out all production and personal document flow via the Internet, and so on.

Continuing to reveal secret knowledge about digital signature in simple language, let’s look at what we need to conveniently and effectively work with them, as well as the main difference between the S/MIME + X.509 and PGP camps.

Before considering the features of these two large camps, it is worth considering what information the recipient needs to verify the signature (and our encrypted hash can already be called a signature), and in what form it can be transmitted to him.

Each piece of information can be transmitted along with a public key, or together with our signature, or both, for greater convenience. Of course, it is possible not to separate information into that transmitted with a public key and transmitted with a signature. But then, every time we send signed information, we send the same thing. It’s as if for every paper letter we send (even a short two-line one), we would include an addendum like “Hello! It’s me, V. Pupkin, whom you met on Moscow’s Red Square, where we met, then went to a restaurant, then<...>" Agree, it's a little inconvenient.

But let's return to our information needed to verify the signature.
Let's start with something simple: information that will allow us to find out who made this signature. As we have already agreed, asymmetric encryption allows us to uniquely link our public key and the resulting signature. The trouble is that the public key itself is a collection of bytes. Moreover, it is, of course, connected with the private one, which we (that is, the sender) own, but this connection is not obvious to the recipient. He has a set of bytes from V. Pupkin, from I. Petrov, from S. Sidorov... And from a dozen other people. And how can he identify them? Keep a separate register for who owns which set of bytes? What is this, it turns out already second registry (in addition to where it should be written down, using which hash function which hash was made)! And again, inconvenient!

This means that you need to associate each public key with information about who this key belongs to, and send it all in one package. Then the registry problem is solved by itself - the package (or, more correctly, the container) with the public key can be simply looked at and immediately understand its ownership.

But this information still needs to be associated with the signature received by the recipient. How to do it? It is necessary to build another container, this time for transferring the signature, and in it duplicate the information about who created this signature.
Continuing our analogy with a beautiful lock, we write on the key “This key opens V. Pupkin’s lock.” And on the castle we also write “V. Pupkin’s Castle.” Having such information, the recipient of our box will not insert each of the keys he has at random into our lock, but will take our key and immediately open it.

Now, using the transmitted information during verification, you can find the public key container, take the key from there, decrypt the hash and...

What exactly is “and”? After all, we have not yet solved the problem of how to convey to the recipient information about what hash function was used for the hash, but this information is used to verify the signature necessary ! The solution can be quite simple: put this information in a container along with our public key. After all, it is the combination “hashing – encryption of the hashing result” that is considered the procedure for creating a digital signature, and its result is a signature. This means that it seems quite logical to combine the hash encryption algorithm and the hash function with which it is generated. And this information also needs to be delivered in a bundle.

Now, let's briefly return to the signer information. What type of information should it be? FULL NAME? No, there are many V. Pupkins. Full name + year of birth? So there are also plenty of V. Pupkins born on the same day! Moreover, it could be Vasily, Victor, or even Vasilisa or Victoria Pupkin. This means there should be more information. There should be so much that the coincidence of all the parameters by which we identify a person is as incredible as possible.

Of course, it is possible to create such a package of information. It’s just that it’s already a little difficult to work with him. After all, our containers of public keys need to be sorted, stored, and used, in the end. And if for each use you have to specify fifty parameters, then already on the second container it will become clear that something needs to be changed. A solution to this problem, of course, was found.

To understand what it was, let’s turn to a paper document that we all have: a passport. In it you can find your full name, date of birth, gender, and much other information. But, most importantly, you can find the series and number in it. And it is the series and number that are the unique information that is convenient to take into account and sort. In addition, they are significantly shorter than all the remaining information taken together, and at the same time still make it possible to identify a person.

Applying the same approach to public key containers, we get that each container must have a certain number, a sequence of characters, unique to it. This sequence of characters is usually called identifier , and the containers themselves – certificates , or just keys.
This is where the fundamental differences in the ideologies of OpenPGP and S/MIME + X.509 begin. To briefly understand them, let's return to our passport analogy.

You can use your passport when purchasing tickets, when preparing documents, to issue a pass to any territory, and even on the territory of other countries! That is, you use it to identify your identity in a wide variety of, often completely unrelated, ways. related friend with a friend, in places, with a variety of people. And everywhere your passport is accepted. The guarantee that you are you is a third party in your relationships with others: the state. It is the one that issued you your passport, specially designed, signed and certified, and that is why your passport is such a universal document.

On the other hand, among friends, or within a company, you just need to introduce yourself like this: “V. Pupkin from your group at the institute" or "V. Pupkin from the sales department." And the people you come into contact with in this circle no longer need a third party, they already remember Pupkin from the group with whom they studied for five years, or Pupkin from the sales department, with whom they recently went to lunch, and the information you provided is quite enough for them.

These two camps can also be divided.

The X.509 certificate is similar to our passport. Here, certificates are issued to you by a strict third party, the guarantor of your identity: the Certification Authority (CA). The person receiving your signatures can always contact the CA and ask for the information he is interested in regarding this particular certificate.

PGP (and the OpenPGP standard that appeared later) was created on the basis of the so-called networks of trust. This idea implies that signatures are exchanged by people who do not need a third party for their relationship, but only need protection from bad people.

Of course, over time, such a division has become quite arbitrary, since at the moment both S/MIME+X.509 and PGP can use the methods of the rival camp. But still, the standards developed in parallel for quite a long time and developed to the extent that mutual compatibility between them became impossible.

The S/MIME + X.509 standard has become a more popular standard, due to its focus on the participation of a more competent third party, however, PGP also has a number of trump cards in its bosom, with the help of which it not only does not die, but also continues to develop successfully .
You can read a more detailed discussion of each of the formats, as well as recommendations on when, where and which one to use in the following articles.



Read also...

Mineral water dough

Mineral water dough

American donuts (Donuts) How to cook American donuts

American donuts (Donuts) How to cook American donuts

Original cookie recipes without milk and butter Dairy-free baking recipes

Original cookie recipes without milk and butter Dairy-free baking recipes

The best on the site
1

Cottage cheese casserole in the oven, classic basic recipe How many minutes to cook the casserole in the oven
2

What to do to prevent jars of cucumbers from exploding?
3

What needs to be added to the dough so that the cake does not settle after baking!
4

How to put emoticons on Instagram
5

What to do if your computer freezes?
New
What should you do if a girl doesn’t want to communicate? If a girl doesn’t want a serious relationship

What should you do if a girl doesn’t want to communicate? If a girl doesn’t want a serious relationship
How to cope with mental pain?

How to cope with mental pain?
Fortune telling online secret of the priestess

Fortune telling online secret of the priestess
Why see an animal in a dream

Why see an animal in a dream
Taurus-Virgo Compatibility: Double Earth Tenacity

Taurus-Virgo Compatibility: Double Earth Tenacity
Prevention of extremist activity among youth

Prevention of extremist activity among youth
Cheat codes for Grand Theft Auto: San Andreas (PC)

Cheat codes for Grand Theft Auto: San Andreas (PC)
What to do if the projector does not turn on

What to do if the projector does not turn on

We recommend reading