How to store the electronic signature key. Regulations on accounting, storage and use of carriers of key information

An electronic signature is used today to protect a document that exists in in electronic format, from forgery. Based Federal Law No. 63, it can be used to protect electronic version documents and when working with various government agencies. This law spells out how to use it and receive it for individuals and legal entities. How to use an electronic signature

An electronic signature is a tool for establishing the absence of distortion in documents from the moment of signature. Before using it, the user needs to go through the procedure of the corresponding certificate. A special certificate is a confirmation that the signature belongs to an individual or legal entity. It is possible to obtain such a document only in specialized certification centers or from their trusted representatives. There are two types of keys for electronic signature:

1. closed type.
2. Open type.

What is an electronic signature

In the case of a private key or password for access to a given signature, you cannot tell the code to anyone. The password is required to verify the authenticity of the signature.

According to the provisions, there are several types of EP:

1. Simple. Most commonly used individuals. It can be put on the document by entering a special code that is provided by the certification authority.
2. Reinforced unskilled. It can be obtained as a result of cryptographic transformation of information. It can detect the fact of data changes after signing, and there is also a mechanism for identifying the person who signed the electronic document.
3. Reinforced qualified. Similar to the previous one, however, special encryption codes are used, which are certified by the FSB.

Types of electronic signature

Important! Documents certified by an electronic signature have the same legal force as those papers that are signed personally. Use of reinforced qualified signature equivalent to a handwritten signature with seal assurance.

Application area

According to Federal Law No. 63, there are several areas of application of this kind of signature. In particular, it is used in the following cases:

Where is used	Simple ES	Unqualified ES	Qualified ES
Maintaining internal and external documentation	+	+	+
Arbitration court	+	+	+
Conclusion of contracts with individuals	+	+	+
Work with control and audit state structures	+		+
Electronic trading			+

General concepts electronic signature

How to start using such a signature

Before you can start using it, you need to register it. This can be done by applying, which has a license to issue an electronic signature. For registration it is necessary:

1. Have a personal computer.
2. Have licensed software to work on a computer.
3. Select the person to whom the electronic signature will be issued.
4. Determine the method of obtaining a signature and conclude an agreement with the center.
5. Pay for services and get a key.

How to get a qualified electronic signature

Depending on the center, different documents are required. Most often required:

1. An application of the established form, where there will be the minimum necessary information about the applicant (the company has the right to request extended personal data).
2. Applicant's passport.
3. TIN and SNILS of the applicant.
4. Receipt of payment for the services of the certification center.

If needed qualified certificate, then you will need:

1. Constituent documents of the organization.
2. Extract from the Unified State Register of Legal Entities.

Ways to obtain an electronic signature

Important! The key is valid for one year, and when it is issued, the personal presence of the applicant is required. Further, an extension is required by writing an appropriate application to the certification center. At the same time, it is not necessary to be personally present at the center, it is enough to send an application by e-mail or by registered mail. What kind of extension conditions apply in a particular center must be clarified with its specialists. Most often, you only need to pay for the next year and submit an application.

How to use an electronic signature correctly

Having received the desired key, not everyone knows how to use it correctly. In fact, everything is quite simple:

1. Install licensed software obtained from a certification center on your PC or laptop.
2. Install the "Cadescom" and "Capicom" libraries.

Worth Considering this moment in details.

1. In Word 2007, you need to click on the office icon, select "Prepare" and "Add CPU". After that, you add a document signing target and select a signature. By clicking on the "Subscribe" button, you get the desired result. Signing a document in Word 2007
2. When working in Word 2003, you must select "Tools" - "Options" - "Security" - "CPU" - "Certificate" - "OK". Signing a Document in Word 2003
3. To work with files in pdf format, there are special programs such as Acrobat and Adobe reader. You need to purchase their full version to work with ES, as you need a cryptomodule. Document signature button Document signing scheme
4. An HTML signature is also possible. Modern browsers are adapted to work with ES, so you will have the corresponding button for signing the document. However, it is necessary that all the required software is installed on the PC.

This signature may look different. Most often this is a small image in the form of a stamp. At government organizations it has the form of a seal indicating that the electronic seal is reinforced by a qualified signature.

What to do if the electronic signature does not work

There are several standard situations where the signature does not work. It is not difficult to solve typical problems without contacting the service support service. Let's consider the main problems.

Problem	Solution
The certificate is not valid	It is required to install it, according to the instructions of the center specialist who issued the certificate
The certificate is not trusted	Then you need to install new certificates. Usually they are provided together with an electronic signature. It is also possible to download them on the official website of the center or the Association of Marketplaces
CryptoPro expired	You need to enter the unique CryptoPro code that you received along with the electronic signature
Capicom not installed	Download it, close your browser and install the program. Next, you need to configure in accordance with the requirements of the site in which you are going to work.
Private key does not match the specified certificate	It is worth contacting the certification center to resolve the problem. Before doing this, it is highly recommended to check all closed containers. There is a possibility that you have chosen the wrong one as active
Valid certificates were not found or the certificate selection is not displayed	Check your license expiration date. If it has expired, then contact the center. If everything is ok, then reinstall it

Using an electronic signature

Many are interested in whether it is possible to hack an electronic signature? In fact, everything is done in such a way that it is almost impossible to fake it if its owner deliberately did not provide passwords to third parties. To fully protect yourself from the fact of fraud, it is recommended to buy a qualified electronic signature. It can be used with any institution.

Where is the electronic signature stored?

To clarify which certificates are installed on the PC, you need to enter the browser properties. Go to browser properties

Then you need to enter the "Contents" tab by selecting the "Certificates" section. Here you can find information about all installed certificates. We enter the "Contents" tab by selecting the "Certificates" section

It is also possible to find the necessary certificates in the registry. They are usually located at the following address: HKEYLOCAL_MACHINESOFTWAREWow6432NodeCrypto ProSettingsUsersS-1-5-23…Keys

Features of storing electronic documents

According to GOST R 51141-98, electronic documents must be stored as much as paper ones. However, there are several features. For example, if the law requires keeping a document for five years, a signature is only valid for one year. According to FZ-63, there is no need to sign archival documents every year. They continue to have legal force, despite the change in the electronic signature code. Electronic signature key carrier

Important! when affixing an electronic signature, the date is automatically written, so it becomes clear that the stamp was valid at the time of its affixing. When various controversial situations, you can contact the certification center. There, having received the required data, it is possible to check who exactly signed the text of the document.

Thus, an electronic signature can be used on a par with a regular one. The scope of its application is detailed in FZ-63. It covers all areas of civil law relations, relations between legal entities and work with government agencies.

Video - Electronic digital signature (EDS): registration and use

Video - How to sign a Microsoft Word 2007 document with an electronic signature (EDS)

Alena, I certainly understand that the article is somewhat "general informational" in nature, but still it is worth highlighting the list of "advantages and disadvantages" of each solution more widely. I'm not in the least refuting the final conclusion that smartcards are more reliable, but potentially they create much more difficulties than the banal "involves additional costs."

By keys on the local computer

This is wrong. The default RSA cryptographic provider in Windows stores uses to store private keys folder C:\Users\ \AppData\Roaming\Microsoft\Crypto\RSA.

Those. places them in the roaming part of the profile, which means that if the user works on different machines within the corporate network, it will be enough for him to set up a roaming profile and there is no need to install certificates on each machine.

By using tokens

Here you need to understand that different manufacturers implement this functionality in different ways. For some, the PIN code keypad is located directly on the device itself, for others, specialized software is used on the computer.

In the first case, the device turns out to be more cumbersome, but more protected from interception of the PIN code, which can be read by installing a software or hardware keylogger on the user's machine, if input software is used.

In particular, Rutoken uses software for entering PIN codes, which means it is potentially vulnerable.

That's right, you don't need to install certificates, but you do need to install device drivers, cryptographic providers, and other modules.

And this additional low-level software with its own specific features and problems.

Yes, this is true, but only on the condition that you use the crypto functions of the device itself (i.e. all encryption and signing is done by the token itself).

This is the safest option, but it has a number of limitations:

• released algorithms. For example, the same Rutoken (judging by their documentation) only supports GOST 28147-89 in hardware. All other algorithms, apparently, are already implemented in software, i.e. with the extraction of the private key from the repository.
• interface speed. Simple smartcards implement, as a rule, not the fastest hardware interfaces (most likely in order to simplify and reduce the cost of the device), for example, USB 1.1. And since you need to transfer the entire file to the device for signing / encryption, this can cause unexpected "brakes".

However (again, judging by the Rutoken documentation), tokens can also act simply as encrypted storage. For example, this is how they work in conjunction with CryptoPro CSP. Well, then the conclusion is obvious - since one software can access the keys, then another can do it.

Additional questions

To the list above, we need to add some more questions that should also be considered when deciding whether to switch to tokens:

• How are certificates updated? For example, neither on the Rutoken website (in the general sections and the forum), nor in the documentation did I find any mention of Rutoken's support for the Active Directory Key Distribution Service. If this is the case (and Rutoken itself does not provide other mechanisms for mass updating keys), then all keys need to be updated through administrators, which creates its own problems (because the operation is not trivial).
• what software used in the enterprise and requiring crypto functions:
  • can work through a crypto provider (some software uses its own implementation of crypto algorithms and requires only access to keys)
  • can use cryptographic providers other than the standard ones
• what additional software (in addition to token drivers) will need to be installed on workstations and servers. For example, the standard Microsoft certificate authority does not support generating keys for GOST algorithms (and the token may not work with others).

The protection of electronic documentation, as many people probably know, is provided by an electronic digital signature. It is thanks to the electronic signature that documents stored in electronic form acquire the same legal force as paper documents sealed with a seal and a handwritten signature. That is why the storage of EDS, from theft or falsification, for the owner of the certificate should be a paramount task in organizing everything electronic document management.

As practice shows, storing an EDS on a disk, flash drive or registry of your working computer is not only far from safe, but can also create a number of unnecessary difficulties, since the key is encrypted directly on the user's computer, which means that the information is practically not protected at all, and Almost anyone can access it. In addition, disks and flash drives, as in principle any other storage medium, can be corrupted by intruders, and all information stored on them is lost, which is why today there is an urgent need for safer and more reliable storage media.

Experts advise storing EDS on special tokens, which must be said to have a large number of undeniable merit. Outwardly, the tokien looks like a standard flash drive, but it significantly surpasses it in terms of memory. In addition, encryption occurs directly on the token, and access to the information placed on it is possible only after the user enters the PIN code.

Hacking or picking up a PIN code is almost impossible, besides, all eTokens have counters failed attempts to enter a password, after the allotted limit ends, the PIN-code is blocked. The pin is never transmitted along with the data over the network, which means it is impossible to intercept it. Such a token can serve its owner from five to twenty years. By appearance it resembles a small keychain that connects to computers via a USB port and does not require wires, power supplies or special readers.

In addition to eToken, EDS can be stored on Rutoken, these two media differ in the amount of protected memory and the manufacturer. Rutoken, as the name implies, is produced in Russia and has an average of about 32 gigabytes of memory, if desired, up to 7 electronic signature keys can be stored on it.

Any loss important information can result in the most serious consequences, which is why it is necessary to store EDS keys on durable, convenient and secure media that will avoid the lengthy procedure for creating a new certificate and electronic signature key.

All you can see the tariffs for electronic signatures

In chapter .

INSTRUCTIONS

electronic digital signature

FGBU PGN

Terms and Definitions

Information Security Administrator- a person who organizes, ensures and controls the fulfillment of information security requirements when exchanging electronic documents. IN staff structure ITC FGBU PGN

Electronic digital signature (EDS)- details of an electronic document designed to protect this electronic document from forgery, obtained as a result of cryptographic transformation of information and allowing to identify the owner of the key, as well as to establish the absence of distortion of information in the electronic document.

Private signing key– a unique sequence of characters known to the owner of the certificate and designed to create an electronic digital signature in electronic documents using digital signature tools.

Signing public key- a unique sequence of characters corresponding to the private key of the signature, available to any user of the information system and intended to confirm the authenticity of the EDS in an electronic document.

Signing key certificate(certificate) – a document on paper or an electronic document that includes an EDS public key and which is issued by a certification authority to confirm the authenticity of the EDS and identify the owner of the certificate.

Carrier of key information (key carrier)- a material carrier of information containing a private key for signing or encryption.

Encryption - a method of protecting information from unauthorized access due to its reversible transformation using one or more keys.

2. General provisions

2.1. This Instruction is intended for users of automated systems using electronic digital signature (EDS) tools.

2.2. An electronic digital signature is legally equivalent to a living signature of its owner.

2.3. Cryptographic protection methods make it possible to ensure the protection of the integrity and authorship of electronic information using EDS. The impossibility of entering information on behalf of someone else (the impossibility of forging an EDS) is guaranteed when the private key of the EDS of users is kept secret.

2.4. The instruction contains the basic rules for handling electronic document management systems and EDS keys, the strict implementation of which is necessary to ensure the protection of information when exchanging electronic documents.

2.5. Persons admitted to work with EDS keys bear personal responsibility for the security (keeping secret) of the private keys of the signature and are obliged to ensure their safety, non-disclosure and non-distribution, bear personal responsibility for violation of the requirements of this Instruction.

2.6. Continuous organizational support for the functioning of automated workstations (AWS) with EDS involves ensuring strict compliance by all users with the requirements of the security administrator.

2.7. The work with EDS and encryption keys is coordinated by the security administrator (the person responsible for information security). The security administrator instructs users on the rules for making, storing, handling and operating keys, which is recorded in the appropriate log (see Appendix).

3. EDS generation procedure

3.1. The procedure for generating an EDS is regulated by the relevant Regulations of the Certification Authority.

3.2. The owners of the EDS and responsible executors of the EDS are appointed by order of the director of the institute or by order of the heads of the institute's branches (see Appendix).

3.3. The user with the EDS right (responsible EDS executor) develops, independently or accompanied by a security administrator, a personal public signature key, as well as a request for a public key certificate (in electronic form and on paper).

3.4. EDS certificates and the EDS themselves are issued to the responsible official of the institute, its branches and subdivisions by proxy, in accordance with the relevant Regulations of the certification center.

3.5. Formation of private keys for signature and encryption is carried out on the accounted removable media:

floppy disk 3.5'';

3.6. Private keys are made in 2 copies: reference and working copies. In daily work, a working copy of the key carrier is used. Keys are valid for 1 year from the date of issue of the certificate.

3.7. Under no circumstances should EDS keys be stored on the hard disks of the workstation.

The procedure for storing and using EDS

4.1. The right of access to workplaces with installed software for EDS tools is granted only to those persons who, by order of the director of the institute or by order of the heads of its branches, have been appointed responsible executors of EDS (see Appendix) and they have been granted authority to operate these tools.

4.3. IN without fail to store key media in the room, a factory-made metal storage (safe, cabinet, section) equipped with a device for sealing it should be used. The sealing of the repository must be carried out with the personal seal of the responsible executor of the EDS or its owner.

4.4. Storage of key media is allowed in the same storage with other documents and key media, but separately from them and in packaging that excludes the possibility of secret access to them. To do this, key carriers are placed in a special container, sealed with a personal metal seal of the responsible executor or EDS owner.

4.5. Transportation of key media outside the organization is allowed only in cases related to production necessity. Transportation of key media should be carried out in a way that excludes their loss, substitution or damage.

4.6. On technical means equipped with digital signature means, only licensed software from manufacturers should be used.

4.7. Measures should be taken to exclude unauthorized access by unauthorized persons to the premises in which technical means EDS.

4.8. It is forbidden to leave without control the computing facilities on which the EDS is operated after the key information has been entered. When the user leaves the workplace, the automatic activation of the password screen saver should be used.

4.9. Responsible executors of the EDS are required to keep a log of key documents and fill it out in a timely manner (see Appendix).

4.10. Key information contains information of a confidential nature, is stored on duly accounted media and is not subject to transfer to third parties (see Appendix).

4.11. Carriers of key information refer to tangible media containing restricted information and must be accounted for in accordance with the relevant accounting forms (see Appendix).

4.12. Formation of private keys for signature and encryption is carried out on the accounted removable media:

floppy disk 3.5'';

ID Touch-Memory DS1993 - DS1996;

Rutoken identifier, etc.

4.13. Private keys are made in 2 copies: reference and working copies. In daily work, a working copy of the key carrier is used. Keys are valid for 1 year from the date of issue of the certificate.

4.14. Under no circumstances should EDS keys be stored on the hard disks of the workstation.

4.15. In case of physical damage to the working copy of the key carrier, the user immediately notifies the security administrator about it. The security administrator, in the presence of the user, makes the next working copy of the key carrier from the master copy, reflecting the actions performed in the appropriate accounting forms.

4.16. The key carrier is removed from the sealed container only for the duration of work with the keys. Before opening the container, it is necessary to check the integrity of the seal and its ownership. IN non-working time the sealed container with key media must be kept in storage.

4.17. If it is necessary to temporarily leave the premises where work is carried out using the EDS, the key carrier must be placed back in the container and sealed.

· carry out copying of key media unauthorized by the security administrator;

· disclose the contents of key media and transfer the media themselves to persons who are not allowed to access them, as well as display key information on a display and printer;

· use key carriers in modes not provided for by the rules for using the EDS, or use key carriers on third-party PCs;

· write extraneous information on key media.

The procedure for destroying keys on key carriers

5.1. By order of the director of the institute or the heads of its branches and divisions, a commission for the destruction of key information should be created.

5.2. Keys must be deactivated and destroyed in the following cases:

planned change of keys;

· changing the details of the responsible executor (owner) of the EDS;

Key compromise

failure (wear and tear) of key carriers;

· Termination of powers of the EDS user.

5.3. Keys can be destroyed by physically destroying the key medium on which they are located, or by erasing (destroying) the keys without damaging the key medium. The keys are erased according to the technology adopted for the corresponding key reusable media (floppy disks, Touch Memory, Rutoken, etc.). Direct actions to erase key information are regulated by operational and technical documentation.

5.4. Keys must be destroyed no later than 10 days after their withdrawal from validity (expiration). The fact of destruction is documented by an act (see Appendix) and reflected in the relevant accounting forms (see Appendix). A copy of the act must be transferred to the Information and Information Center to the information security engineer no later than 3 days after the destruction of key information.

Key Compromise Actions

6.1. Key compromise is the loss of confidence that the keys used ensure the security of information.

6.2. Key compromise events include, but are not limited to, the following:

loss of key carriers;

loss of key carriers with subsequent detection;

violation of the rules of storage and destruction (after the expiration of the key);

the emergence of suspicions of information leakage or its distortion;

Violation of the seal on the container with key carriers;

· cases when it is impossible to reliably establish what happened to the key carriers (including cases when the key carrier failed and the possibility that this fact occurred as a result of unauthorized actions of an attacker has not been conclusively refuted).

6.3. When the key is compromised, the user immediately stops the exchange of electronic documents with other users and notifies the security administrator and the information protection engineer of the Institute's Information Technology Center about the fact of compromise.

6.4. Upon the fact of compromise of keys, it should be carried out an official investigation with the notice of compromise.

6.5. The fact of compromise of the private keys of the signature must be confirmed by the official notification of the institute to the Certification Center about the compromise in writing. The notification must contain the identification parameters of the certificate, the date and time of the compromise, the nature of the compromise, the signature of the signature key owner, the signature of the head, and the seal of the institute or its branch.

6.6. The compromised keys that have been taken out of action are destroyed (see clause 5.2 of this Instruction), which is recorded in the EDS register (see Appendix).

Responsibilities of the Information Security Administrator

7.1. The security administrator seals the system blocks of workstations with the installed EDS tool, which excludes the possibility of unauthorized changes in the hardware of workstations. At the same time, the number of the seal is entered in the Personal Computer Registration Card and in the Journal of Requests for Repair personal computers and office equipment.

7.2. The security administrator instructs the Users of electronic document management systems on the rules for handling EDS.

7.3. The security administrator controls the integrity of the hardware and software products used for electronic document management systems that use EDS.

7.4. Control over the correctness and timeliness of routine work with the EDS is carried out by the Security Administrator and authorized persons Certification Center.

7.5. The security administrator exercises continuous control over all actions of the Users of electronic document management systems that use EDS.

7.6. At least 2 times a year, the Information Security Administrator checks all user workstations used for electronic document management systems for compliance with the requirements of the current Regulations of Certification Centers and this Instruction.

Responsibilities of EDS Responsible Executives

8.1. Responsible executors of the EDS when working with key documents must be guided by the provisions of the relevant Regulations of the Certification Center and these Instructions.

8.2. The responsible executors of the EDS are obliged to organize their work on the generation of the EDS in full compliance with the provisions of the relevant Regulations of the Certification Authority and clause 3 of this Instruction.

8.3. Responsible executors of the EDS are obliged to organize their work with key documents in full accordance with clause 4 of this Instruction.

8.4. Destruction of key information from a key carrier can only be carried out in full compliance with the provisions of the relevant Regulations of the Certification Center and clause 5 of this Instruction.

8.5. In case of any changes in the details of the EDS (scheduled change of keys, change in the details of the owners or Responsible executors, generation of a new EDS, etc.) within 3 days, the Responsible executors of the EDS are obliged to provide the Information Security Administrator with the following documents:

◦ a copy of the Order on the appointment of the Owners and Responsible Executives of the EDS;

◦ a copy of the Certificate of the new EDS;

◦ a copy of the Act for the destruction of EDS keys (see Appendix).

8.6. Responsible executors of the EDS are obliged to comply with the requirements of the Information Security Administrator in terms of ensuring the information security of the Institute, its divisions and branches.

Responsibilities of Clinical Technicians

9.1. Clinic technicians are not direct participants in the electronic document management and cannot be admitted to key documents.

9.2. If it is necessary to carry out Maintenance or other work on the workstations of the responsible executors of the EDS associated with the violation of the integrity of the seal on the system units, the technicians of the clinics must make a note in the Journal of requests for the repair of personal computers and office equipment about the failure of the seal indicating its number. After the necessary work The technician seals the system unit with a numbered seal indicating its number in the Journal of requests for the repair of personal computers and office equipment and Account card personal computer.

9.3. At least once a month, clinic technicians are required to check the availability of updated information about the EDS in the relevant Key Document Logs (maintained by the Responsible Executives of the EDS, in accordance with clause 4.9 of this Instruction) and inform the Information Security Administrator about all updated information about the EDS.

Application

according to the rules for handling key documents

electronic digital signature

for the destruction of EDS keys (encryption)

"_____" ____________________ 200__

Commission, ________________________________________________________________________

(name of organization, number and date of order)

consisting of: Chairman ________________________________________________________________,

and members of the commission __________________________________________________________________________

in the presence of the CA user due to ______________________________________________

(expiration, termination of authority, compromise)

prepared key documents for destruction erasing key information:

Table 1.*

Key carrier	Account number	Ex. No.	Requisites certificate

The Commission found that when preparing the data, the information from the GMD indicated in Table. 2 is not readable. The listed HMD are not suitable for further use and are subject to destruction shredding magnetic disks.

Table 2.*

Key carrier	Account number	Ex. No.	Requisites certificate	FULL NAME. EDS key certificate owner

Commission members:

____________________________ ________________________________________________ (signature) (full name)

"I Permit to Destroy"

____________________________________

(Head of the organization)

____________________________________

(signature) (full name)

MP "_____" ____________ 200__

Key documents listed in Table. 1 are destroyed by erasing key information by double formatting.

Key documents listed in Table. 2, destroyed by the method of grinding magnetic disks.

Commission members:

____________________________ ________________________________________________ (signature) (full name)

____________________________ ________________________________________________ (signature) (full name)

Act copy. No. 1 - in business

Act copy. No. 2 - to the RSIBI department of the UFC.

* Note: Table 1 is filled in when deleting key information from the KMT.

Table 2 is filled in when the key carrier is destroyed.

Application

according to the rules for handling key documents

electronic digital signature

Form of the Order on the appointment of the Owners and Responsible executors of the EDS

"____" ______________ 201 No. _________

On the appointment of owners and responsible executors digital signature

In order to ensure control over the integrity of transmitted electronic documents using an electronic digital signature (EDS) on ((name of the electronic document management system))

I ORDER:

1. Appoint the main owner of the EDS ((position, full name of the EDS owner))

2. Appoint a responsible executor and entrust the performance of duties for setting up an EDS on electronic documents ((name of the electronic document management system)), ((position, full name of the responsible executor of the EDS)).

3. All actions officials related to the electronic document management system ((name of the electronic document management system)) in relation to this system, organize in strict accordance with the current Regulations of the Certification Center and the requirements of the Instruction on the rules for handling key documents of the electronic digital signature of the FGU "Pyatigorsk GN".

4. I reserve control over the execution of this order

Director ((signature)) ((full name of director))

As a rule, the director or his deputy is appointed as the main owner of the EDS.

When switching to electronic document management with counterparties, an organization needs to think about how to maintain an archive in the future. On what media to store documents in electronic form and how to confirm their legal significance?

In what format and on what media to store documents

What is the problem?

Various accounting, economic and personnel documents organizations should keep from several years to several decades. For example, primary accounting documents will have to be kept five years after the year in which they were last used for accounting purposes.

An electronic document must be readable even several years after its creation. The problem is that computer technology and software become obsolete, and editors and readers have new versions.

It is highly likely that a document that was created several years ago cannot be read due to the lack of the necessary device or program. For example, today it is difficult to read information from a 3.5-inch floppy disk, although 10 years ago it was a common storage medium.

The document must be stored in the format in which it was created. If you change the format, the electronic signature will not match the document. Accordingly, it will no longer be possible to prove its authenticity.

How to decide?

Periodic rewriting of information from outdated media to more modern ones will help to solve this problem. Concerning software, all major developers, when developing new versions of their products, support the formats of previous versions.

If the exchange was carried out through the service of the EDI operator, then the documents will be available at any time. Large operators store documents indefinitely in the "cloud" and allow them to be viewed, uploaded and receive data on the electronic signature certificate (EDS) with which they were signed. Only Internet access is needed.

How to confirm the legal significance of documents

What is the problem?

An electronic signature is used to identify the person signing a document and protects the document from changes after it has been signed. But the electronic signature certificate has a validity period of maximum 15 months, and it may take several years to confirm the validity of the electronic signature.

How to decide?

This problem is solved by the timestamp service offered by certification centers and some information systems. An additional attribute is added to the electronic signature at the time of its creation - a stamp, or a timestamp.

The service also attaches a list of currently revoked certificates to the signed document. By signing the list with an electronic signature, the service confirms that the signature is valid at the time of signing.

The authenticity of the signature in this case can be confirmed even after the expiration of the certificate itself. An electronic signature with a timestamp is called advanced. Such a signature not only simplifies the archival storage of electronic documents, but is also a condition for electronic document management with information systems some