How to write the electronic signature key to the media. What is and how to get an electronic signature key? Application for legal entities

Key electronic signature is its main element. What is the purpose of this key and how can I get it?

What are EDS keys

An electronic digital signature is information in electronic form (clause 1, article 2 of the Law “On Electronic Signature” dated April 6, 2011 No. 63-FZ), which can supplement a particular file in order to verify its authorship, as well as confirm the fact the absence of changes in this file after its signing. The software shell, through which the corresponding information is generated, forms electronic key.

In this case, this key is classified into 2 types:

• open;
• closed.

Let's study their specifics.

What is a public key

The EDS public key is understood as a unique sequence of characters (clause 5, article 2 of Law No. 63-FZ), which is available to all users who wish to verify the signed EDS document for authorship and integrity. Typically, the public key is at the disposal of the recipient of files signed with an EDS.

EDS private key - what kind of tool is this

under closed electronic signature key it is understood, in turn, the sequence of characters by means of which the file is directly signed and its authorship and integrity are certified (clause 6, article 2 of law No. 63-FZ). Only the author of the file (or a person authorized to work with this file) has access to the private key.

open and closed electronic signature keys are interconnected: it is possible to verify the correctness of an EDS generated using a private key only using the corresponding public key. That is, they must have a common manufacturer (this may be a certification authority).

What is an electronic signature key carrier

Public and private keys are created using special cryptographic applications. They are located on a special medium - a hardware module that is well protected from unauthorized copying of data (for example, an eToken type device). It can only be used by a person who has the authority to sign certain files.

How to get an electronic signature key

Cryptographic applications, with the help of which the use of EDS keys is carried out, are issued by specialized certification centers. Many of them are accredited by the Ministry of Telecom and Mass Communications and are authorized to issue keys for a qualified electronic signature - the corresponding state standards in terms of information security.

Today, issuing authorities electronic signature, write down EDS key on special media. Only a certain person can have access to it. Often, Rutoken or Etoken acts as such a carrier.

Represents the physical medium on which the EP certificate. By appearance such a carrier resembles a conventional USB flash drive.

Rutoken is a compact and handy device. It is used for authorization on a personal computer and gaining access to the key. Due to its functions, this medium is able to secure the user's personal correspondence, any documentation and various information resources.

A device like Rutoken is able to bypass passwords of any complexity. Owner EDS now there is no need to write down your logins from sites anywhere and remember passwords. Now all digital information may be contained in electronic carrier. If necessary get access to your account to send documents should only be connected to a PC electronic signature carrier.

Select digital signature

The Etoken device is more secure than Rutoken. Issuing authorities give it for the purpose of control and reliable security keys required for authentication. Such electronic the carrier does not require additional special equipment for connection, as it is able to work with any major systems and software applications.

To store and use electronic key you don't have to use tokens. You can use such media as a flash drive, disk, and even mobile phone, but that would be unsafe. If the flash drive is lost or the phone is stolen, attackers will gain access to EDS, and with a token it is almost impossible to implement. To get access to the token, you must enter a special secret pin code that only the owner knows electronic signature.

Submit data via email document flow only the user who received EDS And electronic key carrier from certifying UC. The built-in memory of such devices includes:

• Private electronic keys for the formation of electronic signatures.
• The public keys needed to decrypt and verify received files.
• The certificate required to verify the EDS key.

Certification and security system electronic documents, is built on a certain principle of operation. With the help of a specialized program, the sender must form a closed EDS key, and then based on it create an open key. Thanks to him, the program encrypts document, and the recipient has the opportunity to check the presence electronic signature, decrypt the file and read it.

Recorded medium EDS electronic key, functions from a PC offline and contains all the information important for work. If you try to rewrite it to another device or hack, all digital information will be lost.

Very often, when several companies interact with each other, documentation is required, certified by a personal signature one of officials. Unfortunately, very often there is a situation when you urgently need to sign papers, but the manual cannot be found. Very handy in these cases. electronic signature contained on key carriers - tokens. With their help, you can perform various cryptographic operations so that all key private information does not leave the limits of the token. This eliminates the possibility of key compromise and makes it possible to increase the security of the entire system. Application EDS on the device token - it's fast, easy and convenient.

• Ensuring strong two-factor authentication for users in operating systems and business applications (Microsoft, Citrix, Cisco Systems, IBM, SAP, Check Point), for example,
  - to access data personal computer;
  - access to files located in local network provider or corporate network of the company;
  - organization of secure remote access (VPN), etc.;
• Secure storage of key information of Russian CIPF (CryptoPro CSP, Crypto-COM, Domain-K, Verba-OW, etc.);
• Protection of private keys electronically digital signature(EDS) of users in electronic document management systems, the formation of EDS documents and transactions, providing safe work with email;
• Protection of EDS private keys of users of remote control systems banking service.

Certified by FSTEC of Russia.

Rutoken Lite

Rutoken Lite devices are secure carriers of private keys of electronic signature for access to various resources, for electronic document management and remote banking services. On the Rutoken Lite key carrier, you can store secret keys or digital identifiers and read them if necessary upon presentation of the PIN code by the user. Rutoken Lite provides two-factor authentication in computer systems. Successful authentication requires the fulfillment of two conditions: the user's knowledge of a unique password - PIN-code and its possession of a unique object - the device itself. This provides much more high level security compared to traditional password access.

Certified by FSTEC of Russia.

JaCartaLT

JaCartaLT– USB token for two-factor authentication, secure storage of keys, key containers of certified Russian CIPF, user profiles and passwords, as well as license information of independent software developers. Storage of key containers for almost all software cryptographic information protection tools (CryptoPro CSP, VipNet CSP, etc.). Offered as USB tokens in a Nano package.

Certified by FSTEC of Russia.

JaCarta SE (for EGAIS)

The latest product of Aladdin R.D. – The JaCarta PKI/GOST/SE USB token is designed for electronic signature and strong two-factor authentication in specialized information systems.

JaCarta PKI/GOST/SE is both an electronic signature (ES) and a means of access to secure information resources specialized systems, and also serves as a secure repository of keys and key containers of software cryptographic information protection tools.
The USB token has increased operational durability due to the unique miniature plastic case. He is not afraid of dust and moisture.

Certified by FSTEC and FSB of Russia.

Rutoken EDS 2.0 (for EGAIS)

Electronic ID with hardware implementation Russian standards electronic signature, encryption and hashing. Provides secure storage of electronic signature keys in the built-in secure memory without the possibility of exporting them.

Rutoken EDS is designed for secure two-factor authentication of users, generation and secure storage of encryption keys and electronic signature keys, encryption and the electronic signature itself "on board" the device, as well as storage digital certificates and other data.

Functional key carrier (FKN)- This new technology, which allows to significantly increase the security of systems using an electronic digital signature.

Functional key carrier - the architecture of software and hardware products with a smart card or USB key, hardware-based implementation of Russian cryptographic algorithms for electronic signature and encryption (GOST R 34.10-2001 / GOST R 34.11-94, GOST 28147-89), which allows you to safely store and use private keys in a secure memory card or USB key.

IN Lately Increasing attention is paid to the security of storing private keys. Key containers on insecure media (such as floppy disks) are a thing of the past. But even the widely used key containers on secure media - USB keys and smart cards are subject to increasingly stringent requirements in the field of key protection.

Partially, these new requirements are met by USB keys and smart cards with hardware implementation of the signature, which are widely used in foreign practice. For example, USB keys and smart cards that meet PKCS#11 standards. But these standards were developed quite a long time ago and do not take into account the emergence of new threats, such as vulnerability to signature or hash value attacks in the communication channel between the microprocessor of the card (key) and the software on the computer.

Architecture Functional key carrier, offered by CRYPTO-PRO, implements a fundamentally new approach to ensuring the secure use of a key on a smart card or usb token, which, in addition to hardware key generation and the formation of an ES in the microprocessor of the key carrier, allows you to effectively resist attacks associated with the substitution of a hash value or signature in communication channel between the software and hardware of the CSP.

The main advantages of FKN are:

• increased user key confidentiality;
• the generation of ES keys, approval keys, as well as the creation of ES, takes place inside the FKN;
• performing cryptographic operations on elliptic curves directly by the key carrier, support for the Russian ES;
• enhanced data protection during transmission over an open channel, due to the use of mutual authentication of the key carrier and the software component using the original CRYPTO-PRO protocol based on the EKE (encrypted key exchange) procedure. In this case, it is not a PIN code that is transmitted, but a point on an elliptic curve;
• transmission of a hash value over a secure channel that excludes the possibility of substitution;
• at no time, except for the creation of the container, is the user's key stored either in the key container or in the memory of the cryptographic provider and are not explicitly used in cryptographic transformations. Accordingly, even a successful hardware attack on a key carrier will not help to find out the key;
• the possibility of signature substitution in the exchange protocol is excluded, the ES is generated in parts - first in the key carrier, then finally in the CSP;
• the key can be generated by the FKN or loaded from outside.

With the help of which it is possible to establish whether the information contained in an electronic document has been distorted since the moment the signature was formed, and also allows you to confirm that a particular document belongs to the owner.

Deciphering the basic concepts

Each electronic signature must be confirmed by a special certificate that certifies the identity of the owner. You can get a certificate in a special center or from a trusted representative.

The owner of the certificate is an individual to whom the certification center has issued an electronic signature certificate. Each owner has two signature keys: public and private. The private key of the ES allows you to sign electronic documents, which can be used to generate an electronic signature. It is kept secret, like a pin code from a bank card.

The function of the public key is to verify the authenticity of the signature on documents. It is associated with a closed "colleague" in a one-to-one order.

In law

The Federal Law "On Electronic Digital Signature" subdivides ES into several types: simple ES, enhanced unqualified and qualified ES. Using a simple electronic signature, you can confirm the fact of creating an ES for a specific person. This is done through the use of passwords, codes, and other means.

An enhanced unqualified digital signature is the result of a cryptographic transformation of information, which is performed using the private key of the electronic signature. With the help of such a signature, it is possible to establish the identity of the signer of the document, as well as to detect, if any, changes that have occurred since the signing of the papers.

Qualified signature

The enhanced qualified ES has the same features, however, to create it, the DS is checked using certified Federal Service security of cryptoprotection means. Certificates of such a signature can only be issued in an accredited certification center, and nowhere else.

According to the same law, signatures of the first two types are equivalent to a handwritten signature on a paper document. Between people performing any operation using ES, it is necessary to conclude an appropriate agreement.

The third type (qualified digital signature) is an analogue of not only a handwritten signature, but also a seal. Thus, documents certified by such a signature have legal force and are recognized by regulatory authorities (FTS, FSS and others).

Application for legal entities

Currently, EDS is most often used for a legal entity. Digital signature technology is widely used in electronic document management. The purpose of the latter can be different: external and internal exchange, documents can be of a personnel or legislative nature, organizational, administrative or commercial and industrial, in a word, everything that can only be signed and sealed. EDS registration must be carried out in an accredited center.

For internal workflow, a digital signature is useful in that it allows you to quickly initiate the fact of approval of papers organizing internal processes. EDS allows the director not only to sign documents while out of the office, but also not to store piles of papers.

In inter-corporate document management, an electronic digital signature is one of the most important conditions, because without it, digital papers have no legal force and cannot be used as evidence in the event of a lawsuit. An electronic document signed with an enhanced electronic signature retains its legitimacy even when stored in an archive for a long time.

Electronic reporting

EDS is indispensable for reporting to regulatory authorities. Many documents can be submitted to in electronic format instead of carrying a whole stack of forms. The client can not only choose the time and not stand in line, but also submit reports in a way convenient for him: through 1C programs, portals public institutions or separate software specially designed for this. EDS will be a fundamental element in such a process. For a legal entity that has received an electronic signature certificate, the main criterion should be the reliability of the certification center, but the method of its delivery is unimportant.

public services

Most citizens have come across the term "electronic signature" on various sites. One of the ways to verify an account, for example, on a portal that provides access to a set of public services, is confirmation by electronic signature. Moreover, digital signature for individuals allows you to sign any digital documents sent to a particular department, or receive signed letters, contracts and notifications. If the body executive power accepts electronic documents, then any citizen can send a digitally signed application and not waste their time submitting papers on a first-come, first-served basis.

UEC

An analogue of an EDS for individuals is a universal electronic card into which an enhanced qualified electronic signature is embedded. The UEC has the form of a plastic card and is an identification tool for a citizen. It is unique, like a passport. Through this card, you can carry out many actions - from paying and receiving public services, to replacing documents such as a medical policy and a SNILS card.

A universal electronic card can be combined with an electronic wallet, bank account and even a travel ticket, in a word, with any of the documents that can be accepted digitally. Is it convenient to carry only one document? or is it easier to store everything in the old way paper form? This issue will have to be resolved by every citizen in the near future, because technology is becoming more and more firmly rooted in our lives.

Other applications

Also, documents signed by ES are used to conduct electronic trading. The presence of a digital signature in this case guarantees buyers that the offers at the auction are real. In addition, contracts not signed with the help of the EOC have no legal force.

Electronic documents can be used as evidence when considering cases in arbitration court. Any certificates or receipts, as well as other papers certified by a digital signature or other analogue of a signature, are written evidence.

Document flow between individuals occurs mainly in paper form, however, it is possible to transfer papers or conclude contracts using ES. Remote workers can use a digital signature to electronically submit acceptance certificates.

How to choose a certificate

Since there are three types of electronic signature, citizens often have a question about which certificate is better. It should be remembered that any ES is an analogue of a handwritten signature, and on this moment The legislation of the Russian Federation establishes that a person has the right to use them at his own discretion.

The choice of a digital signature directly depends on the tasks that will be solved through it. If reporting is being prepared to the regulatory authorities, you will need to have qualified signature. For inter-corporate document management, a qualified electronic signature is also most often required, because only it not only gives documents legal force, but also allows you to establish authorship, control changes and the integrity of papers.

Internal document flow can be carried out with all types of digital signatures.

How to sign an EDS document?

The main question for those who need to use for the first time digital signature, is how the document is signed. Everything is simple with papers - I signed and gave it away, but how to do it on a computer? Such a process is impossible without the use of special software. The program for EDS is called cryptographic provider. It is installed on a computer, and already in its environment, various activities with forms.

There is quite big number crypto providers, both commercial and free. All of them are certified government bodies, however, if interaction with 1C:Enterprise is required, then the choice should be made on one of two products: VipNet CSP or CryptoPro CSP. The first program is free, and the second will need to be bought. You should also be aware that when installing two crypto providers at the same time, conflicts are inevitable, therefore, for correct operation, one of them will have to be removed.

Convenient, according to user reviews, an application for generating digital signatures is called CyberSafe. It not only allows you to sign documents, but also works as a certification center, that is, this program checks the digital signature. Also, the user can upload documents to the server, so the signed agreement or certificate will be available to all enterprise specialists who have access to the program, and there will be no need to send it to everyone by e-mail. On the other hand, you can also make it so that only a certain group of people get access.

EDO - mandatory or not?

Many enterprises have already appreciated that EDS is a convenience, and electronic document management (EDF) saves time, but whether or not to use it is an exclusively personal choice. For the implementation of EDI, it is not necessary to connect the operator, by agreement, you can use regular e-mail or any other method of electronic transmission of information, it all depends on the agreement between the participants in the exchange.

The organization of any electronic document management is associated with certain costs, in addition, you will have to install and configure a program for signing documents - a cryptographic provider. This can be done both on your own and use the services of specialists who install the software remotely, even without a visit to the client's office.

EPC in internal EDI

In the case of intercorporate turnover, the pros and cons are immediately clear, and positive sides in the clear majority. Among the shortcomings, one can note only the costs of the EDS key, the organization of software (even if this is a one-time waste), as well as minimizing personal meetings of company representatives and managers, but if necessary, a meeting can be organized.

But what will be useful electronic document management within the enterprise? How will the costs of supplying all employees with EDS keys be paid off?

Using digital documents saves time: instead of having to print first necessary paper, and then look for it among a pile of printouts or even go to another office, if a network printer is used, the employee can sign and send everything without getting up from the table. In addition, when switching to EDI, the cost of paper, toner and Maintenance printers.

Digital documents can also be a tool for maintaining confidentiality. An electronic signature cannot be forged, which means that even if an employee or manager has ill-wishers inside the company, they will not be able to perform any substitution of documents.

Often, innovations move slowly, so that it may be difficult for employees to get used to the new format of filing documents at first, but once they appreciate the convenience of the EDS, they will no longer want to return to running around with pieces of paper.

Psychological barrier

Electronic digital signatures have appeared relatively recently, so it is difficult for many to perceive them as a real analogue of the usual ones. paper documents. At many enterprises, a similar problem arises: employees simply do not consider the contract signed until the paper has a real seal and signature. They use scans from paper documents and easily lose their EDS key. To overcome this psychological barrier will help ... one more piece of paper. Officially certified by a "wet" signature, the provision on electronic document management will let employees understand that this is a serious thing, and digital documents should be treated the same way as analog ones.

Another problem may arise in the educational part. Many companies employ older workers. They are valuable personnel, experienced in their field, have a lot of experience, but it can be quite difficult for them to explain how to use an electronic digital signature, because they have just recently been mastering e-mail, and here everything is much more complicated, and even there are many nuances.

The task of training can be transferred to the IT department or to resort to the help of third-party specialists. Many companies provide computer training and courses for their employees, where they are explained the basics of working with e-mail and various programs. Why not include an application for generating digital signatures in this list?