Electronic digital signature (EDS)- this is a detail of an electronic document, intended to protect this electronic document from forgery, obtained as a result of cryptographic transformation of information using the private key of an electronic digital signature and allowing to identify the owner of the signature key certificate, as well as to establish the absence of distortion of information in the electronic document.
An electronic digital signature is a software-cryptographic tool that provides:
checking the integrity of documents;
confidentiality of documents;
identification of the person who sent the document.
Advantages of using an electronic digital signature
Usage digital signature allows:
significantly reduce the time spent on completing a transaction and exchanging documentation;
improve and reduce the cost of the procedure for preparing, delivering, recording and storing documents;
guarantee the accuracy of documentation;
minimize the risk of financial losses by increasing the confidentiality of information exchange;
build a corporate document exchange system.
Types of electronic digital signature
There are three types of electronic digital signature:
Simple electronic digital signature
Through the use of codes, passwords or other means, a simple electronic digital signature confirms the fact of the formation of an electronic signature by a certain person.
A simple electronic digital signature has a low degree of security. It only allows you to determine the author of the document.
A simple electronic digital signature does not protect a document from forgery.
Enhanced unqualified electronic digital signature
1) obtained as a result of cryptographic transformation of information using an electronic signature key;
2) allows you to identify the person who signed the electronic document;
3) allows you to detect the fact of making changes to an electronic document after its signing;
4) created using electronic signature tools.
A strengthened unqualified electronic digital signature has an average degree of protection.
To use an unqualified electronic signature, you need a certificate of its verification key.
Enhanced qualified electronic digital signature
A qualified electronic signature is characterized by the characteristics of an unqualified electronic signature.
An enhanced qualified electronic digital signature corresponds to the following additional signature characteristics:
1) the electronic signature verification key is indicated in the qualified certificate;
2) to create and verify an electronic signature, electronic signature tools that have received confirmation of compliance with legal requirements are used.
A strengthened qualified electronic digital signature is the most universal and standardized signature with a high degree of security.
A document endorsed with such a signature is similar to a paper version with a handwritten signature.
You can use such a signature without any additional agreements or regulations between participants in electronic document flow.
If a document has a qualified signature, you can accurately determine which employee of the organization put it.
And also to establish whether the document was changed after it was signed.
When are different types of signature used?
Simple electronic digital signature
The application of applicants - legal entities for state and municipal services is carried out by signing the application by an authorized person using a simple electronic signature.
The use of a simple electronic signature to receive a state or municipal service is permitted if federal laws or other regulations there is no prohibition on applying for state or municipal services in electronic form, and there is no established use of another type of electronic signature for these purposes
Enhanced unqualified electronic digital signature
Cases in which information in electronic form signed with a non-qualified electronic signature is recognized as an electronic document equivalent to a paper document signed with a handwritten signature are not defined in the Tax Code.
According to the Ministry of Finance, for tax accounting purposes, a document executed in electronic form and signed with a non-qualified electronic signature cannot be a document equivalent to a paper document signed with a handwritten signature.
Therefore, although business parties, in the presence of a legally valid agreement, can organize electronic document flow using an enhanced unqualified electronic signature, if there is a likelihood of disputes with the regulatory authority, the meaning of such documents is lost.
Enhanced qualified electronic digital signature
For some types of reporting, the use of a qualified signature is expressly defined by regulations.
For example, this order is established for:
annual financial statements, which must be submitted to Rosstat;
forms RSV-1 PFR;
reporting to the tax office - declarations.
An electronic invoice should be signed only with an enhanced qualified electronic signature of the manager or other persons authorized to do so by order (other administrative document) or power of attorney on behalf of the organization or individual entrepreneur.
An application for registration (deregistration) with the tax authority is certified only with an enhanced qualified signature.
Applications for a refund or credit of tax amounts are also accepted only if they are endorsed by an enhanced qualified electronic signature.
Electronic digital signature (EDS): details for an accountant
- Is it possible to use an electronic digital signature and a facsimile signature when preparing accounting documents?
Agreement of the parties. Electronic digital signature (EDS) Currently, relations in... details about the procedure for using types of EDS when signing accounting and...
- Electronic interaction between employee and employer when registering labor relations
What is an electronic digital signature (EDS) on personnel documents It will be possible... the list of documents signed with digital signature will be limited in order to protect the rights... of significant investments. High cost of issuing an electronic signature (taking into account the issuance of a qualified... Difficulty in obtaining digital signatures on a mass scale Impossibility of signing documents retroactively... transition to the use of new digital signature standards and hashing functions." It was assumed... transition to the use of new digital signature standards and functions hashing". Notice...
- What does the chief accountant risk: comparing work under the Labor Code of the Russian Federation and the Civil Code of the Russian Federation
Remembers who the electronic digital signature was issued for. The chief accountant explained that her...
- Formulas for determining standard values of key indicators of the economic value of enterprises
Type: annual digital signature indicators; periodic digital signature indicators; indicators of general digital signature. In its... three subtypes: indicators of pre-forecast digital signature; expected indicators of the forecast digital signature; expected (possible) ... subtypes) of the calculated regulatory indicators of the digital signature. Accepted digital signature meters are millions/thousands of monetary... economic units, and actual digital signature indicators are mandatory reporting indicators... . As noted above, EDS indicators characterize product productivity and/or service productivity...
- Business registration
Must be pre-purchased. The cost of such an electronic signature varies approximately from... the benefit to the founder is significant. If, for example, an electronic signature is purchased for 1000 rubles... they will be sent to you electronically, with an enhanced digital signature from the tax authority. The government services website provides...
- On the issue of definitions of the concepts of general, periodic and annual economic value of an enterprise
Ideas about the economic value of an enterprise (EDS), then the definition of this concept, based on... the cost of goods, is as follows: EDS IS THE CALCULATION RATE OF NET INCOME...
- Step-by-step instructions for obtaining a property deduction
Are you okay? Then enter the password for the EDS (electronic digital signature). If earlier... the password for the digital signature was not received, then save... in the sixth step, enter the password for the digital signature that you came up with when creating it...
- Electronic sick leave is a right, not an obligation
The CryptoPro EDS browser plug-in does not see the previously found sick leave...
- Preparation of invoices: first half of 2017
For these purposes, a strengthened qualified digital signature is used (clause 6). In accordance with... an electronic sample signed with an enhanced qualified digital signature of the head of the company is illegal. All in all...
- Procedure for paying VAT when importing goods from the Republic of Belarus
What is the procedure for paying VAT when importing goods from Belarus (including deadlines)? What reports need to be submitted to tax authority and the customs authority? What is the procedure for paying VAT when importing goods from Belarus (including deadlines)? What reporting needs to be submitted to the tax authority and customs authority? Having considered the issue, we came to the following conclusion: When importing goods from the Republic of Belarus (hereinafter referred to as the Republic of Belarus), the organization must pay VAT no later than the 20th day of the month following...
- Accounting registers in the form of electronic documents
If registers accounting(primary accounting documents) are generated electronically, what are the requirements for filling them out? If accounting registers (primary accounting documents) are generated electronically, what are the requirements for filling them out? According to clause 11 of Instruction No. 157n, accounting registers are compiled according to unified forms established within the framework of budget legislation. Let us remind you that currently the required forms...
Only an application is filled out (which is certified by the digital signature of the credit institution), a photograph is not required...
- Changes to the Law on the Contract System: clarifications from the Ministry of Finance regarding the transition period
As of July 1, 2018, certain provisions of federal laws dated December 31, 2017 No. 504-FZ “On amendments to the Federal Law “On the contract system in the field of procurement of goods, works, and services to meet state and municipal needs” and dated December 31, 2017, come into force No. 505-FZ “On amendments to certain legislative acts Russian Federation" In Letter No. 24-06-08/43650 dated 06/25/2018, the Ministry of Finance communicates its position regarding the transition period from 07/01/2018 to 01/01. ...
Topic “Electronic digital signature”
1. The concept of an electronic digital signature and its technical support
2. Organizational and legal support for electronic digital signature.
1. The concept of electronic digital signature and its technical
security
In the world of electronic documents, signing a file using graphic symbols loses its meaning, since a graphic symbol can be forged and copied an infinite number of times. Electronic Digital Signature (EDS) is a complete electronic analogue of a regular signature on paper, but is implemented not using graphic images, but using mathematical transformations over the contents of the document.
Features of the mathematical algorithm for creating and verifying digital signatures guarantee the impossibility of forging such a signature by unauthorized persons,
EDS is a requisite of an electronic document intended for protection of this document against counterfeit, obtained as a result of cryptographic transformation of information using a private EDS key and allowing to identify the owner of the key, and
also establish the absence of distortion of information in the electronic document.
The digital signature is a specific sequence of characters,
which is formed as a result of transforming the source document (or any other information) using special software. The digital signature is added to the original document when forwarded. The digital signature is unique for each document and cannot be transferred to another document. The impossibility of falsifying digital signatures is ensured by a significant number of mathematical calculations required for
her selection. Thus, upon receipt of a document signed with digital signature,
The use of digital signature ensures: simple resolution of disputes (registration of all actions of a system participant over time),
impossibility of changing the participant's application before the end date of the procurement.
In addition, digital signature contributes to: reducing costs for sending documents, quick access to auctions taking place anywhere in Russia.
Using an electronic signature is quite simple. No special knowledge, skills or abilities are required for this. Each digital signature user participating in the exchange of electronic documents,
unique open and closed (secret) are generated
cryptographic keys.
A private key is a private unique set information with a volume of 256 bits, stored in a place inaccessible to others on a floppy disk,
smart card, ru-token. A private key only works in tandem with a public key
Public key - used to verify the digital signature of received documents/files. Technically, this is a set of information with a volume of 1024 bits.
The public key is sent along with your letter signed with digital signature.
A duplicate of the public key is sent to the Certification Center, where a library of public EDS keys has been created. The library of the Certification Center ensures registration and secure storage of public keys to avoid attempts at forgery or distortion.
You place your electronic digital signature under the electronic document. In this case, based on the secret private key of the digital signature and the contents of the document, some big number, which is the electronic
the digital signature of a given user under a given specific document. This number is added to the end of the electronic document or saved in a separate file.
The signature includes the following information: name
signature public key file, information about the person who generated the signature, date of signature formation.
A user who has received a signed document and has an open EDS key the sender, based on the text of the document and the sender's public key, performs a reverse cryptographic transformation, ensuring verification of the sender's electronic digital signature. If the digital signature under the document is correct, this means that the document was actually signed by the sender and no changes have been made to the text of the document. Otherwise, a message will be issued that the sender's certificate is not valid.
Terms and Definitions: Electronic document- document, in
in which information is presented in electronic digital form.
Signing key certificate owner - an individual in whose name a signature key certificate has been issued by a certification center and who owns the corresponding private key of an electronic digital signature, which allows using electronic digital signature tools to create his own electronic digital signature in electronic documents
(sign electronic documents).
Electronic digital signature tools - hardware and (or)
software that ensures the implementation of at least one of the following functions - creation of an electronic digital signature in an electronic document using the private key of an electronic digital signature, confirmation using the public key of an electronic digital signature of the authenticity of an electronic digital signature in an electronic document, creation of private and public keys of electronic digital signatures signatures.
Certificate of electronic digital signature - a paper document issued in accordance with the rules of the certification system to confirm compliance of electronic digital signature means with established requirements.
Signing Key Certificate- a document on paper or an electronic document with an electronic digital signature of an authorized person of the certification center, which includes the public key of the electronic digital signature and which is issued by the certification center to the participant in the information system to confirm the authenticity of the electronic digital signature and identify the owner of the signature key certificate.
Signing Key Certificate User - individual,
using information about the signature key certificate received from the certification center to verify that the electronic digital signature belongs to the owner of the signature key certificate.
Public information system - an information system that is open for use by all individuals and legal entities and the services of which cannot be denied to these individuals.
Corporate information system - an information system, the participants of which may be a limited number of persons,
determined by its owner or by agreement of the participants of this
information system.
Verification Center- entity, performing the functions of: producing signature key certificates, creating electronic digital signature keys at the request of participants in the information system with a guarantee of keeping the private key of the electronic digital signature secret, suspending and renewing the validity of signature key certificates, as well as canceling them,
maintaining a register of signature key certificates, ensuring its relevance and the possibility of free access to it by participants information systems, checking the uniqueness of public keys of electronic digital signatures in the register of signature key certificates and the archive of the certification center, issuing signature key certificates in the form of documents on paper and (or) in electronic form
documents with information about their operation, carrying out, upon requests from users of signature key certificates, confirmation of the authenticity of an electronic digital signature in an electronic document in relation to the signature key certificates issued to them, providing information system participants with other services related to the use of electronic digital signatures.
At the same time, the certification center must have the necessary material and financial capabilities to allow it to bear civil liability to users of signature key certificates for losses that may be incurred by them due to the unreliability of the information contained in the signature key certificates.
2. Organizational and legal support for electronic
digital signature.
Legal support for electronic digital signatures should be understood not only as a set of legal acts,
ensuring the legal regime of digital signatures and digital signature means. This is a much broader concept. It only begins with the state law on electronic digital signatures, but develops further and subsequently covers all theoretical and practical issues related to e-commerce in general.
The world's first law on electronic digital signatures was adopted in March 1995 by the Legislative Assembly of the State of Utah (USA) and approved by the Governor of the state.
The law is called the Utah Digital Signature Act. The closest followers of Utah were the states of California, Florida, Washington,
where the corresponding legislative acts were soon also adopted.
The main goals of the first electronic signature law were proclaimed:
Minimizing damage from events of illegal use and forgery of electronic digital signatures;
providing a legal basis for the activities of systems and bodies for certification and verification of documents of an electronic nature;
legal support for e-commerce (commercial transactions carried out using computer technology);
giving legal character to some technical standards,
previously introduced by the International Telecommunication Union (ITU - International Telecommunication Union) and National Institute US standardization (ANSI - American National Standards Institute), as well as recommendations of the Internet Supervisory Board (IAB - Internet Activity Board),
expressed in RFC 1421 - RFC 1424.
The law consists of five parts:
The first part introduces basic concepts and definitions related to the use of digital signatures and the functioning of digital signature tools. It also discusses the formal requirements for the content of an electronic certificate certifying the ownership of a public key to a legal entity or individual.
The second part of the law is devoted to licensing and legal regulation activities of certification centers.
First of all, it stipulates the conditions that individuals and legal entities must satisfy to obtain the appropriate license, the procedure for obtaining it, the restrictions of the license and the conditions for its revocation. An important point This section provides the conditions for recognizing the validity of certificates issued by unlicensed certifiers if the participants in an electronic transaction have expressed joint trust in them and reflected it in their agreement. In fact, the legal regime of the network certification model discussed above is fixed here.
The third part of the law formulates the responsibilities of certification centers and key owners. In particular, the following are considered here:
procedure for issuing a certificate;
the procedure for presenting the certificate and public key;
conditions for storing the private key;
actions of the certificate owner when a private certificate is compromised
certificate revocation procedure;
certificate validity period;
conditions for releasing the certification center from liability for the misuse of the certificate and digital digital signature;
the procedure for creating and using insurance funds,
intended to compensate for damage to third parties resulting from the unauthorized use of digital signatures.
The fourth part of the law is directly devoted to digital signatures.
Its main point is that a document signed with a digital signature has the same force as a regular document.
signed with a handwritten signature.
IN The fifth part of the law deals with the interaction of certification centers with administrative authorities, as well as the procedure for the functioning of so-called repositories - electronic databases that store information about issued and revoked certificates.
IN In general, the Utah digital signature law differs from other similar legal acts in its high detail.
The German Electronic Signature Act (Signaturgesetz) was introduced in 1997 and was the first European legislation of its kind. The purpose of the law is to create general conditions for such use of an electronic signature in which its forgery or falsification of signed data can be reliably established.
The Law contains the following main directions:
establishing clear concepts and definitions;
detailed regulation of the procedure for licensing certification bodies and the procedure for certifying public keys of users of digital signature tools ( legal status, the order of functioning of the centers
certification, their interaction with government agencies and other certification centers, requirements for a public key certificate for an electronic signature);
Consideration of issues of digital signature and data security,
signed with its help, from falsification;
The procedure for recognizing the validity of public key certificates.
The German Electronic Signature Act is regulatory in spirit.
Unlike the similar law in Germany, the US Federal Electronic Signature Act is a coordinating legal act. This is due to the fact that by the time it was adopted, the relevant regulatory legislation had already taken shape in most individual states.
As can be seen from the name of the Law (Electronic Signatures in Global and National Commerce Act), its main purpose is to ensure the legal regime of digital electronic signatures in electronic commerce. The signing of the Law by the President of the United States took place on the day of the national holiday - July 4, 2000 (Independence Day), which should give this legislative act special significance. According to observers, the adoption of this law symbolizes the entry of humanity into a new era - the era of e-commerce.
responsible for the functioning of its infrastructure. Without focusing on the specific rights and responsibilities of certification centers, which are given special attention in the laws of other countries, the US Federal Law refers them to the concept of digital signature infrastructure and in the most general outline stipulates the interaction of elements of this structure with government bodies.
In Russia, with the main provisions of the Federal Law on
Electronic signature can be found in the example of the project. According to the draft, the Law consists of five chapters and contains more than twenty articles.
The first chapter discusses the general provisions relating to the Law.
Like similar laws in other countries, the Russian bill relies on asymmetric cryptography. The main purpose of the Law is to provide legal conditions for the use of digital signatures in electronic document management and implementation of services for certification of digital signatures of participants in contractual relations.
The second chapter discusses the principles and conditions for using an electronic signature. Here, firstly, the possibility is expressed, and secondly,
the conditions for the equivalence of handwritten and electronic signatures are given.
In addition, special attention is paid to the characteristic advantages of digital signature:
a person can have an unlimited number of private EDS keys, that is, create different electronic signatures for himself and use them in different conditions;
all copies of the document signed with an electronic signature have the force of the original.
The draft Russian Law provides for the possibility of limiting the scope of application of digital signatures. These restrictions may be imposed by federal laws, as well as introduced by the participants in electronic transactions themselves and reflected in agreements between them.
The provision of the article on digital signature means is interesting, which enshrines the statement that “digital signature means do not belong to the means
ensuring the confidentiality of information." Actually this is not true. By their nature, digital signature tools based on asymmetric cryptography mechanisms, of course, can be used to protect information. It is possible that this provision is included to avoid conflicts with other regulations that restrict the use of cryptography in society.
An important difference from similar laws of other states is
the provision of the Russian bill that the owner of the private key is liable to the user of the corresponding public key for losses arising in the event of improperly organized protection of the private key.
One more distinctive feature The Russian bill is a list of requirements for the format of an electronic certificate. Along with the generally accepted fields that we discussed above, the Russian legislator requires the mandatory inclusion in the certificate of the name of the digital signature means with which this public key can be used, the certificate number for this means and its validity period,
the name and legal address of the certification center that issued this certificate, the license number of this center and the date of its issue. IN
foreign legislation and international standards we do not find such requirements detailed description EDS software, with
which generated the public key. Apparently, this requirement of the Russian bill is dictated by the country's security interests.
Mass use of software, the source code of which has not been published and therefore cannot be examined by specialists, poses a public threat. This applies not only to digital signature software, but also to any software in general, starting with operating systems and ending with application programs.
The third chapter examines the legal status of certification centers (in
terminology of the bill - certification centers of public keys and electronic signatures). In Russia, the provision of electronic signature certification services is a licensed activity that can only be carried out by legal entities. Electronic signature certificate government agencies can only be carried out by state certification centers.
By its nature, the structure of certification bodies is
Currently, electronic digital signatures are widely used and used both in the internal document flow of companies and when transferring documents to government agencies, for example, the tax office. In addition, electronic digital signatures are actively used in government procurement by both customers and suppliers. In the article let's get acquainted with the history to the emergence of an electronic signature,Let's look at what an electronic signature looks like, its application and practice of use.
1. History of electronic signature
Thirty years ago in 1976, Whitfried Diffie and his co-author, Stanford professor Martin Hellman, pioneered public key cryptography, which is based on a key exchange algorithm. It arose on the basis of the idea of transmitting information from one subject to another subject so that outsiders, having access to it, could not understand it. Until our time, technology has undergone changes, even what an electronic digital signature looks like. But since the publication of their research, the use of an electronic digital signature (EDS) began. Electronic signature as a technology came to Russia in the early 90s and was introduced in 1995. These changes were made to the Civil Code of the Russian Federation. Where Article 160, paragraph 2, provided for the use of an electronic signature when registering transactions, as an analogue of a handwritten signature (HSA).
This protection technology has become of interest to our domestic banks. Among the first was the Central Bank of Russia, in addition to other credit institutions. An electronic digital signature has found application to protect information systems in such organizations, allowing secure data transfer, for example, in bank-client systems. Until 2002, protecting the transmission of information was the main purpose of using an electronic signature.
2. Legal significance of electronic digital signature.
As the problem of protecting the information space and the use of electronic signatures for this significantly expanded, the corresponding law “On Electronic Signatures” No. 63-FZ of 04/06/2011 was developed, which would regulate work with data encryption and expand the scope of application of electronic signatures. This made it possible to create electronic document management.
The use of electronic signatures is regulated by the state on federal level with the help of two laws Federal Law No. 1 and Federal Law No. 63, which help resolve disputes in civil law relations.
The bill was adopted because the Civil Code only gave permission to use an electronic signature, as an analogue of a handwritten signature with significant restrictions. This law also regulated the resolution of legal disputes, as previously it was difficult due to the lack of authorities responsible for the authenticity of electronic signatures. Although there were earlier court proceedings in which a computer document appeared as evidence (a 1979 case of computer theft of 78 thousand 584 rubles in Vilnius). Then there was a trial in 1982 in the city of Gorky (a case of grand theft).
The most important shift in the adoption of the EDS law was the legal acceptance of an electronic document as equal to a paper document. In the United States, the law on the use of digital electronic signatures was adopted in 1995 in the state of Utah.
The Federal Law on Electronic Digital Signatures has shortcomings in its wording. They increase the risk of using an electronic signature, so detail and more precisely defined terms of agreements are necessary. An example of this is Article 4 of the EDS Law, which establishes three conditions for the equivalence of a handwritten signature. One of them is very controversial, since it indicates that the certificate is valid at the time of signature or at the time of verification. This ambiguity of interpretation requires further clarification. Although any law is controversial, the digital signature law is no exception. IP organizers today successfully compensate for these shortcomings at the level of agreements between the parties. The main disadvantage of this law is that it is not a direct law.
In Russia, when the law on digital signatures was adopted, developers had certain difficulties. All certified cryptographic information protection tools were incompatible with each other. Moreover this problem before the emergence of certification centers was not as acute as after their appearance. Often, a certificate issued by one certification authority was not recognized by another certification authority.
This problem was partially solved by signing an agreement, which stated that the format of encrypted messages and the public part of the key would be developed by Crypto-Pro LLC. The agreement was signed directly by Crypto-Pro LLC, FSUE STC Atlas, Factor-TS LLC, Infotex OJSC and MO PNIEI CJSC. So the problem was partially solved, but it did not disappear completely, although most of the developers of the electronic signature in Russia formally or officially joined this agreement.
3. Concept and definition of electronic digital signature. Using an electronic signature
An electronic digital signature (abbreviated as ES) is a special standard of a document attribute that excludes the destruction of data transmitted in an electronic document from the moment the ES is completed and confirms the relationship of the ES to such owner. The attribute content is generated using cryptographic data transformation.
Electronic digital signature certificate is an attribute that proves the relationship of the public key (the key that is being verified) of the electronic signature to the owner of the certificate.
Certificates are issued by certification authorities (CAs) or their authorized representatives.
The owner of an electronic signature certificate is, as a rule, an individual for whom an electronic signature certificate is issued at a certification center, regardless of the legal form of the organization. For such an individual, the certificate on electronic media includes two electronic keys: private and public.
The private key of the electronic digital signature (ED key) generates the electronic signature with which the electronic document will be signed.
An electronic digital signature is formed by encrypting the information contained in the document. It represents a unique sequence of characters and is located in the body of the signed file or attached to it.
When purchasing a certificate, an organization or owner must ensure its security and must protect the private key from theft.
The public key of the electronic digital signature (digital signature verification key) and the private key of the digital signature are interconnected. The private key is intended to verify the authenticity of the digital signature.
For this purpose, digital signature media with an encrypted file system were developed. It has a key container that limits the number of attempts to decrypt the file system and the container itself. Smart cards and USB tokens are actively used for this. In order to start using such a device, you need to connect the device to your computer and enter your personal PIN code. Entering such a PIN code has a limited number of entries (usually three), after attempts have been exhausted the device is blocked.
A high level of private key protection is currently provided by Aladdin e-Token and Rutoken. Interaction with the private key occurs on the device's storage chip, i.e. the key never leaves him. This prevents the key from being intercepted from RAM.
4. Qualified and unqualified electronic digital signature and their varieties
Simple electronic digital signature- belongs to an individual to confirm the signing of documents. But there is no way to determine whether the electronic document itself has changed, i.e. its contents. It is intended for electronic document management within the company.
Enhanced electronic digital signature- after the amendments to the law on electronic signatures, such a signature began to have varieties.
Enhanced unqualified electronic digital signature- the function of this enhanced unqualified electronic digital signature is to identify the sender. Such an electronic signature can be obtained even in non-accredited centers. Documents signed using an electronic signature are equivalent to paper documents signed by hand.
Enhanced Qualified Signature- this signature applies the highest degree of protection, since it is formed by means of cryptographic protection, which can be used by certification centers with an FSB license or by the FSB itself.
|
Signature Options |
Simple electronic digital signature |
Strengthened unqualified signature |
Enhanced Qualified Signature |
|
It is formed on the basis of codes, passwords, etc. |
|||
|
Formed on the basis of cryptographic modification of document data using an electronic digital signature key |
|||
|
It is possible to identify the owner of the document |
|||
|
It is possible to establish the fact of changes in electronic documents after they are signed |
|||
|
The maximum degree of protection - the electronic digital signature verification key is in a qualified certificate |
5. What does an electronic signature and media for it look like?
The Rutoken electronic identifier is a device aimed at authorizing the owner and protecting electronic correspondence. It looks like an electronic signature on a medium such as a USB keychain (flash drive).
eToken is a secure device that supports operation and integration with all major systems and applications, smart cards or USB keys.
The electronic digital signature itself looks like either an icon or an image of a seal. You can view the certificate and what the electronic signature looks like in your browser properties.
Before you sign WORD document or a letter from a mail server, you need to install an electronic signature on your computer. After this, you can sign the document.
For example, if there is a need to send a letter using an electronic signature, then after installation you need to go to > file > prepare > add a digital signature or > add a digital signature (CRYPTO-PRO)
When using an electronic signature, you can add an image of a seal or your signature to visualize it.
After signing the document, an icon will appear at the very bottom. This is what an electronic signature will look like in a WORD document.
An electronic signature can be added to email clients and Adobe Acrobat Pro to sign PDF files.
In Microsoft Outlook, signing with an electronic signature will look like this.
To add an electronic signature to applications, you may need to install additional software, for example, CryptoPro Office Signature. This is for WORD versions above 7 and for Adobe Acrobat Pro. Signing a pdf document using an electronic signature looks like this:
And this is what the electronic signature of the Tax Inspectorate looks like. As a rule, you can encounter it when receiving extracts from the Unified State Register of Legal Entities in electronic form. Banks use similar electronic signatures.
6. Where can I apply an electronic signature?
At the moment, there are many options for using an electronic signature.
For example, an electronic signature is used for electronic document management, both internal and external. With internal document flow, documents migrate within the organization. These are, for example, orders and instructions that employees need to familiarize themselves with and endorse their familiarization with.
With external document management, documents migrate between companies. For example, documents are transferred using an electronic signature in B2B or B2C systems.
If it is necessary to submit reports to regulatory authorities, or to be able to use the Client-Bank, an electronic signature is also used. To receive a full service on the State Services website, individuals must also purchase an electronic signature.
An electronic signature is a mathematical scheme designed to show authenticity emails or documents. A valid digital signature provides every reason for the recipient to believe that the message was created by a known sender, that it was actually sent (authentication and non-repudiation), and that the message was not altered in transit (integrity).
Answering the question: “EDS - what is it?” - it is worth noting that they are a standard element of most cryptographic protocol sets and are usually used for software distribution, financial transactions, and also in many other cases where it is important for detecting forgery or falsification.
Digital signatures are often used to implement electronic signatures. This is a broader term that refers to any data electronic type. However, not every electronic signature is digital.
Digital signatures use asymmetric cryptography. In many cases they provide a certain level verification and security for messages that were sent over an insecure channel. When properly implemented, a digital signature allows one to believe that a message was sent by the intended sender. Digital seals and signatures are equivalent to handwritten signatures and real seals.
EDS - what is it?
Digital signatures are similar to traditional handwritten signatures in many ways and are more difficult to forge than handwritten signatures. Digital signature schemes have cryptographic underpinnings and must be implemented properly to remain effective. How to sign a digital signature document? You need to use 2 paired crypto keys.
Digital signatures can also implement the principle of non-failure operation. This means that a subscriber cannot successfully claim that it did not sign the message. Additionally, some schemes offer a timestamp for the digital signature and even if the private key is compromised, the signature remains valid. Digital signatures can be represented as a bit string and can be used in e-mail, contracts, or a message sent using any cryptographic protocol.
Public key cryptography or digital signature structure
What it is? The digital signature scheme includes three algorithms simultaneously.
A key generation algorithm that selects a secret key uniformly and randomly from a set of possible private keys. It issues a secret key and a public key that goes with it.
A signature algorithm that, given a message and a private key, actually produces the signature.
A signature verification algorithm that takes into account the message, public key and signature and accepts or rejects the sending of the letter, determining the authenticity.
How to install digital signature?
In order to use a digital signature, it is necessary to provide it with two main properties. What should you consider before signing a digital signature document?
First, the authenticity of the signature generated from the fixed message and the private key can be verified using the corresponding public information.
Second, it must be computationally infeasible to guess the correct signature without knowing the secret key. A digital signature is an authentication mechanism that allows the originator of a message to attach a code that acts as a signature.
Using Digital Signatures
As modern organizations move away from paper documents with ink signatures, digital signatures can provide additional authentication and proof of document authorship, identity and status. In addition, a digital signature can be a means of demonstrating the informed consent and approval of the signatory. Thus, the digital signature for individuals- reality.
Authentication
Although the letters may include detailed information, it is not always possible to reliably determine the sender. Digital signatures can be used to authenticate the origin of messages. When the EDS secret key is linked to a specific user, this confirms that the message was sent by them. The importance of trusting that the sender is genuine is especially evident in financial sectors.
Integrity
In many scenarios, the sender and recipient of an email need to be sure that it has not been altered in transit. Although encryption hides the contents of the sent object, it is only possible to change the encrypted message without understanding its meaning. Some can prevent this, but not in all cases. In any case, checking the digital signature during decryption will reveal a violation of the integrity of the letter.
However, if the message is digitally signed, any change to it after signing will disavow the signature. Moreover, there is no effective method change the message and produce a new one with a valid signature because this is considered computationally impossible.
Non-repudiation
Non-repudiation or the impossibility of denying the origin of a letter is an important aspect in the development of digital signature. What it is? This means that the entity that submitted some information cannot subsequently deny that it signed it. Likewise, access to the public key prevents attackers from forging a valid signature. The use of digital signature for individuals has the same consequences.
At the same time, attention should be paid to the fact that all the properties of authenticity, reliability, etc. depend on a private key, which must not be revoked before it is used. Public keys must also be revoked when paired with private keys after use. Checking the digital signature for “revocation” occurs upon a specific request.
Entering a secret key on a smart card
All public/private key cryptosystems rely entirely on keeping the data secret. The EDS secret key can be stored on the user's computer and be protected by a local password. However, this method has two disadvantages:
- the user can sign documents exclusively on this specific computer;
- The security of the private key depends entirely on the security of the computer.
A more secure alternative for storing the private key is a smart card. Many smart cards are tamper-resistant.
Typically, the user must activate their smart card by entering a personal identification number or PIN (thus ensuring that it can be arranged so that the private key never leaves the smart card, although this is not always implemented in crypto digital signatures.
If the smart card is stolen, the attacker will still need the PIN to create a digital signature. This somewhat reduces the security of this scheme. A mitigating factor is that the generated keys, if stored on smart cards, are generally difficult to copy and are assumed to exist in only one copy. Thus, when the loss of a smart card is detected by the owner, the corresponding certificate can be immediately revoked. Private keys protected only software, are easier to copy and such leaks are much more difficult to detect. Therefore, using digital signature without additional protection is unsafe.
Procedure for generating a digital signature
At the preparatory stage of this procedure, the subscriber A− message sender − generates a key pair: secret key k A and public key K A. Public key K A calculated from the secret key paired with it k A. Public key K A sent to other network subscribers (or made available, for example, on a shared resource) for use in signature verification.
To generate a digital signature, the sender A first of all calculates the hash value h(M) signed text M(Fig. 1). The hash function is used to compress the original signed text M to the digest m− a relatively short number consisting of a fixed small number of bits and characterizing the entire text M generally. Next is the sender A encrypts the digest m with your private key k A. The resulting pair of numbers represents a digital signature for the given text M. Message M together with the digital signature is sent to the recipient.
Fig.1. Scheme for generating an electronic digital signature
Network subscribers can check the digital signature of a received message M using the sender's public key K A this message (Fig. 2).
When checking the digital signature, the subscriber IN− message recipient M− decrypts the received digest m public key K A sender A. In addition, the recipient himself calculates using the hash function h(M) digest m' received message M and compares it with the decrypted one. If these two digests − m And m'− match, then the digital signature is genuine. Otherwise, either the signature is forged or the content of the message has been changed.
Fig.2. Electronic digital signature verification scheme
The fundamental point in the digital signature system is the impossibility of forging a user’s digital signature without knowing his secret signing key. Therefore, it is necessary to protect the private signing key from unauthorized access. The EDS secret key, similar to the symmetric encryption key, is recommended to be stored on a personal key carrier in a protected form.
An electronic digital signature is a unique number that depends on the document being signed and the subscriber’s secret key. Any file can be used as a signed document. A signed file is created from an unsigned file by adding one or more electronic signatures to it.
The digital signature structure placed in the file being signed (or in a separate electronic signature file) usually contains additional information that uniquely identifies the author of the signed document. This information is added to the document before the digital signature is calculated, which ensures its integrity. Each signature contains the following information:
date of signature;
· expiration date of the signature key;
· information about the person who signed the file (full name, position, short name of the company);
· signer identifier (public key name);
· the actual digital signature.
It is important to note that, from the end user's point of view, the process of generating and verifying a digital signature differs from the process of cryptographic closure of transmitted data in the following ways.
When generating a digital signature, the sender's private key is used, while encryption uses the recipient's public key. When verifying a digital signature, the sender's public key is used, and when decrypting, the recipient's private key is used.
Any person can verify the generated signature, since the signature verification key is public. If the signature verification result is positive, a conclusion is made about the authenticity and integrity of the received message, that is, that this message was actually sent by one or another sender and was not modified during transmission over the network. However, if the user is interested in whether the received message is a repetition of a previously sent one or whether it was delayed along the route, then he must check the date and time of its sending, and, if available, the sequence number.
Today there are a large number of digital signature algorithms.
