What is the purpose of an EDS key certificate?

In addition to the traditional electronic signature, certification centers also issue a verification key certificate, which can be used to establish the authenticity of the issued digital signature. In what form is the electronic signature verification key certificate issued, what information does it contain? Is it possible to fully use an electronic signature in its absence?

Read in the article

Public key certificate for electronic digital signature verification - what is it, what is its purpose

The main purpose of an electronic signature verification key certificate is to confirm that the electronic signature belongs to a specific person, the so-called owner of the electronic signature. In practice, a certificate is a kind of passport of the owner of an electronic signature, which indicates the last name, first name, patronymic, SNILS - if the owner of the digital signature is an individual. Or name, location address, INN, OGRN, if the owner of the signature is an organization.

An EDS certificate with a unique number assigned to it is provided by the certification center in electronic form or on paper.

Requirements

Since the electronic signature key certificate is a guarantor of the authenticity of the digital signature, which in turn has legal force, it must be drawn up in strict accordance with the requirements and procedure provided for by Federal Law.

Selecting an electronic signature verification key certificate

There are qualified and unqualified EDS certificates. Their difference primarily lies in functionality. For example, an electronic signature with a non-qualified certificate can be used either by an individual - when working with a taxpayer’s personal account, or by supplier companies - when participating in electronic trading.

An electronic signature with a qualified certificate has a wider range of actions: starting from logging into the State Services portal and ending with the signing of any legally significant documents that do not require mandatory paper execution with a manual signature.

$C:\Users\Vova\Desktop\BUKHGURU\April 2018\56 1 Electronic signature verification key certificate WEB\proverka-ehlektronnoj-podpisi-onlajn.png$

$C:\Users\Vova\Desktop\BUKHGURU\April 2018\56 1 Electronic signature verification key certificate WEB\proverka-ehlektronnoj-podpisi-Rosreestr.png$

$C:\Users\Vova\Desktop\BUKHGURU\April 2018\56 1 Electronic signature verification key certificate WEB\proverka-ehlektronnoj-podpisi-sertifikat-sajt-FNS.png$

Scope of application

A digital signature can be used in any case where the exchange of documentation via electronic media is required. It could be:

data exchange within one organization;
document flow between different counterparties;
gaining access to information resources;
submission of various reports and declarations (for the tax office, the treasury, and so on);
participation in trades and auctions.

Repairs instead of money? Read details about changes to compulsory motor liability insurance from January 1, 2021. How to find out the cadastral value of a land plot by cadastral number? The answer is here.

An electronic signature can be used not only by an organization, but also by an individual, for example, to access a government services portal.

How to make an unqualified electronic signature key certificate

A non-qualified certificate is issued by any certification center for a fee. It can also be generated by any experienced IT specialist when creating an electronic digital signature using cryptographic programs.

Read about the differences and similarities between unqualified and qualified signatures in our material “What is the difference between the two main types of electronic signatures.”

How to create a qualified digital signature certificate

It is not possible to create an electronic digital signature with a qualified certificate on your own. A qualified certificate is issued only by accredited certification centers. Therefore, to obtain it, you will have to contact one of these centers with an application for a certificate.

You can learn more about the purpose of a qualified signature and the procedure for obtaining it in our article “Strengthened qualified electronic signature - what is it?”

How to apply

To obtain a digital signature, you must contact a special organization called a certification center. This procedure is established for both individuals and organizations and individual entrepreneurs.

First of all, you should decide on the sequence of actions:

Selecting a signature type . When choosing, you should be guided by the purposes for which a signature is required. This could be filing reports, working with contractors, or for government service portals.
Selecting a CA. The website of the Ministry of Telecom and Mass Communications of the Russian Federation contains the addresses of all accredited CAs. You should choose strictly from the list presented, avoiding unaccredited organizations.
Drawing up an application for a signature. An application for obtaining a signature can be filled out and submitted directly at the selected center, or via the website, remotely. On the website of many organizations, application forms are posted, in which you only need to enter your data.
Paying the bill . After submitting the application, the CA employee will provide an invoice that will need to be paid.
Collection of required documents . Along with the application, you will need to provide a list of documents established by the center.
Obtaining a signature from the CA.

Application for an electronic signature verification key certificate - sample completion

An application for the issuance of a certificate is drawn up as an annex to the agreement for the purchase of an EDS key certificate. Each accredited center has its own form for filling out this application, but the information entered into it is the same.

To clearly see what this document approximately looks like and what information will be needed to fill it out, we have prepared for you a sample of an already completed application (see below).

What is a time stamp

Clients of the CryptoPro TSP system can additionally receive time stamps. The signed data is the hash function value and the time the stamp was affixed. The requisite is associated with the ED for which it was issued and ensures its integrity.

To issue a stamp and implement a service based on CryptoPro, you need to create a separate TSP server and add CryptoPro TSP Client to the workstation software.

Advantage of time stamp:

recording the time of ED creation;
recording the time of digital signature formation;
recording the time of the ED processing operation;
long-term storage of digital signature (even after the expiration of the user’s digital signature certificate).

When opening a document and viewing information about the digital signature, the time stamp will look like this:

Working with the TSP protocol is simple, and is based on interaction with the server using the “request-response” type. The user creates a request, sending it to the server, and receives a response that contains the generated time stamp. If an error occurs, the response will contain an error code instead of a stamp.

Renewal of digital signature certificate

The term of digital signature certificates issued by certification centers is limited and is 12 months (year), regardless of whether the certificate is qualified or unqualified. Some large accredited centers can issue a certificate for 15 months. But not more. Once the specified period of the certificate expires, the electronic signature will become invalid.

If you plan to use an electronic signature after the expiration of the established period of the certificate, then you must submit an application to extend its validity period to the certification center that issued this certificate, draw up an additional agreement and pay the invoice issued by the center.

TYPES OF EP

There are two types of EP: simple and enhanced. Reinforced electronic signature can be unqualified and qualified. Table 1 shows the features of all EPs.

SIMPLE EP

A simple electronic signature is created using the information system in which it is used. This signature only confirms that it was created by a specific person. Simple electronic signature is passwords, codes and other simple means of identification.

A simple electronic signature is equivalent to a handwritten signature (hence, a document with such a signature acquires legal force) if this is regulated by a separate regulatory legal act or an agreement has been concluded between participants in electronic document management (hereinafter referred to as EDI), which stipulates:

the rules by which the owner of an electronic signature is determined;
the user’s obligation to maintain the confidentiality of keys (for example, a password in a login-password pair or an SMS code).

A simple electronic signature is used in banking transactions, on the government services portal, on the website of the Russian Pension Fund, for authentication in information systems, as well as for certification of documents within corporate electronic document flow.

REINFORCED UNQUALIFIED EP

A strengthened unqualified electronic signature is created using special software using cryptographic encryption. It is issued at a certification center (hereinafter referred to as CA). To receive it, you need to submit:

passport (for an individual);
constituent documents (if the organization applies);
power of attorney (if the application is submitted by an authorized person).

After checking the documents, the applicant receives a digital signature certificate and two keys of an enhanced unqualified electronic signature: private and public. The ES certificate must indicate the correspondence of the public key to the private key and the owner of the enhanced unqualified ES.

The private key of the electronic signature is stored on a special key medium with a PIN code or on a computer as a file in an encrypted format. Using it, the owner generates electronic signatures with which he signs documents.

The public key of the digital signature is available to everyone with whom its owner conducts e-document flow. It is associated with the private key of the digital signature and allows all recipients of the signed document to verify the authenticity of the digital signature.

This signature can be used to sign documents that are certified in paper form with a seal. EDF participants must necessarily enter into an agreement among themselves on the rules for using enhanced unqualified electronic signature and mutual recognition of its legal force. This is necessary so that electronic documents certified by such a signature are considered equivalent to paper documents with a handwritten signature.

Legal entities use enhanced unqualified electronic signature:

within an organization or when exchanging electronic documents with verified counterparties (if there is a third-party agreement confirming the legal validity of such a signature);
during participation in official auctions;
when purchasing goods or works.

REINFORCED QUALIFIED EP

Strengthened qualified electronic signature is the most regulated type of signature by the state.

An enhanced qualified electronic signature is issued by an accredited CA. To receive it, you need to fill out an application and provide:

passport and SNILS (individual);
constituent documents (legal entity);
a certified extract from the Unified State Register of Legal Entities or Unified State Register of Individual Entrepreneurs (for participation in the auction), the extract must be issued no more than 6 months ago;
power of attorney (if the application is submitted by an authorized person).

The production time for enhanced qualified electronic signature is two working days.

Just like an enhanced unqualified electronic signature, it is created using cryptographic algorithms and is based on a key infrastructure.

The key code is a long and complex chain of numbers and symbols up to 256 bits. It is impossible to remember or dial the electronic key, so it is stored on a digital medium. You need to store the keys of the enhanced qualified electronic signature on tokens with a USB connector or smart cards. These digital media are password protected and certified in accordance with the requirements of the Federal Service for Technical and Export Control of Russia and the FSB of Russia.

An enhanced qualified electronic signature must have a qualified electronic signature verification key certificate in paper or electronic form. The certificate confirms the authenticity of the signature, which can only be challenged by a court decision. The validity period of the certificate is determined by the accredited CA, and its structure is determined by Order of the FSB of Russia No. 795 dated December 27, 2011.

The certificate contains information about the unique number, validity period and personal data of the owner of the enhanced qualified electronic signature. Additionally, the certificate may contain:

exact name of EP means;
information about the certification center that issued the certificate;
list of restrictions on the use of electronic signatures;
key for verification.

An enhanced qualified electronic signature is a signature that gives documents legal force without additional conditions. Documents signed with such a signature are recognized as equivalent to those signed with one’s own hand and are used in documents that accompany any legal relationship. Exceptions are cases in which the law requires documents to be submitted only on paper with an original signature.

Reinforced qualified electronic signature is used:

when submitting reports to regulatory authorities;
in working with government information systems;
for working with Internet resources;
when participating as a supplier and customer in electronic trading;
when exchanging formalized documents with the Federal Tax Service of Russia;
for conducting EDI within the organization and with counterparties;
for registration of remote labor relations.

ADVANTAGES OF REINFORCED EF

1. The code generated using the program cannot be remembered or reproduced again, so it is almost impossible to fake an enhanced electronic signature.

2. A strong signature allows you to accurately determine when a document was created.

3. After signing a document with an enhanced electronic signature, no changes can be made to it (even by the author of the document): any attempts to make them will be reflected during decryption.

4. Enhanced electronic signature allows you to send documents via electronic channels without transmitting a storage medium.

5. A document certified by an enhanced digital signature is transmitted to the addressee within a few seconds, and all EDF participants have equal opportunities to work, regardless of their location.

6. The risk of losing documents during electronic exchange is much lower than when transmitting paper documents.

Reissue of digital signature certificate

Sometimes situations arise when the owner of an electronic signature loses a USB drive, changes his personal or legal details, or the law makes changes to the requirements for electronic signatures. In such cases, the certificate will need to be reissued. In most cases, this service is provided by certification centers on a paid basis. And changing the details again or losing USB keys is financially unprofitable. True, some certification authorities offer, which allows you to re-issue it at a lower cost up to a certain date during the validity period of the certificate.

If the EDS certificate is reissued, you won’t be able to simply update it—you’ll have to install it again. To install a new certificate, you will need the CryptoPro CSP program, located in the “Start” menu - “Settings” - “Control Panel”. In this program, on the “Service” tab, you can install a new certificate either through the “View certificates in the container...” button, or through the “Install personal certificate...” button. Next you need to follow the instructions of the program. Additionally, you can use the detailed instructions provided by the websites of accredited centers.

How to remove old digital signature certificates

Removing old digital signature certificates will be much easier than installing or updating new ones. To do this, you need to go to the “Certificates” program through the “Start” menu - “Programs” - “Crypto-Pro”, open the “Personal” subfolder, select the old certificate, right-click and select the “Delete” function from the menu that appears. The certificate will be deleted.

But experts do not recommend doing this, since outdated certificates may be needed to view previously signed documents and reports. For example, if old certificates are deleted, it will no longer be possible to view reports and letters sent using them via TCS. And you will have to contact accredited centers with a request to provide remote certificates.

In order for old certificates to be saved in electronic form, but not to appear in the list of valid certificates, instead of deleting the certificate, simply open it by double-clicking the left mouse button and in the window that appears, on the “Composition” tab, click on the “Properties” button. In the new window, move the checkbox to “Allow only the following assignments” and uncheck the “Client authentication” checkbox. This way, the old certificate will be preserved, but it will no longer interfere with the use of existing certificates.

How long should I keep the digital signature certificate?

Does the owner of an electronic signature need to store digital signature certificates after their expiration? Yes, it is advisable to keep them in electronic or paper form, since they can be useful at any time to confirm the legal validity of documents previously signed with them. When determining the storage period for an EDS certificate, you can rely on the statutory storage periods for documents in paper form. You can familiarize yourself with them in our article “Basic storage periods for documents in an organization (archive).”

But let us remind you once again that this is only a recommendation for digital signature owners. The obligation to store certificates is legally assigned to the accredited certification centers that issued them (Clause 1, Article 15 of the Law “On Electronic Signatures” dated April 6, 2011 No. 63-FZ). The storage period for issued certificates is limited only by the period of activity of the accredited center. That is, while the accredited center is working, you can at any time request information from it about previously issued certificates. But as soon as the certification center ceases its activities, the obligation to store certificates is removed from it.

In the future, it is planned to transfer the storage of all issued certificates under the control of a single state database in order to minimize the risk of their loss in the event of termination of the activities of accredited centers. But so far there is no such storage system, so behind the scenes, responsibility for the safety of the certificate lies entirely with its owner.

Legal basis

The legal conditions for the use of digital signatures in documentation are reflected by the Federal Law of Russia “On Electronic Signatures”. The version dated April 6, 2011 is in effect today.

The regulatory document contains several types of electronic signatures:

A simple signature is a signature that, through codes, passwords and other tools, helps confirm the fact that an EDS has been formed by a specific person.
A strengthened unqualified electronic signature is considered to be obtained as a result of cryptographic transformation of information using a key. It helps to identify the person who signed the document and detect changes made to it since signing. Formation is carried out using electronic signature tools.
A strengthened qualified digital signature is called an electronic signature that meets all the criteria of an unqualified one. There are other signs that allow you to expand this meaning. The key is specified in the qualified certificate. For generation and verification, electronic signature means are used that have received confirmation of the requirements established by Federal Law.

Important! From January 1, 2013, people receive a universal electronic card. It contains a built-in enhanced electronic signature.

The concept of electronic signature is regulated by the legislation of the Russian Federation

Reasons for revocation of an EDS certificate

In addition to the cancellation of an electronic digital signature certificate due to the expiration of its validity period and its revocation by the owner of the electronic signature, there are several other reasons why the certificate may become invalid (clause 6, clause 6.1 of Article 14 of Law No. 63-FZ):

liquidation of an accredited center if its functions have not been transferred to other certification centers;
the owner of the certificate owns an EDS key that does not correspond to the EDS key registered in the issued certificate;
the electronic signature issued by the certificate is already used under another certificate;
a court decision was made on the unreliability of the information included in the digital signature certificate;
other cases established by law or agreement between the accredited center and the certificate holder.

Production time and validity

After submitting all the required documents and application, the certification center will produce the signature in 3 to 5 days.

This is an average period, which can change both up and down. Some organizations provide an urgent production service. The duration will be about one hour (however, such a service will cost more).

Any electronic signature is manufactured for a period of one year, after which it will need to be reissued.

A new copy of the signature does not have to be obtained from the same Certification Authority. You can choose another one if you wish.

The use of Digital Signatures is becoming more relevant every year. They can significantly simplify the documentation circulation procedure, saving time and money. Moreover, not only organizations, but also individual entrepreneurs and even individuals have the right to obtain and use such a signature.

Digital Signature is a significant step in the development of the institution of entrepreneurship, as well as improving the quality of services provided by the state.