Electronic digital signature (EDS): types and their differences

Electronic document management is the “circulation” of documents through digital communication channels, bypassing the user’s hands in the literal sense. Like paper, EDI can be internal, external and legally significant. Like a paper document, an electronic document may or may not be certified by the signature of the responsible person. Let's consider the types of electronic signatures and their use in electronic document flow.

What is digital signature: definition

Currently, the term “electronic digital signature” is not used in official documents.
Since 2011, it has been replaced by a shorter concept - electronic signature. This is information in electronic form that is attached to or otherwise associated with other information in electronic form (signed information) and that is used to identify the person signing the information. This definition is contained in the article of the Federal Law of 04/06/11 No. 63-FZ “On Electronic Signature”. An electronic signature, like a handwritten autograph, is a requisite of the document being signed, designed to certify its authorship. Note that a “paper” signature can be considered as information (indication of position, full name and autograph itself), which is associated with the main document and is needed to determine who signed it.

Receive an enhanced qualified electronic signature certificate in an hour

Digital signature verification - what components are required

In some cases, the user will want to verify whether the enhanced qualified digital signature is functioning

To check it you will need to have the following components available:

• The corresponding computer program, which is installed from the drive to the digital signature. For example, CryptoPro can act in this capacity.
• The drive itself (flash drive or disk) must be inserted into the receiving device during the test.
• Installed personal certificate.
• Installed libraries for electronic signature.

In order to perform the verification, you should go to the digital signature register and click the appropriate button. Please note that Internet Explorer version 5 must be installed on the user's computer at this time. Only then will you be able to work with ActiveX objects.

Operating principle of digital signature

Certification centers are responsible for issuing digital signatures. They solve the most important problem, namely: they confirm the authenticity of information about the owner of the key and his powers. The center issues a public signing key certificate. An electronic certificate is a file that represents the client’s public key, signed with the digital signature of a certification authority. After completing the documents at the certification center, the client has in his hands a medium on which the following files are recorded: public key, private key, public key certificate.

Let's say an accountant wants to send a declaration to the inspectorate. It generates a reporting file. Then he signs the declaration file with his private key. As a result, a new, original file is formed. In a document signed with an electronic signature, neither the recipient nor the sender can change a single character - such a violation of the integrity of the document is easily detected when checked using a public key certificate.

Next, the program with which the accountant sends the reports encrypts the declaration with the public key of the inspectorate. The encrypted file is sent to the inspectorate. The tax authorities receive the file and decrypt it with their private key. Then the payer’s electronic signature is verified using the registry of public key certificates. The check answers two questions: whether after signing the payer’s digital signature, the integrity of the document was violated, and whether this digital signature really belongs to the payer who submitted the reports.

After the inspection, the inspection sends the organization an incoming control protocol. The inspector signs the protocol with his private key. Then it encrypts the protocol with the organization’s public key and sends a file with encrypted information to the company. The accountant opens the information encrypted in the file with his private key.

Theoretically, it is possible to intercept an encrypted file. However, it will be possible to decrypt a file sent to the inspectorate only if you have the inspectorate’s private key. Accordingly, the encrypted file that the inspectorate sent to the taxpayer can only be opened by someone who has the private key of this taxpayer.

Attention

Documents can only be signed with the signer’s personal key. It cannot be transferred to third parties, otherwise the signature will be compromised (that is, actually forged). This means, among other things, that the director cannot give the medium with his signature key to the accountant to sign the statements before sending. Let's draw an analogy with a traditional signature. Transferring a token with a director’s signature into the hands of third parties is equivalent to a situation where the secretary forges the director’s signature on a document. Even if the signature looks like the original, it is not the manager’s handwritten signature. And if this fact is established, the document will be recognized as falsified.

Accredited certification center: features

He acts as an intermediary between business entities and the Ministry of Communications. Its task is to issue certificates that are needed to verify the correct operation of flash. They also have all the technical and software tools to generate them.

If the institution meets all legal standards, the state confirms its performance and issues a certificate of accreditation. All duties that such organizations must fulfill from now on are enshrined in Article 15, Article 63 of the law.

Before issuing keys, the staff undertakes to fully verify the identity of the applicant and, if available, his company. Then an entry is made in the register of certificates along with all identification documents.

The center’s responsibilities also include the constant publication of numbers that have lost legal force for any reason:

• the validity period has expired;
• lost;
• liquidation or reorganization of the owner's company;
• revoked at the request of the holder;
• according to court orders.

Types of electronic signature

According to the law, electronic signatures are divided into two types: simple and enhanced. In turn, reinforced ones are divided into qualified and unqualified (Clause 1 of Art. Law No. 63-FZ).

A simple electronic signature is considered to be an electronic signature that, through the use of codes, passwords or other means, confirms the fact of its formation by a certain person (Clause 2 of Article No. 63-FZ). These are logins-passwords, SMS codes, push notifications, etc. For simple electronic signatures, as a rule, the installation of special encryption programs is not required. Also in this case, the scheme described above with encryption and decryption of the document is not used. Such signatures are used in closed systems (within a banking organization, portal, etc.), when it is necessary to confirm the fact that an action was performed by only one of the parties (client, applicant, etc.). In this case, the document itself (payment order, application, etc.) does not end up in the external environment and, therefore, cannot be maliciously modified.

Enhanced electronic signatures require working with document fingerprints. The difference between an unqualified and a qualified signature is the severity of the checks that must be passed to obtain them. You can create an unqualified one yourself using various programs (including email). But an enhanced qualified electronic signature (ECES) can only be issued by a special certification center that has passed the accreditation and licensing procedures established by the state.

Get a certificate of enhanced qualified electronic signature

FAQ

 What documents are needed to issue a signature?

In accordance with paragraph 2 of Article 18 of Federal Law No. 63-FZ, the certification center will require the following documents to issue a signature:

• from citizens of the Russian Federation - passport and SNILS.
• for foreigners - an identification document: passport, temporary residence permit, residence permit, etc., and any document with a SNILS number: the insurance certificate itself, a certificate from the Pension Fund of the Russian Federation with the SNILS number, or an accompanying statement in the ADI-5 form.
• from representatives of the owner of the electronic signature - a power of attorney to receive, originals or certified copies of documents of the owner of the signature, a passport of the representative or an identity document.

 How to certify copies of documents?

Individuals must certify copies of documents to obtain a signature only by a notary. If you are in another country, you can have copies certified at the Russian consulate.

Legal entities and individual entrepreneurs can certify copies themselves. If an organization or individual entrepreneur has a seal, copies can be certified by any employee of the company. To do this, the copy must indicate:

• the inscription “Copy is correct” or “Correct”;
• position of the certifying person with signature and transcript;
• date of certification;
• seal of the organization or individual entrepreneur.

If there is no seal:

• for legal entities: copies must only bear the signature of the manager, plus the charter must be attached, which does not contain a statement that the organization works with a seal;
• for individual entrepreneurs: the copies must only bear the signature of the entrepreneur, plus a “Certificate of state registration of an individual as an individual entrepreneur” or a “Unified State Register of Entrepreneurs” or “Unified State Register of Entrepreneurs” must be attached.

A copy of a multi-page document can be certified in two ways:

• separately certify each sheet of the copy;
• stitch all the sheets, number them and certify them on the back of the last sheet where the stitching was done, indicating the number of sheets.

 The manager has changed - what to do?

In this case, you will need to issue a new electronic signature key and cancel the old one by contacting your manager at the certification center.

 How to revoke a signature?

Contact the manager of your certification center. He will fill out a request for review and send you an application for signature. If you work in VLSI, then you can submit a request for review yourself.

 How to renew a signature?

An electronic signature certificate has a limited validity period, on average 12 months. To renew your signature, you need to contact your certification center in advance, preferably 30 days before the expiration date, to renew it.

If you received an ES from the certifying office, you will receive an automatic reminder with a link to the application to renew the ES. Click on the application and follow the system prompts.

Only a valid electronic signature can be extended. If its term has already expired, you will have to issue a new one.

 On what media is it permitted to issue a signature?

The media can be: a secure flash drive (JaCarta-2, Rutoken, Rutoken EDS 2.0, etc.), a flash drive and a registry.

In accordance with Art. 27.3 of Appendix 2 to FSB Order No. 796 dated December 27, 2011 issues electronic signature keys on secure media. They also comply with the regulations of the Federal Antimonopoly Service on electronic signatures for government procurement.

In addition, the following devices:

• support multiple rewrite cycles, which increases service life;
• have an information security function - to gain access to the container with the key, you need to enter a password.

Electronic signature for government procurement

To work on electronic trading platforms, customers and suppliers require a qualified electronic signature. Without it, you will not be able to participate in government procurement. They are carried out on the basis of federal laws dated 04/05/13 No. 44-FZ “On the contract system in the field of procurement of goods, works, services to meet state and municipal needs” and dated 07/18/11 No. 223-FZ “On the procurement of goods, works, services certain types of legal entities."

Receive notifications about tenders for small and medium businesses

Also, only a qualified signature is required for those who want to take part in auctions for the sale of bankrupt property, or in commercial auctions that are held through specialized sites.

IMPORTANT. For government procurement, you need a UKEP, which is issued only by certification centers.

Receive an electronic signature certificate for working in the public procurement system in an hour

Also see: “How to participate in tenders for a beginner” and “44-FZ “for dummies”: how government procurement is carried out.”

UKEP price

The cost of a qualified electronic signature certificate depends on several factors. Thus, obtaining keys will be cheaper for individuals than for representatives of legal entities.

The price also depends on the scope of application of the signature, on additional software services, on the pricing policy and system of discounts at various certification centers. The average cost of CEP is given in the table.

Type of service	Price, rub./year
Basic CEP for physical. persons	1200-1400
To work in government systems	From 2000
For business	From 3000
For bidding	From 5900
Software license	1000
Token	500

Electronic signature for government services

The Unified Portal of State and Municipal Services uses a simple electronic signature. To receive it, you first need to go through offline identification. Then you need to log in to the portal using your usual login and password (i.e., a simple digital signature). After this, you can sign and submit applications and other documents to government agencies electronically.

Such electronic analogues are equivalent to documents signed with one’s own hand (clause 3 of Article 21.2 of the Federal Law of July 27, 2010 No. 210-FZ “On the organization of the provision of state and municipal services”). Having a simple electronic signature allows you to establish who created the file. This data is sufficient for the purposes of providing state and municipal services.

Business Solutions

the shops

clothes, shoes, products, toys, cosmetics, appliances Read more

warehouses

material, in-production, sales and transport organizations Read more

marking

tobacco, shoes, consumer goods, medicines Read more

production

meat, procurement, machining, assembly and installation Read more

rfid

radio frequency identification of inventory items More details

egais

automation of accounting operations with alcoholic beverages Read more

Using an electronic signature in electronic documents

With the help of a qualified electronic signature, legal entities and individuals (including individual entrepreneurs) can certify any document. The digital signature will give it legal force, equating it to its paper counterpart, which is certified by a handwritten signature and sealed. Therefore, electronic documents with UKEP can be used both within the company and in relationships with counterparties and government agencies.

For example, with the help of a qualified electronic signature, the head of a company can sign tax reports and contracts with suppliers or customers. In addition, such a signature will make it possible to issue electronic instructions and orders within the organization itself (for example, when communicating with geographically remote separate units or remote workers).

Also, electronic document management, which uses UKEP, can be integrated into accounting software. This will ensure that not only contracts, but also invoices and primary documents are not duplicated on paper.

Exchange legally significant “primary data” with counterparties via the Internet. Free inbox.

REFERENCE. In certain cases, the “primary document” can be signed with a simple or enhanced unqualified electronic signature. To do this, counterparties will have to enter into a special agreement. For more details, see: “How to sign an electronic “primary document” and how to delegate the right to sign it.”

Documents that are signed using a qualified electronic signature can be used as evidence in court, as well as in communications with regulatory authorities (Clause 1 of Article No. 63-FZ).

Order an electronic signature for remote submission of documents to the court Receive in an hour

We sign using the CryptoPRO CSP software package

To do this, you need the installed CryptoPRO program, a certificate from a certification authority and a certificate from the owner of the electronic signature. We also recommend reading the article on how to set up your computer.

How to electronically sign a Word document (MS Word)

1. Open the required file, click on the menu “File” - “Information” - “Add electronic signature (CRYPTO-PRO)”.

2. Select the desired electronic signature, add a comment if necessary, and click “Sign”.

3. If there are no errors, the system displays a window with successful signing.

If the CryptoPRO Office Signature plugin is installed

1. Open the desired file, select “File”, then “Add digital signature”.

2. Similar to the previous option, select the required electronic signature, add a comment, if necessary, and click “Sign”.

3. If there are no errors, the system displays a message that the document was successfully signed.

How to electronically sign a PDF document (Adobe Acrobat PDF)

1. Open the required PDF file, click on the “Tools” panel and see the “Certificates” label. Let's choose it.

2. Click on “Apply a digital signature” and select the area on the file where the signature mark will be located.

3. Next, a window for selecting a digital ID to sign appears, select the one you need and click “Continue”:

4. A window with a preview of the stamp will open. If everything is correct, then click “Sign”.

5. The system will issue a notification about successful signing. That's all.

Registration of an electronic signature

In many information systems, obtaining a simple electronic signature requires you to go through an identification and registration procedure. Let’s take a government services website as an example. To receive a full-fledged simple digital signature, which will allow you to use all the capabilities of this portal, you need to confirm your identity using offline identification. To do this, you need to come with your passport and SNILS to one of the service centers. Another way is to order a special code through the government services website, which can be obtained at a Russian Post office by presenting your passport.

REFERENCE. Recently, clients of some banks have the opportunity to undergo identification for the State Services portal online - on the website or in the mobile application of the credit institution.

Identification is also necessary to obtain a simple electronic signature that will be used in online banking. The bank employee will issue a login and password to the client who has presented a passport or other identification document. This “login-password” pair will serve as a simple electronic signature on the website or application of the bank and its partners.

A different scenario is used when issuing an enhanced unqualified signature. The procedure for issuing NEP certificates is determined by the regulations or agreement of the parties in the information system in which it is applied. Usually its creation occurs completely automatically using appropriate software. But in the absence of the necessary program (or specialists capable of working with it), such a signature can be issued through a certification center. And individuals have the right to obtain a free unqualified signature in the taxpayer’s personal account (if one is connected). True, it only works when sending documents to tax inspectorates through the account itself (clause 2 of article 11.2 of the Tax Code of the Russian Federation).

As for a qualified electronic signature, to obtain it you must contact any accredited certification center.

Receive an enhanced qualified electronic signature certificate in an hour

How to check the authenticity of a signature

Many information systems have a built-in electronic signature verification function. But you can check your digital signature yourself using special applications and web services. Verification is subject to NEP and CEP - electronic signatures, which are based on the infrastructure of private and public keys. The private key is used to create a signature, and the public key allows you to verify its authenticity.

There are two types of enhanced EP:

• Attached - in this case, one file is generated, which contains both the signature itself and the document for which it was created (you need to check this single file).
• Detached, which is created separately from the document being signed, as a file with the .sig extension (you need to check both files - both the document and the electronic signature file).

The easiest way to check your electronic signature is through online services. To do this, you just need to follow the link, upload the document and wait for the verification result. Thus, you can check your electronic digital signature in a special section on the government services portal:

1. You need to select the document type.
2. Using the “Upload file” button, select the document, and for a detached signature, also the signature file.
3. Enter the captcha.
4. Click the “Check” button.

Upon completion of the verification, the service will display information about the owner of the certificate, the certification center where it was received, and the validity period of the digital signature. If inconsistencies are found or an expired version of the certificate is detected, the system will issue a warning.

In addition, there are other services for checking electronic signatures, for example, the free service “Kontur.Crypto” and individual programs such as “CryptoARM”. There are also plugins for Microsoft Word and Excel programs that allow you to check directly in the interface of the applications themselves, as well as plugins for Adobe products for checking PDF documents.

Legal force of digital signature

Signing a document with a simple electronic signature is possible only in two cases. The first is that this is directly stated in the relevant regulatory act. For example, the possibility of using a simple digital signature for a government services portal is provided for in paragraph 3 of Article 21.2 of Law No. 210-FZ. The second case is when the parties have previously agreed to use such a signature. For example, this happens when connecting to online banking. In other cases, using a simple electronic signature to work with government agencies, gain access to electronic trading, or sign documents (internal or external) will not work.

Similar rules apply to an enhanced unqualified signature. Although it has greater security than a simple digital signature, since it identifies not only the signer, but also confirms the immutability of the signed document, an unqualified digital signature can be used only on the basis of the preliminary agreement of the parties, or by virtue of a direct indication of the law. Without this, an unqualified signature has no legal force. This type of signature cannot be used when communicating with government agencies, as well as for accessing trading platforms within the framework of government orders.

And only an enhanced qualified electronic signature gives documents legal force without any additional conditions. After all, the guarantor here is a certification center that has passed state accreditation and licensing. Therefore, an electronic document signed by UKEP immediately has legal force and is different from its paper counterpart, which is signed with one’s own hand. Thus, a business affected by coronavirus can use an enhanced qualified electronic signature in an application for a non-refundable subsidy. Such an application can be submitted through the taxpayer’s personal account on the Federal Tax Service website, and to work with this account, organizations need an enhanced qualified electronic signature.

Order an electronic signature to receive a non-refundable subsidy from the state Submit an application

Changes for 2021

Starting from 2021, a new concept awaits us - a trusted party (clause 17 of Article 2 of 63-FZ).

A new institution of trusted third parties (TTP) is inserting itself into the data exchange chain. It has real-time information about all issued and valid electronic signatures. Thanks to this, the DTS checks the validity of the signature in electronic documents at a specific point in time, and also documents the results of such verification.

The new law not only strengthens control over electronic signatures, but also opens up new possibilities for their use. Accredited CAs can store your CEP in the cloud , and this gives you the following advantages:

1. User mobility . Now a manager, even on a business trip, can sign urgent documents remotely.
2. Increased level of security. It is safe to store the key on a flash drive only in a safe. Cloud storage does not require a physical drive, which can be lost, broken, or stolen by scammers.
3. There is no need to buy licenses for special programs to work with crypto keys, and the root token itself becomes unnecessary.

CAs that lost accreditation on July 1, 2021 will not be able to issue signatures. At the same time, according to the law, digital signatures continue to be valid until the expiration date, but not longer than the validity period of the CA accreditation, or no later than January 1, 2022.

If the CA transfers its functions to another person, it must notify the owner of the certificates about this no later than a month in advance; if the functions of the CA do not transfer to anyone, then the certificates will be canceled and the center will also have to notify their owners about this.

Despite the clarifications provided by the Ministry of Digital Development, the situation with the certificates of CA clients who will lose accreditation remains uncertain. We hope that either amendments will be made to the legislation, or clearer explanations will be given. Otherwise, after July 1, 2021, many certificate holders risk being left without their electronic signatures.

Validity period of the digital signature

The electronic signature itself does not expire. However, if we are talking about UKEP, then the validity period of the electronic signature key, as a rule, cannot exceed 15 months, therefore certificates are not issued for a longer period. Typically the certificate is valid for one year. This, among other things, is due to the peculiarities of the encryption algorithms used - their operation should not exceed one year.

In conclusion, we note that obtaining and using an electronic signature in 2021 is not at all difficult. In some cases, you can do this yourself and for free. But to obtain a full digital signature, which can be used in relations with all government agencies and organizations, you need to contact a special certification center. The presence of such a signature will significantly simplify relationships with regulatory authorities and counterparties, and will also open access to electronic trading platforms, including within the framework of government orders.

What is ESIA and why is it needed?

In 2010, Russia created the Unified Identification and Authorization System (USIA) - registration in it gives Internet users access to all government services.

Identification in the ESIA is recognized by:

• State Services portal;
• websites of the Federal Tax Service, Rosreestr, Pension Fund, Federal Migration Service;
• medical institutions;
• insurance organizations;
• banks, organizations for issuing small loans;
• non-state pension funds;
• mobile operators;
• local government websites.

Get a driver's license or international passport, make an appointment with a doctor, register your child for school, pay bills, get a bank loan - all this is available online to users of the ESIA system. Electronic services allow you to solve problems without wasting time in queues at the coveted window, without entering into personal contact with employees of government agencies.

All capable citizens of the Russian Federation who have a passport, INN, SNILS, mobile phone and email address are allowed to register with the Unified Identification and Autonomous Information System (USIA) on the portal gosuslugi.ru. According to Rostelecom reports, currently (2020) every second resident of Russia has an account in the Unified Identification and Automation System.

When completing documentation via the Internet, citizens use an electronic signature, which allows them to be identified.