And for those who are interested in using electronic signatures and exchanging electronic financial documents, we have prepared special section —

General concepts

Electronic signature(EP)- this is a special document detail that allows you to establish the absence of distortion of information in an electronic document from the moment the electronic document is generated and confirm that the electronic document belongs to the owner. The value of the attribute is obtained as a result of cryptographic transformation of information.

Electronic signature certificate— a document that confirms that the public key (verification key) of the electronic signature belongs to the owner of the certificate. Certificates are issued by certification authorities (CAs) or their authorized representatives.

Owner of the ES certificate- an individual in whose name the electronic signature certificate was issued by the certification center. Each certificate owner has two digital signature keys: private and public.

Private key of electronic signature(ES key) allows you to generate an electronic signature and sign an electronic document. The owner of the certificate is required to keep his private key secret.

Public key of electronic signature(ES verification key) is uniquely linked to the ES private key and is intended to verify the authenticity of the ES.

This is what signing an electronic document and checking its immutability looks like:

According to Federal Law No. 63-FZ “On Electronic Signatures”, electronic signatures are divided into:

• simple electronic signature;
• enhanced unqualified electronic signature;
• enhanced qualified electronic signature.

Simple electronic signature (SES) through the use of codes, passwords or other means, confirms the fact of formation of the electronic signature by a certain person.

Enhanced unqualified electronic signature (UNEP) obtained as a result of cryptographic transformation of information using a private signature key. This electronic signature allows you to identify the person who signed the electronic document and detect the fact of making changes after signing the electronic documents.

Enhanced Qualified Electronic Signature (ECES) meets all the characteristics of an unqualified electronic signature, but to create and verify the electronic signature, cryptographic protection tools are used that are certified by the FSB of the Russian Federation. In addition, qualified electronic signature certificates are issued exclusively by accredited certification centers (List of accredited CAs).

An enhanced qualified signature on an electronic document is analogous to a handwritten signature and seal on a paper document. Controlling authorities, such as the Federal Tax Service, the Pension Fund of the Russian Federation, the Social Insurance Fund, recognize the legal force only of those documents that are signed by a qualified electronic signature.

Scope of electronic signature

All options for using different electronic signatures:

Let's start with the most common ones at the moment.

1. Electronic document management. Electronic document technology is widely used in electronic document management systems for various purposes: external and internal exchange, organizational and administrative, personnel, legislative, commercial and industrial, and others. This is dictated by the main property of an electronic signature - it can be used as an analogue of a handwritten signature and/or seal on a paper document.
   When building intercorporate document flow(in b2b) the presence of a digital signature is a critical condition for the exchange, since it is a guarantor of legal validity. Only in this case can the electronic document be recognized as authentic and used as evidence in legal proceedings. A document signed with an enhanced electronic signature can also be stored in a digital archive for a long time, while maintaining its legitimacy.
2. Electronic reporting for regulatory authorities. Many companies have probably already appreciated the convenience of submitting reports electronically. Modern approach is that the client can choose any method convenient for himself: separate software, products of the 1C family, portals of the Federal Tax Service, Social Insurance Fund. The basis of this service is an electronic signature certificate, which must be issued by a reliable certification authority. The sending method is not decisive. Such a signature is needed to give the documents legal significance.
3. Government services . Every citizen Russian Federation can receive an electronic signature to receive government services. Using an electronic signature, a citizen can certify documents and applications sent to departments electronically, as well as receive signed letters and notifications that the application has been accepted for consideration from the relevant authorities. The user has the opportunity to electronically sign an application sent to the authority executive power(if the executive authority is ready to accept applications signed with an electronic signature). When implementing this mechanism, domestic ES standards are used (GOST R 34.11-94, GOST R 34.10-2001) and cryptographic information protection tools certified in the certification system of the FSB of Russia are used, such as “Aladdin e-Token GOST” and “CryptoPro CSP”, which gives grounds to consider this signature an enhanced qualified electronic signature (Source: State Services portal).
4. Electronic trading.They take place at special venues (sites). An electronic signature is required for government and government suppliers. commercial sites. The electronic signature of suppliers and customers guarantees participants that they are dealing with real proposals. In addition, concluded contracts acquire legal force only when signed by both parties.
5. Arbitration court. If any disputes arise between organizations, electronic documents can be used as evidence in court. According to the Arbitration Procedural Code of the Russian Federation, documents received by fax, electronic or other communication, signed with an electronic signature or another analogue of a handwritten signature, are considered written evidence.
6. Document flow with individuals It must be admitted that this area of ​​application of electronic signatures is very specific and is still rarely used. But nevertheless, this is possible. Using electronic signatures, individuals can certify various documents. Thanks to this opportunity, you can work remotely - on the basis of service contracts, for example, issue work acceptance certificates in electronic form.

Selecting an ES certificate

Firstly, as already mentioned, there are different types of electronic signature. Participants in electronic interaction have the right to use any option at their own discretion, if the legislation of the Russian Federation does not stipulate the use of a specific type of signature depending on the purpose of its use.

Secondly, the choice of the type of electronic signature depends on the tasks that need to be solved with its help. For example, there are requirements for choosing an electronic signature when working with accounting source documents: an electronic invoice is the basis document for deducting VAT amounts only if it is signed with a qualified electronic signature. To submit reports to government agencies, you will also need to use an enhanced qualified electronic signature.

In inter-corporate electronic document management, you can use an enhanced qualified electronic signature. You can obtain a certificate of a qualified electronic signature at any certification center accredited by the Ministry of Telecom and Mass Communications of the Russian Federation.

For internal electronic document management, if you have the appropriate local regulations, you can always independently create and use both a simple electronic signature and an unqualified one.

How many electronic signature certificates are needed?

An enhanced qualified electronic signature solves a fairly wide range of problems. With its help, you can submit reports to the tax authorities, exchange electronic documents with counterparties, and more.

When purchasing a certificate, you must clearly understand where it will be used. Firstly, the price of a certificate directly depends on the number of functions it can perform. And secondly, you need to be sure that the certificate will be suitable for achieving your goals. Typically, the purposes for using an electronic signature are indicated when ordering a certificate.

In practice, there are situations when the use of a certificate depends on the party receiving the document. For example, some electronic document management operators accept certificates issued only by their certification authority. It is always important to make sure that there are no restrictions on the use of your certificate in a particular information system.

Exchange of electronic documents with electronic signatures

Intercorporate document flow—exchange of electronic documents between companies (b2b). Already now, organizations and companies can establish the exchange of legally significant electronic documents (LED). Such an exchange has significant advantages over the paper form:

• fast delivery time for documents (regardless of the counterparty’s address): tens of times less than on paper;
• reduction of costs associated with the preparation and subsequent transfer of electronic documents between counterparties: preparation and transfer of legally significant documents to electronic form much cheaper.

And that is not all. These advantages result in real economic benefits:

• quick exchange of documents allows you to speed up business processes of companies (for example, concluding and activating transactions), which in turn increases the speed of cash turnover, that is, allows you to earn more in the same period of time;
• lower costs for preparing and transmitting documents are lower. Free money can be used to solve other problems;
• Guaranteed delivery of documents allows you to timely submit reports to the tax authorities and VAT for deduction. Thereby cash remain in circulation;
• the electronic form of documents facilitates their processing and allows it to be significantly automated, which has a positive effect on the speed of these works in general.

These advantages are especially relevant for companies with a large volume of external document flow.

For inter-corporate exchange, according to current legislation, the following types of documents can be used:

• letters (requiring legal significance);
• contracts;
• accounts;
• invoices;
• waybills;
• acts of completed work and provision of services;
• acts of reconciliation of mutual settlements;
• invoices.

What is needed to exchange legally significant electronic documents?

To establish inter-corporate document flow with legally strong (or legally significant) electronic documents, it is necessary to solve the following problems:

1. signing electronic signatures and sending electronic documents to counterparties;
2. acceptance and verification of signatures on electronic documents x from counterparties;
3. creation, storage (including archival), search and processing of signed electronic documents;
4. ensuring the legal significance of documents in the process of archival storage.

The first two problems are solved perfectly inter-corporate exchange services under the control of electronic document management operators. When choosing a service, you need to pay attention to the following factors:

• Availability necessary licenses from the exchange service operator;
• the ability to integrate the exchange service with your corporate information systems;
• proposed tariff options for transmitting electronic documents.

Electronic document management systems are ideal for solving other problems, since they already have the necessary time-tested functionality. For example,

Please note the following factors:

• corporate information systems (hereinafter referred to as CIS) currently used in the company and their functionality in relation to solving problems of inter-corporate document flow;
• Possibility of integration of CIS and exchange service;
• the cost of the project to connect your CIS to the exchange service;
• comprehensive solution all necessary tasks based on CIS.

Is EDF service required?

To establish the exchange of electronic documents, it is not at all necessary to connect to the services of an electronic document management operator. The choice of solution depends on the agreement between the counterparties (regular email can be used) who begin external electronic interaction. When independently organizing inter-corporate electronic document management, you will have to face a number of difficulties.

To sign documents with an electronic signature, you can use software CryptoARM, which you will need to install and configure yourself. With each of your counterparties you will have to enter into a separate agreement on the start of electronic interaction with a description of the accepted exchange rules. After setting up employee workplaces and signing all necessary documents, the issue of storing electronic documents will arise. And these are not all the tasks that you will have to solve when independently organizing inter-corporate electronic exchange. Will also remain open questions security and confidentiality of transmitted data.

In addition, according to the requirements of Order of the Ministry of Finance dated April 20, 2011 N 50n, the issuance and receipt of invoices in electronic form via telecommunication channels is carried out through organizations that ensure the exchange of open and confidential information via telecommunication channels, i.e. through an electronic document management operator. Submission of reports to government agencies occurs only using the services of a specialized telecom operator.

All these issues can be easily and quickly resolved using services of an electronic document management operator. It is up to you to decide which method will be more effective for you when organizing the exchange of electronic documents with counterparties.

Legal force of an electronic document

State standard RF GOST R 51141-98 "Office work and archiving. Terms and definitions" gives the following definition of the legal force of a document (legal significance of a document): "legal force of a document: The property of an official document communicated to it current legislation, the competence of the body that issued it and in accordance with the established procedure registration".

An electronic document, as well as a paper one, is given legal force by the mandatory presence of certain details:

• name of the document type (except for letters);
• Document Number;
• name of the organization or name of the author of the document;
• document date;
• place of development, publication, adoption or signature;
• signature.

Of course, when we talk about a signature, we mean an electronic signature. It is she who is the guarantor of the integrity and authenticity of the document. In addition, there are nuances of ensuring the legal force of formalized and informal documents. Thus, informal documents signed by a qualified electronic signature are already legitimate. Formalized electronic documents acquire legitimacy if they are signed by a qualified electronic signature and you, as a taxpayer, are attached to the exchange regulations.

In addition, others important factor In ensuring the legal force of a document is the right of the author to create and sign documents.

Storage of electronic documents

The validity period of the electronic signature certificate is one year, and, for example, accounting documents must be stored for five years. But even after the certificate expires, the document will not lose legal force, since a time stamp is placed at the time of signing.

A time stamp is an analogue of the date on the document being signed. It confirms that the electronic signature certificate was valid at the time the document was signed. So, at the moment of signing the document, a time stamp and the result of the certificate verification are affixed.

You can also confirm the fact that the certificate was valid at the time of signing by referring to the list of revoked certificates on the website of the certification authority.

Direct storage of electronic documents can be organized in at least two ways:

• local storage (documents are stored on local servers your company, for example, in the EDMS);
• storage in the cloud (documents are stored on the servers of the company whose services you used).

Electronic archiving services, for example, are offered by EDF operators.

Use of documents in judicial practice

According to paragraph 3 of Art. 75 of the Arbitration Procedural Code of the Russian Federation (APC RF), documents obtained using the information and telecommunications network Internet and signed with an electronic signature are admitted as written evidence in arbitration disputes.

Today, the court accepts applications, petitions and reviews electronically. You can submit a claim via unified system“My arbitrator”, on the official website of the arbitration court where the case will be considered, or on the website of the Supreme Arbitration Court of the Russian Federation. At the same time, only those persons who are registered in the “Electronic Guardian” system, where each user has his own personal account, can send any documents for consideration to the court.

It is important to comply technical requirements to sent documents: black and white image, PDF format, at least 200 dpi, presence of a graphic signature of the responsible person, seal and other details. One document – ​​one file, the name of which reflects the content and number of pages.

Documents such as applications to secure a claim, to secure property interests, or a petition to suspend the execution of judicial acts are not accepted in electronic form.

More Russian enterprises are implementing electronic document management systems, already assessing from their own experience the advantages of this technology for working with documents. Electronic data exchange is carried out via information systems, computer networks, Internet, Email and many other means.

An electronic signature is a requisite of an electronic document designed to protect information from forgery.

Using an electronic signature allows you to:

• take part in electronic trading, auctions and tenders;
• build relationships with the population, organizations and government agencies on modern basis, more efficiently, at the lowest cost;
• expand the geography of your business by remotely performing various, including economic, transactions with partners from any region of Russia;
• significantly reduce the time spent on completing a transaction and exchanging documentation;
• build a corporate system for exchanging electronic documents (being one of its elements).

With the use of an electronic signature, work according to the scheme “developing a project in electronic form - creating a paper copy for signature - sending a paper copy with a signature - reviewing a paper copy” becomes a thing of the past. Now everything can be done electronically!

Types of electronic signature

The following types have been established and are regulated: simple electronic signature and enhanced electronic signature. At the same time, an enhanced electronic signature can be qualified or unqualified.

Table

What is the difference between the 3 types of electronic signatures?

Collapse Show

It is very difficult to forge any electronic signature. And with an enhanced qualified signature (the most secure of the three) when modern level computing power and the required time resources, this is simply impossible to do.

Simple and unqualified signatures on an electronic document replace a paper document signed with a handwritten signature, in cases stipulated by law or by agreement of the parties. An enhanced qualified signature can be considered as an analogue of a document with a seal (i.e. "suitable" for any occasion).

An electronic document with a qualified signature replaces a paper document in all cases, except where the law requires the document to be on paper only. For example, with the help of such signatures, citizens can contact government bodies to obtain government and municipal services, and public authorities can send messages to citizens and interact with each other through information systems.

We sign with the private key, and we check the electronic signature with the public key.

To be able to sign documents electronically, you must have:

• ES key(so-called closed key) - it is used to create an electronic signature for a document;
• ES verification key certificate (open ES key) - with its help the authenticity of the electronic signature is verified, i.e. the ownership of the electronic signature to a specific person is confirmed.

Organizations that perform the functions of creating and issuing certificates of electronic signature verification keys, as well as a number of other functions, are called certification centers.

In the process of creating an ES verification key certificate, an ES key and an ES verification key are generated for each user. Both of these keys are stored in files. To ensure that no one other than the owner of the signature can use the digital signature key, it is usually recorded on protected key carrier(usually together with the electronic signature verification key). Just like a bank card, it is equipped with PIN code. And just like during card transactions, before using the key to create an electronic signature, you must enter the correct PIN code value (see Figure).

Secure key media are made by a variety of manufacturers and typically resemble a flash card in appearance. It is the user's provision of confidentiality of his ES key that ensures that attackers will not be able to sign a document on behalf of the certificate owner.

To ensure the confidentiality of the electronic signature key, it is necessary to follow the recommendations for storing and using the electronic signature key contained in the documentation, as a rule, issued to users at the certification center - and you will be protected from unlawful actions performed with the electronic signature key on your behalf. It is best if your private key is accessible exclusively to you. This idea is very important to convey to every key owner. This is best achieved by issuing instructional materials on this subject and familiarizing employees with them under signature.

Drawing

The program requests a password (PIN code) in order to sign a document with an electronic signature using an electronic signature key contained on a flash drive connected to the computer.

Collapse Show

Example 1

Fragment of the Guide to ensuring the security of using a qualified electronic signature of JSC Electronic Moscow

Collapse Show

When creating an electronic signature, electronic signature tools must:

1. show the person signing the electronic document the contents of the information he is signing;
2. create an electronic signature only after confirmation by the person signing the electronic document of the operation to create an electronic signature;
3. clearly show that an electronic signature has been created.

When checking an electronic signature, electronic signature tools must:

1. show the contents of an electronic document signed with an electronic signature;
2. display information about making changes to an electronic document signed with an electronic signature;
3. indicate the person using whose electronic signature key electronic documents were signed.

The ES verification key certificate contains all necessary information to verify an electronic signature. The certificate data is open and public. Typically, certificates are stored in the operating system storage in the certification center that issued them indefinitely (just as a notary stores all the necessary information about the person who performed the notarial act for him). In accordance with the provisions of Law No. 63-FZ verification Center, who issued the electronic signature verification key certificate, is obliged to provide information free of charge to any person upon his request, contained in the register of certificates, incl. information about revocation of the electronic signature verification key certificate.

Collapse Show

Oleg Komarsky, IT specialist

The certification center that issued the electronic signature stores the certificate of the verification key of this electronic signature indefinitely, or more precisely, for the entire time of its existence. While the certification center is working, there are no problems, but... the center is a commercial organization and may cease to exist. Thus, in the event of termination of the activities of a CA, there is a possibility of losing information about certificates, then electronic documents signed with electronic signatures issued by the closed CA may lose their legal significance.

In this regard, it is planned to create a kind of state repository of certificates (both valid and revoked). This will be something like a state notary center where data on all certificates will be stored. But for now, such information is stored in the CA indefinitely.

What should an employer consider when equipping its employees with electronic signatures?

In the ES key certificate Necessarily there is information about full name its owner, there is also a possibility inclusion additional information, such as Company name And job title. In addition, the certificate may indicate object identifiers (OIDs), defining the relationship in the implementation of which an electronic document signed by electronic signature will have legal significance. For example, the OID may state that the employee has the right to post information on the trading platform, but cannot sign contracts. Those. Using OID, you can differentiate the level of responsibility and authority.

There are subtleties of transferring authority when employees are fired or transferred to another position. They should be taken into account.

Example 2

Collapse Show

When commercial director Ivanov, who signed documents with an electronic signature, is dismissed, a new key media for working with electronic signature must be ordered for the new person who replaced Ivanov in this position. After all, Petrov cannot sign documents with Ivanov’s signature (even if it’s electronic).

Usually, upon dismissal, re-issuance of electronic signature keys is organized; As a rule, to do this, employees themselves visit the certification center. The organization that pays for the issue of keys is also the owner of the key, so it has the right to suspend the validity of the certificate. In this way, risks are minimized: a situation is excluded when a dismissed employee could sign documents on behalf of the previous employer.

Collapse Show

Natalya Khramtsovskaya, Ph.D., leading document management expert at EOS company, ISO expert, member of the State Budgetary Inspectorate and ARMA International

The effective business performance of an organization depends on many factors. One of the key elements of the entire management system is the principle of employee interchangeability. You should think in advance about who will replace employees who are temporarily unable to perform their duties. job responsibilities due to illness, business trip, vacation, etc. If your organization deals with signing documents with electronic signatures, this aspect needs to be taken into account separately. Anyone who neglects this organizational issue risks running into serious trouble.

Indicative in this sense is case No. A56-51106/2011, which was considered by the Arbitration Court of St. Petersburg and Leningrad region in January 2012.

How the problem arose:

• LLC "Sales Association "Tvernefteprodukt" in July 2011 filed a single application to participate in an open auction in electronic form for the supply of gasoline using fuel cards for the Upper Volga branch of the Federal State Budgetary Scientific Institution "State Scientific Research Institute of Lake and River Fisheries" (FGNU "GosNIORH"). The customer's auction commission decided to conclude a government contract with the only participant auction
• The draft government contract was sent by the customer to the operator electronic platform July 12, 2011, and he transferred it to the LLC. IN established by law term, the LLC did not send to the operator of the electronic platform a draft contract signed with the electronic signature of a person who has the right to act on behalf of the participant in placing the order, because this official was on sick leave.
• In July 2011, the St. Petersburg Department of the Federal Antimonopoly Service (UFAS) reviewed the information submitted by the customer about the LLC’s evasion from concluding a contract and decided to include it in the register of unscrupulous suppliers.

Disagreeing with the decision of the Federal Antimonopoly Service, the LLC went to court. All three courts found the LLC guilty of evading the conclusion of a contract. And in the final instance, in October 2012, it emerged that the LLC contacted the customer on August 10, 2011 and cited not the illness of its employee, but his negligence as the reason for not signing the contract.

Another interesting case occurred when a government contract was signed with the electronic signature of an unauthorized person. This is a matter of the Arbitration Court Kaluga region considered in September 2011 (case No. A23-2637/2011).

The circumstances were as follows:

• In March 2011, SEL TECHSTROY LLC was recognized as the winner of an open auction. At this point, the LLC had a change of general director: the former general director V. became the deputy of the new general director P. But the new general director had not yet had time to issue an electronic signature. Therefore, on March 14, 2011, we decided to “simplify our lives” and sign a government contract using the digital signature of V., who left his post. However main mistake was that V. signed the document as CEO SEL TECHSTROY LIMITED.
• Information about the dismissal of V.'s general director and the appointment of P. as general director, as well as the power of attorney to carry out actions on behalf of the ordering participant, issued to V. as deputy general director, were posted on the website of the electronic trading platform only on March 24, 2011, t .e. after signing and sending the contract to the customer.
• The customer noticed this oversight, believing that the contract was signed by an unauthorized person, and in April 2011 he contacted the Federal Antimonopoly Service. As a result, the Federal Antimonopoly Service included the LLC in the register of unscrupulous suppliers for a period of 2 years due to evasion of concluding a government contract.

When considering this case in the first instance, the court noted that the new general director of the company, P., in his explanations to the Federal Antimonopoly Service, firstly, confirmed his readiness to sign a government contract, and secondly, he admitted the mistake made, without challenging V.’s powers, indicated in a power of attorney. In addition, the fact that the power of attorney was posted on the official website of the electronic platform, albeit belatedly, was regarded by the court as active actions by the company to eliminate the mistake. As a result, the Arbitration Court ordered the Federal Antimonopoly Service to exclude the LLC from the register of unscrupulous suppliers. In December 2011, the Twentieth Arbitration Court of Appeal supported the position of the trial court.

But the Federal Arbitration Court of the Central District in March 2012 ruled differently. In his opinion, on March 14, 2011, V. used an electronic signature in violation of the provisions of Art. 4 Federal Law“On electronic digital signature” and the conditions specified in the signature key certificate (after all, an electronic document with an electronic signature that does not comply with the conditions included in the certificate has no legal significance). As a result, the court concluded that the government contract was signed by an unauthorized person and recognized the decision of the Federal Antimonopoly Service to recognize the LLC as an unscrupulous supplier as lawful.

Similar cases are often considered by the courts. Then the director, who has the digital signature key certificate and has the right to sign documents on behalf of the company, resigns, and new director does not have time to prepare an electronic signature and sign a contract on time. Then they try to sign documents with the signature of an employee who has already resigned (or transferred to another position in the same organization). Then problems arise with the negligence of employees or their illness (as in the first of the cases described), and again they do not have time to delegate authority to another person and issue an electronic signature to him. But the result is the same - the organization ends up on the list of unscrupulous suppliers and is deprived of the right to enter into contracts financed from the budget.

Receipt by an employee of an organization of an electronic signature key, ensuring its safety and actions with it are usually regulated by an order for the organization with the approval of instructional materials. They define the procedure for using electronic signature keys for signing documents, obtaining, replacing, and revoking an electronic signature verification key certificate, as well as the actions taken when the electronic signature key is compromised. The latter are similar to the actions performed when a bank card is lost.

How to choose a certification center?

Law No. 63-FZ provides for the division of certification centers into those that have passed and those that have not passed the accreditation procedure (now it is carried out by the Ministry of Communications and mass communications RF). An accredited certification center is issued an appropriate certificate, and to obtain a qualified certificate of an electronic signature verification key, you must contact such a CA. Non-accredited CAs can only issue other types of signatures.

When choosing a CA, you should keep in mind that not every one of them uses all possible crypto providers. That is, if the partners organizing electronic document management, you need electronic signatures generated using a specific crypto provider, then you should choose a certification center that works specifically with this cryptographic information protection tool (CIPF).

The procedure for obtaining an electronic signature and the necessary documents

To organize the exchange of electronic documents between organizations, you must perform the following steps:

• determine the goals and specifics of document flow between your and another organization. This should be formalized in the form of an agreement or contract, which defines and regulates the operations and composition of documents with an electronic signature transmitted electronically (such standard contracts signed, for example, by banks with clients, allowing the use of the client-bank system);
• exchange certificates of keys for verifying the electronic signature of persons, documents signed by which will be transferred between organizations. It is clear that partners can obtain such certificates not only from each other, but also from the certification authority that issued these certificates;
• issue internal instructions regulating the procedure for transmitting and receiving electronic documents to another organization, including the procedure for verifying the electronic signature of received documents and actions in case of detection of the fact of making changes to a document after signing it with an electronic signature.

To produce electronic signature keys and digital signature verification key certificates, users must provide the certification center with application documents, documentation confirming the accuracy of the information to be included in the digital signature verification key certificate, as well as the corresponding powers of attorney.

To ensure the proper level of user identification, the procedure for obtaining electronic signature verification key certificates requires the personal presence of its owner.

True, there are exceptions. For example, today for employees of government and budgetary organizations, as well as employees of executive authorities of the city of Moscow, the certification center of JSC Electronic Moscow has developed a system for the mass issuance of electronic signature verification key certificates (SKPEP), which, while maintaining a high level of reliability of user identification, makes it possible to make it unnecessary for each employee to visit the certification center in person, which significantly reduces monetary and time costs of the organization compared to the issuance of SKEPP organized according to the traditional scheme.

How much does an electronic signature cost?

It is a mistake to think that a certification center simply sells media for storing keys and certificates; the service is complex, and the media with key information is one of the components. Price complete electronic signature package depends on:

• region;
• pricing policy certification center;
• types of signature and areas of its application.

Typically this package includes:

• services of a certification center for the production of an electronic signature verification key certificate;
• transfer of rights to use the corresponding software(CIS);
• providing the recipient with necessary software for work;
• supply of protected key media;
• technical support users.

On average, the cost varies from 3,000 to 20,000 rubles for a complete package with one piece of key information. It is clear that when an organization orders tens or hundreds of key certificates for its employees, the price per “signer” will be significantly lower. Keys are reissued every year.

Currently in Russia, the circulation of electronic documents using an electronic signature is rapidly gaining momentum. Electronic signatures are widely implemented both in government organizations and in private businesses. It must be taken into account that different types Electronic signatures have different values; a document certified by electronic signature is legally significant, therefore transferring key media along with the PIN code to other persons is unacceptable.

The most important thing: an electronic signature significantly saves time, eliminating paperwork, which is extremely important in conditions of fierce competition and when partners are located remotely.

The problem so far remains only in the area of ​​confirming the authenticity of such a signature and the document with it throughout its long storage period.

Footnotes

Collapse Show

Hello! In this article we will talk about electronic digital signature.

Today you will learn:

1. What is digital signature and in what areas can it be used?
2. About the legal force of a signature in this format;
3. About the advantages that its presence provides.

For some time now, digital signature has been a tool that simplifies the movement of documentation. Moreover, this happens not only within the company, but also outside it. Let's look at how to become its owner today.

EDS - what is it in simple words

Everyone knows that any document is signed by a person who has such authority. This is done in order to give the document legal force. Thanks to modern technologies, all document flow goes into electronic view. Moreover, it turned out to be extremely convenient!

What is digital signature in simple terms?

EDS – This is an analogy to a regular signature, which is used to give legal force to documentation located on electronic media.

It is usually stored on a flash drive.

Advantages:

1. Simplify and speed up the process of data exchange (when collaborating with foreign companies);
2. Reducing costs associated with document flow;
3. Increased security level for information of a commercial nature.

Terms related to digital signature

Closely related to this concept are two others: key And electronic signature certificate.The certificate confirms that the digital signature belongs to a specific person. It can be enhanced or normal. An enhanced certificate is issued either by a certification authority or by the FSB.

The key is the characters in the sequence. They are usually used in pairs. The first is the signature itself, the other confirms that it is genuine. To sign each newly created document, a new key is generated.

The information that is received at the CA is not an electronic digital signature, it is a means to create it.

A little history

The first electronic devices began to be used in Russia in 1994. And the law regulating their use was adopted in 2002. It was extremely vague and ambiguously interpreted the terminology. The issue of obtaining a signature was also practically not covered.

Since 2011, government agencies have switched to electronic document management. And all officials received an electronic signature.

In 2012, this process acquired a global scale and thanks to this, we can now become the owners of universal modern signatures.

How to get an electronic digital signature

Let's consider a situation in which a person has assessed all the advantages of this tool and decided to obtain an electronic signature. So, the question arose: what needs to be done for this? Let's talk about this in more detail.

To receive an email digital signature, you need to go through several important steps:

• Decide on the type of signature;
• Select a certification authority;
• Fill out an application;
• Pay the invoice;
• Collect required package documentation;
• Receive an electronic signature.

Now we will discuss each step in detail.

Step 1. Choose the type of signature that suits you best.

Over the last period of time, the number of those who want to receive an enhanced electronic signature has increased. This is explained by the fact that it can not only confirm the identity of the person who sent the document, but is also protected to the maximum. According to a number of experts, simple digital signatures will soon cease to exist completely.

Let us present in the form of a table in which areas they are used different kinds signatures.

Step 2. Select a certification center.

If you need to obtain an electronic signature to submit reports, choose a qualified one, but if you just need to manage paperwork, then choose a simple one.

Let us clarify that the CA is a legal entity whose purpose is to generate and issue an electronic signature.

In addition, the CA carries out the following activities:

• Confirms that the signature is authentic;
• If necessary, blocks the digital signature;
• Serves as a mediator if a conflict situation suddenly arises;
• Provides technical support;
• Provides necessary software to clients.

There are about 100 CAs in the Russian Federation. It is better to choose the one that suits your location and capabilities. You can first check to see if there are any in your city. This is easy to do: just look at the information on the official website.

Step 3. Fill out the application.

To do this, we either visit the center’s office or fill it out online. The remote method allows you to avoid a personal visit to the CA, that is, save some time.

As soon as the submission of the application is completed, a CA specialist contacts the client to clarify the data specified in it. You can ask him questions and get advice.

Step 4. Pay.

You will have to pay for the service in advance. As soon as the application is accepted, all details are agreed upon, the client is issued an invoice. The cost may vary, as it depends on the region where the client lives, on the company itself and on what kind of digital signature you want to receive.

Moreover, the price range is quite large - from 1,500 to 8,000 rubles.

Documents for digital signature

When collecting documents important nuance is as follows: EDS is needed for individual, EDS for legal entity or for individual entrepreneurs. Therefore, we will characterize the documentation separately.

To obtain a signature, individuals must collect the following set of documentation:

• Completed application form;
• Passport with photocopy;
• SNILS;
• A receipt confirming payment of the invoice.

If the recipient has an authorized representative, he or she can handle the submission of documents. The only thing is that you need a power of attorney to perform such actions.

Legal entities need to prepare:

• Completed application;
• OGRN certificate;
• TIN certificate;
• (not expired);
• Passport with a copy of the person who will use the digital signature;
• Payment receipt;
• SNILS of the person who will use the digital signature;
• If the director will use the signature, you must provide an order on the basis of which he holds this position;
• Other employees need powers of attorney so that they can use digital signatures.

IPs are provided by:

• Completed application;
• OGRNIP certificate;
• TIN certificate;
• An extract from the register of entrepreneurs, which is no more than 6 months old (a copy is possible);
• A receipt confirming payment.

If the application was submitted remotely, necessary documents sent to the CA by mail, if in person, then along with the application.

Electronic signature for individuals

For individuals there are 2 types of signatures: qualified and unqualified. The obtaining procedure, when compared with legal entities, is much simpler.

Private individuals usually use electronic signatures to sign certain papers.

Nowadays systems such as:

• Unified portal of public services;
• ESIA network for obtaining various information.

For the unified identification and authentication system, a simple type of electronic signature is sufficient, but for the government services portal, a qualified one is used.

To obtain an electronic signature, a citizen also applies to the CA with all documents and an application. You also need to have a flash drive with you on which the private part of the key, known only to the owner, will be written.

The procedure looks like this:

• Contact the CA for a certificate and to receive an EDS key;
• Find a password;
• Filling out forms to obtain keys;
• Submission of all documents;
• Obtaining a certificate for keys.

Electronic signature for legal entities

The obtaining algorithm is practically no different from obtaining a signature by an individual. In the same way, a CA is selected, all the necessary documents are collected, and the invoice is paid. The only thing you must not forget is that the extract from the Unified State Register of Legal Entities must be received on time, since the process of preparing it takes about 5 days.

Hash function: why is it needed?

Hash function is a unique number that is obtained from a document by transforming it using an algorithm.

It is highly sensitive to various types of document distortion; if at least one character in the original document changes, most of the hash value characters will be distorted.

The hash function is designed in such a way that it is impossible to restore the original document using its value, and it is also impossible to find 2 different electronic documents that have the same hash value.

To generate an electronic digital signature, the sender calculates the hash function of the document and encrypts it using a secret key.

Speaking in simple words, it is designed to simplify the exchange of data between users. This is a key data protection tool.

The signed file goes through a hashing procedure. And the recipient will be able to verify the authenticity of the document.

Legal force of digital signature

An electronic digital signature has equal legal force with a regular signature on a paper version of a document, if it was applied without violations. If deviations are identified, the document is not valid. The state regulates the process of using digital signatures by Federal legislation.

Validity period of the digital signature

The digital signature is valid for 12 months from the day it was received. As soon as this period ends, it is extended or another one is received.

Let's sum it up. The use of digital signature brings the greatest benefits large companies and enterprises. Thanks to it, document flow becomes cheaper and broad horizons for business open up.

It is also beneficial for ordinary citizens to have it. No need to stand in lines, order state. services are available without leaving your home. EDS is a modern, convenient and profitable tool.

Use is becoming increasingly common in Russia. And this is not at all surprising, since digital signature is in many cases more secure than the corresponding details affixed with a ballpoint pen or stamp. How is an electronic signature made for a legal entity? How to get the appropriate tool?

Definition of digital signature

First, let's define the essence of digital signature. digital signature? It refers to the details of a document, similar to those written on paper with a ballpoint pen, but only made using special computer algorithms.

The main purpose of an electronic signature is to confirm that a document is signed by a specific person. Among others useful properties, which an electronic digital signature has, is a certification of the integrity of the document, the absence of any changes in it on the way between the sender and the recipient.

Using digital signatures

In what areas are digital signatures used? Almost in the same way as a regular signature: in businesses and government agencies, in communications with the participation of individuals. An electronic signature that meets all the necessary legal requirements is legally equivalent to a signature made with a ballpoint pen, and in some cases, a seal, if we are talking about legal entities.

The use of electronic signature is common in banking sector: Thus, when authorizing in systems of the “bank-client” type, the corresponding mechanisms of the user of the financial product are activated. Using the algorithms adopted by the financial and credit organization, the client signs payment orders and makes various applications and requests.

In some cases, digital signature is considered to be an even more reliable requisite than a signature made with a ballpoint pen. This is due to the fact that it is very difficult to forge, and also because with the help of an electronic digital signature, as we noted above, you can check whether changes have been made to the sent files.

Universal electronic cards are beginning to spread in the Russian Federation. With their help, citizens can carry out a large number of various actions. Among these is signing documents on the Internet. How is this possible? In order to use this UEC function, you need to purchase a card reader - a device capable of reading data from a card and transmitting it through special online channels. It is necessary to use a device that supports the PC/SC standard.

EDS structure

How does the digital signature work? How does the document authentication mechanism work? Very simple. An electronic signature itself is a document requisite that can only be affixed by one person (or organization). The corresponding subject of document flow has a single copy of the tool with which the digital signature is placed - this is the private key of the electronic signature. As a rule, no one else has it, as is the case with a unique example of a person's autograph, which he writes with a ballpoint pen. Keys are issued by specialized organizations - certification centers. They may also be accredited by the Ministry of Communications.

You can read the digital signature using a public key, which, in turn, can be at the disposal of any number of people. By using this tool, the recipient of the document makes sure that it was sent and signed by a specific sender. If the public key does not recognize the digital signature, it means that it was not affixed by the person from whom the document should come.

Signing Key Certificate

An important element of document flow is the electronic signature key certificate. It is usually an electronic data source that contains information about the sender of the files. A certificate certifies the fact that the key a person owns is valid. This document also contains basic information about the sender. The certificate is usually valid for 1 year from the date of its issuance. The corresponding signature element can also be revoked at the initiative of its owner, for example, if he loses control of the key or suspects that it has fallen into the wrong hands. Those documents that are signed without a valid certificate have no legal force.

From a technological point of view, the mechanism for exchanging files when using digital signatures is usually implemented within a certain software environment. That is, files are sent and received in a special format using a specialized software interface. It can be adapted, for example, for document flow in the field tax reporting or for sharing files between different companies.

A universal system for receiving and sending documents has not yet been created in the Russian Federation, but such work is underway. Its successful completion will make it possible to create a software environment that, theoretically, will be able to completely replace paper document management, since every citizen, along with a personal autograph, will also be able to affix an electronic signature on any documents. Actually, the development of the UEC is one of the first steps in this direction.

But for now, you can put an electronic signature using this card on a limited number of resources. Therefore, electronic signature verification is now carried out in different programs, and their use is carried out by agreement between the sender and recipient of the documents.

It is also quite possible to exchange files outside the corresponding interfaces. In this case, each document can be supplemented with a text insert with a unique cipher, which is created using a private key and read by the recipient of the file using a public one. The document will be recognized if the corresponding algorithms match, and also provided that the certificate we mentioned above is valid.

However, the cipher in question will one way or another be created by a special program. Theoretically, of course, users can develop their own - and this will formally also be considered an electronic digital signature, but in this case there is no need to talk about a sufficient level of document flow security. In large companies, special requirements are usually established for it. The same as in government institutions. Let's study the aspect that reflects the types of digital signatures depending on the level of security in more detail.

Digital signature security levels

It may be noted that sending documents via e-mail is also one of the options for using digital signature. In this case, we are talking about using a simple electronic signature. Its “key” is the password entered by the sender. The Electronic Signature Law allows that this type Digital signature may be legally significant, but law enforcement practice is not always accompanied by the implementation of this scenario. And this is understandable: the password - purely theoretically - can be entered by anyone who knows it and pretend to be the sender.

Therefore, the same law on electronic signature determines that much more secure versions of digital signatures can be used in document flow. Among these is a strengthened and qualified digital signature. They assume that their owners have reliable electronic keys, which are very difficult to fake. They can be made in the form of a special keychain such as eToken - in a single copy. Using this tool and a special program, a person can send signed documents to the recipient, who then, using the public key for verifying the electronic signature, can verify the correct origin of the files.

Specifics of a qualified signature

What is the difference between an enhanced digital signature and a qualified one? Technologically, they can be very similar and use generally similar encryption algorithms. But in the case of a qualified digital signature, a certificate for it is issued by a certification center (from among those accredited by the Ministry of Communications). This type of electronic signature is considered the most secure and in most cases is equated in a legal sense to the corresponding details of a document that is placed manually on paper.

In most cases, a qualified digital signature is required during the interaction of businesses and individuals with government agencies, so the requirements for document identification in such communication scenarios can be very strict. In this case, a strengthened digital signature cannot always satisfy them, not to mention, of course, a simple electronic signature. Accredited certification centers, as a rule, recommend to their clients the optimal type of software with which document flow is carried out using digital signatures.

Types of electronic signatures

So, a universal digital signature capable of replacing a signature on paper at any time has not yet been developed in Russia. Therefore, the tools we are considering are presented in a wide range of varieties, adapted to various file sharing purposes. Let's look at the most common types of communications that use electronic signatures of documents.

Digital signatures required for participation are popular commercial organizations in various auctions (Sberbank-AST, RTS-Tender), as well as for presence on trading platforms, for example, those that are part of the ETP Association. There is an electronic signature adapted for working with databases on bankruptcies of legal entities and facts relating to their activities.

On the Gosuslugi.ru portal, all registered persons are also issued an electronic signature. Thus, public services can then be ordered online - there is no need to submit a paper document to one or another department. A wide range of services is available to the citizen; you can even apply for a foreign passport online. One of the options for hardware implementation of digital signatures for use on the Gosuslugi.ru portal is UEC, which we mentioned above.

How to obtain an electronic signature

Due to the absence in the Russian Federation of a unified structure for issuing universal digital signatures, there are a large number of private companies engaged in issuing electronic signatures. They are called, as we noted above, certification centers. These organizations perform the following main functions:

Register users as legally authorized subjects of working with documents when using digital signatures;

Issue an electronic signature certificate;

In some cases, they ensure the sending and verification of documents with digital signature.

Thus, if a citizen or organization needs a digital signature, they will have to go to the appropriate certification center.

Documents for obtaining digital signature

How is an electronic signature issued for a legal entity? How to get such a useful tool for business? So, the first thing you need to do is choose a certification center. It is advisable to contact those structures that have accreditation government agencies. A list of these organizations can be found on the website of the Ministry of Communications of the Russian Federation - minsvyaz.ru.

The following basic documents must be submitted to the certification center:

Extract from the Unified State Register of Legal Entities;

Certificates: on registration of a legal entity, on registration with the Federal Tax Service.

If we are talking about obtaining a personal signature for the head of the organization, the mentioned set of documents must be supplemented with a copy of the protocol on the appointment of the general director to the position. If an electronic digital signature is received by an employee who is not a member of the company’s highest management bodies, then a copy of the order on his employment, as well as a power of attorney, is required. Naturally, you will need a specialist’s passport and SNILS.

As we can see, the process within which an electronic signature is issued for a legal entity is not at all complicated. How to obtain an electronic signature for an individual entrepreneur?

Very simple. The following basic documents will be needed:

Extract from the Unified State Register of Individual Entrepreneurs;

Certificates: on registration as an individual entrepreneur and on registration with the Federal Tax Service;

Passport;

If a person who is not in the status of an individual entrepreneur, owner or representative of an LLC wants to receive an EDS, then all he needs to bring to the certification center is an INN, a passport, and a SNILS.

Obtaining an electronic signature is usually not a very long process. Many certification centers are ready to provide an eToken key or its equivalent, as well as instructions for using digital signatures within a few hours after completing the corresponding application.

Practical nuances of working with digital signatures

We studied how an electronic signature is issued for a legal entity and how to obtain this instrument. Let us now consider some remarkable nuances of the practical use of digital signatures.

Thus, when organizing document flow between two or more companies, it is advisable to turn to the services of intermediary structures that will help companies avoid mistakes in exchanging files, and also guarantee compliance with all legal requirements regarding these communications. Among optimal options registration of such agreements - the conclusion of accession agreements, which are provided for in Article 428 of the Civil Code of the Russian Federation.

When organizing document flow between different organizations, it is also recommended to approve the procedure for working with files in cases where the authenticity of the digital signature cannot be determined. For example, this is possible if the electronic signature key certificate has expired.

At the beginning of the article, we looked at the classification of digital signatures according to the degree of security. What are the mechanisms for the correct use of simple, strong and qualified electronic signatures?

If a company decides to use a simple digital signature when exchanging documents with another organization, then it needs to enter into additional agreements establishing such a mechanism. The relevant agreements must reflect the rules for determining who exactly sent the document via e-mail and thereby provided a simple digital signature.

If we are talking about electronic trading, then the signature must be strengthened (at a minimum) and meet the criteria adopted at the level of a particular online platform where such communications are carried out.

Reporting to government agencies should only be carried out using a qualified electronic signature. If we are talking about establishing labor relations at a distance (more recently the Labor Code of the Russian Federation allows this type of communication), then a qualified signature must be used in this process.