An enhanced qualified signature gives more opportunities and automatically gives legal force. Therefore, experienced entrepreneurs advise choosing CEP. Before contacting a certification center, check the accreditation on the website of the Ministry of Digital Development, Communications and Mass Communications of the Russian Federation.
Veniamin Bakalinsky , CEO of iTrex Translation Agency:
“Electronic digital signature is very simple and convenient, there were no difficulties. The only thing that could cause us difficulties was installing software and drivers for the operation of the digital signature, but this work is undertaken by the certification center. A technical support employee remotely connected to one of our computers, installed and configured the software. All setup work took a maximum of 20 minutes."
Advantages of an electronic signature
Processes are getting faster
Entrepreneurs sign acts or agreements, and the counterparty immediately receives them. This means that deliveries and sales are completed faster.
Veniamin Bakalinsky talks about his experience of using EP:
“Now about 70% of all our clients exchange organizational and reporting documents with us electronically. This especially helps with new clients: previously, the exchange of signed contracts, issuing the first invoices, and drawing up the first technical specifications took a lot of time and was sometimes a serious cause for concern for managers on the client’s side. If the manager needed to quickly launch a project, we, for our part, were ready to start immediately, but the client’s lawyers demanded that we first complete all documents and exchange originals. This is logical, but it is very disturbing in a situation where even a few hours affect the completion of work on time. With the transition to digital signature, such situations no longer arise. There are also some savings due to the costs of couriers and document printing."
Convenient to work with regulatory authorities
There is no need to go to the Federal Tax Service to submit reports or declarations. All data is sent from the office or home at any time of the day.
What is a public key
The public digital signature key is available to all users of the information system. At its core, it is a digital code. The EDS public key certificate is used to identify the owner and certify that there have been no changes to the document after signing. The certificate includes the following information:
a unique number assigned during registration;
personal information about the holder, including details of the issuer - certification center and full name of the owner
validity period of the issued certificate
Disadvantages of using an electronic signature
Design and installation costs
The main disadvantage is the cost of signing, setting up the browser and installing software for the electronic signature. CEP will cost an entrepreneur 1,500-6,000 rubles (depending on the policy of the Certification Center).
Timur Alekseev , commercial director of Sign Me electronic signature service
“Due to the variety of technologies for implementing electronic media for electronic signature keys, there is no “universal” signature that a person would have one for everything (well, or maximum two: as an individual and as a representative of a legal entity). At the moment, many services used by businesses are “tailored” to only one specific technology for implementing electronic signatures, which means that when faced with a service with a different technology, you will have to issue another new signature. As a result, an active user of digital services may have a large number of different signatures, which increases the risk of losing control over the owner’s access to his keys.”
Limited validity period
For example, it often ends during the submission of reports to the Federal Tax Service. And if the certification center reissues the EPC in a couple of hours, then on the tax authorities’ side it can be confirmed in a couple of days. As a result, the entrepreneur submits the report late, and this leads to a fine.
Karina Barg , legal analyst at Northwestern Legal Alliance:
“The validity period of the CEP is limited (usually a year), it is necessary to re-issue the signature to the general director if he has changed (relevant for LLCs). In addition, there may be difficulties in issuing a qualified signature if the applicant is a foreign person.”
Use of electronic signature in judicial practice
The use of an electronic signature sometimes complicates legal proceedings. The chief accountant can certify the statements instead of the manager, and the lawyer can certify the application for the court instead of the plaintiff. Similar violations occur when using client-bank software, when payment orders are not sent by the owner of the electronic signature.
When considering claims for unlawful debiting of funds from an organization’s current account, the court recognizes the correctness of the bank’s action, since the electronic signature is correct, and considers the transfer of signature rights to a third party as a violation of contractual relations and customer service rules.
A similar practice occurs when participating in electronic government auctions. If an organization does not sign a won contract in a timely manner, it is recognized as a party that has evaded concluding a contract and is entered into the register of unscrupulous suppliers. In judicial practice, there are also frequent cases when an organization is entered into the register because of a contract signed by a person who does not have the right to certify such documents.
In civil legal relations, disputes between counterparties arise about the legality of documents signed by electronic signatures of unauthorized persons. When making a decision, the court proceeds from checking the validity of the electronic signature certificate.
The legislation of the Russian Federation does not directly prohibit the transfer of electronic signatures to third parties with the consent of the owner, and in the event of controversial situations, the court recognizes the owner of the signature as the person who signed the document. All responsibility for the use of the digital signature lies with the owner of the certificate, and if the key is compromised, he is obliged to contact the CA with an application to suspend the signature. In controversial cases, such an appeal can serve as evidence of damage caused not by the owner of the signature, but by a third party.
Soon almost everyone will need an electronic digital signature
By 2024, the government plans to introduce mandatory labeling for a wide range of goods, and from next year they will introduce mandatory electronic document management for those who already use labeling. Electronic signatures are also used to work with online cash registers: registration, replacement of a fiscal drive, conclusion of an agreement with the OFD. Therefore, most entrepreneurs will have to issue a digital signature in the near future.
Yuri Spirin , co-founder of the Yachey store:
“We have a store, and we must use the online checkout, and we sell clothes and shoes that need to be labeled. That’s why we’ve been using electronic signatures for a long time. Of course, these are additional costs, but not that big. On the other hand, it is convenient: document exchange occurs quickly. And if you want to interact with large suppliers, you will have to implement electronic document management, and there you cannot do without digital signature.”
Checking the digital signature public key
It is proposed to check the compliance of the digital signature with the certificate using the register of the Unified Certification Authority. The library stores information about all issued cryptosystems, which makes it easy to check the authenticity of the digital signature using its publicly available component. This technology provides an appropriate level of security for electronic document management. The security of the cryptosystem component is guaranteed from the creation of counterfeits, and the transaction being carried out is guaranteed from intruders.
Access to the open element of the digital signature is public - anyone can use it.
The public part of the EDS key: how to do it
The issuance of this part of the EDS key pair is carried out by an authorized state body - a certification center. Its functions include the formation of a secret component of the cryptosystem and its own certificate, an end-user certificate, and certification of their authenticity. To record issued certificates, the CA maintains a special register. The range of tasks performed by the authority also includes the revocation of expired or compromised certificates with subsequent updating of the existing database.
Can an electronic signature be forged?
When all processes become electronic, there is a threat that fraudsters will hack the system and steal data. But it is impossible to forge an enhanced qualified signature.
Mikhail Alexandrov , Head of the certifying office in St. Petersburg:
“It is impossible to forge an electronic digital signature, but there are cases when a signature is used without the knowledge of the owner. The main methods of unauthorized use are key theft and substitution of signed information. This is done using spyware or by stealing the PIN code from the token."
There are still some legal difficulties with registration without personal presence. By law, the certification center must identify the applicant and then issue a CEP, but there are exceptions.
Dmitry Solomennikov , General Director of Tour Technologies LLC:
“I have several digital signatures. Yes, it's definitely convenient. Nowadays, registration for many business-related services is carried out using an electronic digital signature. However, the issuance technology in Russia makes us think about the security of issuing a signature. So, when renting a cash register from Sberbank, a Sberbank employee issued an electronic digital signature for me even without my personal visit to the certification center, only on the basis of the submitted scans. How can this be? I only found out about it after the fact."
Most likely, the bank identified the user as a client; internal regulations allow this. Mikhail Alexandrov believes that such situations arise due to unfinished legislation:
“For identification, you need to provide a passport or a certified copy, but the provisions of Law No. 63-FZ do not stipulate how the applicant should do this. There is a misconception that a qualified certificate can be issued remotely. But the Russian Ministry of Telecom and Mass Communications explains that it is impossible to establish a person’s identity remotely. In addition, the CA employee must acquaint the applicant with the information in the qualified certificate against signature. If there is no signature, then such a CEP may be declared invalid. Therefore, it is better to come for the signature in person.”
How to use digital signature
To certify a document with a digital signature, you can use special desktop applications, web services or plugins for certain formats. Let's look at each of these methods in more detail.
Plugins for Office documents
Most often, digital signature owners have to work with documents in Word format. The Office application environment has a standard function for creating digital signatures, but it does not give certified documents legal force because it does not support cryptographic processes. The best option for signing Word and Excel files is to install the CryptoPro Office Signature software module. This is a licensed product, but during the trial period you can use the software functions free of charge.
To add a digital signature to a document using this software, follow these steps:
- save the document;
- On the “File” tab, in the “Details” section, select the “Add CPU” option;
- in the form that opens, select a certificate from the list to endorse the file and press the “Ok” button;
- enter the password to access the key container.
After adding the digital signature, a status will be displayed in the status bar of the window confirming the presence of the digital signature in the document.
It is important to note that if the text was created in one version of the program and is checked in another, problems may arise (the file does not open, incorrect verification, etc.), so agree in advance with the recipient on which version of Word to create the document.
A file certified with Office Signature can be opened even on PCs where this plugin is not installed.
For digital PDF documents created in Adobe applications, there is a separate plugin - CryptoPro PDF. To add a digital ID, from the PDF document menu, go to the “Signing” → “Working with Certificates” section. In the form that appears, specify the signing method (CryptoPro PDF) and the certificate, then click “OK.”
CryptoARM
The universal program is widely used for encrypting and signing documents of any size and format. The software has several versions with different sets of functions. The starter version with a minimum set of functions is available for free use. Licensed releases have a demo period, during which you can try out the application's capabilities for free.
The procedure for signing a file in CryptoArm:
- save and close the created document;
- right-click and in the menu select “CryptoArm” → “Sign” (the electronic signature creation wizard will open);
- Select the document to be certified from the list and click “Next”;
- specify the location to save the file;
- select SKPEP from the storage and confirm your consent to add a signature by pressing the “Next” and “Finish” buttons.
In the program you can create detached and combined digital signatures, endorse individual files and entire folders with documents.
Safety regulations
To protect yourself from theft of an electronic digital signature, you need to follow simple rules. They were formulated by procurement expert Daria Oparina:
- Change the password on the USB token and remember it. If fraudsters enter the wrong code 3 times, the signature will be blocked;
- Do not give the CEP to anyone (even the chief accountant);
- Buy certified tokens. Others may have viruses;
- Do not go to suspicious sites and do not download files from unverified sources;
- Install an antivirus on your computer.