Purpose and composition of the EDS key verification certificate

Until relatively recently, electronic documents without a “live” signature and seal had no legal force. But since at some point computer files almost completely replaced ordinary paper documents, the question naturally arose: how to give these files legitimacy and legal significance? Thus, a special digital signature has appeared, thanks to which documents created electronically can be sent to any authority without printing them, and there they will be accepted for consideration along with real paper documents.

to transfer the right to use an electronic signature to another person during his absence ?

Public key certificate for electronic digital signature verification - what is it, what is its purpose

The main purpose of an electronic signature verification key certificate is to confirm that the electronic signature belongs to a specific person, the so-called owner of the electronic signature. In practice, a certificate is a kind of passport of the owner of an electronic signature, which indicates the last name, first name, patronymic, SNILS - if the owner of the digital signature is an individual. Or name, location address, INN, OGRN, if the owner of the signature is an organization.

An EDS certificate with a unique number assigned to it is provided by the certification center in electronic form or on paper.

The feasibility of obtaining an electronic signature

Before you start the hassle of filling out an application for an electronic signature, you should be aware of whether it is really necessary to obtain it. The advantages of owning an electronic signature are obvious. But what does the other side of the coin look like?

1. Economic efficiency. Digital signatures in the arsenal of an individual or legal entity impose certain financial obligations on him. Money will be needed both to obtain a signature (one-time) and to pay for the annual certificate. In addition, you should take into account possible additional costs for the program itself for working with electronic signatures.
2. Profit of digital signature for an ordinary citizen. The practice of using digital signatures by individuals suggests that this service is needed only by those who regularly apply to the Federal Tax Service, Rosreestr and MFC, while trying to reduce personal visits. Perhaps for an ordinary Russian, whose territorial representations of these bodies function without exhausting queues, obtaining an electronic digital signature does not make much sense.
3. Digital signature for businessmen. At the initial stage of doing business, you can do without an electronic digital signature. But if there is even a small staff subordinate to the manager, the organization plans to take part in auctions, tenders, and submit reports electronically, then digital signature will make life much easier. The costs of an electronic signature for businessmen are somewhat more expensive, but they pay off due to significant savings in time and effort and the opportunity to participate in profitable corporate auctions.

How to take into account the costs of purchasing an electronic signature ?

Selecting an electronic signature verification key certificate

There are qualified and unqualified EDS certificates. Their difference primarily lies in functionality. For example, an electronic signature with a non-qualified certificate can be used either by an individual - when working with a taxpayer’s personal account, or by supplier companies - when participating in electronic trading.

An electronic signature with a qualified certificate has a wider range of actions: starting from logging into the State Services portal and ending with the signing of any legally significant documents that do not require mandatory paper execution with a manual signature.

Certificate catalog

Electronic signature for bidding

• Sberbank-AST
• EETP
• OSET Zakaz RF
• MICEX "Government Procurement"
• RTS "Tender"

from 2,500 RUR

more details →

Order

Qualified electronic signature

• Procurement and bidding under 223-FZ
• Public services portal
• LLC Zakupki.gov.ru
• EFRSB and EFRSDFUL
• Electronic trading

from 3,000 rub.

more details →

Order

Qualified electronic signature for EGAIS

• 5 government procurement sites
• Procurement and bidding under 223-FZ
• Electronic trading
• Public services portal
• EFRSB and EFRSDFUL

from 1,500 RUR

more details →

Order

Electronic signature 3.0

• 5 government procurement sites
• Procurement and bidding under 223-FZ
• Electronic trading
• Public services portal
• EFRSB and EFRSDFUL

from 2,500 RUR

more details →

Order

all types of certificates"

The choice of the type of electronic signature certificate depends on the tasks that need to be solved with its help.

For example, there are requirements for choosing an electronic signature when working with accounting source documents: an electronic invoice is a document the basis for deducting VAT amounts only if it is signed with a qualified electronic signature. To submit reports to government agencies, you will need to use an enhanced qualified electronic signature.

New scopes cannot be added to an already issued certificate. To expand the scope of application, a new corresponding certificate must be obtained.

How to make an unqualified electronic signature key certificate

A non-qualified certificate is issued by any certification center for a fee. It can also be generated by any experienced IT specialist when creating an electronic digital signature using cryptographic programs.

Read about the differences and similarities between unqualified and qualified signatures in our material “What is the difference between the two main types of electronic signatures.”

Theft of a qualified digital signature

In case of loss or theft of the CEP, you must immediately contact the Certification Center with a request to block a qualified signature. Then, you will need to issue a reissue and get a new digital media.

If you have any difficulties ordering an electronic signature, please contact our specialists. Employees of the RusTender company will advise on any questions that arise, and if necessary, they themselves will order and receive the CEP and a certificate for it.

© RusTender LLC The material is the property of tender-rus.ru. Any use of an article without indicating the source - tender-rus.ru is prohibited in accordance with Article 1259 of the Civil Code of the Russian Federation

How to create a qualified digital signature certificate

It is not possible to create an electronic digital signature with a qualified certificate on your own. A qualified certificate is issued only by accredited certification centers. Therefore, to obtain it, you will have to contact one of these centers with an application for a certificate.

You can learn more about the purpose of a qualified signature and the procedure for obtaining it in our article “Strengthened qualified electronic signature - what is it?”

Enhanced Qualified Electronic Signature

Let's take a closer look at what an enhanced qualified signature is. According to Federal Law 63 of 04/06/2011 “On Electronic Signatures”, this type of digital signature is considered the most secure and reliable. Let's consider its advantages point by point:

1. Due to enhanced security and special data encryption methods, only state-accredited certification centers can issue a qualified electronic signature. They must comply with a number of established rules.
2. Each electronic signature of this type has a qualified verification key, which is a control and protection mechanism. A certificate indicating the key is issued by the center that issued the electronic signature.
3. An electronic document signed with an enhanced qualified signature, from the point of view of the law, is equivalent to a paper document, with the seal of the organization and the signature of the responsible person.
4. The mandatory presence of a CEP is required by such operations as sending reports to the tax authorities, sending bank documents and, of course, working with government procurement portals under 44-FZ.

The table below indicates in what situations it is possible to use one or another type of digital signature. After studying it, you can understand which option is right for you.

Application for an electronic signature verification key certificate - sample completion

An application for the issuance of a certificate is drawn up as an annex to the agreement for the purchase of an EDS key certificate. Each accredited center has its own form for filling out this application, but the information entered into it is the same.

To clearly see what this document approximately looks like and what information will be needed to fill it out, we have prepared for you a sample of an already completed application (see below).

What does the digital signature look like on a document?

An electronic signature is a unique sequence of characters. It acts as a mandatory requisite placed on official electronic documents. Reliable cryptographic methods and mathematical calculations are used to generate the signature, and the software is FSB certified.

There are 3 types of digital signature:

• simple;
• unskilled;
• qualified.

A simple electronic signature (SES) is a code or password created by the system and sent to the user’s phone or email address. Typically used on websites to confirm an action. An unqualified signature (NES) differs in that it requires confirmation of the client's identity and is formed using a cryptographic transformation.

The most reliable is a qualified digital signature (QDS). It is confirmed by a verification certificate, has a private and public key, and gives the document full legal force.

A key certificate is a file with a .crt extension that contains information about the owner, the certificate's thumbprint, and the validity period of the signature.

An electronic signature on a document looks like:

• a sequence of letters or numbers that corresponds to the key specified in the certificate;
• a graphic picture or stamp indicating the signature of the certificate owner.

The most reliable is the invisible ES, which is not visually detected. It is used when creating MS Word, Excel documents, and is generated automatically. You can determine its presence by the mark that appears in the “status” column.

An example of what an enhanced qualified electronic digital signature looks like is an extract from the Unified State Register of Legal Entities certified by the Federal Tax Service. The signature here is a stamp indicating the certificate number, owner, and validity period of the electronic signature.

Sample:

What does a document signed with digital signature look like:

Renewal of digital signature certificate

The term of digital signature certificates issued by certification centers is limited and is 12 months (year), regardless of whether the certificate is qualified or unqualified. Some large accredited centers can issue a certificate for 15 months. But not more. Once the specified period of the certificate expires, the electronic signature will become invalid.

If you plan to use an electronic signature after the expiration of the established period of the certificate, then you must submit an application to extend its validity period to the certification center that issued this certificate, draw up an additional agreement and pay the invoice issued by the center.

Where to get a CEP key certificate

As we have already said, the electronic signature key is issued by any accredited CA. Their list is posted on the website of the Ministry of Telecom and Mass Communications. You can also view them in the register on the website of the Federal Tax Service. The scope of digital signature production is quite narrow, so it is worth contacting an expert who will help you choose a signature in accordance with the tasks you face.

Before choosing, evaluate the level of interaction between the technical support service and customers. Check the speed of response to the request - send it to the technical support e-mail and analyze how much time it took to review the letter. If you had to wait a long time for feedback (a call or an answer to an email), refuse to receive services from this CA, since problems or issues that require a quick solution may arise during further work with the digital signature. For example, when bidding, minutes often count, which means you cannot afford to miss a tender due to the slow work of the technical support service.

Also evaluate how detailed and understandable the answer was given by the technical support staff. The manager must be a professional in this field. Not all users can easily understand the technical nuances of working with a key, for example, with the installation and further use of an electronic digital signature, as well as passing accreditation, participating in bankruptcy auctions (if the activity requires it). It is important that a specialist can remotely help perform all operations remotely or travel to the enterprise.

To register a company on government service websites, you need to issue an EDS key certificate for the head of the enterprise indicated in the extract from the Unified State Register of Legal Entities, and to participate in the auction - for an authorized person (if you have a power of attorney).

Don't forget to make sure you have an FSB license to work with cryptography. Receiving an electronic signature is a service for which the owner of the electronic signature verification key certificate will have to provide his personal data. Check the list of documents with a specialist.

Legislation is constantly amending and accreditation rules are becoming more stringent. We recommend choosing large, proven CAs.

We will issue an electronic signature for your business. We will help you install and configure it on the day you submit your application!

Leave a request and receive a consultation within 5 minutes.

Reissue of digital signature certificate

Sometimes situations arise when the owner of an electronic signature loses a USB drive, changes his personal or legal details, or the law makes changes to the requirements for electronic signatures. In such cases, the certificate will need to be reissued. In most cases, this service is provided by certification centers on a paid basis. And changing the details again or losing USB keys is financially unprofitable. True, some certification authorities offer, which allows you to re-issue it at a lower cost up to a certain date during the validity period of the certificate.

If the EDS certificate is reissued, you won’t be able to simply update it—you’ll have to install it again. To install a new certificate, you will need the CryptoPro CSP program, located in the “Start” menu - “Settings” - “Control Panel”. In this program, on the “Service” tab, you can install a new certificate either through the “View certificates in the container...” button, or through the “Install personal certificate...” button. Next you need to follow the instructions of the program. Additionally, you can use the detailed instructions provided by the websites of accredited centers.

FAQ:

Key verification

Electronic signature verification can be done using third-party programs or services:

• To verify an electronic signature in Word and Excel documents, you must use the paid CryptoPro Office Signature plugin. At the same time, for its normal functioning, it is necessary that the Crypto Pro complex be installed on the computer.

In addition, you must remember that signature verification is not always successful. Especially if the document was created in a newer version of the program than the one used for verification.

To check the signature on a document, click on the signature icon. Then right-click on the signature line and select “Signature Contents.”

If verification is successful, information about the certificate will be displayed. If changes have been made, it will be indicated that the signature is invalid.

• To verify the signature in a PDF document, there is a free CryptoPro PDF plugin. But for its functioning it also requires the installation of “Crypto Pro”. To check the signature, you need to open the document and select the Signatures button in the left menu. Then you need to right-click on the signature you want to verify and select Validate Signature.
• The State Services portal has a special section for checking electronic signatures https://gosuslugi.ru/pgu/eds. To use it, you need to upload the file, specify the verification code and click the “Check” button. If the check is successful, information will be displayed: About the owner of the digital signature;
• Certification center;
• Signature validity period.

How to view the serial number of a signing key certificate

In order to find out the serial number of the certificate, you need to use the Crypto Pro program:

1. Go to the “Start” menu > “Control Panel” > “CryptoPro CSP”
2. In the “Crypto Pro CSP” application that opens, you need to select the “Service” tab. On it, click the “View certificates in the container” button.
3. This will open the Certificates in Private Key Container window. There you need to click on the “Browse” button, select the key you want to view from the list and click “OK”, then “Next”.
4. In the window that opens there will be a line “Serial number”, which will indicate the required value.

If the certificate is exported as a file, you need to double-click on it. In the window that opens, go to the “Composition” tab, and there will be a “Serial number” line in the table with the required value.

How to find out the password of an electronic signature certificate

In this situation, two situations may arise - the certificate was not installed on the computer and you need to find out the password for the root token, or the certificate was installed and a password was assigned to it.

In the first case, if the password has not been changed, you need to try the standard password - 12345678. If the password has been changed, then there is no way to recover it.

In order to protect the certificate and user data from interference by third parties, Rutoken does not have any mechanism for resetting a forgotten password. Therefore, in this situation, all that remains is to purchase a new media with a new key.

If, when installing a certificate on the system, a password was set, which was subsequently lost, you must perform the following steps:

1. The computer must have Crypto Pro version no lower than 3.6 installed. You need to go to the directory with the program, which is located in the “Program Files” folder.
2. In the folder, find a program file named “csptest” and run it.
3. In the window that opens, enter the command cd “C:/Program Files/Crypto ProCSP” from the keyboard, observing the case and all characters.
4. In the next step, enter the command csptest -keyset -enum_cont -fqcn –verifycontext It will display all containers that are installed on the computer. You need to find the required one and write down its name exactly, case sensitive.
5. Enter the command csptest -passwd -showsaved -container “name” into the window. Where “name” is the name of the container recorded in the previous step. In response, service information will be displayed, including the password.

How to remove old digital signature certificates

Removing old digital signature certificates will be much easier than installing or updating new ones. To do this, you need to go to the “Certificates” program through the “Start” menu - “Programs” - “Crypto-Pro”, open the “Personal” subfolder, select the old certificate, right-click and select the “Delete” function from the menu that appears. The certificate will be deleted.

But experts do not recommend doing this, since outdated certificates may be needed to view previously signed documents and reports. For example, if old certificates are deleted, it will no longer be possible to view reports and letters sent using them via TCS. And you will have to contact accredited centers with a request to provide remote certificates.

In order for old certificates to be saved in electronic form, but not to appear in the list of valid certificates, instead of deleting the certificate, simply open it by double-clicking the left mouse button and in the window that appears, on the “Composition” tab, click on the “Properties” button. In the new window, move the checkbox to “Allow only the following assignments” and uncheck the “Client authentication” checkbox. This way, the old certificate will be preserved, but it will no longer interfere with the use of existing certificates.

Installation nuances

To install SKPEP on your computer, you must first download the software – “CryptoPro”.

Algorithm of actions:

1. After logging in, go to the “Service” tab and select “View certificates in the container”.
2. Use the “Browse” button to find the desired container. The “Certificate to View” field will appear.
3. Once you are sure that your selection is correct, click on “Install”.

If the key is stored on a flash card or in the registry, installation includes the following steps:

• in the “CryptoPro CSP” program using “Service”, install a personal SKPEP;
• select the desired file on external media or computer;
• in the “Setup Wizard” find “Private key container”;
• complete the operation by placing the object into the container.

How long should I keep the digital signature certificate?

Does the owner of an electronic signature need to store digital signature certificates after their expiration? Yes, it is advisable to keep them in electronic or paper form, since they can be useful at any time to confirm the legal validity of documents previously signed with them. When determining the storage period for an EDS certificate, you can rely on the statutory storage periods for documents in paper form. You can familiarize yourself with them in our article “Basic storage periods for documents in an organization (archive).”

But let us remind you once again that this is only a recommendation for digital signature owners. The obligation to store certificates is legally assigned to the accredited certification centers that issued them (Clause 1, Article 15 of the Law “On Electronic Signatures” dated April 6, 2011 No. 63-FZ). The storage period for issued certificates is limited only by the period of activity of the accredited center. That is, while the accredited center is working, you can at any time request information from it about previously issued certificates. But as soon as the certification center ceases its activities, the obligation to store certificates is removed from it.

In the future, it is planned to transfer the storage of all issued certificates under the control of a single state database in order to minimize the risk of their loss in the event of termination of the activities of accredited centers. But so far there is no such storage system, so behind the scenes, responsibility for the safety of the certificate lies entirely with its owner.

Qualified signature verification certificate

Only an enhanced qualified signature can have a qualified certificate. It is issued exclusively by CAs that have been accredited by government agencies. The Ministry of Telecom and Mass Communications is currently implementing it. A list of accredited CAs can be found on the official website of the ministry.

Information about each qualified electronic signature is entered into the register. It has full legal significance. All documents signed using it will be completely equal in importance to paper documents with a handwritten signature.

To create a qualified electronic signature, specialized cryptographic software is used. It confirms the absence of changes in the document, as well as the user’s signature. There are no restrictions on the use of qualified electronic signature in the legislation. It can be used in any documents, including those containing state secrets.

There are also 2 more types of electronic signature – enhanced unqualified and simple. An enhanced unqualified signature is issued by CAs, which do not necessarily have to be accredited by the Ministry of Telecom and Mass Communications. Using this type of signature, you can clearly determine the signer and the absence of changes in the document. The main application of this category of electronic signature is document flow between companies. It cannot be used in documents containing state secrets.

A simple electronic signature is the most simplified signature option. It only allows you to identify a user who has performed certain actions, for example, when purchasing a product in an online store. It is possible to use a simple electronic signature in document flow, but only if there is an appropriate agreement between the parties. This type of signature is not used on documents containing state secrets, as well as in some other situations directly provided for by law.

More information about types of electronic signatures

Reasons for revocation of an EDS certificate

In addition to the cancellation of an electronic digital signature certificate due to the expiration of its validity period and its revocation by the owner of the electronic signature, there are several other reasons why the certificate may become invalid (clause 6, clause 6.1 of Article 14 of Law No. 63-FZ):

• liquidation of an accredited center if its functions have not been transferred to other certification centers;
• the owner of the certificate owns an EDS key that does not correspond to the EDS key registered in the issued certificate;
• the electronic signature issued by the certificate is already used under another certificate;
• a court decision was made on the unreliability of the information included in the digital signature certificate;
• other cases established by law or agreement between the accredited center and the certificate holder.

Suspension of validity or damage to the digital signature certificate

There are a number of circumstances under which the key holder should revoke or cancel his SKPEP:

• in the near future there will be no need for digital document flow;
• errors were found in the registry, on a flash card or other storage medium, or they broke down;
• the employee in whose name the signature was issued has been fired;
• user information has changed;
• the key is stolen or otherwise lost.

Automatic cancellation of the signature in the CA occurs only after the end of the key’s period of operation. The owner of the electronic signature has the right to terminate its validity after submitting the application.