My business is Franchises. Ratings. Success stories. Ideas. Work and education
About the site Contacts
Menu
Contacts
Site search

home Sample Documents Electronic signature for a legal entity: how to get it? Use of an electronic signature. Types of electronic signature (EDS)

Electronic signature for a legal entity: how to get it? Use of an electronic signature. Types of electronic signature (EDS)

The use is becoming more common in Russia. And this is not at all surprising, since the digital signature is in many cases more secure than the corresponding props affixed with a ballpoint pen or a seal. How is an electronic signature made? legal entity? How to get the appropriate tool?

EDS definition

To begin with, let's define the essence of the EDS. digital signature? It is understood as the details of the document, similar to that which is affixed with a ballpoint pen on paper, but only made using special computer algorithms.

The main purpose of the digital signature is to confirm that the document is signed by a specific person. Among other useful properties that an electronic digital signature has is a certificate of the integrity of the document, the absence of any edits in it on the way between the sender and the recipient.

Use of digital signatures

In what areas are EDS used? Practically in the same as the usual signature: in businesses and government agencies, in communications with the participation of individuals. Compliant with everything you need legal requirements An EDS is legally equivalent to a signature, which is done with a ballpoint pen, and in some cases, a seal, if we are talking about legal entities.

The use of an electronic signature is widespread in the banking sector: for example, when authorizing in systems of the “bank-client” type, the corresponding mechanisms for the user of a financial product are activated. With the help of the accepted financial and credit organization algorithms, the client signs payment orders, makes various applications and requests.

In some cases, an EDS is regarded as even more reliable requisite than a signature made with a ballpoint pen. This is due to the fact that it is very difficult to fake it, as well as the fact that using the EDS, as we noted above, you can check whether changes have been made to the files being sent.

In the Russian Federation, universal electronic cards are beginning to spread. With their help, citizens can carry out a large number of various activities. Among them is the signing of documents on the Internet. How is this possible? In order to use this UEC function, you need to purchase a card reader - a device that can read data from a card and transfer it via special online channels. It is necessary to use a device that supports the PC / SC standard.

EDS structure

How is the EDS structured? How does the document authentication mechanism work? Very simple. An electronic signature in itself is a document attribute that can only be affixed by one person (or organization). The corresponding document flow subject has a single copy of the tool with which the EDS is set - this is the private key of the electronic signature. As a rule, no one else has it, as is the case with a unique example of a person's autograph, which he makes with a ballpoint pen. Keys are issued by specialized organizations - certification centers. They may also be accredited by the Ministry of Communications.

The EDS can be read using the public key, which, in turn, can be at the disposal of any number of people. Using this tool, the recipient of the document makes sure that it was sent and signed by a specific sender. If the public key does not recognize the digital signature, then it is affixed by the wrong person from whom the document should come.

Signing key certificate

An important element of the workflow is the certificate of the electronic signature key. It is, as a rule, an electronic data source that contains information about the sender of the files. The certificate certifies that the key owned by the person is valid. This document also contains basic information about the sender. The certificate is valid, as a rule, for 1 year from the date of issue. The corresponding element of the signature can also be revoked at the initiative of its owner, for example, if he loses control over the key or suspects that it has fallen into the wrong hands. Those documents that will be signed without a valid certificate have no legal force.

From a technological point of view, the mechanism for exchanging files when using an EDS is usually implemented within a certain software environment. That is, files are sent and received in a special format using the interface of specialized software. It can be adapted, for example, for workflow in the field of tax reporting or for exchanging files between different companies.

A universal system for receiving and sending documents has not yet been created in the Russian Federation, but such work is underway. Its successful completion will make it possible to create a software environment that, theoretically, will be able to completely replace paper document management, since every citizen, along with a personal autograph, will also be able to put an electronic signature on any documents. Actually, the development of UEC is one of the first steps in this direction.

But for now, you can set up an EDS using this card on a limited number of resources. Therefore, electronic signature verification is now carried out in different programs, and their use is carried out by agreement between the sender and recipient of documents.

It is also possible to exchange files outside the corresponding interfaces. In this case, each document can be supplemented with a text insert with a unique cipher, which is created using the private key and read by the recipient of the file using the public key. The document will be recognized if the corresponding algorithms match, and also if the certificate we mentioned above is valid.

However, the cipher in question will be created one way or another by a special program. Theoretically, of course, users can develop their own - and this will formally also be considered an EDS, but in this case there is no need to talk about a sufficient level of document management security. In large firms, special requirements are usually set for it. Just like in government agencies. Let us study the aspect that reflects the types of EDS depending on the level of security in more detail.

EDS security levels

It can be noted that sending documents via e-mail is also one of the options for using EDS. In this case, we are talking about using a simple electronic signature. Its "key" is the password that the sender enters. The Electronic Signature Act allows that this species EDS can be legally significant, but law enforcement practice is not always accompanied by the implementation of this scenario. And this is understandable: the password - purely theoretically - can be entered by anyone who knows it, and pretend to be the sender.

Therefore, the same law on electronic signature determines that much more secure EDS options can be involved in the workflow. These include reinforced qualified EDS. They assume that their owners have reliable electronic keys which are very difficult to fake. They can be made in the form of a special eToken keychain - in a single copy. Using this tool and a special program, a person can send signed documents to the addressee, who then, using the public key for verifying the electronic signature, will be able to verify the correct origin of the files.

Qualified Signature Specifics

What is the difference between an enhanced EDS and a qualified one? Technologically, they can be very similar and use generally similar encryption algorithms. But in the case of a qualified EDS, a certificate for it is issued by a certification center (from among those accredited by the Ministry of Communications). This type of electronic signature is considered the most secure and in most cases is equated in legal terms with the corresponding details of the document, which is put manually on paper.

In most cases, a qualified digital signature is required during the interaction of businesses and individuals with government agencies, so the requirements for identifying documents in such communication scenarios can be very strict. An enhanced EDS in this case may not always satisfy them, not to mention, of course, a simple electronic signature. Accredited certifying centers, as a rule, recommend to their clients the best type of software, which is used to carry out document management using EDS.

Types of electronic signatures

So, a universal EDS capable of replacing a paper signature at any time has not yet been developed in Russia. Therefore, the tools we are considering are presented in a wide range of varieties adapted to one or another purpose of file exchange. Consider the most common types of communications that use the electronic signature of documents.

The EDS required for the participation of commercial organizations in various auctions (Sberbank-AST, RTS-Tender), as well as for presence on trading floors, for example, those that are members of the ETP Association, are popular. There is an EDS adapted to work with databases on bankruptcies of legal entities and facts related to their activities.

On the Gosuslugi.ru portal, all registered persons are also issued an electronic signature. Thus, public services can then be ordered online - there is no need to refer a paper document to one or another department. A wide range of services opens up to a citizen, you can even apply for a passport online. One of the options for the hardware implementation of the EDS for use on the Gosuslugi.ru portal is the UEC, which we mentioned above.

How to get an EDS

Due to the lack of a unified structure in the Russian Federation for issuing universal EDS, there are a large number of private firms involved in issuing electronic signatures. They are called, as we noted above, certification centers. These organizations perform the following main functions:

Register users as legally authorized subjects of work with documents when using the EDS;

Issue an electronic signature certificate;

In some cases, they provide sending and verification of documents with EDS.

Thus, if a citizen or organization needs a digital signature, they will have to go to the appropriate certification center.

Documents for obtaining an EDS

How is an electronic signature issued for a legal entity? How to get such a useful tool for business? So, the first step is to choose a certification authority. It is advisable to apply to those structures that are accredited by state bodies. A list of these organizations can be found on the website of the Ministry of Communications of the Russian Federation - minsvyaz.ru.

The following main documents must be submitted to the certification center:

Extract from the Unified State Register of Legal Entities;

Certificates: on registration of a legal entity, on registration with the Federal Tax Service.

If we are talking about obtaining a personal signature for the head of the organization, the mentioned set of documents must be supplemented with a copy of the protocol on the appointment of the general director to the position. If the EDS is received by an employee who is not a member of the company's supreme management bodies, then a copy of the order for his employment, as well as a power of attorney, is needed. Naturally, you will need a passport and SNILS specialist.

As we can see, the process within which an electronic signature is issued for a legal entity is not at all complicated. How to get an EDS for an individual entrepreneur?

Very simple. You will need the following basic documents:

Extract from the USRIP;

Certificates: on registration as an individual entrepreneur and on registration with the Federal Tax Service;

Passport;

If a person who is not in the status of an individual entrepreneur, owner or representative of an LLC wants to receive an EDS, then all he needs to bring to the certification center is the TIN, passport, and also SNILS.

Obtaining an electronic signature is usually not a very long process. Many certifying centers are ready to provide an eToken key or its equivalent, as well as a guide to using an EDS within a few hours after the relevant application is made.

Practical nuances of working with EDS

We studied how an electronic signature is issued for a legal entity, how to get this tool. Let us now consider some notable nuances. practical use EDS.

So, when organizing a document flow between two or more companies, it is advisable to turn to the services of intermediary structures that will help companies avoid errors in file exchange, and also guarantee compliance with all legal requirements regarding these communications. In list best options execution of such agreements - the conclusion of accession agreements, which are provided for by Article 428 of the Civil Code of the Russian Federation.

When organizing document flow between different organizations, it is also recommended to approve the procedure for working with files in cases where the authenticity of the EDS cannot be determined. For example, this is possible if the certificate of the electronic signature key has expired.

At the beginning of the article, we considered the classification of EDS according to the degree of security. What are the mechanisms for the correct use of simple, enhanced and qualified electronic signatures?

If a company decides to use a simple EDS when exchanging documents with another organization, then it needs to conclude additional contracts supporting such a mechanism. The relevant agreements should reflect the rules for determining who exactly sent the document via e-mail and thereby put a simple EDS.

If it's about electronic auction, then the signature must be enhanced (at least) and meet the criteria adopted at the level of a particular online platform where such communications are carried out.

Reporting to state structures should be carried out only when using a qualified electronic signature. When it comes to establishing labor relations at a distance (since recently, the Labor Code of the Russian Federation allows this type of communication), then a qualified signature should be used in this process.

With the help of which it is possible to establish whether the information contained in the electronic document has been distorted since the moment the signature was formed, and also allows you to confirm that a particular document belongs to the owner.

Deciphering the basic concepts

Each electronic signature must be confirmed by a special certificate that certifies the identity of the owner. You can get a certificate at special center or a trusted representative.

The owner of the certificate is an individual to whom the certification center has issued an electronic signature certificate. Each owner has two signature keys: public and private. The ES private key allows you to sign electronic documents, it can be used to generate an electronic signature. It is kept secret, like a pin code from a bank card.

The function of the public key is to verify the authenticity of the signature on documents. It is associated with a closed "colleague" in a one-to-one order.

According to law

The Federal Law "On Electronic Digital Signature" subdivides ES into several types: simple ES, enhanced unqualified and qualified ES. Using a simple electronic signature, you can confirm the fact of creating an ES for a specific person. This is done through the use of passwords, codes, and other means.

An enhanced unqualified digital signature is the result of a cryptographic transformation of information, which is performed using the private key of the electronic signature. With the help of such a signature, it is possible to establish the identity of the signer of the document, as well as to detect, if any, changes that have occurred since the signing of the papers.

Qualified signature

The enhanced qualified ES has the same features, however, to create it, the DS is checked using certified Federal Service security of cryptoprotection means. Certificates of such a signature can only be issued in an accredited certification center, and nowhere else.

According to the same law, signatures of the first two types are equivalent to a handwritten signature on a paper document. Between people performing any operation using ES, it is necessary to conclude an appropriate agreement.

The third type (qualified digital signature) is an analogue of not only a handwritten signature, but also a seal. Thus, documents certified by such a signature have legal force and are recognized by regulatory authorities (FTS, FSS and others).

Application for legal entities

Currently, EDS is most often used for a legal entity. The technology of digital signatures in electronic document management is widely used. The purpose of the latter can be different: external and internal exchange, documents can be of a personnel or legislative nature, organizational, administrative or commercial and industrial, in a word, everything that can get by with only a signature and a seal. EDS registration must be carried out in an accredited center.

For internal workflow, a digital signature is useful in that it allows you to quickly initiate the fact of approval of papers that organize internal processes. EDS allows the director not only to sign documents while out of the office, but also not to store piles of papers.

In inter-corporate document management, an electronic digital signature is one of the most important conditions, because without it, digital papers have no legal force and cannot be used as evidence in the event of a lawsuit. An electronic document signed with an enhanced electronic signature retains its legitimacy even when stored in an archive for a long time.

Electronic reporting

EDS is indispensable for reporting to regulatory authorities. Many documents can be submitted to in electronic format instead of carrying a whole stack of forms. The client can not only choose the time and not stand in line, but also submit reports in a way convenient for him: through 1C programs, portals public institutions or separate software specifically designed for this. EDS will be a fundamental element in such a process. For a legal entity that has received an electronic signature certificate, the main criterion should be the reliability of the certification center, but the method of its delivery is unimportant.

public services

Most citizens have come across the term "electronic signature" on various sites. One of the ways to verify an account, for example, on a portal that provides access to a set of public services, is confirmation by electronic signature. Moreover, the EDS for individuals allows you to sign any digital documents sent to a particular department, or receive signed letters, contracts and notifications. If the executive authority accepts electronic documents, then any citizen can send a digitally signed application and not waste their time on filing papers on a first-come, first-served basis.

UEC

An analogue of an EDS for individuals is a universal electronic card into which an enhanced qualified electronic signature is embedded. The UEC has the form of a plastic card and is an identification tool for a citizen. It is unique, like a passport. Through this card, you can carry out many actions - from paying and receiving public services, to replacing documents such as a medical policy and a SNILS card.

A universal electronic card can be combined with an electronic wallet, bank account and even a travel ticket, in a word, with any of the documents that can be accepted digitally. Is it convenient to carry only one document? Or is it easier to keep everything in paper form? This issue will have to be resolved by every citizen in the near future, because technology is becoming more and more firmly rooted in our lives.

Other applications

Also, documents signed by ES are used to conduct electronic trading. The presence of a digital signature in this case guarantees buyers that the offers at the auction are real. In addition, contracts not signed with the help of the EOC have no legal force.

Electronic documents can be used as evidence when considering cases in an arbitration court. Any certificates or receipts, as well as other papers certified by a digital signature or other analogue of a signature, are written evidence.

Document flow between individuals occurs mainly in paper form, however, it is possible to transfer papers or conclude contracts using ES. Remote workers can use a digital signature to electronically submit acceptance certificates.

How to choose a certificate

Since there are three types of electronic signature, citizens often have a question about which certificate is better. It should be remembered that any ES is an analogue of a handwritten signature, and on this moment The legislation of the Russian Federation establishes that a person has the right to use them at his own discretion.

The choice of a digital signature directly depends on the tasks that will be solved through it. If reports are being prepared for submission to regulatory authorities, a qualified signature will be required. For inter-corporate document management, a qualified electronic signature is also most often required, because only it not only gives documents legal force, but also allows you to establish authorship, control changes and the integrity of papers.

Internal document flow can be carried out with all types of digital signatures.

How to sign an EDS document?

The main question for those who need to use an electronic digital signature for the first time is how the document is signed. Everything is simple with papers - I signed and gave it away, but how to do it on a computer? Such a process is impossible without the use of special software. The program for EDS is called cryptographic provider. It is installed on a computer, and various activities with forms are already carried out in its environment.

There are a fairly large number of crypto providers, both commercial and free. All of them are certified by government agencies, however, if interaction with 1C:Enterprise is required, then the choice should be made on one of two products: VipNet CSP or CryptoPro CSP. The first program is free, and the second will need to be bought. You should also be aware that when installing two crypto providers at the same time, conflicts are inevitable, therefore, for correct operation, one of them will have to be removed.

Convenient, according to user reviews, an application for generating digital signatures is called CyberSafe. It not only allows you to sign documents, but also works as a certification center, that is, this program checks the digital signature. Also, the user can upload documents to the server, so the signed agreement or certificate will be available to all enterprise specialists who have access to the program, and there will be no need to send it to everyone by e-mail. On the other hand, you can also make it so that only a certain group of people get access.

EDO - mandatory or not?

Many enterprises have already appreciated that EDS is a convenience, and electronic document management(EDI) saves time, but whether or not to use it is entirely a personal choice. For the implementation of EDI, it is not necessary to connect the operator, by agreement, you can use regular e-mail or any other method of electronic transmission of information, it all depends on the agreement between the participants in the exchange.

The organization of any electronic document management is associated with certain costs, in addition, you will have to install and configure a program for signing documents - a cryptographic provider. This can be done both on your own and use the services of specialists who install the software remotely, even without a visit to the client's office.

EPC in internal EDI

In the case of intercorporate turnover, the pros and cons are immediately clear, and positive sides in the clear majority. Among the shortcomings, one can note only the costs of the EDS key, the organization of software (even if this is a one-time waste), as well as minimizing personal meetings of company representatives and managers, but if necessary, a meeting can be organized.

But what will be useful electronic document management within the enterprise? How will the costs of supplying all employees with EDS keys be paid off?

Using digital documents saves time: instead of first printing out the necessary paper and then looking for it among a pile of printouts or even going to another office if a network printer is used, an employee can sign and send everything without getting up from the table. In addition, when switching to EDI, the cost of paper, toner and Maintenance printers.

Digital documents can also be a tool for maintaining confidentiality. An electronic signature cannot be forged, which means that even if an employee or manager has ill-wishers inside the company, they will not be able to perform any substitution of documents.

Often, innovations are slow to move forward, so it can be difficult for employees to get used to the new format for filing documents at first, but once they appreciate the convenience of the EDS, they no longer want to return to running around with pieces of paper.

Psychological barrier

Electronic digital signatures have appeared relatively recently, so it is difficult for many to perceive them as a real analogue of familiar paper documents. At many enterprises, a similar problem arises: employees simply do not consider the contract signed until the paper has a real seal and signature. They use scans from paper documents and easily lose their EDS key. Get over this psychological barrier help ... one more piece of paper. Officially certified by a "wet" signature, the regulation on electronic document management will let employees understand that this is a serious thing, and digital documents should be treated the same way as analog ones.

Another problem may arise in the educational part. Many companies employ older workers. They are valuable personnel, experienced in their field, have a long history, but it can be quite difficult for them to explain how to use an electronic digital signature, because they have just recently been developing Email, but here everything is much more complicated, and even there are many nuances.

The task of training can be transferred to the IT department or to resort to the help of third-party specialists. Many companies provide computer training and courses for their employees, where they are explained the basics of working with e-mail and various programs. Why not include an application for generating digital signatures in this list?

An electronic digital signature is an analogue of a handwritten signature applied to an electronic document. The introduction and use of electronic document management systems in organizations of any form of ownership entails the need to use EDS to guarantee the authenticity of the transmitted data.

What is an ECP?

EDS is a parameter of an electronic document that has a digital representation. EDS is applicable only in the context of electronic data interchange and can have the same legal value as a handwritten signature on a paper document, if conditions are met that guarantee the authenticity and validity of the signed documents. The legal force of the EDS is legislated by the Federal Law No. 1 of January 10, 2002 and the Federal Law No. 63 of April 6, 2011, as amended on June 28, 2014.

Both federal laws on electronic digital signature regulate the mechanisms for the use of electronic signatures when making transactions within the framework of civil law relations, the functioning of state and municipal services.

Significance of EDS

EDS provides a digital analogue of a signature and seal associated with the content of a signed document and used in the organization of electronic data exchange to confirm the authenticity of sent and received documents.

The functioning of the EDS allows:

  • increase the security and confidentiality of electronic document management, protect the document from forgery;
  • to give electronic data the legal force equivalent to paper documents with a signature and seal;
  • optimize workflow processes by simplifying and reducing the cost of processing and storing documents;
  • use a single signature in electronic trading, when submitting various types of reports to state and tax authorities, when approving and working with financial documents;
  • guarantee the authenticity of electronic documentation;
  • ensure agreement with international systems workflow.

Scope of EDS

In any area where data exchange is regulated by information technologies:

  • internal electronic document management between divisions of one organization, as well as branches;
  • document flow in interorganizational systems of B2B and B2C class;
  • access to specialized information resources, for example, systems of the "Client-bank" class;
  • transfer of tax and accounting reports to the tax authorities;
  • reporting to Pension Fund;
  • transfer of customs declarations;
  • participation in electronic auctions.

How does the ECP work?

The functional use of the EDS allows you to sign an electronic document, check the signature of the owner for authenticity, and the content of the signed electronic document for changes after signing.

Signing and authentication are based on encryption and decryption keys. The sender, using special software and a key, generates a sequence of characters that becomes part of the data being sent. The recipient uses the same software and decryption key to decrypt the received data and perform a series of checks. If the checks were successful, then the received data is identical to the sent data, i.e. not changed after signing. The sequence of characters generated in this process is the electronic digital signature.

To forge such a digital signature would require either stealing the sender's encryption key, or spending many years going through key options until a suitable one is found.

How and where to get an EDS?

So, let's look at the question of where to get an EDS for an individual and a legal entity. face. EDS key certificates are produced and issued by a specialized organization - a certification center (CA). The functions of the CA also include user registration, cancellation, renewal and termination of key certificates. The CA provides the necessary technical support for the operation of the EDS. For obtaining an EDS a participant in electronic document management needs to contact any authorized certification center.

The current list of authorized CAs is available on the website of the unified EDS portal in Russia.

The procedure for obtaining an electronic digital signature

The procedure for obtaining an EDS involves the following steps:

  • fill out an application form on the website of the selected certification center or leave an application by the specified phone number and wait for a connection with a specialist - the method depends on the specific CA;
  • collect all the documents necessary for issuing an ES certificate and send copies to the CA. The CA, on the basis of the completed application form and a set of documents, prepares an ES certificate;
  • obtain an EDS certificate by providing original documents.

The terms for producing key certificates depend on the certification authority, but on average they are 3-5 days.

What documents are needed to obtain an EDS?

A digital signature can be obtained by both a legal entity, regardless of the organization's form of ownership, and an individual entrepreneur. Individuals can also obtain an EDS (for example, to participate in electronic trading).

An electronic digital signature certificate contains information about the owner of the signature, so only the person in whose name this certificate is issued can request and receive an EDS. In other cases, it is necessary to provide a power of attorney for the right to issue and receive an EDS, certified by a notary. The authorized representative, in whose name the power of attorney is issued, provides a passport of the Russian Federation and copies of the 2nd, 3rd pages and the registration page.

Package of documents of a legal entity

  1. A copy of the registration certificate certified by a notary.
  2. Original or certified copy of the extract from the Unified State Register of Legal Entities. The statute of limitations for an extract must be no more than 30 days;
  3. Application for the issuance of an EDS (the application form depends on the CA).
  4. A copy of the order on appointment to the position of the head, if the EDS certificate is made in his name, with the signature and seal of the organization.

If the authority to manage the organization is transferred to another management company or manager, then all the documents listed in paragraphs. 1-3 relating to the management company.

In addition, it is necessary to attach a notarized copy of the decision of the board of directors on the transfer of powers, if the form of ownership is OJSC or CJSC. If the form of ownership of the organization is LLC, then copies of the first and second sheets of the charter certified by a notary, a sheet indicating the possibility of transferring control to a third-party organization and a sheet with a tax authority mark are provided.

How to get an EDS for an individual entrepreneur: a package of necessary documents

  1. A copy and original of an extract from the USRIP, the limitation period of which is no more than 30 days from the date of issue.
  2. A copy of the TIN certificate, certified by a notary.
  3. Copy of certificate of state registration IP certified by a notary.
  4. Application for the issuance of an EDS.

What documents are needed to obtain an EDS for individuals?

  1. Copy of TIN certificate.
  2. Copies of the 2nd, 3rd pages of the Russian passport and the registration page. The passport of the Russian Federation must be provided when submitting a package of documents.
  3. Application for the issuance of an EDS.

The procedure for obtaining and applying an electronic digital signature is simplified as the legal culture in this area develops and information technologies improve. Electronic document management using EDS no longer causes mistrust both on the part of business partners and on the part of state and tax authorities.

Questions, where to get an electronic digital signature, what is the scope of its use, become a forced necessity if the business goes international.

Hello dear colleague! In this article, we will talk in detail about how to obtain an electronic signature and what is required of you for this. This is most likely not an article, but step by step algorithm, in which I tried to answer all the most important questions on this topic. Now I will not tell you about what a digital signature is and why it is needed. I talked about this in sufficient detail in my . You can go and read it, and then return to the study of this article. So, let's get started...

Algorithm for obtaining an electronic signature

I decided to start my article with a description of the sequence of steps that you need to complete in order to obtain an EDS.

  1. Choose which electronic signature (ES) you need.
  2. Select a Certification Authority (CA).
  3. Fill out and send the application to the UC.
  4. Get an invoice and pay it.
  5. Submit all necessary documents (scans) to the CA.
  6. Arrive at the CA with the original documents to receive the ES.

Let's now take a closer look at each step.

Step 1. Selecting an ES

At this stage, you must determine for what purposes and tasks you need an ES. This may be the key to work with EPGU (Unified Portal of State and Municipal Services); key for reporting to Rosalkogolregulirovanie, Rosfinmonitoring, Pension Fund, tax authorities, etc.; or a key to work on electronic platforms and participate in electronic auctions.

Step 2. Selecting a Certification Authority

The current list of Certification Authorities for obtaining an EDS is always available on the official website of the Ministry of Telecom and Mass Communications of the Russian Federation - www.minsvyaz.ru .

To do this, you need to go to this site, and on the main page in the "Important" column, find the "Accreditation of certification centers" section.

This format is opened using Microsoft excel or another spreadsheet editor. As of May 26, 2015 at this list entered 361 UTs.

One of these CAs is the Certification Center of Internet Technologies and Communications LLC.

This is the certifying authority that I know personally and whose quality of services I can vouch for. Good team, excellent and quality service, use modern technologies, as well as the speed of service and reasonable prices.

Step 3. Filling out the application

After you have chosen a suitable CA, you must fill out and send an application for issuing an electronic signature. This can be done remotely - on the center's website, or directly at the office.

In this form, you need to specify your name, e-mail address (e-mail), contact phone number and comment: "I need an electronic signature", as well as enter the "captcha" - an alphabetic code located to the left of the input field. After that, click on the "Submit Application for EDS" button.

Within one hour from the moment of submitting the application, the manager of the center will contact you to clarify the details, and will advise you on all available questions.

Step 4. Paying the bill

I think this step will not cause you any difficulties. Pay the bill and send the supporting document to the CA.

Step 5. Submission of documents to the CA

When submitting an application for the production of an ES key certificate to a certification center, the applicant must provide the necessary package of documents.

Documents for obtaining an EDS

List of documents for individuals:

- an application for the issuance of an EP;

— insurance certificate of state pension insurance (SNILS).

List of documents for legal entities:

- an application for the issuance of an EP;

— certificate of state registration of a legal entity (OGRN);

- certificate of registration tax authority(TIN);

- extract from the Unified State Register of Legal Entities, for a period of not more than six months from the date of its receipt (original or notarized copy);

Note: Requirements for the expiration date of an extract may differ for different CAs.

- passport of a citizen of the Russian Federation of the future owner of the electronic signature (copies of the page with a photo and a page with a registration);

- insurance certificate of state pension insurance (SNILS) of the owner of the electronic signature;

If the ES is made in the name of the head of the organization, then it is also necessary to provide a document on the appointment of the head with his signature and seal of the organization;

If the owner of the ES is not the first person, but an employee of the organization (its authorized representative), then it is necessary to provide as part of the documents a power of attorney to transfer powers to such an employee with the signature of the head and the seal of the organization;

If the documents are submitted or received by an electronic signature not by the owner of the electronic signature, but by an authorized representative of a legal entity, then it is necessary to provide a power of attorney to transfer functions to him with the signature of the head and the seal of the organization, as well as an identity card (passport of a citizen of the Russian Federation) of such a representative.

List of documents for individual entrepreneurs (IP):

- an application for the issuance of an EP;

- certificate of state registration of IP;

- certificate of registration with the tax authority (TIN);

– extract from the USRIP, for a period of not more than six months from the date of its receipt (original or notarized copy);

Note: Requirements for the expiration date of an extract may differ for different CAs.

- passport of a citizen of the Russian Federation (copies of the page with a photo and a page with a residence permit);

— insurance certificate of state pension insurance (SNILS);

If the documents are submitted or received by an electronic signature not by the owner of the ES, but by his authorized representative, then it is necessary to provide a power of attorney certified by a notary for this representative.

If the owner of the ES transfers all the functions of obtaining it to his authorized representative, then the list of required documentation also includes an identity card (passport of a citizen of the Russian Federation) of this authorized representative.

Step 6. Obtaining an ES

You can get an electronic signature at any CA issuing point convenient for you, providing the originals of all required documents. The originals will only be needed to verify the information and will then be returned to you.

So we have considered the whole procedure for obtaining an EDS, as you can see, there is nothing complicated about it.

How much does an electronic signature cost?

It is rather difficult to answer this question precisely, since the cost of an EP depends on the following parameters:

- type and scope of EP;

— CA pricing policy;

- the region of issue of the EP.

It is also worth clearly understanding what this cost consists of:

— execution and issue of the ES key certificate;

— granting rights to work with specialized software;

– issuance of software tools necessary for working with ES;

— transfer of the security key of the electronic signature carrier;

- technical support.

The range of prices for issuing an electronic signature for participation in electronic auctions ranges from 5 to 7 thousand rubles.

Time limit for making an electronic signature

The production time of the EP is completely up to you, i.e. on how quickly the necessary package of documents is prepared and submitted to the CA and payment for this service is made. Someone can get an EDS in 1 hour, and for someone it can take from several days to one week. But the average time for issuing an EDS for most CAs is 2-3 business days. The term for making an extract from the Unified State Register of Legal Entities or EGRIP in the Federal Tax Service is 5 working days. Therefore, take care of receiving it in advance.

EDS validity period

Keep in mind that the EDS is valid for exactly 1 year. Those. EDS must be reissued every year. You can renew the EDS at the same CA where you received it, or apply for issuance at another CA.

What does an electronic signature look like?

Most of us are used to the fact that an electronic signature looks like a regular flash drive. This is the so-called key carrier (ruToken or eToken). Inside, this flash drive consists of a crypto program (CryptoPro CSP), a private key and a public key. You can read about this in more detail.

Electronic signature verification

Verifying the authenticity of an electronic signature is quite simple. To do this, you need to follow a simple sequence of actions, which is described in this video tutorial:

EDS pin code

Key carriers or USB keys (eToken, ruToken, ruToken EDS) are issued with standard passwords (pin codes) already installed:

- for eToken this password is 1234567890;

- for ruToken and ruToken EDS these are: user - 12345678; administrator - 87654321.

After receiving this key carrier and installing the drivers on your computer, you can change these pin codes.

This concludes my article. I hope I was able to answer all your questions. If not, then ask them below in the comments. Like and share information with your friends and colleagues.

P. S.: If you need an electronic signature at a great price from a trusted Certification Authority, then leave your request.

More Russian enterprises are implementing electronic document management systems, already on their own experience, evaluating the advantages of this technology for working with documents. Electronic data exchange is carried out through information systems, computer networks, the Internet, e-mail and many other means.

And an electronic signature is an attribute of an electronic document designed to protect information from forgery.

Using an electronic signature allows you to:

  • take part in electronic trading, auctions and tenders;
  • build relationships with the population, organizations and authorities on modern basis, more efficiently, at the lowest cost;
  • expand the geography of your business by remotely performing various operations, including economic ones, with partners from any regions of Russia;
  • significantly reduce the time spent on processing the transaction and the exchange of documentation;
  • build corporate system exchange of electronic documents (being one of its elements).

With the use of an electronic signature, work according to the scheme “development of a project in electronic form - creation of a paper copy for signature - sending a paper copy with a signature - consideration of a paper copy” is a thing of the past. Now everything can be done electronically!

Varieties of electronic signature

The following types are established and regulated: simple electronic signature and enhanced electronic signature. At the same time, an enhanced electronic signature can be qualified and unqualified.

Table

What is the difference between 3 types of electronic signature

Collapse Show

It is very difficult to forge any electronic signature. And with enhanced qualified signature(the most secure of the three) with the current level of computing power and the required time resources, this is simply impossible to do.

Simple and unqualified signatures on an electronic document replace a paper document signed with a handwritten signature, in cases stipulated by law or by agreement of the parties. An enhanced qualified signature can be considered as an analogue of a document with a seal (i.e. "suitable" for any occasion).

An electronic document with a qualified signature replaces a paper document in all cases, except when the law requires the document to be exclusively on paper. For example, with the help of such signatures, citizens can apply to state bodies to receive state and municipal services, and bodies state power can send messages to citizens and interact with each other through information systems.

We sign with the private key, with the open key we verify the electronic signature

To be able to sign documents with an electronic signature, you must have:

  • ES key(so-called closed key) - it is used to create an electronic signature for the document;
  • ES verification key certificate (open ES key) - with its help the authenticity of the electronic signature is checked, i.e. the ownership of the electronic signature by a certain person is confirmed.

Organizations that carry out the functions of creating and issuing certificates of ES verification keys, as well as a number of other functions, are called certification centers.

In the process of creating an ES verification key certificate, an ES key and an ES verification key are generated for each user. Both of these keys are stored in files. So that no one except the owner of the signature could use the ES key, it is usually written down on secure key carrier(as a rule, together with the electronic signature verification key). It, like a bank card, is equipped with PIN code. And just like with card transactions, before using the key to create an electronic signature, you must enter the correct PIN code value (see Figure).

Secure key media are manufactured by various manufacturers and usually look like a flash card. It is the provision by the user of the confidentiality of his ES key that guarantees that attackers will not be able to sign the document on behalf of the certificate owner.

To ensure the confidentiality of the ES key, you must follow the recommendations on the storage and use of the ES key, contained in the documentation, usually issued to users in the certification center - and you will be protected from misconduct performed with an electronic signature key on your behalf. It is best if your private key is available exclusively to you. This idea is very important to convey to every owner of the key. This is best achieved by issuing guidance materials on this account and familiarizing employees with them against signature.

Picture

The program asks for a password (PIN-code) in order to sign the document with an electronic signature using the ES key contained on the “flash drive” connected to the computer

Collapse Show

Example 1

Fragment of the Guidelines for ensuring the security of using a qualified electronic signature of Electronic Moscow OJSC

Collapse Show

When creating an electronic signature, electronic signature means must:

  1. show the person signing the electronic document the content of the information he signs;
  2. create an electronic signature only after the person signing the electronic document confirms the operation to create an electronic signature;
  3. clearly show that the electronic signature has been created.

When verifying an electronic signature, electronic signature means must:

  1. show the content of an electronic document signed with an electronic signature;
  2. show information about making changes to an electronic document signed with an electronic signature;
  3. indicate the person using whose electronic signature key the electronic documents are signed.

The ES verification key certificate contains all necessary information to verify the electronic signature. The data of the certificate is open and public. Typically, certificates are stored in a store operating system in the certification center that produced it indefinitely (in the same way as a notary public stores all the necessary information about the person who performed the notarial act for him). In accordance with the provisions of Law No. 63-FZ verification Center who produced the certificate of the electronic signature verification key, is obliged to provide free of charge to any person at his request information contained in the register of certificates, incl. information about the cancellation of the certificate of the electronic signature verification key.

Collapse Show

Oleg Komarsky, IT specialist

The certification center that issued the electronic signature stores the certificate of the verification key of this ES indefinitely, more precisely, during the entire time of its existence. As long as the certification authority is working, there are no problems, but since center is commercial organization, it may cease to exist. Thus, in the event of termination of the activities of the CA, there is a possibility of losing information about certificates, then electronic documents signed with electronic signatures issued by the closed CA may lose their legal significance.

In this regard, it is planned to create a kind of state repository of certificates (both valid and revoked). It will be something like a state notary center, where data on all certificates will be stored. But for now, such information is stored in the CA indefinitely.

What should employers consider when equipping their employees with electronic signatures?

In the ES key certificate necessarily there is information about the full name its owner, there is also the possibility inclusion additional information, such as The name of the company and position. In addition, the certificate may contain object identifiers (OIDs), defining the relations in the implementation of which an electronic document signed by an ES will have legal significance. For example, an OID may state that an employee has the right to post information on the trading floor, but cannot sign contracts. Those. with the help of OID it is possible to delimit the level of responsibility and authority.

There are subtleties in the transfer of authority upon dismissal or transfer of employees to another position. They should be taken into account.

Example 2

Collapse Show

Upon dismissal commercial director Ivanov, who signed documents with an electronic signature, for a new person who replaced Ivanov in this chair, you need to order a new key carrier for working with ES. After all, Petrov cannot sign documents with Ivanov's signature (albeit electronic).

Usually, upon dismissal, re-issuance of ES keys is organized; as a rule, for this, employees themselves visit a certification center. The organization that pays for issuing the keys is also the owner of the key, so it has the right to suspend the validity of the certificate. Thus, the risks are minimized: the situation when the dismissed employee could sign documents on behalf of the former employer is excluded.

Collapse Show

Natalia Khramtsovskaya, Ph.D., leading expert in document management of the EOS company, ISO expert, member of the GMD and ARMA International

Effective business activity organization depends on many factors. One of key elements the entire management system is based on the principle of interchangeability of employees. You should think in advance about who will replace employees who are temporarily not fulfilling their official duties due to illness, business trip, vacation, etc. If your organization deals with the signing of documents with electronic signatures, this aspect must be considered separately. One who disrespects this organizational issue, runs the risk of running into serious trouble.

Indicative in this sense is case No. A56-51106/2011, which was considered by the Arbitration Court of St. Petersburg and the Leningrad Region in January 2012.

How did the problem occur:

  • In July 2011, Tvernefteprodukt Sales Association LLC submitted a single application for participation in an open auction in electronic form for the supply of gasoline using fuel cards for the Upper Volga branch of the Federal State Budgetary Scientific Institution "State Research Institute of Lake and River Fisheries" (FGNU "GosNIORKh"). The auction commission of the customer decided to conclude a state contract with sole member auction.
  • The draft state contract was sent by the customer to the operator electronic platform July 12, 2011, and he transferred it to LLC. Within the period established by law, the LLC did not send the draft contract signed by the electronic signature of the person entitled to act on behalf of the order placement participant to the operator of the electronic site, since This executive was on sick leave.
  • In July 2011, the St. Petersburg Department of the Federal Antimonopoly Service (UFAS) considered the information provided by the customer about the LLC's evasion from concluding a contract and a decision was made to include it in the register of unscrupulous suppliers.

Disagreeing with the decision of the OFAS, the LLC went to court. All three courts found LLC guilty of contract evasion. And in the last resort in October 2012, it emerged that the LLC applied to the customer on August 10, 2011 and called not the illness of its employee, but his negligence as the reason for not signing the contract.

Another interesting case occurred when a state contract was signed by an electronic signature of an unauthorized person. This case was considered by the Arbitration Court of the Kaluga Region in September 2011 (case No. A23-2637/2011).

The circumstances were:

  • In March 2011, SEL TEHSTROY LLC was declared the winner of an open auction. By this time, the LLC had a change in the general director: the former general director V. became the deputy of the new general director P. But the new general director had not yet had time to issue an EDS. Therefore, on March 14, 2011, they decided to “simplify their lives” and sign a government contract using the EDS of V., who left his post. However, the main mistake was that V. signed the document as CEO SEL TECHSTROY LLC.
  • Information about the dismissal of General Director V. and the appointment of P. as General Director, as well as the power of attorney to act on behalf of the participant in the order, issued to V. already as Deputy General Director, were posted on the website of the electronic trading platform only on March 24, 2011, t .e. after signing and sending the contract to the customer.
  • This oversight was noticed by the customer, believing that the contract was signed by an unauthorized person, and in April 2011 he turned to the OFAS. As a result, OFAS included LLC in the register of unscrupulous suppliers for a period of 2 years due to evasion from concluding a state contract.

When considering this case in the first court instance, the court noted that the new general director of the company, P., in his explanations to the OFAS, firstly, confirmed the readiness to sign the state contract, and secondly, admitted the mistake, without disputing the authority of V., indicated in power of attorney. In addition, the fact that the power of attorney was posted on the official website of the electronic platform, albeit belatedly, was regarded by the court as active actions society to correct the mistake. As a result, the Arbitration Court ordered the OFAS to exclude LLC from the register of unscrupulous suppliers. In December 2011, the Twentieth Arbitration Court of Appeal upheld the position of the court of first instance.

But the Federal Arbitration Court of the Central District in March 2012 judged otherwise. In his opinion, on March 14, 2011, V. used the EDS in violation of the provisions of Art. 4 federal law"On electronic digital signature" and the conditions specified in the signature key certificate (after all, an electronic document with an EDS that does not comply with the conditions included in the certificate has no legal significance). Ultimately, the court concluded that government contract was signed by an unauthorized person, and recognized as lawful the decision of the OFAS to recognize LLC as an unscrupulous supplier.

Similar cases are often heard by the courts. Then the director, who has an ES key certificate and has the right to sign documents on behalf of the company, is dismissed, and new director does not have time to make an electronic signature for himself and sign a contract on time. They try to sign documents with the signature of an employee who has already left (or transferred to another position in the same organization). Then there are problems with the negligence of employees or their illness (as in the first of the cases described), and again they do not have time to delegate authority to another person and issue him an ES. And the result is the same - the organization falls into the list of unscrupulous suppliers and loses the right to conclude contracts financed from the budget.

The receipt by an employee of an organization of an ES key, ensuring its safety and actions with it are usually regulated by an organization order with the approval of instructional materials. They define the procedure for using ES keys for signing documents, obtaining, replacing, revoking the ES verification key certificate, as well as actions performed when the ES key is compromised. The latter are similar to the actions performed when a bank card is lost.

How to choose a certification authority?

Law No. 63-FZ provides for the division of certification centers into those that have passed and those that have not passed the accreditation procedure (now it is carried out by the Ministry of Telecom and Mass Communications of the Russian Federation). An accredited certification center is issued an appropriate certificate, and in order to obtain qualified certificate the ES verification key must be addressed to such a CA. Non-accredited CAs can only issue other types of signatures.

When choosing a CA, it should be taken into account that not every one of them uses all possible crypto providers. That is, if partners organizing electronic document management need electronic signatures generated using a specific cryptographic provider, then you should choose a certification center that works specifically with this cryptographic information protection tool (CIPF).

The procedure for obtaining an EP and the necessary documents

To organize the exchange of electronic documents between organizations, you must perform the following steps:

  • determine the goals and specifics of the document flow between your and another organization. This should be formalized in the form of an agreement or contract that defines and regulates the operations and composition of documents with an electronic signature transmitted electronically (such standard contracts sign, for example, banks with clients, allowing them to use the client-bank system);
  • to exchange certificates of ES verification keys of persons whose signatures will be transferred between organizations. It is clear that partners can receive such certificates not only from each other, but also from the certification authority that issued these certificates;
  • issue internal instructions governing the transmission and reception of electronic documents another organization, including the procedure for verifying the electronic signature of received documents and actions in case of revealing the fact of making changes to the document after signing it with an electronic signature.

To produce electronic signature keys and certificates of ES verification keys, users must submit application documents, documentation confirming the accuracy of the information to be included in the ES verification key certificate, as well as appropriate powers of attorney to the certification center.

To ensure the proper level of user identification, the procedure for obtaining certificates of ES verification keys requires the personal presence of its owner.

True, there are exceptions. For example, today for employees of government and budget organizations, as well as employees of the executive authorities of the city of Moscow, the certification center of Electronic Moscow OJSC developed a system for the mass issuance of certificates of electronic signature verification keys (EPCS), which, while maintaining a high level of user identification reliability, makes it unnecessary to visit the certification center by each employee personally, which significantly reduces money and time costs of the organization in comparison with the issuance of SCPE, organized according to the traditional scheme.

How much does an electronic signature cost?

It is a mistake to think that a certification center simply sells media for storing keys and certificates, the service is complex, and the media with key information is one of the components. Price full package of electronic signature depends on:

  • region;
  • pricing policy of the certification center;
  • types of signature and its scope.

Typically, this package includes:

  • services of a certification center for the production of an ES verification key certificate;
  • transfer of rights to use the respective software(SKZI);
  • providing the recipient with the necessary software for work;
  • supply of a secure key carrier;
  • technical support users.

On average, the cost varies from 3,000 to 20,000 rubles for a complete package with one carrier key information. It is clear that when an organization orders a dozen or hundreds of key certificates for its employees, the price per one "signer" will be significantly lower. Reissue of keys is carried out in a year.

Currently, in Russia, the circulation of electronic documents using an electronic signature is rapidly gaining momentum. Electronic signature is widely implemented in government organizations as well as in private businesses. In doing so, it must be taken into account that different types ES have different values, so that a document certified by an ES is legally significant, therefore, the transfer of key carriers along with a PIN code to other persons is unacceptable.

Most importantly, an electronic signature significantly saves time, eliminating paperwork, which is extremely important in a highly competitive environment and when partners are located remotely.

The problem so far remains only in the plane of confirming the authenticity of such a signature and a document with it throughout its long period of storage.

Footnotes

Collapse Show


avtovsamare.ru - My business - Franchises. Ratings. Success stories. Ideas. Work and education

Mass media registration certificate EL No. FS 77 - 57771 dated April 18, 2014.
Copyright © 2006-2017. All materials are protected by copyright
Mass media "BusinessGarant" is registered by the Federal Service for Supervision of Communications, Information Technologies and Mass Communications