What is the purpose of a digital signature? Electronic signature: we study the application procedure. Use of EDS in Russia
How to get an EDS in a certification center? Where to buy an electronic digital signature? What regulates the law on electronic signature?
The weather is useless: rain and snow, piercing wind. Moreover, this process in the Arbitration Court, for which it is required to urgently submit additional documents. I wish I could send them there without leaving home... Is something similar familiar to you?
Now the electronic signature is used by both legal entities and individuals. It is recognized by the courts, regulatory authorities and government agencies.
The material of the publication will allow you to get a clear idea of the process of registration and use of EDS.
1. What is an electronic digital signature
Let's start with the main concept of the article.
Electronic digital signature(EDS) - an analogue of a personal signature, provides an opportunity to endorse electronic documentation. Serves as a guarantor of its integrity and authenticity.
Electronic signature (ES) allows you to:
- authenticate the source of the message;
- control the immutability of the departure;
- make it impossible to refuse the fact of approval of the message.
The ES scheme includes two processes: a signature generation algorithm and a verification algorithm.
To better represent this process, I depicted it schematically.
Often there is a question about the legitimacy of such sighting. On this occasion, there is a large judicial practice confirming the legality of the EDS.
Example
The decision of the Volga-Vyatka court in one of the cases considered in 2010 is indicative.
Company "A" filed a claim against its partner company "B" for the return of funds for the delivered, but unpaid goods. During the transaction, electronic documents certified by EDS were used.
The defendant explained the lack of payment by the fact that the submitted documents, certified in this way, are invalid, and therefore cannot serve as a basis for making settlements.
The court did not accept the defendant's explanation, since earlier an additional agreement was signed between the former partners, allowing the use of documentation endorsed by the ES within the framework of these contractual relations.
And, therefore, all documents are properly drawn up and have a visa of an authorized person. The court satisfied the claim in full.
ES regulation is carried out within the framework of the Federal Law No. 63 "On Electronic Signature".
It regulates its use:
- in civil law transactions;
- provision of public services;
- provision of municipal services;
- performance of state functions, etc.
There are some requirements for EP.
The main ones are:
- ease of authentication;
- high difficulty of its forgery.
2. What are the types of EDS - TOP-3 main types
Varieties of EDS are prescribed by law. Article 5 of the Federal Law-63 mentions: simple and reinforced. Reinforced, in turn, is unskilled (UNEP) and qualified (UKEP).
Let's get to know them better!
View 1. Simple electronic signature
So, a simple electronic "signature", formed with the help of special codes (passwords), indicates the sighting of the messages being sent.
He has no other powers.
Type 2. Enhanced unqualified electronic signature
This option is formed in the process of cryptographic transformation of information using the ES key.
Such sighting makes it possible not only to identify the author, but also to identify unauthorized corrections to the message being sent.
Type 3. Enhanced Qualified Electronic Signature
This is the most protected type.
It has all the features of UNEP and some additional qualities:
- the verification key is contained in the qualified certificate;
- created and verified by the UKEP using tools approved by the FSB.
3. Where an electronic signature is used - an overview of the main options
An electronic signature, depending on the type, is used in various fields.
Possible areas of application of the electronic signature:
Let's consider each of the use cases in more detail.
Option 1. Internal and external document flow
ES is especially in demand in internal and external document management. The company's documentation endorsed in this way is considered approved and becomes protected from adjustments.
With electronic document management between counterparties, documents signed with an EDS receive a legal status. Both contracts and primary accounting documents (invoices, etc.) can be certified.
Option 2. Arbitration Court
Often, when considering cases in the Arbitration Court, additional evidence may be required, which is allowed to be submitted in electronic form.
Certification of such ES documents is required by law. Then they have legal force and are equated to written evidence on paper.
Today, the arbitration courts of the Russian Federation accept for consideration the following documents certified by EDS:
- statements;
- petitions;
- reviews.
Option 3. Document flow with individuals
It is still rare for individuals to digitally sign any documents, although this practice is becoming more and more popular every year, especially among those who work remotely.
An electronic digital signature allows them to exchange acts of acceptance and delivery of their services in electronic form. With the help of ES, natural persons-inventors have the right to file a patent application on the website of Rospatent. Its owners can write an application for state registration of an individual entrepreneur or legal entity directly on the website of the tax department.
Option 4. Public services
The public services portal makes life easier for Russians. If you want to get full access to the portal services without any problems, issue an EDS.
With its help, you can interact with the traffic police, apply for a passport, the registry office, etc.
Option 5. Supervisory authorities
Electronic reporting, certified with a qualified electronic signature, has legal force and is recognized by regulatory agencies.
With its help, they submit reports not only to the tax office, but also to the FIU, FSS, Rosstat, etc.
Option 6. Electronic trading
Electronic auctions are specialized sites, places where suppliers and buyers meet, transactions for the purchase / sale of services, works and goods are concluded.
To participate in them, you must purchase an EDS. Documents signed in this way confirm the reality of the proposals and become legal.
4. How to get an electronic signature - 6 easy steps
You have heard that EDS allows its holders to perform various legally significant actions without leaving their office or home.
Have a burning desire to get such a signature and join the ranks of its happy owners, but do not know how to do it right?
You have come to the right address! In my mini-instruction, I will tell you how to get an EP quickly and correctly.
Step 1. Decide on the type of electronic signature
Before ordering an electronic signature certificate, I recommend once again answering the question: “Why do I need it?”.
If you plan to use it only for internal electronic document management your company, then a simple or unqualified EDS for a legal entity will suit you.
If you use a signature in an external electronic exchange, then a qualified electronic signature is already needed here.
Step 2. Choose a certification authority
Certification center (CA) - a legal entity, one of the statutory activities of which is the formation and issuance of an EDS.
Choose the CA that is closest to your location. Also pay attention to the cost of services and the timing of the production of EP.
Perhaps you are interested in the "Exit clearance" service, then choose a center offering this service.
Step 3. Fill out and send the application
The type of signature has been determined, the certification authority has been selected, and the turn of the application has come.
You can submit it in two ways:
- make a personal visit to the office;
- fill out the form on the website of the center.
It contains only the most necessary information: full name, contact details (phone, e-mail).
After receiving the application, the manager of the CA will contact you and clarify all the data necessary for issuing an EDS, consult on prices and conditions.
Step 4. Paying the bill
After processing the application by the specialists of the center, you will receive an invoice for payment. As you know, services are usually paid according to the principle Money in the evening, chairs in the morning, that is, on the terms of 100% prepayment.
The cost of EP on average is 5-7 thousand rubles, the minimum price is 1.5 thousand rubles.
It includes:
- generating a signature key certificate;
- required software;
- technical support.
You can pay the bill both non-cash and in cash.
Step 5. We provide documents
The list of documents depends on the status of the applicant: legal entity, individual entrepreneur, individual.
The table shows the required documents, taking into account the status of the applicant:
№ Applicant Status Required documents 1 Entity Copies: certificate of registration with the Federal Tax Service, confirmation of the authority of the head of the legal entity, applicant's passport, SNILS of the certificate holder, power of attorney confirming the authority of the certificate holder, power of attorney to receive a certificate (if not received by the owner) Original: application for the issuance of a certificate
2 IP Copies: certificate of state registration of an individual as an individual entrepreneur, passport, SNILS Originals: an application for the production of a certificate, a notarized power of attorney confirming the authority of the certificate holder acting on behalf of the individual entrepreneur (if the owner of the Certificate is not an individual entrepreneur), a notarized power of attorney to receive a certificate (if the certificate is received by a representative of the individual entrepreneur)
3 Individual Copies: SNILS, passport original: statement
Step 6. Get EDS
You can get a signature at the points of issue, of which there are now many. Their addresses can be found on the website of the selected center.
An electronic signature is usually produced in 2-3 days. Some CAs provide a service for its urgent registration and issuance (within an hour). Having visited the point at the appointed time, providing the original documents (for verification), you will receive your EDS.
Remember! The electronic signature is valid for a year, then it needs to be renewed or reissued.
5. Where to get an EDS - an overview of the TOP-3 certification centers
Traditionally, I present to you a selection of companies providing digital signature services to help you.
Today I bring to your attention 3 specialized centers.
The company offers its clients the execution of various certificates of ES keys.
State portals, electronic auctions, tenders, public procurements will become available to owners of digital signatures issued by high-class specialists from Alfa-Service. The company is ready to urgently produce any digital signature, and then the procedure for obtaining it will take no more than 10 minutes.
Flexible prices and permanent promotions within the company's loyalty program make EDS available to everyone.
Taxcom UC has been operating in the field of electronic document management since 2000. During its existence, the company has established constant cooperation with various organizations, enterprises and government agencies.
Partners and clients are:
- various ministries and departments (Ministry of Foreign Affairs, Ministry of Economic Development, Federal Tax Service, etc.);
- well-known brands (Nokia, Svyaznoy, HeadHunter, etc.):
- credit organizations (Sberbank, Alfa-Bank, etc.);
- Russian Post, etc.
Clients are attracted by the reliability and impeccable reputation of the company and the undeniable advantages that Taxcom has.
Job benefits:
- there is accreditation;
- a wide range of ES for various purposes (request for quotations, construction tenders, etc.);
- experienced professionals;
- a new generation of secure information carriers.
The Center for Paperless Technologies was founded in 2016 by separating the direction of paperless technologies from Garant-Park LLC into a separate company.
The center provides a wide range of services in 2 major areas:
- paperless technologies in document circulation;
- electronic trading.
The company offers its customers an increase in sales thanks to the Center's online service for selecting an auction according to the parameters they set.
It allows:
- find a suitable tender or procurement;
- track trades in the Russian Federation and abroad;
- win more auctions.
6. How to store an electronic digital signature - 3 proven ways
In the modern world, the problem of protecting various information, including electronic signatures, is becoming more and more urgent.
For its safety, the owners use various methods. I will briefly tell you about the most common ones.
Method 1: Local storage
A very common storage method is local. In this case, the electronic signature is placed on the computer, for example, in the registry.
Cons of the local method:
- no key mobility;
- there is no way to constantly control the key by its owner.
Method 2: Cloud storage
This method involves storing the key on a remote secure service.
To use it, you need to go through a strong multi-stage authentication, which greatly increases the security of this vault.
Method 3. Storage on tokens
And finally, the third way - tokens.
A token is a device capable of generating a key pair and an EDS. The main purpose of this device is to store electronic keys.
By entrusting your electronic digital signature to a token, you will reliably protect it from intruders.
To use it, you must enter a PIN code. It's almost impossible to pick it up. In addition, 3 unsuccessful attempts and the token will be blocked.
Benefits of storing ES on a token:
- highly reliable storage method;
- PIN code access;
- The PIN code is not transmitted over the network, which means that it cannot be intercepted;
- long term of use (5-20 years);
- does not require wiring, power supply, special readers.
For some more information, watch the video.
7. Conclusion
Summarize! In times of continuous computerization, an electronic signature is necessary for both organizations and individuals. It saves time, expands the possibilities!
An electronic digital signature (EDS) gives its holders access from any convenient location, where there is the Internet, to a wide range of public services, electronic trading, auctions, electronic reporting, etc.
Questions for readers
What points of this topic, in your opinion, need to be covered in more detail or even write a separate article for this?
Keep up with the times, do not give up modern technologies!
We will be grateful for feedback and comments on the topic of the article! If the material turned out to be useful, let your friends and colleagues in social networks find out about it - put likes!
Electronic digital signature is now well known - many modern companies are slowly moving to electronic document management. Yes, and in everyday life, you probably came across this thing. In a nutshell, the essence of the EDS is very simple: there is a certification authority, there is a key generator, a little more magic, and voila - all documents are signed. It remains to figure out what kind of magic allows a digital signature to work.
road map
This is the fifth lesson in the Diving into Crypto series. All lessons of the cycle in chronological order:
1. Key generation
The reason for the strength of RSA lies in the difficulty of factoring large numbers. In other words, it is very difficult to search for such prime numbers that, in the product, give the modulus n. Keys are generated in the same way for signing and for encryption.
When the keys are generated, you can begin to calculate the electronic signature.
2. Electronic signature calculation
3. Checking the electronic signature
RSA, as you know, is about to retire, because computing power is growing by leaps and bounds. The day is not far off when a 1024-bit RSA key can be guessed in a matter of minutes. However, we will talk about quantum computers next time.
In general, don't rely on the strength of this RSA signature scheme, especially with keys as "crypto-strong" as in our example.
Continued available to members only
Option 1. Join the "site" community to read all the materials on the site
Membership in the community during the specified period will give you access to ALL Hacker materials, increase your personal cumulative discount and allow you to accumulate a professional Xakep Score rating!
An electronic digital signature is the basis of electronic document management using modern information technologies. It is an integral part of the work of such projects as "Bank-Client" (automated banking systems for remote access), payment systems based on smart cards, electronic Internet payment systems, etc.
What is a digital electronic signature system
The main purpose of an electronic digital signature, which is a special mathematical scheme, is to confirm the authenticity of electronic documents or messages. A secure digital signature guarantees the recipient that the document was created by the sender and has not been altered during transmission.
Electronic digital signatures are actively used in financial transactions, for software distribution, as well as in other projects that require confirmation of the authenticity of an electronic message.
It is worth distinguishing between the concepts of "digital signature" and "electronic signature". The first term is more general in that it refers to any electronic data. However, not all electronic signatures are digital.
Digital signatures use asymmetric cryptography. They are designed to protect electronic messages transmitted over an insecure channel. A digital signature, created according to all the rules, guarantees that the message was sent by the originator. In fact, a digital signature and seal is a full-fledged substitute for physical seals and manual signatures. The difference is that digital ones are harder to fake.
One of the areas of application of an electronic digital signature is the confirmation of the authenticity of messages and documents transmitted by e-mail using a cryptographic protocol. EDS is based on the principle of non-repudiation, according to which the person who signed the document cannot prove that he did not sign the sent message.
The role of digital signature in e-commerce and workflow
The popularity of EP is steadily growing. Company executives want to reduce the workload of their employees and reduce the amount of paper workflow. After all, with the help of EDS, other employees will be able to sign documents much faster, which will reduce downtime and increase the efficiency of business processes in the organization.
The federal law "On Electronic Digital Signature" defines an EDS as equivalent in legal force to a handwritten signature and a physical seal on a traditional document in paper form. This allows organizations of various industries and activities to actively use it in electronic document management.
But the scope of the EDS is not limited to this. It is also used to confirm the authorship, integrity, authenticity and relevance of any electronic messages and allows you to check whether any changes have been made to the transmitted document by unauthorized people.
The acceleration of all processes in life and in business forces company owners to optimize organizational processes, implement various systems automation. E-commerce is one such tool. To participate in the auction, you need an electronic digital signature, which allows you to:
- guarantee the authenticity of the electronic documents uploaded by the participants;
- organizers to sign competitions, auctions and applications;
- sign bids at the auction;
- use electronic documents on a par with paper ones;
- ensure the authenticity and integrity of electronic documents, prevent their forgery;
- avoid disputes due to incorrect sending of documents and filing applications.
The use of digital technologies in e-commerce can lead to fundamental changes in the practice of conducting business negotiations in the near future. First of all, due to the use of digital communication channels and reduction of communication costs. Thus, an electronic digital signature provides small and medium-sized business owners with access to international e-commerce markets.
In the recent past, fax was used to exchange messages or documents. Securities also sent by mail or courier service. Now you can send all the necessary documentation that has the appropriate legal force to as soon as possible and without intermediaries. After all, an electronic digital signature in a workflow completely replaces a handwritten one and confirms its authenticity, ensuring that no corrections were made to the document by unauthorized users.
The economic feasibility of switching to the exchange of electronic documents is obvious: in this form it is easier to store and transfer them. To do this, you only need to issue an electronic digital signature in one of the special certification centers.
Another advantage of electronic document management is the high degree of protection of transmitted data. For EDS, a special cryptographic provider with a qualified certificate is used. Its maximum protection is provided by special hardware and software complexes (I-Token keys or smart cards), which contain a safe storage for using PIN codes when working with a qualified certificate. If several unsuccessful attempts are made when entering the PIN code, the certificate is blocked and stops working.
Features of using an electronic digital signature
Before using the EDS to approve documents, you must consider the following:
- The authenticity of a signature can be verified based on publicly available data. At the same time, it is created from a fixed message and a private key of an electronic digital signature.
- It is impossible to forge or guess a signature without a secret key.
The use of EDS is expedient and relevant not only in organizing the workflow of legal entities (to certify the authenticity, authorship, identity and status of documents), but also individuals. For example, it can be used to confirm the informed consent or approval of one of the parties to the contract.
An electronic digital signature is used to authenticate the source of a letter. This is because even if the document contains all the necessary information, it is difficult to guarantee the authenticity of the sender. The key of the electronic digital signature is assigned to a specific user. This mechanism ensures that the letter was sent by the EDS owner. This is especially true for financial and banking organizations.
Another area of application of EDS is confirmation that the letter was delivered safe and sound and that no corrections were made to it by intruders during transmission. Encryption using an EDS key does not provide 100% protection against modifications to the original message by unauthorized users. But when decrypting a letter, the addressee will receive information if the integrity of the letter is violated. This is due to the fact that any actions with a message signed with an electronic digital signature lead to its deactivation. In order to sign the modified document again, you need to have access to it. Therefore, the likelihood of such a development of events is extremely small.
Also, an electronic digital signature is one of the most effective tools for confirming the origin of a document or message. That is, an electronic digital signature for legal entities is a guarantee of the non-repudiation or impossibility of denying the fact that an organization has signed an electronic document. This principle of operation of the EDS is also applicable to individuals.
It should be borne in mind that the authenticity and non-repudiation of a letter signed with an EDS are possible only if the secret key is not revoked before use. In this case, the public keys are canceled simultaneously with the secret ones. Upon prior request, the ES is checked for the possibility of revocation.
Any cryptosystems based on the use of a public or private key directly depend on the degree of secrecy of this data. The user can store the electronic digital signature key on his working computer, protecting it with a password. But this option has its drawbacks:
- documents can only be signed on the computer of the EDS owner;
- the safety of EDS data directly depends on the security of the user's working computer.
It is much more secure to store the secret key on smart cards, since most of them have a high degree of protection against changes by unauthorized users.
To activate the smart card, the user enters a special PIN code. This two-factor authentication scheme provides additional protection for the electronic digital signature. In case of theft or loss of a smart card, to activate it and use the EDS, you will also need to enter a PIN code, which reduces the security level of this scheme. It is encouraging that the EDS keys on smart cards exist in a single copy and cannot be copied. Therefore, the owner of an electronic digital signature, having discovered the loss, can quickly block their action. Keys stored on the user's computer are much easier to copy, and the fact of information leakage is more difficult to detect. Therefore, it is very important to apply additional protection of the electronic digital signature.
What algorithms are used in the electronic digital signature
The digital signature scheme simultaneously includes three electronic digital signature algorithms:
- A key generation algorithm that selects a secret key uniformly and randomly from a set of possible private choices. At the same time, the secret and public keys are generated, which are paired.
- A signature algorithm that, based on a private key, signs an electronic message.
- An electronic digital signature verification algorithm that, based on the public key, signature and message, determines the authenticity and decides whether or not to send an e-mail.
RSA digital signature algorithm.
One of the earliest and most common EDS systems is based on the RSA algorithm. It all starts with calculating the public and private keys. An e-mail sender must calculate two large primes P and Q, and then calculate the product and find the value of the function:
N = P * Q; φ (N) = (P-1)(Q-1).
Then you need to determine the value of E from the conditions:
E £ φ (N), gcd (E, φ (N)) = 1
and D value:
D< N, E*D º 1 (mod j (N)).
The numbers E and N represent the public key. The author sends these indicators to the recipients of the e-mail for authentication of the electronic digital signature. The D parameter is the secret key with which the author signs the message. Schematically, the operation of the algorithm is shown in the figure:
Disadvantages of using the RSA algorithm to generate an electronic digital signature:
- Calculating the values of the parameters N, E and D is a laborious process, since it requires checking a large number of additional conditions. At the same time, if at least one of them is not fulfilled, there is a risk of forging an electronic digital signature.
- High resistance to falsification of an EDS created using the RSA algorithm is provided at the expense of significant computational costs (20-30% more than other algorithms).
ElGamal Digital Signature Algorithm (EGSA).
The main idea of this algorithm is the impossibility of forging an electronic digital signature. To achieve this goal, it is necessary to solve a more complex computational problem, and not just factor a large integer. In addition, the developer of El-Gamal was able to eliminate the shortcomings of the RSA algorithm and prevent the risks of digital signature falsification without determining the secret key.
To generate a public and private key, you need to choose two simple integers P and G, provided that G< P. Отправитель и адресат электронного документа, подписанного ЭЦП, применяют одинаковые большие несекретные числа P (~10 308 = ~2 1024) и G (~10 154 = ~1 512). Первый из них берёт случайное целое число X, 1 < X £ (P - 1), и вычисляет: Y = G X mod P.
The Y parameter is the public key used to authenticate the sender's digital signature. Parameter X is the secret key used by him to sign electronic documents. To sign a message M, the sender must hash it using the hash function h into an integer m: m = h(M), 1< m < (P - 1), и сгенерировал случайное целое число К, 1 < K < (P - 1), при этом К и (P - 1) должны быть взаимно простыми. На next step it calculates the value of the parameter a by the formula: a = G K mod P. Based on the extended Euclid algorithm, using the secret key X, determines the integer b: m = X * a + K * b (mod (P - 1)). A pair of numbers (a, b) form an electronic digital signature S: S = (a, b).
The values of the parameters M, a and b are transmitted to the addressee, and the values of the numbers X and K are not disclosed. The recipient of the message then calculates the value of m using the formula: m = h(M). Next, the value of the number A = Y a a b mod (P) is calculated. If A = G m mod (P), the message M is considered authentic.
A rigorous mathematical proof can be given that the last equality will be true when the signature S under the message M is calculated using exactly the secret key X, from which the public key Y was obtained.
At the same time, it should be borne in mind that in order to create each electronic digital signature, a new value of the number K is needed, which is determined randomly.
The EGSA algorithm is a classic example of how a cleartext message is delivered along with an authenticator (a, b). The difference between the ElGamal algorithm and the RSA algorithm:
- With a similar degree of security, the EGSA algorithm works on integers that are 25% shorter than similar numbers in the RSA algorithm. This reduces the computation time by a factor of 2 on average.
- Calculating the modulus of P is easy, you just need to make sure that the number is prime and the number (P - 1) has a large prime factor.
- The EGSA algorithm does not allow you to digitally sign new messages without knowing the secret key.
- The signature generated by the EGSA algorithm is 1.5 times larger than the signature generated by the RSA scheme.
DSA digital signature algorithm.
The DSA algorithm (Digital Signature Algorithm) is an improved version of the EGSA and K. Schnorr digital signature algorithms. The sender and recipient of the e-mail calculate large integers G and P - prime numbers, L bits each (512 £ L £ 1024), q - a prime number of 160 bits (number divisor (P - 1)). The numbers P, G, q are open and can be shared by users. The sender chooses a random integer X - the secret key of the electronic digital signature, while 1< X < q. Далее он рассчитывает значение параметра Y (открытого ключа) по формуле: Y = G X mod P. Для подписи сообщения М отправитель хэширует его в целое хэш-значение m: m = h(M), 1 < m < q, затем выбирает случайное целое число К, при условии, что 1 < K < q, и вычисляет значение параметра r по формуле: r = (G K mod P) mod q. Далее он находит число s по формуле: s = ((m + r * X)/ K) mod q.
A pair of numbers S = (r, s) form an electronic digital signature. Destination checks if conditions are met: 0< r < q, 0 < s < q. Если хотя бы одно из них не выполнено, то подлинность ЭЦП не подтверждается. Если же выполнены все условия, то адресат рассчитывает значение w по формуле: w = (l/s) mod q, хэш-значения m = h(M) и числа u 1 = (m * w) mod q, u 2 = (r * w) mod q. Далее он с помощью открытого ключа Y вычисляет v по формуле: v = ((G u 1 * Y u 2) mod P) mod q. Подпись S считается подлинной при условии, что выполняется равенство v = r.
We can give a mathematical proof that the last equality will be true when the signature S under the message M is calculated using exactly the secret key X, from which the public key Y was obtained.
Advantages of the DSA algorithm compared to the EGSA algorithm:
- The length of an electronic digital signature created using the DSA algorithm is significantly shorter than that of a signature generated using the EGSA algorithm. At the same time, the level of resistance is the same.
- The DSA signature calculation time is less than in the EGSA algorithm.
The disadvantages of the DSA algorithm include the need for complex operations of division modulo q to verify the authenticity of an electronic digital signature. In practice, the work of the DSA algorithm can be accelerated by carrying out preliminary calculations. It is worth noting that the value of r is independent of the message M and its hash value m.
What types of electronic digital signature are endowed with legal force
Federal Law "On Electronic Signature" No. 63-FZ distinguishes two types of electronic signatures: simple and enhanced. Enhanced signatures are qualified and unqualified.
Simple EDS.
Passwords, codes and other means are used to create such a signature. A simple electronic digital signature is a tool for confirming the authenticity of electronic data by the sender. It is considered valid under the following conditions:
- the electronic document is signed with an EDS;
- the electronic signature key was created in accordance with the requirements of the information system, which was used to verify and send electronic messages by the sender.
In regulatory and legal documents, as well as agreements, participants must determine the basic rules for the use of a simple electronic digital signature:
- a mechanism for identifying the author of a signature in an electronic document;
- mandatory compliance with confidentiality requirements when using an electronic signature by responsible persons;
- compliance with the requirements of Federal Law No. 63-FZ regarding the use of a simple electronic digital signature;
- the impossibility of applying EDS to secret government documents.
Reinforced unqualified EP.
To create such a signature, a cryptographic program is used that works on the basis of an electronic digital signature key. An enhanced unqualified signature allows you to determine the originator of the document that signed, and the presence of changes in the letter after it was signed. The use of an unqualified ES makes it possible not to use an electronic digital signature key certificate (subject to compliance with the requirements of legislation, other regulatory documents and agreements between the sender and the addressee).
Enhanced qualified EDS.
The peculiarity of this type of electronic digital signature is the presence of a special verification key contained in a qualified certificate. The formation and verification of an enhanced qualified EDS is carried out using special means electronic signature that meets the requirements of Federal Law No. 63-FZ.
Paper documents with a handwritten signature and electronic documents with an enhanced qualified signature have the same legal force (except for cases that recognize only a handwritten signature, provided for in the legislation). The law also allows the establishment in regulations and agreements between the sender and the recipient of additional requirements for electronic documents signed with an enhanced qualified signature.
Let's compare the considered types of electronic digital signature by analogy with familiar physical means of identifying a person:
A simple ES is similar to a badge - any unauthorized person can use it, so the responsibility for the safety of data lies with the owner of the signature.
An unqualified ES is similar to a pass in a company, while there is a certain level of trust between the parties to the transaction.
A qualified ES as a passport is the most important tool for identification, it provides an opportunity to use all the services.
In accordance with Art. 7 of the Federal Law "On Electronic Signature" EDS created according to foreign standards, in Russian Federation refer to the type of electronic signatures, the features of which they correspond to. The issuance of a key certificate in a foreign state cannot be a reason for not recognizing the legal force of a document bearing such a signature.
How and where to get a digital signature
Step 1. Selecting an electronic signature.
First you need to understand why you need an electronic digital signature. For example, you need a key to work on a government services website. Or you plan to submit reports to non-budgetary funds, tax authorities, the federal financial monitoring service or other state and municipal authorities. You will also need an EDS to participate in electronic auctions or work on electronic trading platforms.
Step 2. Choosing a certification authority.
The list of certification centers where you can get an electronic digital signature is located on the website www.minsvyaz.ru (the official Internet resource of the Ministry of Telecom and Mass Communications). On the main page of the site in the "Important" section there is an active link "Accreditation of certification centers", after clicking on which a window opens offering to download a file with an up-to-date list of accredited certification centers. As of February 6, 2018, the list included 469 organizations.
Steps 3 and 4. Filling out the application and paying for the service.
After choosing a certification center convenient for the location, you need to fill out and send an application for issuing an electronic digital signature. If it is not possible to fill out an application on the site, you can write it manually and transfer it to the employees in the certification center. In the application, you must specify the full name of the EDS recipient, email address and contact phone number. Next, pay for the service.
Step 5. Submission of documents to the certification center.
Simultaneously with the submission of an application for the creation of an electronic digital signature key certificate, it is required to transfer a certain package of documents.
List of documents for obtaining an electronic digital signature by legal entities
- certificate of state registration of a legal entity (OGRN);
- certificate of registration with the tax authority (TIN);
- extract from the Unified State Register of Legal Entities (original or notarized copy). The requirements for the limitation period for an extract differ from certification centers, but usually it is no more than 6 months from the moment it was received;
- insurance certificate of state pension insurance (SNILS) of the future owner of the electronic digital signature.
If the owner of the EDS is the head of the legal entity, then it is also required to attach a document confirming his appointment to the position, certified by the signature and seal of the company.
If it is planned to transfer the authority to own an EDS not to a manager, but to an employee of the company (authorized representative), then it is necessary to attach to the package of documents a power of attorney to transfer the relevant functions to this employee, certified by the signature and seal of the company. If this employee will submit all the necessary documents and personally receive an EDS, then copies of the pages of his passport must also be provided.
List of documents for individual entrepreneurs (IP)
- application for the issuance of an electronic digital signature;
- certificate of state registration of IP;
- certificate of registration with the tax authority (TIN);
- extract from the USRIP (original or notarized copy). The requirements for the limitation period for an extract from different certification centers may not coincide, but usually it is no more than 6 months from the moment it was received;
- copies of the passport pages of the future owner of the electronic digital signature: with a photo and registration data;
- insurance certificate of state pension insurance (SNILS).
If it is planned that the electronic digital signature for IP will be received by an authorized representative of the future owner of the ES, then a notarized power of attorney for the specified representative must also be submitted to the certification center.
In a situation where the future owner of an electronic digital signature wants to delegate all the responsibilities for obtaining it to his authorized representative, then along with the main package of documents, the passport of this citizen must also be provided.
Step 6. Obtaining an ES.
To obtain an electronic digital signature, you must provide the selected certification center with the originals of all documents. After verifying the information, they are returned to the owner of the ES.
The price of the service for creating an electronic digital signature may vary depending on the following factors:
- type and scope of EP;
- features of pricing in the certification center;
- location of the certification authority.
The final cost of the service consists of several components:
- registration and issuance of a digital signature key certificate;
- granting rights to work with specialized software;
- provision of programs for work with electronic digital signature;
- transfer of the security key of the electronic digital signature carrier;
- technical support when working with electronic digital signature.
For example, the total cost of an EDS for work in electronic trading is 5-7 thousand rubles.
The term for issuing an electronic digital signature can vary from an hour to one week. It all depends on the speed of filing documents and paying for services. In most certification centers, EDS is produced in 2-3 business days. Keep in mind that extracts from the Unified State Register of Legal Entities or EGRIP are issued by the tax authorities within 5 business days. Therefore, it is worth getting them in advance.
The validity period of the electronic digital signature is 1 year. Therefore, it needs to be reissued every year. This can be done at any certification authority (not necessarily where you received it).
How reliable protection of electronic digital signature is implemented
One of the pressing problems of the practical application of modern cryptography is to ensure the protection of electronic digital signature information, primarily the ES key. High level the strength of cryptographic algorithms, including those developed in our country, forces attackers to steal an electronic digital signature file with keys, since this is the only possible way to hack. Simple key selection takes too much time and requires impressive computing resources.
In accordance with GOST R 34.10-2001, the secret key of an electronic digital signature is 256 bits of information. Attackers steal this data from user files, get it from RAM or the system registry. A real hacker industry has formed on the shadow market for the production of software for stealing EDS secret keys: various trojans, rootkits, viruses, exploits. In order to steal the key, it is not necessary to be a professional, it is enough just to get access to the FLASH-drive on which it is stored.
The creators of electronic digital signature tools are trying to provide the necessary protection of secret keys. There are different methods for encrypting the EDS key stored in the file. The user comes up with a password, which, based on a special algorithm, turns into a real cryptographic encryption key. With its help, the key container is encrypted. The downside is that this kind of protection can be cracked fairly quickly using a simple password brute force method. A bonus for attackers is an unlimited number of attempts and the only criterion for correctness (matching the secret and public keys).
It is just as easy to steal a secret digital signature key from the system registry as it is from a key container in a file, because the registry itself is also in the file.
There is another difficulty in ensuring the security of storing the EDS key. In the Windows operating system, a certain "binding" of the key container occurs. For example, during the first connection, a FLASH media with an EDS is defined as "Removable disk G", and during subsequent work as "Removable disk K". As a result, the crypto provider will not find the key containers in the new path.
In addition, if the EDS secret key is in the system registry, then it may be difficult to transfer it to another computer.
Thus, ensuring the secure storage of the EDS key is associated with many difficulties. But what are the consequences of stealing a key container? Consider the potential options for such a hypothetical situation:
- Attackers can steal money from the account through the remote banking system (RBS). It is almost impossible to prove the illegal actions of hackers, because all banking transactions have your electronic digital signature.
- The RBS security system prevented unauthorized money transfers by blocking access to the bank account. The money is intact, but perhaps important transactions fell through due to late payment.
- Your competitors stole the EDS key and signed a fake commercial offer or bid. As a result, you will spend time and effort clarifying the situation, and your company will be suspended from electronic trading for bad faith.
- The attackers signed a false report using the stolen EDS key, and your organization was fined.
Thus, the theft of an electronic digital signature key threatens you with the loss of financial and time resources, deterioration of business reputation, disruption of important transactions, blocking of bank accounts and other potential and very real losses. Even if you prove the fact of the theft of electronic data, it is highly likely that the bank will refuse to return the stolen money.
Hackers may not risk it and instead of stealing the key container, they can simply delete it. This will lead to lost benefits for the owner of the EDS (lost income, disruption of transactions) and unforeseen expenses (lost time, payment for services for reissuing the EDS).
Compliance with information security rules when using and storing an electronic digital signature is a guarantee of the smooth operation of all participants in electronic document management (banks, trading platforms, EDS owners, reporting operators, etc.).
It should be borne in mind that the owner of the electronic signature should not give his secret key to other employees of the company. After all, only he is responsible for all documents signed by colleagues. If there is such a need, an electronic digital signature should be made separately for each employee who has the right to sign documents.
We have already talked about the insecurity of storing a key container in a file. To eliminate the shortcomings of such an encryption system, they came up with alienable media with their own encrypted file system, in which the key container is located. Such a system has its own control microprocessor, which limits the number of hacking attempts.
For example, smart cards and USB tokens are popular in domestic practice. To activate the secret EDS key, the user enters an individual PIN code. After several incorrect input attempts, access is blocked, which limits the possibilities for hacking by intruders.
USB tokens are popular in Russia due to a number of characteristics: reliability, ease of use and low cost. So, after the Rutoken-2001 project entered the market, several million USB tokens of this company were sold. In some areas (for example, when submitting tax returns and in electronic trading), Rutokens are considered the standard for the safe storage of key containers.
An improved variation of the USB token technology works on cryptographic algorithms immediately "on board" the carrier. The secret key is not loaded into the computer's RAM, which eliminates the possibility of it being stolen by malware directly from the computer's memory. This technology is actively used in various financial organizations, in particular, in the remote banking systems of organizations, where potential losses from theft of the secret key of an electronic digital signature are especially high.
How the digital signature is authenticated
Verification of an electronic digital signature is carried out using open online services and specialized programs. The results of the verification make it possible to find out who signed the electronic document, to authenticate the signature, and to identify unauthorized changes in the message.
Many modern information systems check the authenticity of an electronic digital signature automatically. So, on the Rosreestr website (rosreestr.ru), you can easily determine the authenticity of the EDS on a document received in response to a user request. To do this, you need to upload the received file with the *.sig extension to a special site service and click on the button.
Similar verification tools can be found in other information systems, for example, on electronic trading platforms. Certification centers also provide users with services for digital signature authentication. In addition, those interested can carry out this procedure on their own with the help of specialized programs.
During the verification of an electronic document, the electronic digital signature on it, the EDS key received from the sender, and the CEP certificate are compared. If the addressee of the e-mail is not registered in any of the existing certification centers, he can check the authenticity of the digital signature on his own:
- In open online services such as KonturCrypto, etc.
- Install the program on a personal or work computer CryptoPro CSP and download the database of certificates from public directories of certification centers into it.
- On the website www.gosuslugi.ru/pgu/eds, you can check the electronic digital signature issued only by CAs that have passed state accreditation.
- The hardest way is if you have professional knowledge and skills, then compute hash functions based on the encryption algorithm.
Let's take a closer look at the first three methods, since they are more accessible to users without computer education.
Checking for CryptoPro CSP.
On the official website of the developer, you can download a demo version of the program and use it for free for two weeks, and then buy the full version. CryptoPro CSP allows not only to check the EDS in electronic documents, but also to sign your own files created in MS Word. After installing the program in the drop-down menu, you can select the desired action.
In the future, CryptoPro CSP will independently verify signatures in all open documents certified by EDS. If successful, the user will see a pop-up window
If during the check the program warns that the certificate of the received electronic document cannot be traced to the root directory, then the user should move it to the storage
Verification of an electronic digital signature on the Public Services Portal.
On the gosuslugi.ru website, you can easily check both your own and the qualified ES received from the sender in an electronic document and its certificate. The site's online service works both with files with the *.sig extension and with text documents, in the body of which an EDS is embedded.
If the certificate and ES have been verified, the message "Valid" appears. If not, then the service reveals the reason: "Certificate revoked" or "Failed to verify".
With the help of this service, you can easily check the CEP. In both cases, verification takes place in relation to only qualified signatures, since their key certificates are located in open registries of certification centers. The likelihood that a document will have an invalid digital signature is extremely low, as CAs keep track of the expiration dates of their certificates.
Causes of incorrect work of the electronic digital signature, and how to eliminate them
Most users on electronic trading platforms have difficulties due to the incorrect operation of the electronic digital signature. Such problems can arise at the most inopportune moment, for example, during trading, which will lead to undesirable results:
- the application for participation in the competition will not be submitted on time;
- the participant loses the electronic auction;
- a contract for the provision of services to public authorities will not be signed.
Typical difficulties when working with an electronic digital signature:
- The certificate of the procurement participant is not visible on the electronic trading platform.
- There is no technical possibility to sign an electronic document.
- When trying to login to electronic platform the user receives an error message.
In practice, there are other problems, but we will consider ways to solve the most popular of them.
The signing key certificate is not visible on the site when you try to log in.
This may be due to the simultaneous action of several factors:
- EDS key certificate is configured incorrectly;
- Internet browser does not work correctly;
- there is no CA root certificate.
How to solve a problem?
First, check that the installation of the public part of the certificate on the computer through the CryptoPro program was completed correctly. Also make sure your operating system maintains the version of the software installed on the computer. Next, in the browser settings, add the e-mail addresses of trading platforms to the trusted category by enabling all ActiveX controls. And in the end, install the root certificate of the CA that issued the digital signature to trusted root certification authorities.
An electronic signature gives an error when signing documents.
This problem may occur for the following reasons:
- your version of CryptoPro has expired;
- you inserted media with a different certificate.
How to fix it?
Get a new license from the CA, open the CryptoPro program on your computer and enter the license data.
If the matter is in the digital signature carrier, then check all closed containers in the USB connectors and the correct loading of the required certificate.
The system gives an error when entering the electronic platform.
The roots of this problem may lie in the previously discussed causes. Usually, difficulties arise due to incorrect installation of the Capicom library. To fix the problem, check if this library is installed on your computer and if the two system files with the .dll extension are copied to one of the Windows folders when using a 64-bit system.
A preliminary study of the instructions for installing and configuring an electronic digital signature will help to avoid the described problem situations. If you still have difficulties when working with EDS, you can contact the professionals of our company.
Lecture 7
Electronic signature
Introduction
Study questions:
4. Electronic data interchange.
Conclusion
Introduction
Electronic digital signature
electronic signature"(abbreviation -" EP»).
History of occurrence
Russia
AND " digital signature" are synonyms.
electronic signature,
electronic signature key
Storing the private key
The private key is the most vulnerable component of the entire digital signature cryptosystem. An attacker who steals a user's private key can create a valid digital signature for any electronic document on behalf of that user. Therefore, special attention should be paid to the way the private key is stored. The user can store the private key on his personal computer, protecting it with a password. However, this method of storage has a number of disadvantages, in particular, the security of the key depends entirely on the security of the computer, and the user can sign documents only on this computer.
The following private key storage devices currently exist:
· Diskettes.
· Smart cards.
USB key fobs.
· Tablets Touch-Memory.
The theft or loss of one of these storage devices can be easily noticed by the user, after which the corresponding certificate can be immediately revoked.
The most secure way to store a private key is to store it on a smart card. In order to use a smart card, the user must not only have it, but also enter a PIN code, that is, two-factor authentication is obtained. After that, the signed document or its hash is transferred to the card, its processor signs the hash and sends the signature back. In the process of generating a signature in this way, there is no copying of the private key, so only a single copy of the key exists at all time. In addition, copying information from a smart card is more difficult than from other storage devices.
In accordance with the law "On Electronic Signature", the owner is responsible for storing the private key.
EP formation technology
Known since ancient times cryptographic method , later called encryption by using symmetric key , which is used for encryption and decryption one and the same key (cipher, method).
The main problem with symmetric encryption is the confidentiality of the transfer of the key from the sender to the recipient.
Revealing the key during transmission is tantamount to disclosing the document and allowing an attacker to forge it.
In the 70s. algorithm was invented asymmetric encryption .
A document is encrypted with one key, and decrypted with another, and it is almost impossible to calculate the second from the first of them, and vice versa.
Therefore, if the sender encrypts the document secret key , a public (open) If the key is provided to the recipients, then they will be able to decrypt the document encrypted by the sender, and only by him.
If the recipient was able to decrypt the hash value using the sender's public key, then it was the sender who encrypted the value (authentication).
If the computed and decrypted hash values match, then the document has not been modified (identification).
Any tampering (intentional or unintentional) of the document during transmission will give a new value to the hash function calculated by the recipient, and the signature verification program will report that the signature under the document is incorrect.
Digital signature represents a relatively small amount of additional digital information transmitted along with the signed text.
The ES system includes two procedures: 1) signature procedure; 2) signature verification procedure. In procedure signing used The secret key the sender of the message, in the procedure signature verification - public key sender.
When generating an ES, the sender first of all calculates hash function h(M) of the signed text M. The calculated value of the hash function h(M) is one short block of information m characterizing the entire text M as a whole. Then the number m is encrypted with the sender's secret key. The resulting pair of numbers is the EP for the given text M.
When checking the ES, the recipient of the message again calculates the hash function m = h(M) of the text M received over the channel, after which, using the sender's public key, checks whether the received signature corresponds to the calculated value m of the hash function.
The fundamental point in the ES system is the impossibility of falsifying the user's ES without knowing his secret signing key.
Schematically, the signature and verification procedures can be represented as follows:
|
Any file can be used as a signed document. A signed file is created from an unsigned file by adding one or more electronic signatures to it.
Each signature contains the following information:
date of signature;
the expiration date of the key of this signature;
information about the person who signed the file (full name, position, short name of the company);
signer identifier (public key name);
actual digital signature.
Electronic data interchange
EDI (Electronic Data Interchange) is a technology for automated exchange of electronic messages in standardized formats between business partners.
At the same time, documents that have a convenient and specific form for each company in their original (“human”) form are transparently transferred between various partners in a standard “electronic” format (using a converter (at the input) and a deconverter (at the output, respectively)). The technology guarantees both the correctness of data conversion, as well as the delivery of messages to recipients and the sequence of message delivery. At the same time, the reliability and confidentiality of the transmitted information are ensured.
In its classical form, EDI involves fully automated interaction between information systems of partners, excluding human participation. Each party can act as both a sender and a recipient of messages. This integration option gives the maximum effect when implementing this technology.
At the present stage of development, EDI technologies allow not only saving money, but also simplifying and optimizing management and decision-making processes, and in general optimizing and increasing business efficiency.
The practice of e-commerce based on EDI systems dates back more than 30 years and is summarized in the standards for the execution of trade transactions and the presentation of structured business documents.
When developing standards for electronic document management, the use of these "paper" documents used in economic activity was analyzed.
It was proposed to highlight the most repetitive data, and highlight the corresponding data fields in them. Subsequently, to fill them in, a system of tables was developed - global data directories and technology for their synchronization.
EDI standards
EDI is based on the following core standards:
UN/EDIFACT– United Nations Electronic Data Interchange for Administration, Commerce and Transport - "UN Regulations for Electronic Document Interchange for Government, Commerce and Transport" - a fundamental global redundant standard containing the most common references of international codes and message formats, expanded to satisfy all possible requests users.
(UN/CEFACT)– adapted by the UN Center for Facilitation of International Trade and Electronic Business (CEFACT) UN/EDIFACT standard
GS1 EANCOM- a subset of EDIFACT for retail - developed by the international association GS1 and supplemented by the use of key identifiers of the GS1 system,
GS1 XML is a modern message format used in the exchange of data in supply chains in the GS1 system.
GS1 system is an international global multi-industry system of standards covering more than 100 countries. The GS1 system is the most widely used international standards system in supply chains. Currently, over a million companies in the world use GS1 standards. GS1 National Associations provide system support in their countries and national language support in the GS1 system.
The architecture of the GS1 system is based on key identifiers , the main ones being:
GTIN (Global Trade Item Number) - the global number of the trade item (trade item) - the unique identification number of the trade item in the GS1 system. This identifier is represented as a barcode symbol on the product packaging.
GLN(Global Location Number) - a global location number - a unique number in the GS1 system to identify participants in the supply chain and their material, functional or legal objects (subdivisions) (branches / offices / warehouses / ramps, etc.). Mainly used in EDI to effectively identify all objects related to deliveries.
SSCC (Serial Shiping Container Code) is a serial shipping package code (SKTU) - a unique identifier of a logistics (transport) unit. SSCC is very useful for labeling cargoes to be transported.
The key GS1 System Identifiers are:
unique - the way numbers are formed ensures the uniqueness of each number;
international - these numbers are unique all over the world;
diversified - the non-significant nature of the numbers allows you to consistently identify any object, regardless of the type of business activity;
The simple structure of the numbers allows you to automate the processing and transmission of data.
GLN number is a globally unique digital code that identifies a participant in the supply chain (a counterparty or its structural subdivision or facility).
The assignment of GLN identification numbers is governed by the GS1 system standards in order to guarantee the uniqueness of each individual number throughout the world. To obtain a GLN number, an enterprise must become a member of the national GS1 association (in the Russian Federation, such an organization is GS1 Russia - GS1 RUS.).
GLN identification numbers are widely used daily by more than 200,000 companies engaged in various types of business activities.
To switch to the use of EDI technology, it is necessary to connect partners to a specialized platform for exchanging commercial messages (electronic commerce platform), use the means of converting messages to a standard format and transmitting "standardized" messages to the addressee. This interaction scheme allows you to connect to EDI once and exchange messages uniformly with all partners, rather than creating and configuring a way to exchange documents with each counterparty.
Systems integration, transformation and transmission of messages between partners are carried out by specialized companies - authorized EDI providers. The provider provides its customers with a reliable messaging channel for all counterparties (access to its commercial messaging platform) and maintains the agreed level of service. The participation of an authorized provider is important, because this guarantees both the high technical level of the services provided and the level of service, as well as the compliance of services with GS1 standards, which in turn makes it possible to roam with other providers (including international ones).
To start exchanging documents via EDI, you need to:
get a GLN number;
select the connection option (full integration or Web-EDI),
make a connection,
· start working.
Popular Applications:
distribution,
Retail,
Warehouse management,
· Transport,
· Banking and cash flow management
Conclusion
Unlike a handwritten signature, an electronic digital signature is not physical, but logical in nature - it is simply a sequence of characters that allows you to unambiguously link the person who signed the document, the content of the document and the owner of the ES. The logical nature of the electronic signature makes it independent of the material nature of the document. With its help, you can sign documents that are of an electronic nature (executed on magnetic, optical, crystalline and other media, distributed in computer networks, etc.).
According to the Law, ES should solve the following tasks: protecting an electronic document from forgery, establishing the absence of information distortions in an electronic document, identifying the owner of the signature key certificate (Article 3).
Thus, the ES must provide identification (the document is signed by a certain person) and authentication (the content has not changed since the moment of its signing) of the electronic document.
In this lecture, only the basic concepts, principles of formation, giving legal competence to an electronic signature are considered. In more detail about the electronic signature, cadets will learn as part of the study of the discipline "Fundamentals of Information Security in the Department of Internal Affairs."
test questions
1. The concept of an electronic signature (ES).
2. The history of the concept of EP.
3. Normative documents regulating ES.
4. Types of EP.
5. Functions of the Certification Authority.
6. ES verification key certificate.
7. Technology of EP formation.
8. The concept of a hash function.
9. Electronic data interchange
Literature:
a) basic literature:
1. A. S. Davydov, T. V. Maslova. Information technology in the activities of internal affairs bodies: a textbook. - M .: TsOKR of the Ministry of Internal Affairs of Russia, 2009.
2. Informatics and mathematics for lawyers: a textbook for university students studying in legal specialties / edited by S. Ya. Kazantsev, N. M. Dubinina. - 2nd ed., revised. and additional – M.: UNITI-DANA, 2009.
3. Information technologies in legal activity: a textbook for bachelors / under the general editorship of P. U. Kuznetsov. - M .: Yurayt Publishing House, 2012.
4. Simonovich S. V. Informatics. Basic course. - St. Petersburg, Peter, 2011.
b) additional literature:
1. Gornets N. N., Roshchin A. G., Solomentsev V. V. Organization of computers and systems. Tutorial. - M., Academy, 2008.
2. Orlov S. A., Tsilker B. Ya. Organization of computers and systems. Textbook for high schools. - St. Petersburg, Peter, 2011.
3. V. L. Broido and O. P. Ilyina, Computing systems, networks and telecommunications. Textbook for high schools. - St. Petersburg, Peter, 2011.
Lecture 7
Electronic signature
Introduction
Study questions:
1. Appointment and application of an electronic signature.
2. Types of electronic signature, its legal validity.
3. Technology of electronic signature formation.
4. Electronic data interchange.
Conclusion
Introduction
When exchanging electronic documents over a communication network, the costs of processing and storing documents are significantly reduced, and their search is accelerated. But this raises the problem of authenticating the author of the document and the document itself, i.e. establishing the identity of the author and the absence of changes in the received document. In ordinary (paper) computer science, these problems are solved due to the fact that the information in the document and the author's handwritten signature are rigidly associated with the physical medium (paper). There is no such connection in electronic documents on machine media.
When processing documents in electronic form, they are completely unsuitable traditional ways authentication by handwritten signature and seal on a paper document. A fundamentally new solution is electronic digital signature (EDS).
Appointment and application of the electronic signature.
Electronic digital signature- details of the electronic document, which allows to establish the absence of distortion of information in the electronic document from the moment the ES was formed and to verify that the signature belongs to the owner of the ES key certificate. The attribute value is obtained as a result of cryptographic transformation of information using the private key of the ES.
In Russia, Federal Law No. 63-FZ of April 6, 2011 replaced the name "electronic digital signature" with the words " electronic signature"(abbreviation -" EP»).
An electronic signature is intended to identify the person who signed the electronic document. In addition, the use of an electronic signature allows you to:
Integrity control of the transferred document: in case of any accidental or intentional change of the document, the signature will become invalid, because it is calculated based on the initial state of the document and corresponds only to it;
Protection against changes (forgery) of the document: the guarantee of forgery detection during integrity control makes forgery impractical in most cases;
Proof of document authorship: Since a valid signature can only be created by knowing the private key, and it should be known only to the owner, the owner of the key pair can prove his authorship of the signature under the document. Depending on the details of the document definition, fields such as “author”, “changes made”, “timestamp”, etc. can be signed.
All these properties of EP allow it to be used for the following purposes:
· Declaration of goods and services (customs declarations).
· Registration of real estate transactions.
· Use in banking systems.
· E-commerce and government orders.
· Control of execution of the state budget.
· In systems of appeal to authorities.
· For mandatory reporting to government agencies.
· Organization of legally significant electronic document management.
· In settlement and trading systems.
History of occurrence
In 1976, Whitfield Diffie and Martin Hellman first proposed the concept of "electronic digital signature", although they only assumed that digital signature schemes could exist.
In 1977, Ronald Rivest, Adi Shamir, and Leonard Adleman developed the RSA cryptographic algorithm, which can be used without further modification to create primitive digital signatures.
Shortly after RSA, other digital signatures were developed, such as Rabin and Merkle digital signature algorithms.
In 1984, Shafi Goldwasser, Silvio Micali, and Ronald Rivest were the first to rigorously define the security requirements for digital signature algorithms. They described models of attacks on EDS algorithms, and also proposed a GMR scheme that meets the described requirements.
Russia
In 1994, the Main Communications Security Directorate of the Federal Agency for Government Communications and Information under the President of the Russian Federation developed the first Russian EDS standard - GOST R 34.10-94 “Information Technology. Cryptographic protection of information. Procedures for the development and verification of an electronic digital signature based on an asymmetric cryptographic algorithm.
In 2002, to ensure greater cryptographic strength of the algorithm, instead of GOST R 34.10-94, a standard of the same name GOST R 34.10-2001 was introduced, based on calculations in a group of points of an elliptic curve. According to this standard, the terms "electronic digital signature" and " digital signature" are synonyms.
January 1, 2013 GOST R 34.10-2001 of the same name was replaced by GOST R 34.10-2012 “Information technology. Cryptographic protection of information. Processes of formation and verification of electronic digital signature.
federal law“On Electronic Signature” No. 63-FZ of 04/06/2011 regulates relations in the field of:
use of electronic signatures in civil law transactions;
provision of state and municipal services;
performance of state and municipal functions;
when performing other legally significant actions.
The federal law defines the concept of an electronic signature:
1. Its types, requirements for electronic signature means are established, with the help of which the following are created and verified:
electronic signature,
electronic signature key
and an electronic signature verification key
2. Requirements for certification centers that perform the functions of creating and issuing certificates of keys for verifying electronic signatures
In the explanatory note to the draft law on electronic signature, disappointing statistics were cited, indicating the low prevalence of EDS in Russian business turnover.
As of February 2007, about 200,000 EDS key certificates were issued in Russia, which is only 0.2% of the country's population.
At the same time, it is noted that in Europe for the same period of time from the entry into force of the EU Directive of December 13, 1999 N 1999/93 / EC “On general principles electronic signatures” strengthened electronic signatures were used by about 70% of the population.
The new Federal Law "On Electronic Signature" (ES) is designed to mitigate too serious requirements for EDS, regulated by the Federal Law of January 10, 2002 "On digital signature"(EDS).
In particular, it was allowed to use only one identification technology (asymmetric electronic signature keys), which also required the mandatory presence of a certificate from a certification authority.
According to the provisions of the new law, certification centers are not required to be licensed - they can be accredited, and then only on a voluntary basis. Accreditation will be carried out by the authorized body appointed by the government, which will also organize the work of the root center
For accreditation, a Russian or foreign legal entity must have net assets of at least 1 million rubles. and financial guarantees for paying compensation to affected clients in the amount of 1.5 million rubles, have at least two IT specialists with higher professional education and undergo the confirmation procedure with the FSB.