The introduction of modern means of personal identification is a huge step in the development of electronic document management. Many believe that the development of such a direction has no practical meaning, that the use of such tools is necessary only for a small number of users, and nothing will exceed a simple signature in reliability and convenience, but this is far from the case.
An electronic digital signature allows you to determine the authenticity of your identity in digital document flow, which significantly increases its efficiency and saves time and money.
An electronic digital signature (or EDS) is, in essence, electronic props, which allows you to protect the digital version of a document from forgery. The legislator defines an electronic signature as an analogue of a handwritten signature, which is used for the purpose of identifying a person in electronic document management.
In practice, several variants of digital signature are used.
Does not contain cryptographic protection elements. Security is ensured by using login, password and connection codes.
In general, it is used only for the actual identification of the user, but is not used to protect a specific document.
Such a signature can still certify documents, however, this requires fulfillment certain conditions:
- adding to a specific document;
- use complies with internal document flow rules;
- availability of information about the identity of the sender of the file.
Unskilled refers to an enhanced signature, but its degree of protection is less than that of a qualified signature. However, in this case, cryptographic protection methods are already used. Using such a signature allows you not only to sign a document, but also to make changes to it and then confirm them.
Qualified I am considered the most secure option. Cryptographic protection methods are used, which are confirmed by special authorities. Use in practice is difficult, but there is an undoubted advantage - reliability. You can connect such a signature only in a special certification center.
When signed with such a seal, the document is equivalent to a paper counterpart signed by an official with a special seal.
Test methods, services and results
Using digital signature is undoubtedly practical and convenient. However, each user must have the skills to verify its accuracy, which protects against possible violations by counterparties.
It is not difficult to check. To do this, just use one of several services. So, you can verify the authenticity of a document signed using an electronic digital signature by uploading it to the website crypto.kontur.ru.
This service will allow you to quickly analyze a document and get the result. To use it, you need to configure your computer accordingly, but it is not difficult, you just need to follow the instructions on the site.
If you cannot install the electronic signature on your computer yourself, you should contact certification centers. Upon completion of their work, an installation certificate for the electronic signature facility is drawn up.
The second service provided by the State Services portal is also easy to use. Using the link www.gosuslugi.ru/pgu/eds you can download a file signed with an electronic digital signature, and the service will verify its authenticity.
Using the service www.iecp.ru/ep/ep-verification, you can no longer verify the document, but the signature itself. You need to upload a file of the appropriate format, the system will check:
- Certificate validity period.
- Is the signature on the list of revoked signatures?
- Is the digital signature one of those issued by accredited centers?
The most popular verification method is checking through the State Services portal. However, there are many more services that are approximately the same in their effectiveness.
In general, verification methods can be divided into two types:
- Verification of a document signed with digital signature.
- Checking the digital signature itself.
For best results, it is recommended to use both methods. In addition, it is periodically necessary to check the digital signature itself in order to exclude its invalidity.
Another way to check your digital signature is to install the appropriate program on your PC. Typically used CryptoPro due to the many full-fledged functions for working with digital signatures.
The result of any check is confirmation or non-confirmation of the authenticity of the digital signature or the document signed by it. Such services simply need to be used for work, as they fully ensure the security of electronic document management.
If work is carried out on an ongoing basis, it is recommended to use software from CryptoPro.
How to install digital signature
To install the electronic signature on a PC, you will need to download the appropriate software and follow the instructions.
Programs
First of all, you need to install it on your computer CryptoPro CSP program. Further:
- Run the program in any of the ways. As an option, open the Control Panel, the “Programs” menu and find what you need there, or find it through a search if the location is not known. Run as administrator.
- After starting the program, a window will appear in which you need to find the “Service” tab.
- Next, look for the “View certificates in container” menu.
- The Browse window appears, where you can view information about the container name and reader. Click OK.
- In the next window, “Certificates in the private key container,” you do not need to perform any actions. Just skip it by clicking Next.
- A window with user data will appear. You need to select "Properties".
- We install a new Certificate, to do this, select “Install Certificate”.
- In the next window we don’t do anything and just click “Next”.
- Next, you need to select the “Place all certificates in one storage” item, to do this, click “Browse” and select the “Personal” folder.
- The last step is to click “Finish”.
Plugins
There is also a useful plugin from CryptoPro that allows you to create and verify signatures on web pages. CryptoPro EDS Browser plug-in can work with any modern browser, including Chrome and Yandex.
Many people believe that it is necessary to use Internet Explorer to work with digital signatures, but this is not so. It is enough that the Internet browser supports Java.
This plugin allows you to:
- Sign documents for electronic document management.
- Validate web form data.
- Certify any files sent from the user's computer.
- Sign messages.
Using the plugin, you can check both regular and improved electronic signatures. An important advantage is that it is distributed completely free of charge.
To install the plugin, you don’t need any special skills; everything happens automatically. You just need to run the installer file, then select “Run”, “Next” and “Ok”. The program will do everything itself.
If you encounter any difficulties with installing or operating the program, you can always contact the company where the signature was purchased for help. In most cases, they provide detailed instructions and provide assistance over the telephone.
Setup and activation
For the digital digital signature to fully operate, it must be properly configured and activated. To do this, in addition to installing the CryptoPro program and the corresponding plugin, you need to install a number of system programs and drivers, which will ensure stable operation.
- First of all, Rutoken drivers are installed. To do this, you need to run the installer file, and before doing this, remove the electronic identifier from the USB. After launch, follow the program instructions.
- After installation, you should restart your computer and connect the ID. The system will automatically detect it.
- Next, CryptoPro CSP is installed. This step was described in the previous section.
- After these manipulations, you need to install the root certificate. It must be downloaded from the certification center website. After that, you need to find the cacer.p7b file among the downloaded files, right-click on it, and select “Install certificate.” Click Next, then select “Place certificates in one store,” then “Browse” and select “Trusted Root Certification Authorities.” Then “Next” and “Done”.
- If a pop-up window appears, you will need to click “Yes” several times, then “OK”.
- The next step is to install a personal certificate. Click on Start and look for CryptoPro CSP. Select “Service” and “View certificates...”, then “Browse”. We choose and accept. After acceptance, a pop-up window will appear in which you must enter the PIN code of the electronic media, and then click “Install”.
- The next important step is binding the key to the certificate. As a rule, it occurs automatically; if not, then you should follow the instructions of the certification center.
- You should also install CAPICOM, which is distributed free of charge on the Microsoft website. You need to run the installer file and follow the instructions.
Correctly setting up the electronic signature will help you avoid many problems. Therefore, all steps must be completed very carefully. If you have any questions, it is better to contact the certification center again.
Detailed instructions for installing and activating the CryptoPro program can be found below.
FAQ
How reliable is the use of digital signature?
The reliability of using an electronic signature is at a fairly high level; a regular digital signature is equivalent to a handwritten signature. It is almost impossible to hack the system, and the chance of forging it is much lower than the chance of forging a handwritten signature.
Is it relevant for an individual to obtain an ES?
The Federal Law can use a signature for any electronic document flow. In addition, the use of such a signature significantly expands the capabilities of the government services portal.
How much does an EDS cost?
The cost of an electronic signature is not very high. It will cost an individual about 1,000 rubles, the maximum cost for a legal entity is up to 2,500 rubles.
You will learn how to install and configure Rutoken from this video.
List of documents for a legal entity:
1. Extract from the Unified State Register of Legal Entities (USRLE) no older than 30 days.
2. Passport
3. Company details
4. SNILS (Insurance certificate of state pension insurance)
5. TIN certificate
List of documents for an Individual Entrepreneur (IP):
1. Extract from the Unified State Register of Individual Entrepreneurs (USRIP)
2. Passport
3. SNILS (Insurance Certificate of State Pension Insurance)
4. TIN certificate
List of documents for an individual:
1. Passport
2. TIN certificate
2. SNILS (Insurance certificate of state pension insurance)
2. A window pops up: "Error! The CAPICOM library cannot be loaded, possibly due to low access rights on this local machine."
If, when working on the website roseltorg.ru, a window pops up: “Error! The CAPICOM library cannot be loaded, possibly due to low access rights on this local machine” You need:
1. Click on the yellow bar under the site address with the text “This website is trying to install the following add-on: “CAPICOM User Download v2.1.0.2” from “Microsoft Corporation”. If you trust this website and add-on and want to install it , click here...";
2. Select "Install ActiveX control";
3. Click on the "Install" button; This procedure must be performed until the window with this message stops popping up (this is individual for each computer). This is a one-time setup.
3. How to install a personal certificate?
Installing a personal certificate (your organization's certificate) can be done in the following way:
Via the "View certificates in container" menu
1. Select Start / Control Panel / CryptoPro CSP, go to the Service tab and click on the button View certificates in a container(see Fig. 1).
Rice. 1. “CryptoPro CSP Properties” window
2. In the window that opens, click the Browse button to select a container to view. After selecting the container, click on the OK button (see Fig. 2).
Rice. 2. Window for selecting a container to view
3. In the next window, click on the Next button.
Rice. 3. “Selected private key container” window
4. If the version of CryptoPro CSP 3.6 R2 (product version 3.6.6497) or higher is installed, then in the window that opens, click on the Install button, and then respond affirmatively to the notification about replacing the certificate (if it appears).
Rice. 4. Certificate viewing window
5. In the window that appears about the successful installation of the certificate, click OK
Rice. 5. Window “Message about successful certificate installation”
6. then press the ready button
Rice. 6. Window for viewing the selected certificate
5. Close the CryptoPro CSP window by clicking OK
Detailed information on installing the certificate is available at the following link.
4. How to set up email.
Configuring security settings for Outlook Express is carried out according to the following scheme:
1. Select the menu item Tools -> Accounts and open the Mail tab.
2. In the displayed list of accounts, select the one you want to configure and click the Properties button.
3. In the displayed dialog, select the Security tab, which allows the user to specify his personal certificates, which will be used when selecting the user’s personal keys for generating an electronic digital signature and decrypting incoming messages. The certificate selection dialog only displays certificates that have a matching email address and are allowed for email security
5. In the displayed dialog, select the Security tab:
6. In the displayed dialog, set the following modes:
a. Always encrypt messages when sending encrypted mail . Setting the enable mode allows the sender to decrypt the messages he has sent.
b. Include my digital ID when sending singed messages. Setting this mode to automatically add the sender's certificate to all messages. This mode allows you to exchange certificates using a signed message, and then use the resulting certificates to subsequently encrypt messages between recipients.
c. Send messages with an opaque signature / Encode message before signing. When Message Mode is enabled, all attachments will be combined into a single attachment with a digital signature included. If the mode is disabled, the signature is generated as one separate attachment for all attachments.
d. Automatically add sender certificates to my address book. When enabled, certificates sent as part of a signed message will be automatically added to the address book.
e. Check for revoked Digital Ds:
i. only when online. Installing a verification token means that each operation of generating or verifying an electronic digital signature will be accompanied by a certificate revocation check. To check for revocation, a Certificate Revocation List (CRL) is used, information about the location of which is recorded as an addendum in each user’s certificate. By default, this option is not enabled, and Outlook Express does not track whether user keys have been compromised.
ii. Never/Never.
No revocation check is performed.
5. How to sign a document.
There are 2 types of sending a signed document.
The first way is to sign the document itself and the second is to sign the entire letter.
To create and send a signed message:
1. Click the Create Mail button or select the menu item File -> New -> Mail message.
3. To send a signed message, check the status of the Sign button. It should be pressed and the signed message sign should be visible on the right side of the screen.
4. Once the message is ready to be sent, click on the Send button:
The second method is when the file itself is signed. Microsoft Office allows you to attach digital signatures to a specific document. To do this you need:
1. From the Tools menu, select Options, and then open the Security tab.
2. Click the Digital Signatures button.
3. Click the Add button.
4. Select the certificate you want, and then click OK.
For other data formats, you must use the CryptoArm program.
6. CryptoPro expires.
During installation, the product serial number was not entered according to the license you purchased.
7. Mail does not see the certificate.
When setting up email, at the stage of signing the document, the email does not find the required certificate. This happens when the email address that is specified when producing the digital signature does not match the current email address.
8. When installing CryptoPro at the last step, the system displays a message about the incorrect installation of the program and rolls back. What should I do?
The problem occurs due to incomplete (or incorrect) removal of the previous version of Crypto Pro from the computer. To remove files remaining from the previous version, you must use the CryptoPro clear.bat trace cleaning program. You can download the program from here: ftp://ftp.cryptopro.ru/pub/CSP_3_6/clearing.zip
9. Where can I find the public digital signature signature key?
In all signatures issued by our company, the public key is located inside a container on a secure medium. In order to remove it from the container you need to:
When the media is included in the system unit Through the CryptoPro program Start à Control Panel à CryptoPro à Service à View the certificates in the container. In the dialog box that appears, select the required container through the overview à Next. In the window for viewing digital signature public key data, select properties à “Composition” tab à Copy to file and specify the path to save the certificate.
10. CryptoPro does not see the container on the flash drive. Prompts you to select another media.
Depending on what type of media you use, the solutions are different. If you use smart cards such as Rutoken, MSKey, Etoken, then most likely you do not have the drivers installed to work correctly with the key.
If your key is on a USB 2.0 flash drive, then you need to look at the version of the CryptoPro kernel. If you are using CryptoPro 3.0, then you have lost your way. In order to configure it you need to:
When the media is included in the system unit Through the CryptoPro program Start à Control Panel à CryptoPro à Equipment Configure readers Add. In the Reader Installation Wizard window that appears, select Floppy Drive on the right side of the screen (since in CryptoPro all USB drives are defined as floppy disks). In the next window, select the correct name of the flash drive, that is, the name under which the flash drive is identified in “My Computer”.
If you are using CryptoPro 3.6 and the container is not visible, then the media is damaged. It should be provided to the office to determine the status of the key.
11. We have received an electronic signature, what to do next? How to register on the trading platform?
The entire procedure for accreditation, filing an application for participation in the auction and conducting the auction itself is described in the operating regulations of a specific electronic trading platform, which can be found on the website of this platform. There are also various supporting video materials and instructions for working in the system. Or you can contact us to purchase our accreditation assistance service on any electronic platform.
12. To check what operating system is installed on your computer
- Go to My Computer in Explorer.
— Right-click on the display and select “Properties” from the menu that appears.
— The window that appears contains information about your system.
13. To find out which version of Internet Explorer is installed on your computer
— Launch Internet Explorer.
— Select Help from the horizontal menu at the top of the browser.
— The window that appears contains information about the current version of the browser.
— Possible option
14. To install a newer version of Internet Explorer 8
— Specify the following address on the command line:
— In the window presented, click “Download for free.”
— Click “Run” in the window that appears.
- Then click “Run” again.
— When installation is complete, you must restart your computer.
If none of the solutions suggested below fix the problem, the key media may have been damaged and requires recovery (see). It is impossible to recover data from a damaged smart card or registry.
If there is a copy of the key container on another medium, then you must use it for work, having first installed the certificate.
Diskette
If you are using a floppy disk as the key container, you must complete the following steps:
1.
Make sure that at the root of the floppy disk there is a folder containing the following files: header, masks, masks2, name, primary, primary2. Files must have an extension. key xxxxxx.000.
the private key container has been corrupted or deleted
2.
Drive X(for CryptoPro CSP 3.6 - All removable drives), Where X- drive letter. For this:
- Select menu;
- Go to tab Equipment and press the button Configure readers.
?).
3.
In the window Selecting a Key Container set switch Unique names(see Fig. 1).
Rice. 1. Selecting a key container
4.
- Select menu Start / Control Panel / CryptoPro CSP;
- Go to tab Service and press the button Remove remembered passwords;
- Mark item User and press the button OK(see Fig. 2).
Rice. 2. “Remove remembered passwords” window
5. How to copy a container with a certificate to another medium?).
Flash drive
If a flash drive is used as the key media, you must complete the following steps:
1.
Make sure that in the root of the media there is a folder containing the files: header, masks, masks2, name, primary, primary2. Files must have the extension .key, and the folder name format should be as follows: xxxxxx.000.
If any files are missing or their format is incorrect, then the private key container may have been damaged or deleted. You also need to check whether this folder contains six files on other media.
2.
Make sure that the reader is configured in CryptoPro CSP Drive X(for CryptoPro CSP 3.6 - All removable drives), Where X- drive letter. For this:
- Select menu Start / Control Panel / CryptoPro CSP;
- Go to tab Equipment and press the button Configure readers.
If the reader is missing, you need to add it (see How to configure readers in CryptoPro CSP?).
3.
In the window Selecting a Key Container set switch Unique names.
4.
Remove remembered passwords. For this:
Rice. 3. “Remove remembered passwords” window
5. Make a copy of the key container and use it for work (see How to copy a container with a certificate to another medium?).
6.
If CryptoPro CSP version is installed at your workplace 2.0
or 3.0
, and Drive A (B) is present in the list of key media, then it must be removed. For this:
- Select menu Start / Control Panel / CryptoPro CSP;
- Go to tab Equipment and press the button Configure readers;
- Select reader Drive A or Drive B and press the button Delete.
After removing this reader, working with the floppy disk will be impossible.
Rutoken
If a Rutoken smart card is used as a key carrier, you must complete the following steps:
1. Make sure that the light on the rutoken is on. If the light does not light, then you should use the following recommendations.
2. Make sure that the reader is configured in CryptoPro CSP Rutoken(for CryptoPro CSP 3.6 - All smart card readers). For this:
- Select menu Start / Control Panel / CryptoPro CSP;
- Go to tab Equipment and press the button Configure readers.
If the reader is missing, you need to add it (see How to configure readers in CryptoPro CSP?).
3. In the window Selecting a Key Container set switch Unique names.
4. Remove remembered passwords. For this:
Rice. 4. “Remove remembered passwords” window
5. Update the support modules required for Rutoken to work. For this:
- Disconnect the smart card from the computer;
- Select menu Start / Control Panel / Install and remove programs mm (for Windows Vista\Seven Start / Control Panel / Programs and Features);
- Select from the list that opens Rutoken Support Modules and press the button Delete.
After removing modules, you must restart your computer.
- Download and install the latest version of support modules. The distribution is available for download on the Aktiv website.
After installing the modules, you must restart your computer.
6. You should increase the number of Rutoken containers displayed in CryptoPro CSP using the following instructions .
7. Update the Rutoken driver (see How to update the Rutoken driver?).
8. You should make sure that Rutoken contains key containers. To do this, you need to check the amount of free memory on the media by following these steps:
- Open Start (Settings) / Control Panel / Rutoken Control Panel(if this item is missing, you should update the Rutoken driver).
- In the window that opens Rutoken control panels in point Readers should choose Activ Co. ruToken 0 (1,2) and press the button Information(see Fig. 5).
If the root token is not visible in the item Readers or when you press a button Information The message appears The ruToken memory state has not changed, this means that the media was damaged, you need to contact the service center for an unscheduled key replacement.
Rice. 5. Program window Rutoken Control Panel.
- Check what value is specified in a string Free memory (bytes).
As a key carrier in service centers root tokens with a memory capacity of about 30,000 bytes are issued. One container takes up about 4 KB. The amount of free memory of a rootken containing one container is about 26,000 bytes, two containers - 22,000 bytes, etc.
If the free memory of a root token is more than 29-30,000 bytes, then there are no key containers on it (see Fig. 6). Therefore, the certificate is contained on a different medium.
Rice. 6. “Information about Rutoken” window.
Registry
If the Registry reader is used as a key medium, you must perform the following steps:
1.
Make sure that the reader is configured in CryptoPro CSP Registry. For this:
- Select menu Start / Control Panel / CryptoPro CSP;
- Go to tab Equipment and press the button Configure readers.
If the reader is missing, you need to add it (see How to configure readers in CryptoPro CSP?).
2.
In the window Selecting a Key Container set switch Unique names.
3.
Remove remembered passwords. For this:
- Select menu Start / Control Panel / CryptoPro CSP;
- Go to tab Servi with and press the button Remove remembered passwords;
- Mark item User and press the button OK(see Fig. 5).
Rice. 5. “Remove remembered passwords” window
Validation difficulties on the RTS-Tender website arise due to the fact that the EDS browser Plug-In does not see the RuToken key or only the signing certificate. To find out why the PC does not see the electronic signature key, instructions from the supplier of specialized software, a thematic forum on the Federal Tax Service website or resources dedicated to digital signatures, as well as specialists from the technical support service of the crypto-software manufacturer will help.
How it should work
Why doesn't the computer see the digital signature? It seems that there is a key in the form of a flash drive (the same RuToken), and the Crypto-Pro utility is installed, but the electronic signature is not checked. The main reason is that the PC initially does not see the digital signature flash drive. This usually occurs because they are trying to run the key on a device with an unsupported OS. After all, each flash drive key is made for its own environment, and a banal OS update can lead to loss of compatibility with the existing digital signature key (flash drive).
When the installation of a crypto provider is completed on a supported device, according to the instructions, but the computer still does not see the digital signature, the problem may be in the key itself. To find out, please contact support. There you will be asked for screenshots:
- CSP versions/builds (General tab);
- errors when connecting the digital signature container.
In addition, indicate to the specialists where you received the digital signature, on what media you have the container installed (rutoken, etoken, flash drive or registry) and what OS is used (bit size, build).
The computer does not see the digital signature certificate: first steps
If the computer does not see the electronic signature certificate, then in the Windows operating system you need to go to:
Start - Control Panel - CryptoPRO CSP - Service - Test - By certificate. This way you can understand whether the certificate is installed in the user’s Personal Storage linked to RuToken.
If the user’s browser does not see the digital signature and he cannot register on the site or connect a digital signature, you need to determine whether the site of interest has been added to the trusted list:
Start - All programs - CRYPTO-PRO - Digital signature settings browser Plug-In.
It is better to use the Internet Explorer browser, as the java script may not work correctly in other browsers.
If the computer does not see the digital signature, then first of all you need to visit the thematic forum of the CryptoPro company. If the issue cannot be resolved on your own, then contact the support service (send there the event logs of the system and applications, indicate the version/build of CSP, OS).
The key/certificate is not installed
Why may CryptoPro CSP not see the keys? You should check the following parameters:
- whether the program is installed correctly (whether the Windows Installer service is running);
- there is access to the network;
- The correct key was issued by a certified center.
When installing, it is advisable to do this:
install a personal certificate following the installation wizard
indicate via “Browse” the location of the certificate file with the extension .cer
select the private key container (via “Browse” select the certificate on the reader - flash drive / floppy disk)
If the previous keys were once installed incorrectly and the new media is not installed, then you need to clean the registry (Windows). To do this, there is a button “Delete remembered passwords” in the CSP panel.
If there were no errors in application events, but the event logs showed them in the system, you need to check the Sfc/scannow files, and then re-register the MSIExec/unregister components, then MSIExec/regserver.
Difficult case
If the computer does not see the digital signature, what should I do? In this case, the plugin does not see the certificate, but it is installed and the site is added to the trusted list. The error is rare, but sometimes it occurs even for those users who have fulfilled all the requirements of the instructions for using CIPF. For example, we installed a root certificate. The procedure is described in detail on page 35 in paragraph 2.5.2, which is called “Viewing and installing a personal certificate stored in a private key container.” If, after all the requirements have been met, the computer still does not see the electronic signature (no certificate on cryptopro.ru), then the problem is most likely in the certificate revocation list of the certification authority (CA). If the company operating the digital signature accessed the Internet through a proxy server, then in online mode the program will not see the installed certificate in the revocation directory. Everything will work if you install this directory locally on your computer.
