Electronic signature - types, methods of application and receipt

Paper documents are gradually being replaced by electronic document management (EDF) and its mandatory attribute - an enhanced qualified electronic signature (ECES). Its owner can access the necessary information online on government and other Internet resources, make the necessary payments, write an application, and complete a transaction. A strengthened electronic signature serves to verify the user’s identity on the Internet.

What is ESIA and why is it needed?

In 2010, Russia created the Unified Identification and Authorization System (USIA) - registration in it gives Internet users access to all government services.

Identification in the ESIA is recognized by:

• State Services portal;
• websites of the Federal Tax Service, Rosreestr, Pension Fund, Federal Migration Service;
• medical institutions;
• insurance organizations;
• banks, organizations for issuing small loans;
• non-state pension funds;
• mobile operators;
• local government websites.

Get a driver's license or international passport, make an appointment with a doctor, register your child for school, pay bills, get a bank loan - all this is available online to users of the ESIA system. Electronic services allow you to solve problems without wasting time in queues at the coveted window, without entering into personal contact with employees of government agencies.

All capable citizens of the Russian Federation who have a passport, INN, SNILS, mobile phone and email address are allowed to register with the Unified Identification and Autonomous Information System (USIA) on the portal gosuslugi.ru. According to Rostelecom reports, currently (2020) every second resident of Russia has an account in the Unified Identification and Automation System.

When completing documentation via the Internet, citizens use an electronic signature, which allows them to be identified.

Validity period of the digital signature

The electronic signature itself does not expire. However, if we are talking about UKEP, then the validity period of the electronic signature key, as a rule, cannot exceed 15 months, therefore certificates are not issued for a longer period. Typically the certificate is valid for one year. This, among other things, is due to the peculiarities of the encryption algorithms used - their operation should not exceed one year.

In conclusion, we note that obtaining and using an electronic signature in 2021 is not at all difficult. In some cases, you can do this yourself and for free. But to obtain a full digital signature, which can be used in relations with all government agencies and organizations, you need to contact a special certification center. The presence of such a signature will significantly simplify relationships with regulatory authorities and counterparties, and will also open access to electronic trading platforms, including within the framework of government orders.

What types of electronic signatures are there?

An electronic signature on a document is an analogue of a handwritten autograph left on paper. Law No. 63-FZ defines two types of electronic signature (ES):

1. a simple electronic signature has a minimum degree of security,
2. a strengthened electronic signature is an encrypted file with two keys and a certificate for verification.

What is a simple electronic signature

A simple electronic signature (SES) is a simple alphanumeric designation that allows the user to log in to a particular information system and perform authorized operations in it. Most often, the PEP is represented by a login-password pair, where the login is an email address or phone number, and the password is generated by the user himself or the system with which he intends to interact.

The PEP itself has no legal force. It can be equated to a handwritten signature if a special agreement on this is concluded on the website, within the corporation or between business partners. Thus, an online bank will approve the transfer of money from an account if it receives confirmation in the form of a digital code sent to the client’s phone or email. A special agreement with the client allows the combination of “phone number + SMS code” to be equated to the client’s personal signature. In addition to banking transactions, simple electronic signature is used:

• when circulating electronic documentation within the company;
• to authenticate and view information on government websites;
• for communication between business partners if there is an agreement between them.

In the ESIA system, submission of requests and access to electronic services on websites is permitted only after the recipient of the PEP key personally appears with a passport at the MFC, where his identity will be identified.

What is an enhanced unqualified electronic signature (NEP)

An enhanced electronic signature is a special file with a code created in addition to the document. Its purpose is to verify the identity of the author and guarantee the integrity of the information in the source. Unlike a security signature, an enhanced electronic signature is almost impossible to forge: it is generated by specialists who have received a license from the FSB to work with encryption programs. Without a special key, you will not be able to open a document with such a signature. Reinforced electronic signature is used to sign documents that must have a seal on paper.

An enhanced signature can be unqualified (NEP) and qualified (CEP). The difference between them is the degree of trust of the state. The NEP is generated for internal electronic document management using an arbitrary cryptographic algorithm; it is valid only for those correspondents of the corporation with whom there is an agreement on recognizing the legal force of this signature. Without presentation of such an agreement, the arbitration court will recognize the contract signed by NEP as invalid. The Tax Inspectorate service generates NEP for its users to sign tax reporting documents from their personal account on the website. The NEP is not used on the State Services portal, on the resources of the Pension Fund and the Social Insurance Fund, Rosreestr, Rosstat, etc.

Tired of reading? Save time, ask a lawyer a question for FREE:

What is an enhanced qualified electronic signature

A qualified electronic signature is generated in certification centers accredited by the Ministry of Communications; An algorithm that complies with state standards is used to encode it. This signature is trusted by all government bodies, including arbitration courts. A document certified by UKEP has unconditional legal force; the signature can be used in all electronic document management operations.

The comparative table below will explain how both types of enhanced EP differ.

Comparison options	Unqualified electronic signature	Qualified electronic signature
Who creates	Any specialist licensed	Certification center with state accreditation
Creation algorithm	Arbitrary	Corresponding GOST of the Russian Federation
Software	Not necessary	Special software required
Certificate requirements	No	Yes, determined by FSB order No. 795
Legal status	Without a contract it has no legal force	Recognized by the court without additional conditions
Scope of application	Limited by internal document flow and agreement with partners	Used in all document flow operations, including government services

A qualified electronic signature consists of the following elements:

• private key certificate – code for generating an encrypted signature of an electronic document;
• public key certificate – code for decrypting a document with an electronic signature;
• verification key certificate – contains information about the terms of use of the electronic signature and personal data of its owner.

An enhanced electronic signature is a file in the doc.sig format created by a special program, which is attached to the main document. The software, a means of cryptographic information protection, is purchased together with the CEP certificate and installed on a computer to work with electronic documents.

When you sign a document, the software scans all the information it contains and adds an electronic signature—an encrypted file created with a private key—to it. An enhanced electronic signature key code is a long sequence of numbers and symbols with up to 32 bytes of information, which is stored on tokens (password-protected flash drives) or smart cards.

Important: the loss of a private key means that documents with any content can be signed in the name of its owner, and the owner of the key will bear responsibility for them. It is urgent to contact a certification authority that is authorized to invalidate the signature certificate from the moment the application is submitted.

When opening a document, the CIPF program checks the immutability of the information contained in it - if it is identical to the source, the document is valid. You can decrypt a signature using a public key - a file that contains information about the owner of the signature and his powers. A public key certificate is available to all participants in the document flow: if a document is opened with its help, it means that it was signed by the owner of this key.

The key verification certificate contains the start and end dates of the signature (“time stamp”). Documents signed during this period retain legal force for an unlimited period. To sign later documents, you must receive a CEP with a new certificate.

Obtaining UKEP is a paid service (see below for details).

Operating principle of digital signature

Certification centers are responsible for issuing digital signatures. They solve the most important problem, namely: they confirm the authenticity of information about the owner of the key and his powers. The center issues a public signing key certificate. An electronic certificate is a file that represents the client’s public key, signed with the digital signature of a certification authority. After completing the documents at the certification center, the client has in his hands a medium on which the following files are recorded: public key, private key, public key certificate.

Let's say an accountant wants to send a declaration to the inspectorate. It generates a reporting file. Then he signs the declaration file with his private key. As a result, a new, original file is formed. In a document signed with an electronic signature, neither the recipient nor the sender can change a single character - such a violation of the integrity of the document is easily detected when checked using a public key certificate.

Next, the program with which the accountant sends the reports encrypts the declaration with the public key of the inspectorate. The encrypted file is sent to the inspectorate. The tax authorities receive the file and decrypt it with their private key. Then the payer’s electronic signature is verified using the registry of public key certificates. The check answers two questions: whether after signing the payer’s digital signature, the integrity of the document was violated, and whether this digital signature really belongs to the payer who submitted the reports.

After the inspection, the inspection sends the organization an incoming control protocol. The inspector signs the protocol with his private key. Then it encrypts the protocol with the organization’s public key and sends a file with encrypted information to the company. The accountant opens the information encrypted in the file with his private key.

Theoretically, it is possible to intercept an encrypted file. However, it will be possible to decrypt a file sent to the inspectorate only if you have the inspectorate’s private key. Accordingly, the encrypted file that the inspectorate sent to the taxpayer can only be opened by someone who has the private key of this taxpayer.

Attention

Documents can only be signed with the signer’s personal key. It cannot be transferred to third parties, otherwise the signature will be compromised (that is, actually forged). This means, among other things, that the director cannot give the medium with his signature key to the accountant to sign the statements before sending. Let's draw an analogy with a traditional signature. Transferring a token with a director’s signature into the hands of third parties is equivalent to a situation where the secretary forges the director’s signature on a document. Even if the signature looks like the original, it is not the manager’s handwritten signature. And if this fact is established, the document will be recognized as falsified.

Using an electronic signature at work

A strengthened electronic signature is required when submitting tax reports, concluding contracts, and business correspondence; it opens full access to the use of services on government electronic resources.

Reporting via the Internet

State and private enterprises, individual entrepreneurs and individuals are required to regularly report their income to the state. To send reports via the Internet, a qualified electronic signature is required. This requirement is contained in the letter of the Federal Tax Service No. PA-4-6/489. The CEP is issued in the name of an individual entrepreneur, chief accountant or head of the enterprise.

Reporting to EGAIS for Rosalkogolregulirovanie

To control the turnover of alcohol-containing beverages, responsible employees of catering and retail enterprises, suppliers and producers of alcohol are required, starting from 2021, to submit quarterly declarations on the volume of sales of alcoholic products (PP No. 815). Reports are submitted to the Unified State Automated Information System (USAIS) and forwarded to Rosalkogolregulirovanie (Federal Service for Alcohol Market Regulation, FSRAR). Since FSRAR only accepts electronic documentation, to complete the declaration you must:

• Purchase a CEP certificate - for the correct signature and encryption of sent information.
• Install Crypto Pro software to work with electronic signatures and encrypt data;
• Install the Declarant Alko program - for correct reporting on alcohol.

Please note: if you purchase an ES private key certificate on a token with a built-in encryption tool (EDS Rutoken 2.0), then you will not need Crypto Pro software to protect information.

Participation in electronic trading

To participate in government auctions, according to Law 44-FZ, a certificate of a qualified electronic signature is required, which is issued to a specific representative of the enterprise.

Mixed tenders with the participation of commercial and state enterprises are regulated by Law No. 223-FZ. The requirements for certificates are very different:

• at some sites basic CEP certificates are valid,
• others require additional paid identification (OID),
• still others issue their own certificate of unqualified electronic signature, which is valid within one trading platform.

According to Law No. 127-FZ, anyone can participate in auctions for the sale of bankrupt property; at these sites, basic EPC certificates issued by any accredited certification center in the country are valid.

Signatures for electronic document exchange

Electronic document exchange allows businesses to save time and money.

• Electronic documentation does not require paper.
• The time required to search and transmit the required document to the address is greatly reduced.
• The risk of loss and damage to electronic files is minimized.

A qualified signature is used:

• for drawing up employment contracts for remote work;
• for maintaining personnel documentation;
• for financial reporting and tax payment;
• when working in government information systems.

Please note: according to the new amendments to Law No. 63-FZ, all information systems from 07/01/2020 are required to recognize a qualifying electronic signature as a universal way to endorse electronic documentation.

Working with government information resources

In order to actively work on government portals, you need an electronic signature. Without it it is impossible:

• submit an application/complaint/request;
• confirm the authenticity of the documents being sent;
• pay expenses/taxes/fees;
• make a payment/money transfer
• send a report, etc.

Most government services - State Services, UAIS, Roskomnadzor, Rosimushchestvo, Central Bank, Rosreestr - recognize the basic CEP.

On the Federal Tax Service website, an unqualified electronic signature has legal force. The user can receive a key certificate after identifying himself during a visit to the tax office. Legal organizations and individual entrepreneurs can work on the Federal Tax Service website only if they have a qualified electronic signature.

How to use EP in everyday life

Using an electronic signature in private life can alleviate some problems. CEP holders have access to electronic government services.

1. You can submit your tax return online without visiting a tax office.
2. Applicants have access to the service of submitting an application to a university in any city in the country.
3. You can apply to admit your child to kindergarten and enroll him in school.
4. You can send documents to apply for a job without visiting the employer.
5. The online loan application service has become available.

Changing your compulsory medical insurance policy, obtaining an extract from Rosreestr, registering real estate, changing your place of registration, registering a purchased car, applying for a patent or a permit for individual activities - all these actions become much easier if you have a qualified electronic signature.

Legal force of digital signature

Signing a document with a simple electronic signature is possible only in two cases. The first is that this is directly stated in the relevant regulatory act. For example, the possibility of using a simple digital signature for a government services portal is provided for in paragraph 3 of Article 21.2 of Law No. 210-FZ. The second case is when the parties have previously agreed to use such a signature. For example, this happens when connecting to online banking. In other cases, using a simple electronic signature to work with government agencies, gain access to electronic trading, or sign documents (internal or external) will not work.

Similar rules apply to an enhanced unqualified signature. Although it has greater security than a simple digital signature, since it identifies not only the signer, but also confirms the immutability of the signed document, an unqualified digital signature can be used only on the basis of the preliminary agreement of the parties, or by virtue of a direct indication of the law. Without this, an unqualified signature has no legal force. This type of signature cannot be used when communicating with government agencies, as well as for accessing trading platforms within the framework of government orders.

And only an enhanced qualified electronic signature gives documents legal force without any additional conditions. After all, the guarantor here is a certification center that has passed state accreditation and licensing. Therefore, an electronic document signed by UKEP immediately has legal force and is different from its paper counterpart, which is signed with one’s own hand. Thus, a business affected by coronavirus can use an enhanced qualified electronic signature in an application for a non-refundable subsidy. Such an application can be submitted through the taxpayer’s personal account on the Federal Tax Service website, and to work with this account, organizations need an enhanced qualified electronic signature.

Order an electronic signature to receive a non-refundable subsidy from the state Submit an application

Where and how to get UKEP

The official list of certification centers in Russia accredited by the Ministry of Communications and Mass Media can be found on the website of this ministry here. In these centers you can obtain an enhanced qualified electronic signature.

To visit a certification center, individuals prepare a small package of documents:

• Passport;
• SNILS;
• TIN.

For legal entities the following are added to the list:

• a copy of the constituent document;
• extract from the Unified State Register of Legal Entities (USRIP for individual entrepreneurs)
• tax registration certificate;
• bank account details.

At the certification center office, you must write an application and give it to the operator along with a receipt for payment for the service. After checking the documents and identifying the person, the center employee makes an entry in the register of certificates and gives the applicant the EPC key codes recorded on the medium and a verification certificate with the validity period indicated in it. Along with the keys, the applicant receives software for operation.

If there is no accredited certification center near your place of residence, the procedure for obtaining an enhanced qualified signature takes place at the MFC. In this case, the Electronic Signature will be ready 5-10 days after submitting the application and paying for services. Offices of the Federal Tax Service and divisions of the Central Bank of the Russian Federation are places where entrepreneurs and representatives of financial institutions can obtain CEP.

Obtaining UKEP is a paid service.

What is digital signature: definition

Currently, the term “electronic digital signature” is not used in official documents.
Since 2011, it has been replaced by a shorter concept - electronic signature. This is information in electronic form that is attached to or otherwise associated with other information in electronic form (signed information) and that is used to identify the person signing the information. This definition is contained in the article of the Federal Law of 04/06/11 No. 63-FZ “On Electronic Signature”. An electronic signature, like a handwritten autograph, is a requisite of the document being signed, designed to certify its authorship. Note that a “paper” signature can be considered as information (indication of position, full name and autograph itself), which is associated with the main document and is needed to determine who signed it.

Receive an enhanced qualified electronic signature certificate in an hour

UKEP price

The cost of a qualified electronic signature certificate depends on several factors. Thus, obtaining keys will be cheaper for individuals than for representatives of legal entities.

The price also depends on the scope of application of the signature, on additional software services, on the pricing policy and system of discounts at various certification centers. The average cost of CEP is given in the table.

Type of service	Price, rub./year
Basic CEP for physical. persons	1200-1400
To work in government systems	From 2000
For business	From 3000
For bidding	From 5900
Software license	1000
Token	500