What is an electronic signature - in simple language for beginners in the world of the digital economy. How to use an electronic signature from a flash drive Copy an electronic signature on a flash drive

All tips

The article provides answers to the questions: “What does an electronic signature look like”, “How does an electronic signature work”, discusses its capabilities and main components, and also provides a visual step-by-step instruction for the process of signing a file with an electronic signature.

What is an electronic signature?

An electronic signature is not an object that can be picked up, but a document requisite that allows you to confirm that the digital signature belongs to its owner, as well as record the state of information/data (presence or absence of changes) in the electronic document from the moment of its signing.

For reference:

The abbreviated name (according to Federal Law No. 63) is ED, but more often they use the outdated abbreviation EDS (electronic digital signature). This, for example, facilitates interaction with search engines on the Internet, since EP can also mean an electric stove, a passenger electric locomotive, etc.

According to the legislation of the Russian Federation, a qualified electronic signature is the equivalent of a handwritten signature that has full legal force. In addition to qualified digital signatures, there are two more types of digital signatures available in Russia:

- unqualified - ensures the legal significance of the document, but only after the conclusion of additional agreements between the signatories on the rules for the use and recognition of digital signatures, allows you to confirm the authorship of the document and control its immutability after signing,

- simple - does not give the signed document legal significance until additional agreements are concluded between the signatories on the rules for the use and recognition of digital signatures and without complying with the legally established conditions for its use (a simple electronic signature must be contained in the document itself, its key must be used in accordance with the requirements of the information system, where it is used, etc. in accordance with Federal Law-63, Article 9), does not guarantee its invariance from the moment of signing, allows you to confirm authorship. Its use is not permitted in cases related to state secrets.

Electronic signature capabilities

For individuals, digital signature provides remote interaction with government, educational, medical and other information systems via the Internet.

An electronic signature gives legal entities permission to participate in electronic trading, allows them to organize legally significant electronic document management (EDF) and submit electronic reporting to regulatory authorities.

The opportunities that digital signature provides to users have made it an important component of the everyday life of both ordinary citizens and company representatives.

What does the phrase “an electronic signature has been issued to the client” mean? What does the digital signature look like?

The signature itself is not an object, but the result of cryptographic transformations of the document being signed, and it cannot be “physically” issued on any medium (token, smart card, etc.). Also, it cannot be seen, in the literal sense of the word; it does not look like a pen stroke or a figurative imprint. About, what does an electronic signature “look like”, We'll tell you a little below.

For reference:

A cryptographic transformation is an encryption that is built on an algorithm that uses a secret key. The process of restoring the original data after cryptographic transformation without this key, according to experts, should take longer than the validity period of the extracted information.

Flash media is a compact storage medium that includes flash memory and an adapter (USB flash drive).

A token is a device whose body is similar to that of a USB flash drive, but the memory card is password protected. The token contains information for creating an electronic signature. To work with it, you need to connect to the USB connector of your computer and enter a password.

A smart card is a plastic card that allows you to carry out cryptographic operations using a built-in microcircuit.

A SIM card with a chip is a mobile operator card equipped with a special chip, onto which a java application is securely installed at the production stage, expanding its functionality.

How should we understand the phrase “an electronic signature has been issued,” which is firmly entrenched in the colloquial speech of market participants? What does an electronic signature consist of?

The issued electronic signature consists of 3 elements:

1 - an electronic signature tool, that is, a technical tool necessary for implementing a set of cryptographic algorithms and functions. This can be either a cryptoprovider installed on a computer (CryptoPro CSP, ViPNet CSP), or an independent token with a built-in cryptoprovider (EDS Rutoken, JaCarta GOST), or an “electronic cloud”. You can read more about digital signature technologies related to the use of the “electronic cloud” in the next article of the Unified Electronic Signature Portal.

For reference:

A cryptographic provider is an independent module that acts as an “intermediary” between the operating system, which manages it using a certain set of functions, and the program or hardware system that performs cryptographic transformations.

Important: the token and the qualified digital signature on it must be certified by the FSB of the Russian Federation in accordance with the requirements of Federal Law No. 63.

2 - a key pair, which consists of two impersonal sets of bytes generated by an electronic signature tool. The first of them is the electronic signature key, which is called “private”. It is used to form the signature itself and must be kept secret. Placing a “private” key on a computer and flash media is extremely unsafe; on a token it is somewhat unsafe; on a token/smart card/sim card in a non-removable form is the most secure. The second is the electronic signature verification key, which is called “public”. It is not kept secret, is uniquely tied to the “private” key and is necessary so that anyone can verify the correctness of the electronic signature.

3 - EDS verification key certificate issued by a certification center (CA). Its purpose is to associate an anonymized set of bytes of a “public” key with the identity of the owner of the electronic signature (person or organization). In practice, this looks like this: for example, Ivan Ivanovich Ivanov (an individual) comes to the certification center, presents his passport, and the CA issues him a certificate confirming that the declared “public” key belongs to Ivan Ivanovich Ivanov. This is necessary to prevent a fraudulent scheme, during the deployment of which an attacker in the process of transmitting “open” code can intercept it and replace it with his own. This will give the criminal the opportunity to impersonate the signer. In the future, intercepting messages and making changes, he will be able to confirm them with his digital signature. That is why the role of the electronic signature verification key certificate is extremely important, and the certification center bears financial and administrative responsibility for its correctness.

In accordance with the legislation of the Russian Federation, there are:

— “electronic signature verification key certificate” is generated for an unqualified digital signature and can be issued by a certification center;

— “a qualified electronic signature verification key certificate” is generated for a qualified digital signature and can only be issued by a CA accredited by the Ministry of Communications and Mass Communications.

Conventionally, we can indicate that electronic signature verification keys (sets of bytes) are technical concepts, and a “public” key certificate and a certification authority are organizational concepts. After all, the CA is a structural unit that is responsible for matching “public” keys and their owners within the framework of their financial and economic activities.

To summarize the above, the phrase “an electronic signature has been issued to the client” consists of three components:

The client purchased an electronic signature tool.
He received a “public” and “private” key, with the help of which the digital signature is generated and verified.
The CA issued the client a certificate confirming that the “public” key from the key pair belongs to this particular person.

Security issue

Required properties of signed documents:

integrity;
reliability;
authenticity (authenticity; “non-repudiation” of the authorship of information).

They are provided by cryptographic algorithms and protocols, as well as software and hardware-software solutions based on them for generating an electronic signature.

With a certain degree of simplification, we can say that the security of an electronic signature and the services provided on its basis is based on the fact that the “private” keys of the electronic signature are kept secret, in a protected form, and that each user responsibly stores them and does not allow incidents.

Note: when purchasing a token, it is important to change the factory password, so no one will be able to access the digital signature mechanism except its owner.

How to sign a file with an electronic signature?

To sign a digital signature file, you need to complete several steps. As an example, let's look at how to put a qualified electronic signature on a trademark certificate of the Unified Electronic Signature Portal in .pdf format. Need to:

1. Right-click on the document and select the crypto provider (in this case CryptoARM) and the “Sign” column.

2. Follow the path in the crypto provider dialog boxes:

At this step, if necessary, you can select a different file to sign, or skip this step and go directly to the next dialog box.

The Encoding and Extension fields do not require editing. Below you can choose where the signed file will be saved. In the example, a document with digital signature will be placed on the desktop.

In the “Signature Properties” block, select “Signed”; if necessary, you can add a comment. The remaining fields can be excluded/selected as desired.

Select the one you need from the certificate store.

After checking that the “Certificate Owner” field is correct, click the “Next” button.

In this dialog box, the final check of the data required to create an electronic signature is carried out, and then after clicking on the “Finish” button, the following message should pop up:

Successful completion of the operation means that the file has been cryptographically converted and contains requisites that record the immutability of the document after it is signed and ensure its legal significance.

So, what does an electronic signature on a document look like?

For example, we take a file signed with an electronic signature (saved in .sig format) and open it through a crypto provider.

Desktop fragment. Left: file signed with digital signature, right: crypto provider (for example, CryptoARM).

Visualization of the electronic signature in the document itself when opening it is not provided due to the fact that it is a requisite. But there are exceptions, for example, the electronic signature of the Federal Tax Service when receiving an extract from the Unified State Register of Legal Entities/Unified State Register of Individual Entrepreneurs via an online service is conditionally displayed on the document itself. The screenshot can be found at

But how in the end EDS “looks”, or rather, how is the fact of signing indicated in the document?

By opening the “Manage signed data” window through the crypto provider, you can see information about the file and signature.

When you click on the “View” button, a window appears containing information about the signature and certificate.

The last screenshot clearly demonstrates what does the digital signature look like on a document?"from within".

You can purchase an electronic signature at.

Ask other questions on the topic of the article in the comments, the experts of the Unified Electronic Signature Portal will definitely answer you.

The article was prepared by the editors of the Unified Electronic Signature Portal website using materials from SafeTech.

When using the material in full or in part, a hyperlink to www..

Often people who use electronic digital signatures for their needs need to copy the CryptoPro certificate to a flash drive. In this lesson we will look at various options for performing this procedure.

By and large, the procedure for copying a certificate to a USB drive can be organized in two groups of ways: using the internal tools of the operating system and using the functions of the CryptoPro CSP program. Next we will look at both options in detail.

Method 1: CryptoPro CSP

First of all, let's look at the copying method using the CryptoPro CSP application itself. All actions will be described using the Windows 7 operating system as an example, but in general the presented algorithm can be used for other operating systems of the Windows family.

The main condition under which it is possible to copy a container with a key is the need for it to be marked as exportable when created on the CryptoPro website. Otherwise, the transfer will not be possible.

Before you begin, connect the USB flash drive to your computer and go to "Control Panel" systems.

Open section "System and safety".

In the specified directory, find the item "CryptoPro CSP" and click on it.

A small window will open where you need to move to the section "Service".

Next, click the button "Copy...".

A window for copying the container will appear, where you need to click on the button "Review…".

A container selection window will open. Select from the list the name of the one from which you want to copy the certificate to a USB drive, and click "OK".

The authentication window will then be displayed, where in the field "Enter password" you need to enter a key expression that is used to password the selected container. After filling out the specified field, click "OK".

After this, you return to the main window for copying the private key container. Please note that in the key container name field the expression will be automatically added to the original name "-Copy". But if you wish, you can change the name to any other, although this is not necessary. Then click the button "Ready".

Next, a window for selecting a new key media will open. In the list presented, select the drive with the letter that corresponds to the desired flash drive. After that press "OK".

In the authentication window that appears, you will need to enter the same random password for the container twice. It can either correspond to the key expression of the source code or be completely new. There are no restrictions on this. After entering, click "OK".

After this, an information window will be displayed with a message that the container with the key was successfully copied to the selected media, that is, in this case, to a flash drive.

Method 2: Windows Tools

You can also transfer the CryptoPro certificate to a flash drive exclusively using the Windows operating system by simply copying it via "Conductor". This method is only suitable when the header.key file contains an open certificate. However, as a rule, its weight is at least 1 KB.

As in the previous method, the descriptions will be given using the example of actions in the Windows 7 operating system, but in general they will be suitable for other operating systems of this line.

At first glance, transferring a CryptoPro certificate to a flash drive using operating system tools is much simpler and more intuitive than actions through CryptoPro CSP. But it should be noted that this method is only suitable when copying an open certificate. Otherwise, you will have to use the program for this purpose.

An electronic signature is usually issued either on a flash drive, or on a token, or on a floppy disk. Working with props is easy, regardless of the selected media type: the software interface is clear, and problems in use rarely arise. Convenience and ease of use make electronic signature accessible even to people who do not have technical skills or experience working with complex programs.

Before starting to use the digital signature, the user must make sure that he has all the necessary tools and tools on his PC. These include:

crypto provider;
private key and digital signature certificate;
configured workplace.

A cryptographic provider is a special software that is responsible for cryptographic algorithms. It is necessary to create, verify, encrypt and decrypt digital signatures. The data is stored on an encrypted flash drive, which the crypto provider accesses when performing operations.

Setting up a workplace is one of the most important processes in the preparatory work for using an electronic digital signature. This includes installing a certification authority certificate, as well as setting up and installing a key certificate and a cross-certificate of the Ministry of Telecom and Mass Communications. You also need to configure the browser so that it allows you to carry out all the required operations. This involves installing the necessary plugins and add-ons.

How to use digital signature from a flash drive

Learning to work with a digital signature is not difficult: the process takes only a few minutes and consists of sequentially performing simple steps.

Digital signature setup

Using an electronic signature from a flash drive is not difficult: first, the media must be connected to the computer. When the flash drive is displayed in the system, you need to select “CryptoPro” - “Equipment” - “Configure readers”:

The new window should have menu items such as “All smart card readers” and “All removable drives”:

If for some reason they are missing, then you must:

in the “Configure readers” tab, click “Add” and “Next”;

in the new window select “All manufacturers”;

then select “All smart card readers” and click “Finish”.

The signature is ready to use, and the signing process depends on the type of document.

Signing MS Word documents

In the required file, the user opens:

“Information” - “Add digital signature”;

selects the generated signature, adds a comment if necessary, and clicks “Sign”;

if there are no errors, the system displays the message:

Signing a document through the CryptoPro plugin using a digital signature from a flash drive is similar to the previous method:

the user opens the desired document, selects the menu item “File” - “Add digital signature”;

then selects the desired signature and adds it to the document, completing the action by clicking “Sign”.

If there are no errors, the plugin will display a message indicating that the document was successfully signed.

Generating a signature for PDF documents also takes place in several stages. On the first one, the user opens the required file, and through the “Tools” panel goes to the “Certificates” section:

Then click on “Sign” and select the area where it will be located:

After this, in the window with a set of digital details, the user selects the required one and clicks “Continue”:

A new window will open with a preview of the electronic signature:

If everything is correct, then the user completes the action through the “Sign” button. After signing the document, if there are no errors, a message indicating the successful completion of the process is displayed.

Using a flash drive as an electronic key

A flash drive can be used as an analogue of an electronic digital signature using a RAM module. Its task is to test each electronic media for compliance with the stored data. Blocking of data or access to the system depends on the results of the scan.

A flash drive used as an electronic key works like this: every successful login to the system starts the process of overwriting the data stored in the backup part. During the next login, the system compares the brand, serial number, backup data and manufacturer.

To configure the RAM module you need to:

install the libpam_usb.so library and utilities needed to manage the module;
insert a flash drive into the USB port, collect and record all information about the media for subsequent user identification;
enter a command that assigns the name of the flash drive to the user account;
run a data validation check;
give the pam_usb module the right to control the system. If no suitable media is found, the system must prompt you to enter a password and login, or block the login.

The advantages of using this type of media include the ability to store information on a flash drive and quickly log into the system, auto-protection, and the absence of the need to remember a large amount of information.

How to copy digital signature from a flash drive

Despite the fact that the flash drive is reliable, it is recommended to copy the electronic signature from it to the PC registry. This is necessary in order to have a backup copy in case of media failure. This will also save the user from having to carry a flash drive with him everywhere, which will reduce the risk of theft or loss.

How to copy digital signature:

via Start/Control Panel/CryptoPro select “Service” and “Copy”;

in the window that opens, click “Browse”, select the key container and confirm the action “OK”;

Click “Next” and proceed to copying the private key container. In the “Key container name” window, enter the name of the electronic signature. Click “Finish”;

In the new window, click “Registry” and “OK”.

Install the copied certificate. For this:

in the “Service” tab, select “View certificates”;

Go through “Browse” to select a certificate;

select the required certificate and confirm the action using “OK” and “Next”;

complete the process by successively clicking “Install”, “Yes”, “OK”.

EDS installation is complete. Now you can use the signature both from a flash drive and from a PC.

Why might EP not work?

Typically, working with an electronic signature does not cause problems, however, there are a number of cases when the key certificate stops responding to user actions.

If the private key does not match the public key, then you need to check all closed containers on the PC you are using. The problem may be that the wrong port is selected. If the closed container is selected correctly, and the error repeats, you need to contact the CA to re-issue the electronic signature.

Sometimes, when starting, the system displays an error: certificate isn’t valid. To eliminate it, the digital signature is reinstalled according to the instructions of the CA. Also, sometimes a message appears stating that the electronic signature certificate is not trusted. In this case, the root certificate is reinstalled.

Often the problem in the operation of the electronic signature is related to the expired validity period of CryptoPro. To renew your license, you need to contact CA representatives and get a new key.

If no valid certificate is found on the PC, then you need to reinstall the digital signature and check the validity periods of the keys.

CryptoPro may not see the electronic signature due to the lack of a stable Internet connection, as well as due to an incorrectly installed program.

Less often, a case arises when the plugin does not see the installed and added certificate even after reinstallation. The problem may lie in the CA's certificate revocation list. If a user accesses the Internet through a proxy server, then in online mode the software does not see the installed certificate in the reviews directory. To troubleshoot the problem, you just need to add this reference book to your PC.

To work with an electronic signature from a flash drive, special tools must be installed on your PC. These include a crypto provider and a customized browser. Documents are signed using CryptoPro plugins, which are released both for MS Office and for PDF files. Flash media can also be used to store the electronic signature key. This is convenient because the user does not need to remember all the data, and login occurs automatically when connecting and checking the flash drive. If there is a need to travel frequently and work with digital signature certificates outside the office or at home, then it is advisable to copy the digital signature certificate from a flash drive to a PC. This will protect against damage, loss or theft of the media, and subsequent restoration of the digital signature.

Document flow in electronic form is introduced into various areas of activity. The core of this system is EDS. It is considered a complete replacement for hand-written signatures, confirms the author document and allows you to make sure that the file has not been modified after signing.

Owners who are using this attribute for the first time are interested in the question “ how to use digital signature"? For the digital signature to work, it is necessary to install a specialized tool for protecting information in cryptographic mode (CIPF) on your personal computer. It is a module responsible for secure data encryption. Only if it is available can anyone sign document, and also protect against unauthorized hacking by unauthorized persons.

If you want the software to start working, you need to purchase a license for it, which is issued by a certification authority. If it is not available, you can install any third-party crypto provider that complies with GOST. The most common are CryptoPro and VipNet.

If you are afraid that you will not be able to handle the setup on your own, you can contact the CA manager for help. For those who don't know, how to use digital signature from a flash drive, and in general, this is the first time I encountered such signature, it is important to know that the electronic signature issued by one CIPF will not apply to others. If you plan to use several different systems on one PC at once, you should tell the issuance and installation specialist about this. electronic signature.

To sign any document the owner is required to have EDS key, which is known only to him. It is recommended that you read and clarify in advance how to use an electronic key and how to properly store it. It is best to record it on a special medium. If an ordinary flash drive falls into the hands of an attacker, he can easily put his signature on it instead of you. document. Electronic key can contain:

On a specialized token carrier that has good protection and only works when the correct PIN code is entered.
In the cloud located on the server of the certification authority. This allows you to sign digital documentation at any time and in any place convenient for you where there is Internet access.

If you already know how to use a digital signature and yours EDS ready to begin performing her functional duties, register her with the CA and attach a special certificate.

All elements related to electronic signature, including the certificate, are issued by the CA. Each one is stored on a special storage token, which ensures their protection. When any cryptographic operation is performed, a crypto provider to gain access to the key EDS closed type, accesses electronic media. On the website of the certification center you can view the information you are interested in and find out in detail how to use an electronic signature.

Select signature

There are 2 types of documents:

Electronic documentation in a specialized format that allows you to embed an electronic digital signature inside the document.
Informal documentation that does not have a tool for embedding digital signatures.

Once you understand how to use digital signature, you should figure out whether it is possible to embed it inside the file itself. In some cases, special settings are required, but most often a simple version of this program is enough. When using Microsoft Word, most factors depend on the version of the product itself. In programs before 2007 EDS V document is created without auxiliary add-ons, but in versions created a little later, a special CryptoPro Office Signature plugin is required. Speaking about signing PDF files, it is worth noting the importance of using Adobe Acrobat. With her help in document can be embedded EDS.

Electronic signature Many people use it to work on ETP. To do this, you should complete accreditation, attaching photocopies of the necessary documents signed by the electronic signature, and figure out how to use an electronic signature key. When participating in auctions of this type, all actions must be confirmed electronic signature, since all information is stored on ETP servers.

The person who received document electronic format, can verify the authenticity of the file with digital signature. This can only be done if there is an open key sender. As a result of the test, a special software module allows you to determine whether the signature document and public electronic key.

The relevance of this application signatures is increasing every year. Only some details regarding the scope of its application change, and all other elements remain the same. All you need to do is study in detail, how to use an electronic digital signature.

As a rule, an electronic digital signature is recorded on a USB drive. However, if you need to install a digital signature from a flash drive to a computer, that is, copy the digital signature to a computer, find out in this article how to do it quickly and easily.

Copy digital signature to computer

Of course, carrying a flash drive with you all the time is not always convenient. It may either become unusable, or it may simply not be available at the right time. In this case, a method will come to the rescue in which we copy the digital signature certificate to the computer itself, which will subsequently allow us to do without a USB drive.

In order to copy digital signature to computer, please follow the following instructions:

Insert the USB drive with digital signature into the computer and run the program CryptoPro CSP, go to the tab Service and press Copy….

In the window that opens, select the key container by clicking the button Review.

In the list of user key containers that opens, select a container and click OK.

After selecting a container, its name will appear in the line Key container name. In the next window just click Further.

In the next step, you need to specify information about the new container, for which enter Certificate name (think of any name for the key certificate). After that, click the button Ready.

For a newly created container, it is possible to set a new password. If you want to set a password, enter it twice in the appropriate fields. If you do not plan to use a password, leave the fields blank and click OK.

So, we have selected the object to copy and indicated the location where the certificate will be stored. Now you need to install this certificate.

In the tab Service click View certificates in container...

Clicking the button Review, in the window that opens, if you noticed, another key container has appeared. Select the newly created container and click OK.