Internet Windows Android
Expand
home

Generating EDS keys. Instructions for generating an electronic signature key

In the age of information technology, electronic media are replacing paper documents. To give them legal significance, they also need to be certified with a signature and seal. In this connection, many users have the question of how to make an electronic seal and signature yourself. To answer it, you need to find out what is an electronic digital signature (EDS)?

EDS - information about the signer, attached to other information (signed document).

There are 2 types of EDS: simple and enhanced. Strengthened, in turn, is divided into skilled and unskilled.

Simple EDS (PES) - a signature consisting of a set of symbols and passwords. A striking example of a PEP is the use of a bank card. When registering it, a username and password are registered, and when performing payment actions, the subscriber receives a code to the phone number registered in the banking system, which must be entered to confirm the payment.

Unqualified ES - information about the subscriber, encrypted using a cryptographic information converter, which allows you to track the signer, as well as all changes made to the document after his signature.

A qualified digital signature has the same properties as an unqualified signature, but its mandatory attribute is the certificate of the digital signature verification key.

Simple and unqualified ES correspond to a visa on a paper document, qualified is electronic seal and signature.

There are several ways to make a signature on a computer and to certify a document with it. Which ones, we will consider further.

EDS creation in Word

Electronic signature free of charge is created in MS Office documents. Let's look at an example with a Word file. To certify a document created using Word software, you must perform the following steps:

  1. We put the cursor in the place where you want to add the signature.
  2. Go to the "Insert" tab and click the "Microsoft Office Signature Line" button.
  1. In the window that opens, fill in the required fields.

  1. The signature is ready and looks like this:

You can also add a signature from the File menu. To do this, open the document, press the button "File", "Information", "Document protection" and select the function "Add digital signature".

Next, fill out the form in the same way as shown in Fig. 2. However, the signature generated in the above manner is difficult to verify for authenticity. Therefore, many users choose relatively inexpensive Karma software.

Karma program for creating EDS without MS Office

Karma software is a cryptographic software product developed by Russian programmers that can be used in various systems of any level:

  • for legally significant electronic document management (EDM);
  • to work in the 1C system;
  • for messages sent by email;
  • for management document flow;
  • to sign files opened by Windows Explorer, etc.

A feature of the system is the ability to add a graphic image of the signature and seal (facsimile) to the document. When using this function, the paper copy is practically identical to the original.

In addition, the sender can attach a sticker to the document to be signed by recording messages, comments or instructions intended for the recipient of the document. At the same time, the software has an intuitive interface that does not require special knowledge from an ordinary user.

However, the signature generated by the Karma program is not suitable for sending reports to the Federal Tax Service or for working on the portal of public services.

How to create an EDS and register a certificate online

To make an electronic signature online for EDF with IFTS, an individual must register in the personal account of the taxpayer (LCN). To obtain a certificate in the LCN, go to the "Profile" section and click on the button "Obtain a certificate of an electronic signature verification key". This key is valid for 1 year, after which the certificate is requested again. The LCN generates electronic signature online for free.

This function is available only to individuals who do not include individual entrepreneurs, private notaries and other self-employed population. In addition, the EDS received by an individual in the LCN for sending reports to the Federal Tax Service is not suitable for working on the public services portal. To conduct electronic document circulation through the website of public services, a citizen must use a universal electronic card received before 2017, or an electronic passport (if available), and also purchase a special reading device (card reader).

To organize EDM with fiscal authorities and funds, as well as to work on sites intended for participation in tenders according to the law dated July 18, 2011 No. 223-FZ, subscribers can receive a certificate of the EDS verification key only at an accredited certification center (CA).

ATTENTION! To work on the public procurement website according to the law No. 44-FZ dated 05.04.2013, EDF participants should receive a certificate of the EDS verification key from the territorial department of the Federal Treasury (letter from the Ministry of Economic Development of the Russian Federation dated 26.10.2016 No. D28i-2792).

Registration of the EDS certificate

To generate a key, a subscriber must contact the nearest CA with a full package of documents:

  1. To a natural person:
  • application for a certificate;
  • copies of the passport, TIN, SNILS of the individual - the owner of the certificate.
  1. Legal entity:
  • documents named in clause 1;
  • extract from the Unified State Register of Legal Entities (EGRIP);
  • an order to appoint a manager or other document that allows a person to act on behalf of the subject;
  • other documents at the request of the CA.

The certificate is usually written on removable media or issued on paper.

ATTENTION! Different certificates are issued for different operations. So, for work on the website of state purchases under 44-FZ or at sites under 223-FZ, a certificate obtained for sending reports to the Federal Tax Service will not work, and vice versa.

The process of signing a document electronically

The process of signing a document with a simple EDS does not require special knowledge. To do this, enter the password and confirm it.

Signing with a qualified signature has its own characteristics. Before signing the document, it is necessary to install the CryptoPro software or another cryptographic information converter and the EDS key verification certificate itself.

The installation algorithm is considered step by step in the article "How to install an EDS certificate on a computer?" ...

Next, you should endorse the required document. The sighting algorithms differ depending on the type of file, type of editor or software. For example, to send reports to the Federal Tax Service or to the funds, the file is loaded into a special program, then the appropriate certificate is selected and the "Sign file" button is pressed.

Outcomes

To give a document legal significance, you need an electronic digital signature - you now know how to make it yourself for free. The method of obtaining an EDS depends on the type of signature, the subscriber and the needs for which it is drawn up.

Good afternoon, dear readers! This article is dedicated to business owners, regardless of its size and organizational form, and ordinary citizens of our country. It will be equally useful and interesting for both simple individual entrepreneurs and the owners of large commercial enterprises. What do they have in common? The answer is simple - document flow and the need to interact with various government agencies! Therefore, let's talk about a tool that will greatly simplify the movement of documents, both inside the enterprise and outside it! Today we will take a closer look at how to get an electronic signature (EDS)!

Let's start with the essence of the electronic signature and the mechanism of its functioning, then we will consider the scope and unconditional usefulness, after which we will discuss how to obtain it for an individual entrepreneur, individual entrepreneur and legal entities, and also talk about the necessary documents. We have collected the most complete information on how to get an EDS! By the way, if necessary, you can use it to close the IP. The article describes how to do it!

What is an electronic digital signature: the simple essence of a complex concept!

Each document at the enterprise must be signed by an authorized person. The signature gives it legal effect. Modern technologies have transferred the workflow to electronic format. Which turned out to be extremely convenient! First, electronic documents have simplified and accelerated the exchange of data in the enterprise (especially with international cooperation). Secondly, the expense associated with their turnover has been reduced. Third, the security of commercial information has improved significantly. Despite the electronic format, each document must be signed, so an EDS was developed.

What is an electronic digital signature? This is an analogue of traditional digital painting, which is used to give legal effect to documents on electronic media. The word "analog" should be understood as a sequence of cryptographic symbols, randomly generated using special software. It is stored on electronic media. Flash drives are commonly used.

There are two important concepts associated with ES: certificate and key. A certificate is a document that certifies that an electronic signature belongs to a specific person. It can be normal and reinforced. The latter is issued only by some accredited certification centers or directly by the FSB.

The electronic signature key is the same sequence of characters. The keys are used in pairs. The first is the signature, and the second is the verification key that verifies its authenticity. A new unique key is generated for each new document to be signed. It is important to understand that the information received on the flash drive in the certification center is not an electronic signature, it is just a means for its creation.

An electronic signature has the same legal weight and effect as a paper document. Of course, if there were no violations when applying this parameter. If a discrepancy or any deviations from the norm are detected, the document will not become valid. The use of digital signatures is regulated by the state with the help of two laws FZ-1 and FZ-63. They affect all areas of application of the signature: in civil law relations, when interacting with municipal and state bodies.

How the idea of ​​using the EOC came about: let's remember the past!

In 1976, two American cryptographers, Diffie and Hellman, suggested that electronic digital signatures could be created. It was just a theory, but it resonated with the public. As a result, already in 1977, the RSA cryptographic algorithm was released, which made it possible to create the first electronic signatures. In comparison with the present, they were very primitive, but it was at this moment that the foundation was laid for the future rapid development of the industry and the widespread dissemination of electronic document management.

The millennium has brought about significant changes. In the United States, a law was passed, according to which a signature on paper was equivalent in legal force to an electronic one. This is how a new rapidly growing segment of the market appeared, the volume of which, according to the forecasts of American analysts, by 2020 will amount to $ 30 billion.

In Russia, the first electronic signatures began to be used only in 1994. The first law to regulate their application was adopted in 2002. However, it was distinguished by extreme vagueness of formulations and ambiguity in the interpretation of terms. The law did not give an unambiguous answer to the question of how to obtain an electronic signature and use it.

In 2010, a large-scale project was developed to create a virtual environment for the provision of public services in electronic format, which in August of the same year was submitted for consideration to the President of the Russian Federation. One of the key areas of the project is the ability to use EDS. The regions are obliged to create conditions for free access of individuals and legal entities to the possibilities of electronic document management, so that everyone can receive an electronic signature. Since then, an "electronic state" has been actively developing in Russia.

In 2011, the President ordered the executive authorities to switch to electronic document management within the structures. By June of the same year, all officials were provided with an EDS. The program was financed from the federal budget. In 2012, electronic document management started working in all executive bodies of the Russian Federation without exception.

After these transformations, there were two acute questions. First, EP was not universal. For each goal, a new signature had to be obtained. Secondly, some crypto providers were incompatible with others, which put their clients in a difficult position. Therefore, in 2012, a global process of unification in the field of electronic document management began. Thanks to this, we have modern universal signatures and software.

EDS signature: 5 advantages and 6 use cases!

Many entrepreneurs do not yet use the EOC in their economic activities. In many respects, the reason for this is elementary ignorance of all its capabilities and advantages. Using an electronic format for signing documents, business entities (individual entrepreneurs, legal entities) receive the following benefits:

  1. Documents are maximally protected from falsification.

Since the computer is very difficult to deceive. In this case, the human factor is completely excluded. After all, you can simply not notice that the signature on the document is different from the genuine one. It is impossible to forge an electronic signature. This requires very large computing power, which is practically impossible to implement at the current level of device development, and a lot of time.

  1. Optimization, acceleration and simplification of document flow.

Complete exclusion of the possibility of data leakage or loss of important papers. Any copy certified by an electronic identifier is guaranteed to be received by the addressee in the sent form: no extraordinary circumstances can cause damage to it.

  1. Reducing costs due to the elimination of paper media.

For small firms, paper-based documentation was not burdensome, which was not the case for large firms. Many of them had to rent separate premises, warehouses for storing documents for 5 years. In addition to the cost of paper, printers, ink, stationery, rent was also added! In addition, depending on the field of activity, some companies could reduce costs by reducing the number of employees who dealt with documents: reception, processing, etc. The need to recycle paper also disappeared: for certain types of organizations whose activities are related to confidential information, even this line of expenses turned out to be significant. The process of destruction of documents under the EDS - a few clicks of the computer mouse.

  1. The format of the signed electronic signature fully complies with international requirements.
  2. There is no need to obtain a separate signature to bid or submit reports to regulatory authorities.

You can get an electronic signature that will allow you to use it at all the necessary sites.

Before proceeding to the consideration of the question of how to obtain an electronic signature, we list all the possible options for its use:

  1. Internal document flow. It implies the movement of commercial information, orders, orders, etc. inside the company.
  2. External document flow. We are talking about the exchange of documents between two organizations as partners in the B2B system or between an enterprise and a B2C client.
  3. Submission of reports to regulatory authorities:
  • Federal Tax Service,
  • Pension Fund,
  • Social Insurance Fund,
  • Customs Service,
  • Rosalkogolregulirovanie,
  • Rosfinmonitoring and others.
  1. To gain access to the "Client-Bank" system.
  2. To participate in auctions and auctions.
  3. To receive government services:
  • State Service website,
  • RosPatent,
  • Rosreestr.

How to get an electronic signature: step by step instructions!

Having appreciated all the advantages of using an electronic signature, you decided to get one. And, of course, faced with a natural question: how to do it? We will answer this question with the help of detailed step-by-step instructions that will help you quickly and easily get an EDS signature!

There are 6 steps in total.

Step 1. Selecting the type of electronic signature.

Step 2. Selecting a certification authority.

Step 3. Filling out the application.

Step 4. Payment of the invoice.

Step 5. Collecting a package of documents.

Step 6. Receiving an EDS.

Now let's talk about each step in more detail!

Step 1. Choice of type: everyone likes their own!

The first step towards obtaining an electronic signature is choosing its type. According to federal laws, the following types of EDS are distinguished:

  1. Simple. It encodes data about the owner of the signature, so that the recipient of the paper is convinced who the sender is. It does not protect against counterfeiting.
  2. Reinforced:
  • unqualified - confirms not only the identity of the sender, but also the fact that no changes were made to the document after signing.
  • qualified - the most secure signature, the legal force of which is 100% consistent with the strength of an ordinary signature! It is issued only in those centers that are accredited by the FSB.

Recently, more and more customers want to get a strengthened qualified signature, which is quite reasonable. Like any other "keys" that open access to private information or financial transactions, fraudsters of various categories hunt for EDS. Analysts believe that over the next 10 years, the first two species will simply become obsolete. The choice depends on the variant of using the EDS. To make it easier to make a decision, we have drawn up the data in a table, it will help to make a choice and focus on a specific necessary and sufficient form.

Scope of application Simple Unqualified Qualified
Internal document flow + + +
External document flow + + +
Arbitration court + + +
State services website + - +
Supervisory authorities - - +
Electronic auctions - - +

If you are going to receive an EDS signature for the convenience of submitting reports, you will have to apply for a qualified one. If the goal is document flow in the enterprise, then it is enough to get a simple or unqualified signature.

Step 2. Certification center: TOP-7 of the largest and most reliable companies!

A certification center is an organization, the purpose of which is to generate and issue electronic digital signatures. CA is a legal entity, the charter of which specifies the corresponding type of activity. Their functions include:

  • EDS issuance;
  • providing a public key to everyone;
  • blocking of an electronic signature, in the event that there is a suspicion of its unreliability;
  • confirmation of the authenticity of the signature;
  • mediation in the event of conflict situations;
  • provision of all necessary software for clients;
  • technical support.

At the moment, there are about a hundred of such centers operating in the territory of the Russian Federation. But there are only seven industry leaders:

  1. EETP is the leader of the electronic trading market in the Russian Federation. The company's activities are highly diversified, which does not prevent it from occupying leading positions in each segment. In addition to organizing and conducting tenders, he is engaged in the sale of property that is poorly sold, teaches the specifics of participating in auctions, forms and sells an EDS.
  2. Electronic Express is the official operator of the electronic document management of the Federal Tax Service. Has a full set of licenses (including the FSB license).
  3. Taxnet - develops software for electronic document management. In particular, he is engaged in the creation and implementation of digital signatures.
  4. Sertum-Pro Kontur - the company deals with electronic signature certificates. In addition, it offers many convenient additional services for its customers, which will significantly expand the capabilities of the digital signature.
  5. Taxcom - the company specializes in external and internal document flow of companies and reporting to various regulatory authorities. For this, appropriate software is developed and electronic signatures are created. Is on the list of official data operators from cash registers.
  6. The Tensor company is a giant in the world of document circulation over telecommunication networks. Provides a full range of services: from the development of complexes for automating the workflow at enterprises to the creation and implementation of electronic signatures.
  7. National Certification Center - develops and sells various EDS certificates, offers customers software for generating and submitting reports to all government agencies.

Choose a CA depending on your capabilities and location. It is important to check if there is a point for issuing ready-made electronic signatures in your city. It is quite easy to find out by visiting the official websites of the companies.

If for some reason you are not satisfied with the centers from our TOP-7 list, then you can use the services of other companies. A complete list of accredited CAs can be found on the website www.minsvyaz.ru in the "Important" section.

Step 3. How to get an electronic signature: fill out an application!

The choice has been made, now you know exactly what you want, so it's time to apply to the certification center. This can be done in two ways: by visiting the office of the company or by filling out an application on its website.

Remote application submission will save you from a personal visit. The application contains a minimum of information: full name, contact phone number and e-mail. Within an hour after sending you a CA employee will call you back and specify the necessary data. In addition, he will answer all the questions that interest you and advise which type of EDS to choose for your case.

Step 4. Paying the bill: money in advance!

You will have to pay for the service before receiving it. That is, immediately after accepting the application and agreeing on the details with the client, an invoice will be issued in his name. The cost of an EDS varies depending on the company you applied to, the region of residence and the type of signature. It includes:

  • generating a signature key certificate,
  • software required to create, sign and send documents,
  • technical customer support.

The minimum price is about 1,500 rubles. Average 5,000 - 7,000 rubles. The cost of one electronic signature may be less than 1,500 rubles, only if signatures are ordered for a large number of employees of one enterprise.

Step 5. Documents for obtaining an EDS: we form a package!

When forming a package of documents, it is essential which subject of civil law is the customer: an individual, a legal entity or an individual entrepreneur. Therefore, we will consider documents for obtaining an EDS separately for each category.

Individuals must provide:

  • statement,
  • passport plus copies,
  • individual taxpayer number,
  • SNILS.
  • Receipt of payment.

The authorized person of the recipient of the electronic signature can submit documents to the CA. To do this, you need to issue a power of attorney.

To obtain an EDS, a legal entity will have to prepare:

  1. Statement.
  2. Two certificates of state registration: with OGRN and TIN.
  3. Extract from the register of legal entities. Important! The statement must be "fresh". Each certification authority has its own requirements in this regard.
  4. Passport plus a copy of the person who will use the electronic signature.
  5. SNILS of the employee who will use the EDS.
  6. If the signature is issued for the director, then an order of appointment must be attached.
  7. For employees who are lower in the hierarchical ladder of the company, you will have to issue a power of attorney for the right to use the EPC.
  8. Receipt of payment.

Documents for obtaining EDS by individual entrepreneurs:

  1. Statement.
  2. Registration certificate with OGRNIP number.
  3. Certificate with TIN.
  4. Extract from the register of entrepreneurs, issued not earlier than 6 months ago, or a copy certified by a notary.
  5. Passport.
  6. SNILS.
  7. Receipt of payment.

An authorized person of an individual entrepreneur can take an electronic digital signature if he has a power of attorney and a passport. When submitting an application in electronic form, documents are sent to the CA by mail, and in case of a personal visit, they are submitted simultaneously with the application.

Step 6. We receive a digital signature: the home stretch!

Documents can be obtained from numerous collection points that are located throughout the country. Information about them can be found on the official website of the CA. Usually the term for obtaining a signature does not exceed two to three days.

Delay is possible only on the part of the customer who untimely paid for the services of the certification center or did not collect all the necessary documents. Please note that you need to get an extract from the unified state register of individual entrepreneurs or legal entities on time, since this process takes 5 working days! Some CAs provide an urgent EDS service. Then the whole procedure takes about one hour. Now you know how to get an electronic signature.

Important! The ES is valid for one year from the date of its receipt. After this period, it will need to be extended or a new one received.

EDS with your own hands: the impossible is possible!

In fact, it is quite possible to create an electronic signature yourself. If you have the appropriate education, you will have a good understanding of what an electronic digital signature is and have an unbeatable enthusiasm. However, do not forget that you will not only have to generate a cryptographic sequence, you also need to develop and write the appropriate software. A logical question arises: why do this? Moreover, the market is replete with ready-made solutions! It is also not profitable for large companies to "tinker" with the independent development of electronic signatures, since they will have to hire a staff of new employees for the IT department. And in the article

Instructions for generating an electronic signature key

(version from 20.09.2016)

On September 1, 2016, a new version of the regulations of the Certification Center of the Federal Treasury, approved by order No. 280 dated July 25, 2016, entered into force. Please familiarize yourself with the updated stages of obtaining certificates
19.09.2016 released a new version 1 AWS for generating keys 10.0.0.44 n, it must be installed, after removing the previous version.

List of abbreviations used:


AWP

Automated workplace

ASFK

Automated system of the Federal Treasury

Gus

State automated system

GMU

State municipal institution

PPO

Application software

PC

Personal electronic computer

CIPF

Cryptographic information protection tool

SUFD

Remote financial document management system

TOFK

Territorial body of the Federal Treasury

FC

Federal Treasury

  1. Before starting work, make sure that the workstation is installed:

  • CIPF "Crypto PRO CSP" (version 3.6 or newer);

  • AWS for Key Generation (the current version of the AWS for Key Generation can be downloaded at ftp://ftp.ufk39.ru/RCR/Distrib/ or with the "Continent AP" cryptographic protection system connected on the start page of the SUFD-portal ( http://10.39.4.123). Attention, in the case of installing the "AWS for Generating Keys" on a workstation designed to work in the application software "SUFD", you must use the instructions for setting up an additional AWP.
ATTENTION!!! Key generation must be performed in the Key Generation AWS of version no lower than 1.0.0.44 n... Before installing the specified version, it is recommended to uninstall the previous one.
Skilled the certificate is required to work in all systems (SUFD, SKZI Continent AP, Procurement website under 223-FZ, EIS (unified information system in the field of procurement) under 44-FZ, GMU, GAS "Management", GIIS "Electronic budget", portal "Gosuslugi", etc.).

Connect a clean formatted key carrier (flash drive, floppy disk, Ru-token, etc.) to the PC system unit.

The media must be accounted for in the "Journal of accounting of machine data carriers" (the form is approved by order of the FAPSI dated 13.06.2001 No. 152), a form with an example of filling can be downloaded from the website of the Office.


  1. In the AWS for Generating Keys, click the "Create a Certificate Request" button (see Fig. 1).

Fig. 1 AWS for generating keys


  1. Select the type of request (see Fig. 2).
To create a request for an individual - "Request for the applicant's certificate"

Fig. 2 Dialog box with the choice of the type of request for key generation


  1. In case you already have there is a certificate with dataTIN of an individual, then select "Generate a certificate request based on an existing certificate" (see Fig. 3) and click "Next".
When lack of certificate, select the required option, and click "Next", then go to clause 7 of these Instructions.

IMPORTANT if in your previous certificate there was a TIN of a legal entity, and you need a certificate for an individual, then NOT select the type "Generate a certificate request based on an existing certificate" because in this case, only a certificate for a Legal entity will be created, in this case, you need to select the "Request for the applicant's certificate" item and fill in all the parameters manually.

Fig. 3 Dialog box with the choice of the type of request for key generation


  1. In the window that appears, click the "Find" button (see Fig. 4) and select the previous certificate file (with the CER extension) or the request file (with the REQ extension) (see Fig. 5, Fig. 6, Fig. 7) and click button "Next".

Fig. 4 Dialog box for file selection

Fig. 5 Dialog box for file selection

Fig. 6 Dialog box for file selection

Fig. 7 Dialog box with the choice of the type of request for key generation


  1. In the window that appears, specify the required user roles (see Fig. 8). If the organization has several powers in the field of placing orders (for example, the Customer and the Financial Authority), generation of SEPARATE KEY . IMPORTANT: for certificate Legal entity only the Client Authentication role is required, which is mandatory for all types of certificates... Examples of the choice of roles for common information systems are given in Appendix 1 to these Instructions.
IMPORTANT: for clients, working in the SUFD: if an employee needs to work (for example, create documents) in the SUFD, but he is not included in the "Signature Samples Card", then such an employee needs to obtain a certificate for himself without the right to sign, with the following powers: "Client authentication" and "ASFK" (only external check mark see Appendix 1, Fig. 2).

Fig. 8 Dialog box. User roles


  1. In the window that appears, fill in all the necessary open to write the field (see Fig. 9).

Fig. 9 Dialog box with the applicant's data


  1. "Surname" - fill in the Applicant's Surname.

  2. "First Name Patronymic" - fill in the Name and Patronymic of the Applicant (if any), as indicated in the identity document.

  3. "E-mail" - fill in the e-mail address of the Applicant, personal information will be sent to this address, for example, the login and password for the first entry into the information system.

  4. "Position" - to be filled in only for a request for a certificate of a Legal entity. When filling out this field for the heads of the organization, it is necessary to take into account the data of the Unified State Register of Legal Entities; for other employees of the organization, it is necessary to be guided by the staffing table.

  5. "Formalized position" - the field becomes active when you select roles from the "ASFK" group. You must choose from 2: " Supervisor"(If the right of first signature) or" Chief Accountant"(If the right of the second signature), the right of the first or second signature is defined in the document" Card of samples of signatures "submitted by your organization to the Department of the Federal Treasury in the Kemerovo region at the place where your account is serviced. The only exceptions are cases when an employee turned off in the "Card of samples of signatures", but he signing of separate documents is required(non-settlement) in terms of cash services - you must select " Teller».

  6. "Surname First name Patronymic" - the field is filled in automatically.

  7. "Organization" - fill in only FULL name of company, the name should character by character coincide with information from the Unified State Register of Legal Entities. THE EXCEPT IS THE NAME OF THE ORGANIZATION ONLY for certificate Legal entity , you need to fill in the short name, provided that the full name is longer 164 characters, in other cases, the full name is filled in if it does not exceed 164 characters.

  8. "Subdivision of the 1st level" - to be filled in only when generating a certificate Legal entity.

  9. "Subdivision of the 2nd level" - to be filled in only when generating a certificate Legal entity... This field is filled only if the organization (Legal entity) has separate subdivisions, for example, Kemerovo State University (the full name is filled in in the field "Organization") has a branch in the city of Belovo (the name of the branch is filled in the field "Subdivision of the 1st level") which has structural subdivisions "Accounting" (to be filled in in "Subdivision of the 2nd level") (see Fig. 10).

  10. “Name of the settlement” - fill in the name of the settlement where the applicant Organization is located, for example, “Tashtagol”.

  11. Address (street, house) - to be filled in only when generating a certificate Legal entity... This field indicates the address of the location of the Legal entity of the applicant Organization.

  12. "Country" - fill in with the value "RU".

  13. "Name of the subject" - choose from the list "Kemerovo region".

  14. "TIN" - for a certificate of an individual, fill in the value of the TIN (12 characters) of the Applicant, for the certificate of a Legal entity, fill in the value of TIN (10 characters, with 2 zeros in front, for example, 004205654585) of a Legal entity.

  15. "OGRN" - to be filled in only when generating a certificate Legal entity... The value of the OGRN of the Legal entity is indicated.

  16. "SNILS" - indicates the value of the SNILS of the Applicant.

  17. "Account number of the UIS organization" - the field becomes active only when selected in the previous step when choosing roles from the section "Working with the UIS". The field is filled in with the value of the SDR code (code of the customer's consolidated list), this value can be viewed on the website http:// www. zakupki. gov. ru to search for YOUR organization, in the register of organizations: tab "Additional information" - the value "Unique account number of the organization" (11 digits), if there is no specified tab, then in the information "Registration data of the organization" value: "SDR code" (11 digits) ... (see Fig. 11 or Fig. 12)

  18. "Account number of GMU" - the field becomes active when selected in the previous step when selecting roles from the section "Working with GMU". The field is filled in with the value of the account number of the GMU of the applicant organization, this value can be viewed on the website http:// www. bus. gov. ru in the information about the organization "PGMU Code" (see Fig. 13) or "Registry number in the list of GMU" (see Fig. 14).

  19. "Protection class" - select the value "KC1", if at your workplace (computer) NOT hardware protection means "Sobol", "Accord", etc. have been installed. (hardware protection with a random number sensor), "KC2" - if the specified protection devices are installed.

  20. Exported Private Key - Always set to Yes.
Obtaining an ES certificate by certain types of legal entities

In accordance with the clarifications of the Federal Treasury ( Letter of the Federal Treasury dated July 21, 2016 No. 07-04-05 / 12-529), representatives the following legal entities in connection with the failure to post the procurement regulation in accordance with Federal Law No. 223-FZ dated July 18, 2011, it is necessary in the field “ Registration number of the EIS organization"Indicate the value" 00000000000 »:


  1. Operator of the electronic site

  2. Information system operator

  3. Organization providing services for servicing users of the UIS

  4. A legal entity that purchases in accordance with part 4 of article 5 of the Federal Law of December 30, 2008 N 307-FZ "On Auditing"
After filling in and checking all the fields, press the "Next" button.

Fig. 10. An example of filling in data for a legal entity

Fig. 11 Dialog box from the site http: // www. zakupki. gov. ru

Fig. 12 Dialog box from the site http: // www. zakupki. gov. ru

Fig. 13 Dialog box from the site www. bus. gov. ru... Register of organizations

Fig. 14 Dialog box from the site www. bus. gov. ru... Organization registration data


  1. In the window that appears, click "Run" (see Fig. 15)

Fig. 15 Dialog box AWS for generating keys


  1. At the next step, you need to select the type of media, depending on the media prepared in the first step, see item 1.
IMPORTANT:FORBIDDEN write the private key to " Registry».

  1. In the next window (see Fig. 16) enter the password and its confirmation. ATTENTION! Remember the entered password, if you lose it, recovery is impossible. These fields can be left blank, then the password will not be requested when signing with an electronic signature.

Fig. 16 Entering a password for the generated private key


  1. The next step, the system will offer to save the certificate request file (see Fig. 17).

Fig. 17 Dialog box. Saving the certificate request to a file
This request file must be brought on a removable medium (flash drive, floppy disk, etc.), does not contain key containers (private keys) of users , to the registration point of the Certification Center of the Federal Treasury, according to the territorial location of your organization.

Both copies of the application must be filled out and submitted to the Certification Center of the Federal Treasury, according to the territorial location of your organization.

Fig. 18. Printed application form

Samples of certification documents are posted on the information resource on the Internet ftp: // ftp. ufk39. ru, information portal at http://10.39.4.123(in the protected network segment, section of the Certification Center), on the official website of the Federal Treasury Department for the Kemerovo Region http://kemerovskaya.roskazna.ru. (GIS section - Certification center)

Contact details of the department of secrecy and information security

Department of the Federal Treasury for the Kemerovo region:
head of department: Opalev Kirill Nikolaevich (384-2) 719-005, e-mail: opalevkn@ ufk39. ru

Deputy Head of Department: Rodionov Stanislav Nikolaevich (384-2) 719-022,

certificate issuing specialists: (384-2) 719-034,719-164, 719-163,

specialists in work with means of EP and CIPF: (384-2) 719-161, 719-162, 719-022.

e-mail: uuc@ ufk39. ru
The contact details of operators of remote regional registration centers are posted on the website of the Office on the Internet in the section GIS-Certification Center-Contacts

Annex 1

Common examples of the distribution of roles for work in various information systems
For all certificates, the Client Authentication role is required. The specified role is the only one for certificate Legal entity.

IMPORTANT only for the section "Working with the UIS" !!! for one certificate, only one group of roles from the section "Working with the UIS" can be used, for example, "Customer" or "Financial authority" or so on.

Please note that the roles previously required are "Email Protection" and "Server Authentication" are not mandatory roles.

Rice. 1. Mandatory user roles for working in a FMS with signing rights

Rice. 2. Mandatory user roles for working in the SUFD WITHOUT signing rights

Rice. 3. Possible user roles for working on the site http:// www. bus. gov. ru

Rice. 4. Possible user roles for working on the site http:// www. zakupki. gov. ru within the framework of the Federal Law No. 44. Personal account - the Customer.

Rice. 5. Possible user roles for working on the site http:// www. zakupki. gov. ru within the framework of work under Federal Law No. 44. Personal account - Financial authority.

Rice. 6. Mandatory role of users for work in the GIIS "Electronic budget"
Change registration sheet


Date of changes

The license for the Taxnet-KM program contains:

- serial number of the license for the PP "Taksnet-KM";

- license validity period - the license for Taksnet-KM is issued for a period of 1 year;

- token validity period - the date of formation and expiration of the token validity is indicated;

- phone number to which an additional code will be sent for authorization in the Taksnet-KM program and information messages.

Attention: The token is valid for 7 days from the date of issue of the CA.

To install the "Taxnet-KM" program and its further use, you will need:

- Internet access from your computer;

- one of the operating systems Windows 7/8/10 installed on your computer;

- installed crypto provider CryptoPro CSP (the procedure for installing the program is described in the instructions);

- installed drivers for Token (or drivers for other removable media that will be used to store private keys).

Attention: Installation must be done by a user with administrator rights.

The sequence of actions for the production of keys and certificates using the Taksnet-KM program:

1. Download the current version of the Taksnet-KM program from the Taksnet CJSC website (.

2. Run the downloaded file Taxnet_KeyManager.exe.

3. Insert the key carrier received in the CA into the computer.

The following can be used as a key carrier: floppy disk, flash drive, secure flash drive (RuToken or eToken), smart card.

If a secure flash drive RuToken or eToken is used as a key carrier. You can determine which type of media is by the inscription on it.

Attention: Compact disc cannot act as a key carrier. The fact is that CryptoPro CSP overwrites files when using ES masks.key and primary.key, located on the key carrier. Due to the technical characteristics on the CD, this operation is impossible or difficult.

4. Press on the control panel Request for a certificate.

5. In the window that opens, enter the login and password received at the CA (specified in the license for the Taksnet-KM program) and click Further.

6. Enter the code from the SMS received on the phone (the phone number to which the SMS will be received is indicated in the license for the Taksnet-KM program). If SMS does not come within 10 minutes, press Receive SMS again.

7. Review the certificate request details and click Further.

If you find errors in the data, contact the CA.

8. Select the key carrier using the scroll bar and press OK.

Select device:

- Aladdin Token JC 0 or - if eToken is used as a key carrier;

- - if RuToken is used as a key carrier;

- - if a floppy disk is used as a key medium;

- - if a flash drive is used as a key carrier.

9. To generate a private key, move the mouse cursor over the area of ​​the random number generator window.

10. Enter the password for the key carrier, if Token is used as the key carrier (the default pin-code for RuToken is 12345678, for eToken - 1234567890, or your pin-code, if it has been set). If another device (floppy disk, flash drive, registry) is used as a key medium, in the window that appears, set the password for the container being created, confirm it and click OK.

Attention: Remember and save the password for the created container. We recommend that you write down the password in the ES certificate revocation card received by the VUTS in the appropriate field. The specified password will be requested every time the system accesses the private key. If the password is lost, further use of the key becomes impossible!

11. In the window that opens with the message "Your request has been successfully queued for processing", click OK.

12. Make sure that the status of the request is "In processing" in the "Displaying the status of the request and installing the certificate" window that opens.

Attention: Average request processing time is 10 minutes. At this time, you can minimize the program window or close it. When you close the program, to re-enter, you will need to perform steps 2 to 6 of these instructions.

13. 10 minutes after sending your request, click Refresh.

14. Verify that after downloading data from the server, the status of the request has changed to Approved (certificate issued).

Attention: The notification about the production of the certificate will be sent to the phone in the form of SMS.

15. Click to install the certificate. Install the certificate.

16. In the opened window with information about the certificate, click Confirm receipt.

17. Enter the password for the key carrier, if Token is used as the key carrier (the default pin-code for RuToken is 12345678, for eToken - 123456789, or your pin-code, if it has been set) in order to activate the Token. If another device (floppy disk, flash drive, registry) is used as a key medium, enter the password that was created earlier when generating the keys.

18. The receipt of the certificate is completed. The certificate is installed in the personal store.

20. To print out the Taxnet-KM license, click Print the certificate.

21. If, before using the certificate, additional registration is required in external systems (for example, on electronic trading platforms), a corresponding notification will be issued in the program. Additional registration of the certificate is carried out by the staff of the CA. After the certificate is registered, an SMS notification will be sent. If additional registration of the certificate is not required, then it can be used immediately after receiving.

Instructions for generating an electronic signature key

(version from 21.11.2017)

List of abbreviations used:


AWP

Automated workplace

ASFK

Automated system of the Federal Treasury

Gus

State automated system

GMU

State municipal institution

PPO

Application software

PC

Personal electronic computer

CIPF

Cryptographic information protection tool

SUFD

Remote financial document management system

TOFK

Territorial body of the Federal Treasury

FC

Federal Treasury

  1. Before starting work, make sure that the workstation is installed:

  • CIPF "Crypto PRO CSP" (version 4.0 (4.0.98.42));

  • AWS for Key Generation (the current version of the AWS for Key Generation can be downloaded at ftp://ftp.ufk39.ru/RCR/Distrib/ or with the "Continent AP" cryptographic protection system connected on the start page of the SUFD-portal ( http://10.39.4.123). Attention, in the case of installing the "AWS for Generating Keys" on a workstation designed to work in the application software "SUFD", you must use the instructions for setting up an additional AWP.
ATTENTION!!! Key generation must be performed in the Key Generation AWS of version no lower than 1.0.0.44 n... Before installing the specified version, it is recommended to uninstall the previous one.
Connect a clean formatted key carrier (flash drive, floppy disk, Ru-token, etc.) to the PC system unit.

The media must be accounted for in the "Journal of accounting of machine information carriers" (the form is approved by order of the FAPSI dated 13.06.2001 No. 152), the form with an example of filling can be found .


  1. In the AWS for Generating Keys, click the "Create a Certificate Request" button (see Fig. 1).

Fig. 1 AWS for generating keys


  1. Select the type of request (see Fig. 2).
To create a request for an individual - "Request for the applicant's certificate"

Fig. 2 Dialog box with the choice of the type of request for key generation


  1. In case you already have there is a certificate with dataTIN of an individual, then select "Generate a certificate request based on an existing certificate" (see Fig. 3) and click "Next".
When lack of certificate, select the required option, and click "Next", then go to clause 7 of these Instructions.

IMPORTANT if in your previous certificate there was a TIN of a legal entity, and you need a certificate for an individual, then NOT select the type "Generate a certificate request based on an existing certificate" because in this case, only a certificate for a Legal entity will be created, in this case, you need to select the "Request for the applicant's certificate" item and fill in all the parameters manually.

Fig. 3 Dialog box with the choice of the type of request for key generation


  1. In the window that appears, click the "Find" button (see Fig. 4) and select the previous certificate file (with the CER extension) or the request file (with the REQ extension) (see Fig. 5, Fig. 6, Fig. 7) and click button "Next".

Fig. 4 Dialog box for file selection

Fig. 5 Dialog box for file selection

Fig. 6 Dialog box for file selection

Fig. 7 Dialog box with the choice of the type of request for key generation


  1. In the window that appears, specify the required user roles (see Fig. 8). IMPORTANT: for certificate Legal entity only the Client Authentication role is required, which is mandatory for all types of certificates... Examples of the choice of roles for common information systems are given in Appendix 1 to these Instructions.
IMPORTANT: for clients, working in the SUFD: if an employee needs to work (for example, create documents) in the SUFD, but he is not included in the "Signature Samples Card", then such an employee needs to obtain a certificate for himself without the right to sign, with the following powers: "Client authentication" and "ASFK" (only external check mark see Appendix 1, Fig. 2).

Fig. 8 Dialog box. User roles


  1. In the window that appears, fill in all the necessary open to write the field (see Fig. 9).

Fig. 9 Dialog box with the applicant's data
Rules for filling in the fields (read to everyone):


    1. "Surname" - fill in the Applicant's Surname.

    2. "First Name Patronymic" - fill in the Name and Patronymic of the Applicant (if any), as indicated in the identity document.

    3. "E-mail" - fill in the e-mail address of the Applicant, personal information will be sent to this address, for example, the login and password for the first entry into the information system.

    4. "Position" - to be filled in only for a request for a certificate of a Legal entity. When filling out this field for the heads of the organization, it is necessary to take into account the data of the Unified State Register of Legal Entities; for other employees of the organization, it is necessary to be guided by the staffing table.

    5. "Formalized position" - the field becomes active when you select roles from the "ASFK" group. You must choose from 2: " Supervisor"(If the right of first signature) or" Chief Accountant"(If the right of the second signature), the right of the first or second signature is defined in the document" Card of samples of signatures "submitted by your organization to the Department of the Federal Treasury in the Kemerovo region at the place where your account is serviced. The only exceptions are cases when an employee turned off in the "Card of samples of signatures", but he signing of separate documents is required(non-settlement) in terms of cash services - you must select " Teller».

    6. "Surname First name Patronymic" - the field is filled in automatically.

    7. "Organization" - fill in only FULL name of company, the name should character by character coincide with information from the Unified State Register of Legal Entities. THE EXCEPT IS THE NAME OF THE ORGANIZATION ONLY for certificate Legal entity , you need to fill in the short name, provided that the full name is longer 164 characters, in other cases, the full name is filled in if it does not exceed 164 characters. For individual entrepreneurs in this field the Surname, Name, Patronymic of an individual entrepreneur are indicated.

    8. "Subdivision of the 1st level" - to be filled in only when generating a certificate Legal entity.

    9. "Subdivision of the 2nd level" - to be filled in only when generating a certificate Legal entity... This field is filled only if the organization (Legal entity) has separate subdivisions, for example, Kemerovo State University (the full name is filled in in the field "Organization") has a branch in the city of Belovo (the name of the branch is filled in the field "Subdivision of the 1st level") which has structural subdivisions "Accounting" (to be filled in in "Subdivision of the 2nd level") (see Fig. 10).

    10. “Name of the settlement” - fill in the name of the settlement where the applicant Organization is located, for example, “Tashtagol”.

    11. Address (street, house) - to be filled in only when generating a certificate Legal entity... This field indicates the address of the location of the Legal entity of the applicant Organization.

    12. "Country" - fill in with the value "RU".

    13. "Name of the subject" - choose from the list "Kemerovo region".

    14. "TIN" - for a certificate of an individual, an individual entrepreneur, fill in the value of the TIN (12 characters) of the Applicant, for a certificate of a Legal entity, fill in the value of TIN (10 characters, with 2 zeros in front, for example, 004205654585) of a Legal entity.

    15. "OGRN" - to be filled in only when generating a certificate Legal entity... The value of the OGRN of the Legal entity is indicated.

    16. "SNILS" - indicates the value of the SNILS of the Applicant.

    17. "Registration number of the UIS / SDR organization" - the field becomes active only when generating a request based on an existing certificate, if the section "Working with the UIS" was filled in during the previous generation. IMPORTANT!!! To work on the UIS website ( http :// www . zakupki . gov . ru ) separate permissions are no longer required, all the necessary roles for users are set by the administrator of the organization when registering a certificate in the EIS. In this regard, when generating a request based on an existing certificate, if during the previous generation the section "working with the UIS" was filled in, you should return to the stage of specifying the powers by clicking the "Back" button and clear the section "Working with the UIS".

    18. "Account number of GMU" - the field becomes active when selected in the previous step when selecting roles from the section "Working with GMU". The field is filled in with the value of the account number of the GMU of the applicant organization, this value can be viewed on the website http :// www . bus . gov . ru in the information about the organization "PGMU Code" (see Fig. 11) or "Registry number in the list of GMU" (see Fig. 12).

    19. "Protection class" - select the value "KC1", if at your workplace (computer) NOT hardware protection means "Sobol", "Accord", etc. have been installed. (hardware protection with a random number sensor), "KC2" - if the specified protection devices are installed.

    20. Exported Private Key - Always set to Yes.
Obtaining an ES certificate by certain types of legal entities

In accordance with the clarifications of the Federal Treasury ( Letter of the Federal Treasury dated July 21, 2016 No. 07-04-05 / 12-529), representatives the following legal entities in connection with the failure to post the procurement regulation in accordance with Federal Law No. 223-FZ dated July 18, 2011, it is necessary in the field “ Registration number of the EIS organization"Indicate the value" 00000000000 »:


  1. Operator of the electronic site

  2. Information system operator

  3. Organization providing services for servicing users of the UIS

  4. A legal entity that purchases in accordance with part 4 of article 5 of the Federal Law of December 30, 2008 N 307-FZ "On Auditing"
After filling in and checking all the fields, press the "Next" button.

Fig. 10. An example of filling in data for a legal entity

Fig. 11 Dialog box from the site www. bus. gov. ru... Register of organizations

Fig. 12 Dialog box from the site www. bus. gov. ru... Organization registration data


  1. In the window that appears, click "Run" (see Fig. 13)

Fig. 13 Dialog box AWS for generating keys


  1. At the next step, you need to select the type of media, depending on the media prepared in the first step, see item 1.
IMPORTANT:FORBIDDEN write the private key to " Registry».

  1. In the next window (see Fig. 14) enter the password and its confirmation. ATTENTION! Remember the entered password, if you lose it, recovery is impossible. These fields can be left blank, then the password will not be requested when signing with an electronic signature.

Fig. 14 Entering a password for the generated private key


  1. The next step, the system will offer to save the certificate request file (see Fig. 15).

Fig. 15 Dialog box. Saving the certificate request to a file
This request file must be brought on a removable medium (flash drive, floppy disk, etc.), does not contain key containers (private keys) of users , to the registration point of the Certification Center of the Federal Treasury, according to the territorial location of your organization.

Both copies of the application must be filled out and submitted to the Certification Center of the Federal Treasury, according to the territorial location of your organization.

Fig. 16. Printed application form

Samples of certification documents are posted on the information resource on the Internet ftp://ftp.ufk39.ru/RCR/Shablon/, information portal at http://10.39.4.123(in the protected network segment, section of the Certification Center), on the official website of the Federal Treasury Department for the Kemerovo Region http://kemerovskaya.roskazna.ru. (GIS section - Certification center)

Contact details of the department of secrecy and information security

Department of the Federal Treasury for the Kemerovo region:
head of department: Opalev Kirill Nikolaevich (384-2) 719-005, e-mail: opalevkn@ ufk39. ru

Deputy Head of Department: Rodionov Stanislav Nikolaevich (384-2) 719-022,

certificate issuing specialists: (384-2) 719-034,719-164, 719-163,

specialists in work with means of EP and CIPF: (384-2) 719-161, 719-162, 719-022.

e-mail: uuc@ ufk39. ru
The contact details of operators of remote regional registration centers are posted on the website of the Office on the Internet in the section GIS-Certification Center-Contacts

Annex 1

Common examples of the distribution of roles for work in various information systems
For all certificates, the Client Authentication role is required. The specified role is the only one for certificate Legal entity.

IMPORTANT!!! To work on the site http :// www . zakupki . gov . ru separate permissions are not required, all the necessary roles are set by the administrator of the organization when registering a certificate in the UIS.

Please note that the roles previously required are "Email Protection" and "Server Authentication" are not mandatory roles.

Rice. 1. Mandatory user roles for working in a FMS with signing rights

Rice. 2. Mandatory user roles for working in the SUFD WITHOUT signing rights

Rice. 3. Possible user roles for working on the site http:// www. bus. gov. ru

Rice. 4. Mandatory role of users for work in the GIIS "Electronic budget", on the sitehttp :// www . zakupki . gov . ru
Change registration sheet

Did not find an answer to your question? Look at here
Checking secure connections in Mozilla FirefoxChecking secure connections in Mozilla Firefox
How to copy a certificate from a rootken to a computer, from a cryptopro to a USB flash drive - KonturHow to copy a certificate from a rootken to a computer, from a cryptopro to a USB flash drive - Kontur
An authentication error has occurredAn authentication error has occurred

Date of changes