Electronic digital signature: let's explore important subtleties. Tax and accounting An electronic document is recognized as equivalent to a paper document

By virtue of h. 1 Article. 6 of the Federal Law of 06.04.2011 N 63-FZ "On electronic signature"information in electronic form, signed with a qualified electronic signature, is recognized as an electronic document equivalent to a paper document signed with a handwritten signature, unless federal laws or regulations adopted in accordance with them legal acts a requirement is established that the document must be drawn up exclusively on paper. For which documents mandatory requirement about compiling exclusively on paper?

There is no specific list of documents that are issued only on paper. Such documents include, for example:

Bearer securities (bill, bond),

Labor contract,

Employment history,

Book of accounting for the movement of work books and inserts in them,

Personal card,

Full liability agreement

Sick leave,

Application for leave without saving wages(except remote workers),

apprentice agreement,

Order (instruction) to terminate the employment contract.

See below for a more detailed list.

Rationale

Features of working with electronic documents

Documents that are issued only on paper

Electronic document, signed with a qualified electronic signature, is recognized as equivalent to a paper document signed with a handwritten signature (part 1, article 6 of Law No. 63-FZ). An exception is cases when federal laws or regulatory legal acts adopted in accordance with them require a document to be drawn up only on paper (table below).

Advice

You have the right to duplicate entries in a personal card maintained on paper with entries in a personal card maintained in in electronic format

In practice, even if the organization has introduced a system electronic document management, part of the documents for which the law requires obtaining personal signatures workers, draw up on paper. For example, the Book of accounting for the movement of work books and inserts in them. After all, it contains the columns "Receipt responsible person who accepted or filled out the work book "and" Receipt of the employee in receiving work book". And here is the log employment contracts conducted electronically.

Fixing the error

What is electronic digital signature(EDS)?

An electronic digital signature is an attribute of an electronic document designed to protect this electronic document from forgery, obtained as a result of cryptographic transformation of information using the private key of the signature key, and also to establish the absence of information distortion in the electronic document.

How difficult is it to learn how to use an electronic digital signature (EDS)?

Despite the extreme complexity of the mathematical apparatus of two-key cryptography and software tools that implement it, the use of EDS for its owner is surprisingly simple and accessible to any person, regardless of the level of ownership personal computer, education and occupation.

In order to sign a prepared electronic document, the EDS owner just needs to insert a floppy disk containing his private key into the computer drive and click the button on the computer screen. The computer will do the rest.

It is even easier to check the validity of the signature of any person under any electronic document. The signed electronic document called up on the computer screen is checked automatically and therefore immediately contains information about who signed it and whether the signature is true.

At the same time, we also provide more sophisticated electronic signature verification tools designed for experts in case, for some reason, it is necessary to check and once again verify the authenticity of the document using a different scheme.

Is an electronic digital signature equivalent to a paper signature?

An electronic digital signature in an electronic document is equivalent to a handwritten signature in a paper document, subject to the following conditions:

the signature key certificate related to this electronic digital signature has not lost its validity (valid) at the time of verification or at the time of signing the electronic document if there is evidence that determines the moment of signing;

the authenticity of the electronic digital signature in the electronic document is confirmed;

The electronic digital signature is used in accordance with the information specified in the signature key certificate.

A client can simultaneously be the owner of any number of signature key certificates. At the same time, an electronic document with an electronic digital signature has legal significance in the implementation of the relations specified in the signature key certificate.

Can an EDS be faked?

If the private key is properly stored by its owner, no. Follow the recommendations for storing and using the key contained in the documentation for the subscriber's workstation - and you will be guaranteed against forgery of your EDS. To date, there is no computing power on Earth capable of cracking EDS cryptography in any acceptable timeframe, and this will also be impossible in the coming decades.

Is it possible to discreetly forge the text of an electronic document signed with an EDS?

It's impossible. Any unauthorized change made to the text of the document will be detected, the verification of the digital signature will show that it is distorted.

Documents on paper with a signature and a seal can be stored, but can an electronic document signed with an EDS be stored?

Of course, and immeasurably more convenient. For electronic documents, cabinets, folders and hole punches are not needed. You don't have to spend precious hours of your working time leafing through folders in search of a lost document and breathing paper dust from archives. The archive, which in paper form would take several shelves, in electronic form fits on a small disk, which, if desired, can be hidden in a fireproof safe, placed in a bank depository, copied for reliability, encrypted, and come up with many more operations with it to protect your information from accidents and malicious intent. Scan such an archive and find any desired document- a matter of a few seconds.

And at the same time, of course, along with the document, the EDS will also be preserved in the archive, which, even after decades, will be able to confirm its authenticity to you and anyone else.

However, nothing prevents you from printing any document certified by EDS and using it as a regular paper document.

If there were disputes and it came to arbitration court, will documents signed with EDS have legal force?

Yes, they are definitely legal.

What to do if the secret EDS key turned out to be declassified under some circumstances?

Well, it is possible, but only if you deviate from our recommendations for storing the secret key.

Your main task at the moment of compromise is to notify the administrator of the Certification Authority as soon as possible about what has happened so that he can take the compromised key out of action in the system. From this moment on, the signature loses its legal force and you can be calm. After that, it will be possible to decide whether to issue you new EDS keys to replace the compromised ones. A more detailed answer to this question can be found in the instruction sent to the client along with the EDS keys.

Can the person who signed the document retract their signature?

If you carefully read the answer to the question "How does an electronic digital signature work", then you should already know that an EDS has the property of non-repudiation. This means that no one can refuse their electronic signature, because its ownership is easily, unambiguously and indisputably proven.

How should EDS keys be stored?

Detailed recommendations on how to store EDS keys are set out in the agreement between the Operator and the client and in the documentation for the subscription package. Briefly, we can say the following: store them in such a way that you can be sure that your private key cannot, under any circumstances, be in the hands of a person you do not trust. It is best if your secret key is available only to you personally, or only to one specially trusted person.

For how long is the EDS issued?

Your EDS keys will be valid for 12 months from the moment your EDS was put into effect.

Prior to the expiration of this period, you will be able to receive new EDS keys in such a way that there is no interruption in the operation of your EDS when changing keys. These keys will be valid for the next 12 months, and so on.

Should the public key be kept secret?

The public key is called public because it not only does not need to be secret, but vice versa, its free distribution is precisely the basis for the operation of the EDS system. Any person who wants to verify the authenticity of your digital signature will have to use your public key for this purpose.

Can one person have multiple EDS?

Yes, one person can have several digital signatures. This right is enshrined in clause 2, article 4 of the Federal Law. 1-FZ "On electronic digital signature".

It is obvious that these EDS should differ from each other. The certification center does not issue two digital signatures that are identical in purpose to the same person.

How can you be sure that the person who signed the document on behalf of the enterprise has the authority to do so?

It can be easily verified by looking at the public key certificate of the EDS owner.

To obtain EDS keys for an employee of the enterprise, the manager (by signing the contract and certifying the employee's application) confirms the position and authority of his employee (what documents he has the right to sign).

Based on the documents signed by the manager (which are stored in the Certification Center), the position and powers of the EDS owner are indicated in the EDS public key certificate. And the EDS public key certificate is available to all clients.

Can the head and his deputies, as well as Chief Accountant, have your individual EDS and at the same time sign documents, within their powers, on behalf of the enterprise with their EDS?

Can an enterprise work with one EDS?

What to do if the employee for whom the EDS was issued left the enterprise and can he continue to sign documents on behalf of the enterprise if he wishes?

The head of the enterprise or the owner of the digital signature must immediately notify the administrator about the revocation of the certificate. The system administrator immediately suspends the validity of the certificate, and upon receipt of written confirmation (possible in electronic form, if EDS signature) revokes the certificate. Thus, from the moment the administrator receives the information, the employee's signature will be considered invalid, and no one will work with him (so clients must view the list of revoked certificates before decrypting the signature).

Typically, the seal of the enterprise is stored in the accounting department, or with the secretary, or in another service, and they also put the seal on the signature of the head. Can an EDS be trusted in the same way as a seal?

It is a personal matter of the leader who to trust, the responsibility still remains with him and therefore it is desirable that he provides for all precautions.

What guarantees the reliability of cryptographic protection and the fact that the digital signature cannot be forged?

The reliability of cryptographic protection, including EDS, is ensured by using only cryptographic information protection tools (CIPF) that have FAPSI certificates and meet the requirements of GOST R34.10-94, GOST R34-11-94 and GOST 28147-83.

What is a digital signature used for?

To ensure the confidentiality of the transmitted information, confirm the authorship of the integrity of electronic documents and the non-repudiation of the transfer of electronic documents, cryptographic protection of information is used - an electronic digital signature.

Electronic digital signature - an attribute of an electronic document designed to protect this electronic document from forgery, obtained as a result of cryptographic transformation of information using the private key of the electronic digital signature and allowing to identify the owner of the signature key certificate, as well as to establish the absence of information distortion in the electronic document.

An electronic digital signature (EDS) is used as an analogue of a handwritten signature to give an electronic document legal force equal to the legal force of a paper document signed with a handwritten signature and sealed.

What are the functions of a certification authority?

To ensure the operation of the key and certificate management system, the functions of a certification center are performed by a specialized telecom operator. The main functions of a specialized telecom operator are:

User registration;

Production of signature key certificates;

Creation of keys for electronic digital signatures at the request of participants information system with a guarantee of keeping secret the private key of the electronic digital signature;

Suspension and renewal of signature key certificates, as well as their cancellation;

Maintaining the register of certificates of signature keys, ensuring its relevance and the possibility of free access to it by participants in information systems;

Checking the uniqueness of public keys of electronic digital signatures in the register of signature key certificates and the archive of the certification center;

Issuance of signature key certificates in the form of paper documents and (or) in the form of electronic documents with information about their validity;

Implementation, at the request of users of signature key certificates, to confirm the authenticity of an electronic digital signature in an electronic document in relation to the signature key certificates issued to them.

What are the obligations of a certification authority?

A specialized communications operator performing the functions of a certification center in the manufacture of a signature key certificate assumes the following obligations in relation to the owner of the signature key certificate:

Enter the signature key certificate into the register of signature key certificates;

Ensure the issuance of a signature key certificate to participants in information systems who have applied to it;

Suspend the signature key certificate at the request of its owner;

Notify the owner of the signature key certificate about the facts that have become known to the certification authority and which may significantly affect the possibility of further use of the signature key certificate;

Other obligations established by regulatory legal acts or by agreement of the parties.

What are the obligations of the EDS owner?

The owner of the signature key certificate must:

Not to use public and private keys of the electronic digital signature for the electronic digital signature, if he knows that these keys are used or have been used before;

Keep secret the private key of the electronic digital signature;

Immediately demand the suspension of the validity of the signature key certificate if there are grounds to believe that the secret of the private key of the electronic digital signature has been violated.

In case of non-compliance with the requirements set forth in this article, compensation for the losses caused as a result of this is assigned to the owner of the signature key certificate.

Article 6

1. Information in electronic form signed with a qualified electronic signature is recognized as an electronic document equivalent to a paper document signed with a handwritten signature, unless federal laws or regulatory legal acts adopted in accordance with them require that the document be drawn up exclusively on paper. carrier.

2. Information in electronic form, signed with a simple electronic signature or an unqualified electronic signature, is recognized as an electronic document equivalent to a document on paper signed with a handwritten signature, in cases established by federal laws, regulatory legal acts adopted in accordance with them, or an agreement between participants in an electronic interactions. Regulatory legal acts and agreements between participants in electronic interaction that establish cases for recognizing electronic documents signed with an unqualified electronic signature as equivalent to paper documents signed with a handwritten signature should provide for the procedure for verifying an electronic signature. Normative legal acts and agreements between participants in electronic interaction establishing cases of recognition of electronic documents signed with a simple electronic signature as equivalent to paper documents signed with a handwritten signature must comply with the requirements of Article 9 of this Federal Law.

3. If, in accordance with federal laws, regulatory legal acts adopted in accordance with them, or business practice, a document must be certified by a seal, an electronic document signed with an enhanced electronic signature and recognized as equivalent to a paper document signed with a handwritten signature is recognized as equivalent to a document on hard copy, signed with a handwritten signature and certified by a seal. Federal laws, regulatory legal acts adopted in accordance with them, or an agreement between participants in electronic interaction may provide for Additional requirements to an electronic document in order to recognize it as equivalent to a document on paper, certified by a seal.

Conditions for recognizing electronic documents signed with an electronic signature as equivalent to paper documents signed with a handwritten signature

Electronic documents are recognized as equivalent to paper documents signed with a handwritten signature, provided that the following conditions are met simultaneously:

Electronic documents are signed with an electronic signature created using the ES Key;

The ownership of the electronic signature keys by the Certificate Owner has been confirmed

The certificate was created by the CA KhMBO GO;

The certificate is valid at the time of signing or verification of the electronic signature.

18.2. If, in accordance with federal laws, regulatory legal acts adopted in accordance with them, or business practice, a document must be certified by a seal, an electronic document signed with an electronic signature and recognized as equivalent to a document on paper signed with a handwritten signature is recognized as equivalent to a document on paper, signed with a handwritten signature and certified by a seal.

18.3. Several interconnected electronic documents (electronic document package) can be signed with one electronic signature. When signing a package of electronic documents with an electronic signature, each of the electronic documents included in this package is considered signed with an electronic signature that signed the package of electronic documents.

The procedure for verifying an electronic signature

Verification of the electronic signature in the electronic document is carried out by the CA of the KhMBO GO based on the request of the User of the CA. The user's request must be accompanied by an electronic document signed with an electronic signature.

Verification is done using software"Arbiter-PKI" at the AWP for the analysis of conflict situations.

The result of the work on the verification of the electronic signature is the conclusion of the CA of the KhMBO GO, drawn up in an arbitrary form. The conclusion is drawn up in two copies, one of which is transferred to the CA User against signature.

The term for carrying out work on verifying an electronic signature is 5 (Five) business days from the date of receipt of the application by the CA of the KCBO GO.

Additional Provisions

Scheduled change of keys of the Authorized person of the Certification Center of KhMBO GO:

20.1.1. The scheduled change of the keys of the Authorized Person of the KhMBO GO Certification Center is carried out upon the expiration of the Certificate of the Authorized Person of the KhMBO GO Certification Center.

20.1.2. The procedure for the planned change of keys of an authorized person of the CA KMBO GO is carried out in the following order:

20.1.2.1. The authorized person of the CA of the KCMBO GO generates a new electronic signature key and the corresponding key for verifying the electronic signature

20.1.2.2. An authorized person of the UC KMBO GO prepares a new Certificate authorized person UC KhMBO GO

20.1.3. Notification of users about the change of keys of an authorized person of the Certification Center of the KhMBO GO is carried out via e-mail or the EDI System.

20.1.4. The old ES Key of the authorized person of the CA KCBO GO is used during its validity period to generate the Lists of revoked signature key certificates issued by the CA of the CKBO GO during the period of validity of the old ES Key of the authorized person of the CA.

20.1.5. After the expiration of the Certificate of the Authorized Person of the CA KMBO GO, the ES Key is transferred to archival storage.

Compromise of the keys of the Authorized Person of the Certification Center of the KhMBO GO, unscheduled change of the key of the Authorized Person of the CA of the KMBO GO:

In case of compromising the ES Key of the authorized person of the CA, the Certificate of the authorized person of the CA of the CCMBO GO is canceled by entering it into the List of Revoked Certificates of the CA of the CCMBO GO. All Certificates signed using the compromised ES Key of the authorized person of the CA of the CCMBO GO are considered canceled from the moment of publication (the thisUpdate field) of the List of revoked certificates containing information about the Certificate of the authorized person of the CA of the CMBO GO.
Notification of the CA Users about the compromise of the ES Key of the authorized person of the Certification Center of the KhMBO GO is carried out by posting this information on the website and sending the corresponding message to e-mail or EDI systems.
After the Certificate of the authorized person of the CA KCBO GO is annulled, the procedure for an unscheduled change of the signature keys of the authorized person of the CA KCBO GO is performed. The procedure for the unscheduled change of the signature keys of the authorized person of the CA KCBO GO is carried out in the manner determined by the procedure for the planned change of the signature keys of the authorized person of the CA KCBO GO.
All Certificates that were valid at the time of compromising the ES Key of the authorized person of the CCMBO CA CA, as well as the Certificates, the validity of which was suspended, are subject to an unscheduled change.

Information privacy:

20.3.1. Types of confidential information.

20.3.1.1. The electronic signature key corresponding to the CA User Certificate is confidential information of the CA User. The CA of the KhMBO GO does not store the ES Keys of the CA Users.

20.3.1.2. Personal and corporate information about the Users of the CA, stored in the CA of the KhMBO GO and not subject to direct distribution as part of the Certificate, is considered confidential.

20.3.1.3. Access passwords to the key carrier are confidential information.

20.3.1.4. Reporting materials on the performed inspections of the activities of the CA KMBO GO are confidential information.

20.3.2. Types of information that is not confidential.

20.3.2.1. Public information may be published by decision of the CA KCBO GO. The place, method and time of publication of open information is determined by the CA of the KCBO GO.

20.3.2.2. The information included in the Certificates and Lists of revoked certificates issued by the CA of the KhMBO GO is not considered confidential.

20.3.2.3. The information contained in these Regulations of the CA CMBO GO is not considered confidential.

20.3.3. Exclusive powers of the CA KHMBGO GO.

20.3.3.1. The CA of the KhMBO GO has the right to disclose confidential information to third parties only in cases established by law Russian Federation.

Certificate retention periods:

The period of storage of Certificates in the Certification Center of KhMBO GO is carried out during the entire period of activity of the Certification Center.

Responsibility of the parties:

20.5.1. For non-fulfillment or improper fulfillment of obligations under these Regulations, the Parties shall be liable to the extent of the amount of proven real damage caused to the Party by the failure to fulfill or improper fulfillment of obligations by the other Party. None of the Parties is responsible for lost income (lost profits) that the other Party would have received.

20.5.2. The Parties shall not be liable for non-fulfillment or improper fulfillment of their obligations under these Regulations, as well as losses incurred in connection with this in cases where this is the result of a counter non-fulfillment or improper counter-fulfillment by the other Party of the Rules of its obligations.

20.5.3. The Certification Center of the KhMBO GO is not liable for non-fulfillment or improper fulfillment of its obligations under these Regulations, as well as losses incurred in connection with this if the Certification Center of the KhMBO GO reasonably relied on the information specified in the Application for accession to the Regulations and in the Applications of the Users UC.

20.5.4. The liability of the Parties not regulated by the provisions of these Regulations shall be governed by the legislation of the Russian Federation.

Force Majeure:

20.6.1. The Parties are released from liability for full or partial failure to fulfill their obligations under these Regulations, if this failure was the result of force majeure circumstances that arose after joining these Regulations

20.6.2. Force majeure circumstances are recognized as extraordinary (i.e., beyond the reasonable control of the Parties) and unavoidable circumstances under the given conditions, including military operations, riots, natural disasters, strikes, technical failures in the operation of hardware and software, fires, explosions and other man-made disasters , actions (inaction) of state and municipal authorities, resulting in the inability of the Party / Parties to fulfill their obligations under these Regulations

20.6.3. In the event of force majeure circumstances, the deadline for the Parties to fulfill their obligations under these Regulations is extended in proportion to the time during which such circumstances are in effect.

20.6.4. The Party for which the impossibility of fulfilling its obligations under these Regulations has arisen must immediately notify the other Party in writing of the occurrence, expected duration and termination of force majeure circumstances, as well as provide evidence of the existence of these circumstances.

20.6.5. Failure to notify or untimely notification of the occurrence of force majeure circumstances entails the loss of the right to refer to these circumstances.

20.6.6. If the impossibility of full or partial fulfillment by the Parties of any obligation under these Regulations is due to force majeure and exists for more than one month, then each of the Parties has the right to unilaterally refuse to further fulfill this obligation, and in this case, none of The Parties are not entitled to demand compensation for the losses incurred by it by the other Party

Dispute Resolution:

20.7.1. The parties to the dispute, if it arises, are the Bank and the Party that acceded to the Regulations.

20.7.2. When considering disputes related to these Regulations, the Parties will be guided by the legislation of the Russian Federation.

20.7.3. The parties will accept all necessary measures in order to resolve them, first of all, in a claim procedure in case of disputes.

20.7.4. The Party that received a reasoned claim from the other Party is obliged to satisfy the claims stated in the claim within 14 (fourteen) business days or send a reasoned refusal to the other Party indicating the grounds for refusal. All required documents must be attached to the response.

20.7.5. Disputable issues between the Parties, not settled in the complaint procedure, are resolved in the Arbitration Court at the location of the Bank or branches.

Termination of the accession agreement:

The Party has the right to unilaterally terminate the agreement of accession to the Regulations of the UC KCBO GO.
If the Party is entity, then in order to terminate the current contract, it is necessary to submit to the CA KCBO GO an Application for termination of the contract in the form of Appendix No. 10
On the basis of the Application, the CA of the KhMBO GO cancels all valid and suspended certificates of employees of the Applicant Party
The date of termination of the agreement is the day following the date of publication of the list of revoked certificates canceled on the basis of the Application.
If the Party is individual, then the accession agreement is considered terminated after 1 (One) day from the date of cancellation (expiration) of the last User certificate.

Termination of the provision of services by the Certifying Center of the KhMBO GO

In the event of termination of the contractual relationship of accession to the Regulations by one of the Parties, all signature key certificates owned by employees of the organization or CA Users who have acceded to the Regulations are canceled by the Certification Center of the KhMBO GO.

Application No. 1

to the Regulations of the Certification Center of the Head Office

PJSC "Khanty-Mansiysk Bank Otkritie"

Khanty-Mansi bank Opening» rules. 3. Bids must... have previously been submitted to the Public joint-stock company « Khanty-Mansi bank Opening", please make the appropriate link and ...

"Khanty-Mansiysk Bank Otkritie" (4)

Tender documentation

In accordance with the approved in PJSC " Khanty-Mansi bank Opening» rules. 3. Bids must ... in paragraphs 3.4.–3.5. previously represented in PJSC " Khanty-Mansi bank Opening

Khanty-Mansiysk Bank Otkritie (7)

Tender documentation

In accordance with the approved in PJSC " Khanty-Mansi bank Opening» rules. 3. Bids must contain ... in p.p. 3.5–3.7 were previously submitted to PJSC “ Khanty-Mansi bank Opening", please make an appropriate link and agree ...

1. Information in electronic form, signed with a qualified electronic signature, is recognized as an electronic document equivalent to a paper document signed with a handwritten signature, and can be used in any legal relationship in accordance with the legislation of the Russian Federation, except if federal laws or adopted in accordance with their regulatory legal acts establish the requirement for the need to draw up a document exclusively on paper.

(see text in previous edition)

3. If, in accordance with federal laws, regulatory legal acts adopted in accordance with them, or business practice, a document must be certified by a seal, an electronic document signed with an enhanced electronic signature and recognized as equivalent to a paper document signed with a handwritten signature is recognized as equivalent to a document on hard copy, signed with a handwritten signature and certified by a seal. Federal laws, regulatory legal acts adopted in accordance with them, or an agreement between participants in electronic interaction may provide for additional requirements for an electronic document in order to recognize it as equivalent to a document on paper, certified by a seal.

3.1. If federal laws and regulatory legal acts adopted in accordance with them provide that a document must be signed by several persons, an electronic document must be signed by persons (authorized officials body, organization) that produced this document, with the type of signature established by the legislation of the Russian Federation for signing the prepared electronic document with an electronic signature.

4. Several interconnected electronic documents (electronic document package) can be signed with one electronic signature. When signing a package of electronic documents with an electronic signature, each of the electronic documents included in this package is considered to be signed with an electronic signature of the type that signed the package of electronic documents. The exception is cases when the package of electronic documents by the person who signed the package includes electronic documents created by other persons (bodies, organizations) and signed by them with the type of electronic signature that is established by the legislation of the Russian Federation for signing such documents. In these cases, the electronic document included in the package is considered signed by the person who originally created such an electronic document, with the type of electronic signature with which this document was signed during creation, regardless of the type of electronic signature signed by the package of electronic documents.