Digital signature and e-procurement
It just so happened that last year, by the will of fate, I joined the state structure. And he immediately received the task to establish electronic digital signatures in the management of the municipal order for participation in electronic trading. Prior to that, I have never come across a digital signature in practical use. And most recently, from January 1, the portal zakupki.gov.ru , through which all government procurement must pass, began to work.
In this article I will describe what problems I encountered during the setup stages and how I overcame them. I will try to write simply about the complex - EDS, cryptography, public and private keys. To some extent this applies to work on all authorized electronic platforms.
')
Using the example of a real situation, we will consider all stages of installing a digital signature and setting up a workplace. I hope my material will help those who are just starting to work with EDS, and in particular with e-procurement.
So, from January 1, 2011 all government orders go through zakupki.gov.ru.
Quote: “Article 16 of Law No. 94-FZ from 01/01/2011 provides for the commissioning of a single information resource on state and municipal procurement - the official website of the Russian Federation (www.zakupki.gov.ru) on the Internet to post information about placing orders on the supply of goods, the performance of work, the provision of services for federal needs, the needs of constituent entities of the Russian Federation and municipal needs. ”
In words, as usual, everything is fine. In fact, the opposite is true. Users are afraid of new technologies, so for them the transition to EDS should be as painless as possible. All work with EDS by the user should look like that - put in the electronic key and started working with the portal.
In my practice, there was a very interesting moment, when one friend of a megayuver argued that an EDS is just a scanned personal signature that needs to be attached to the document as an attachment through any email client when sending a letter.
Also, users should not get the impression that the media, be it a Token, a floppy disk or a USB flash drive, is a full-fledged EDS. Without a private key inside and key bundle settings, these are just useless things that look like flash drives.
So now there will be some terminology.
A certification center is a place where you need to go for obtaining EDS. The procedure for obtaining associated with the generation of applications and paperwork. It is also necessary to determine the rights that you need in the system. In detail, I will not focus attention on getting EDS, in each center there are nuances and AWP for generating applications.
Let us turn to what u should have on hand after you have completed the process of obtaining an EDS in a certification authority:
Root certificates are .cer file (s), without them nothing will not work, as they allow the system to identify the certification authority. Be sure to request them from your center, although they are usually in the public domain and can be downloaded from official sites.
The public key is a .cer file format, usually named. It can be sent to anyone and any way. This is public information that will help identify the owner of the electronic key.
Private key - a set of files that must be stored on electronic media. They look like an adacadabra, but with the loss of these files, serious consequences are possible. Suddenly, the attacker wants to use them, but there is no special hope for pin codes and the built-in protection of hope. In any case, at the slightest suspicion of losing the key, you must write an application to the certificate authority for certificate revocation. And go through the procedure of receiving anew. So you can avoid unnecessary “headache”.
The cryptographic provider program is vital for work with eds. We have a Crypto Pro, and I have not used others. An important nuance, the version of Crypto Pro 3.0 does not work with Win7, version 3.6 is required. WinXP works with all versions.
Everything, with the terms finished, now let's proceed specifically to the process of setting up the user's workplace, on whose face there is a puzzled expression with a dumb question: “Well, why do I need this EDS?” To buy, for example, yogurt, you must create a quote on the procurement portal.
So, let's go:
1. Install the crypto-provider . Run the Crypto-CSP installer, set up readers (i.e., if your private key is on a floppy disk, then the reader will have a floppy), enter the license, then, next, then - ready. Offsite .
2. Download and install the Capicom version 2.1.0.2 object. It is necessary for correcting work with platforms. It lies on the Microsoft site - here .
3. If necessary, install drivers for the correct operation of the media (Tokens, smart cards). They can be found on official sites. We use RuTokens.
4. Install the root certificates . We place them in storage of root certificate authorities.
5. Create a bunch of keys through crypto-pro. This is done quite simply. We start the crypto-pro, choose “Service -> install personal certificate”. Specify the public key, specify the media private key, enter the PIN code, put the certificate in the personal vault.
That's it, EDS is configured. Congratulations! But ... it remains to do some manipulations with the browser. The browser, by the way, for working with trading platforms is only Internet Explorer .
First, we bring the electronic platform into safe nodes, exactly as on the screenshot.
Secondly, for secure nodes we allow the use of all ActiveX components. Yes, and in the safe nodes do not add dangerous!
Third, allow all departing add-ins on the pads, otherwise there will be various problems.
How to check the performance of EDS? There is a test page on the MICEX electronic site, where you can check the performance of the EDS, and understand what is missing to complete the work.
Now I will describe one nuance that relates to the portal zakupki.gov.ru. There is a component to generate a signature Lanit, without which it is not possible to sign anything on the portal. He pops up as an unknown add-on on the site, and when downloading is called sign.cab. Installs simply, unpack the cab-file and run the installer. Simply! However, this nuance is very easy to miss. Download from here .
I would also like to note that the work of the portal leaves much to be desired, various system errors pop up, it is very difficult to communicate with technical support. However, it is possible and necessary to work with it, and I hope all problems will soon be fixed.
That's all for today. I hope this article will help you understand some aspects of working with electronic platforms and EDS. Thanks to everyone who mastered.
In this article I will describe what problems I encountered during the setup stages and how I overcame them. I will try to write simply about the complex - EDS, cryptography, public and private keys. To some extent this applies to work on all authorized electronic platforms.
')
Using the example of a real situation, we will consider all stages of installing a digital signature and setting up a workplace. I hope my material will help those who are just starting to work with EDS, and in particular with e-procurement.
So, from January 1, 2011 all government orders go through zakupki.gov.ru.
Quote: “Article 16 of Law No. 94-FZ from 01/01/2011 provides for the commissioning of a single information resource on state and municipal procurement - the official website of the Russian Federation (www.zakupki.gov.ru) on the Internet to post information about placing orders on the supply of goods, the performance of work, the provision of services for federal needs, the needs of constituent entities of the Russian Federation and municipal needs. ”
In words, as usual, everything is fine. In fact, the opposite is true. Users are afraid of new technologies, so for them the transition to EDS should be as painless as possible. All work with EDS by the user should look like that - put in the electronic key and started working with the portal.
In my practice, there was a very interesting moment, when one friend of a megayuver argued that an EDS is just a scanned personal signature that needs to be attached to the document as an attachment through any email client when sending a letter.
Also, users should not get the impression that the media, be it a Token, a floppy disk or a USB flash drive, is a full-fledged EDS. Without a private key inside and key bundle settings, these are just useless things that look like flash drives.
So now there will be some terminology.
A certification center is a place where you need to go for obtaining EDS. The procedure for obtaining associated with the generation of applications and paperwork. It is also necessary to determine the rights that you need in the system. In detail, I will not focus attention on getting EDS, in each center there are nuances and AWP for generating applications.
Let us turn to what u should have on hand after you have completed the process of obtaining an EDS in a certification authority:
Root certificates are .cer file (s), without them nothing will not work, as they allow the system to identify the certification authority. Be sure to request them from your center, although they are usually in the public domain and can be downloaded from official sites.
The public key is a .cer file format, usually named. It can be sent to anyone and any way. This is public information that will help identify the owner of the electronic key.
Private key - a set of files that must be stored on electronic media. They look like an adacadabra, but with the loss of these files, serious consequences are possible. Suddenly, the attacker wants to use them, but there is no special hope for pin codes and the built-in protection of hope. In any case, at the slightest suspicion of losing the key, you must write an application to the certificate authority for certificate revocation. And go through the procedure of receiving anew. So you can avoid unnecessary “headache”.
The cryptographic provider program is vital for work with eds. We have a Crypto Pro, and I have not used others. An important nuance, the version of Crypto Pro 3.0 does not work with Win7, version 3.6 is required. WinXP works with all versions.
Everything, with the terms finished, now let's proceed specifically to the process of setting up the user's workplace, on whose face there is a puzzled expression with a dumb question: “Well, why do I need this EDS?” To buy, for example, yogurt, you must create a quote on the procurement portal.
So, let's go:
1. Install the crypto-provider . Run the Crypto-CSP installer, set up readers (i.e., if your private key is on a floppy disk, then the reader will have a floppy), enter the license, then, next, then - ready. Offsite .
2. Download and install the Capicom version 2.1.0.2 object. It is necessary for correcting work with platforms. It lies on the Microsoft site - here .
3. If necessary, install drivers for the correct operation of the media (Tokens, smart cards). They can be found on official sites. We use RuTokens.
4. Install the root certificates . We place them in storage of root certificate authorities.
5. Create a bunch of keys through crypto-pro. This is done quite simply. We start the crypto-pro, choose “Service -> install personal certificate”. Specify the public key, specify the media private key, enter the PIN code, put the certificate in the personal vault.
That's it, EDS is configured. Congratulations! But ... it remains to do some manipulations with the browser. The browser, by the way, for working with trading platforms is only Internet Explorer .
First, we bring the electronic platform into safe nodes, exactly as on the screenshot.
Secondly, for secure nodes we allow the use of all ActiveX components. Yes, and in the safe nodes do not add dangerous!
Third, allow all departing add-ins on the pads, otherwise there will be various problems.
How to check the performance of EDS? There is a test page on the MICEX electronic site, where you can check the performance of the EDS, and understand what is missing to complete the work.
Now I will describe one nuance that relates to the portal zakupki.gov.ru. There is a component to generate a signature Lanit, without which it is not possible to sign anything on the portal. He pops up as an unknown add-on on the site, and when downloading is called sign.cab. Installs simply, unpack the cab-file and run the installer. Simply! However, this nuance is very easy to miss. Download from here .
I would also like to note that the work of the portal leaves much to be desired, various system errors pop up, it is very difficult to communicate with technical support. However, it is possible and necessary to work with it, and I hope all problems will soon be fixed.
That's all for today. I hope this article will help you understand some aspects of working with electronic platforms and EDS. Thanks to everyone who mastered.
Source: https://habr.com/ru/post/115749/
All Articles