Electronic signature in simple words

Almost a year ago (April 6, 2011) a new federal law on electronic signature (EP) - N 63-FZ “On electronic signature” was issued instead of the old Federal Law No. 1-FZ dated January 10, 2002. When the old law was abolished, many sighed with relief, it was too painful for the commercial sector. Theory and practice of dealing with electronic signature in this topic.

So, the new Federal Law introduced the following innovations:

• two authorized bodies;
• voluntary accreditation of CAs.

But first things first.
')
1. The old electronic signature has been transformed into three types of electronic signature, differing in the degree of reliability of the technologies used:
Simple - just use a code or password;
Unqualified - you can use any crypto tools to create an ES;
Skilled - you can use cryptographic tools that have a certificate (FSB) and an accredited CA, but more on that later.

2. The new Federal Law introduces two authorized bodies:

• The body responsible for the policy on the use of electronic signature and accreditation of TC - Government Decree number 976 of November 28, 2011 was appointed by the Ministry of Communications and Mass Media.
• The body responsible for security is the FSB, everything is clear.

In addition, these two bodies needed to develop bylaws, without them the use of 63-FZ was equal to the application of 1-, but first about accreditation.

3. AC accreditation - confirmation of the CA that it is a reliable CA. Gives the chance to generate the qualified EP. If you are not a government agency and you can use unqualified EA, then you do not need to be accredited. I didn’t think about government agencies, because On February 9, 2012, PP No. 111 was issued, which obliges state bodies to use qualified ES, the same applies to public services — PP No. 861 of October 24, 2011.
As before, you can use the services of a third-party CA, but here you have to make sure that it is accredited (otherwise why?), And owners of such CAs must be accredited in a hurry.

Now, how it looks in practice

If you use a simple or unqualified signature, then everything is simple. Do not forget to enter into an agreement on electronic interaction, which will give legal significance to your interaction.

With qualified everything is more difficult. To get it into use, you need an accredited CA and fulfillment of a number of conditions.

For accreditation of TC, the Ministry of Communications and Mass Media has already issued two of the three by-laws stipulated in the new Federal Law:

• Order No. 242 of September 29, 2011, approving the procedure for transferring the register of accredited CAs to storage at the Ministry of Communications and Mass Media, in the event of termination of such CA;
• Order No. 250 of October 5, 2011, approving the procedure for maintaining a register of accredited CAs.

But the Ministry of Communications has not yet released the most important document approving the rules for accreditation of the TC itself, however, there is no such draft order as of September 5, 2011. However, you will not find a single accredited CA.

The FSB, in turn, also issued two of the three by-laws specified in the new Federal Law:

• FSB Order No. 795 of December 27, 2011 - establishes the requirements for the form of qualified certificates. I would characterize this document as an adapted translation of RFC 2459 under the Russian reality;
• FSB Order No. 796 of December 27, 2011 - establishes requirements for ES facilities and CA facilities (in fact, these are cryptographic tools and other means with which you do CA).

In general, everything is smooth, the conditions for the creation of a qualified ES other than an accredited CA, which I mentioned above, are precisely the confirmation of compliance of all the used tools with the requirements of the FSB. But the FSB issued the requirements, but the procedure for confirming the compliance of the ES and CA resources with these requirements is not yet available. It is clear only that this will be an analogy of the certificates of the FSB for cryptographic tools.

In general, the prognosis is favorable, if you are not a state, you can easily get by with unqualified EA, but will they let you into any single settlement system until the question.

And yet, I shared a selection of bookmarks with all the documents mentioned.