Electronic signature on the UEC, what gives and if necessary? Part 4
This is the 4th post, which describes the capabilities of the UEC. Previous parts:
1) Experience in obtaining a universal electronic card. Pink theory versus harsh reality. Part 1
2) How I received a universal electronic card after 3 months of waiting. Part 2
3) Practical application of a universal electronic card (UEC) in the city and the Internet. Part 3
At first, I just wanted to issue a separate comment on my topic, the way I finally wrote down the electronic signature (EP) on the Universal Electronic Card (UEC). However, there is too much information for one comment, but it was still a bit poor before a separate topic. And now, almost a month after I took out Sberbank, and recorded an electronic signature on the UEC, I can say with absolute certainty that the Universal Smart Card with an electronic signature is really something worth it. Without an electronic signature, a piece of beautiful and still rare plastic, albeit more steep than the one used for making ordinary cards. But first things first.
')
A list of points where you can both apply for the UEC and write an ES in Moscow is here . Considering previous adventures (there was no certificate from KryptoPro at the Sberbank branch on Bolshaya Gruzinskaya (Belarusian), I had my own troubles with organizational issues at Kropotkinskaya), I decided not to risk it and wait until the May holidays were over and went to st. m. Kropotkinskaya, at the address Moscow, Soymonovsky Prospect, 5, after calling them at +7 (495) 669-07-68 and clarifying whether organizational issues have been resolved and whether they can write to me EP. As a result, having received an affirmative answer, I went there. Fortunately, such as I was a little bit, more precisely with such a question, I was alone, so I was not deprived of attention rays. In the corner there is a separate PC with a reader and a wired device for entering a security code. At first I inserted the reader into the reader, and out of the corner of my eye I saw that they had everything exactly as in this manual (start reading from page 41). Asked to enter PIN1. After that they asked for a passport and transferred all the information to the window (in the manual, page 43). At my request, they also entered the INN and e-mail there. After that entered PIN2. Then they printed one application for creating a qualified certificate of the electronic signature verification key (an example of what it looks like) , I signed it and gave it, and after that they printed 2 copies of the certificate of the electronic signature verification key and I signed for two sheets already, both sheets the head of the department stamped Sberbank and his painting. One sheet was given to me, the second remained in the bank.
For the twentieth time, I didn’t want to go to Sberbank because of possible jambs, so immediately after I was released, I sat down at a table, took out a reader, a netbook and tried UEC in action. I already wrote the instructions for installing software from CryptoPro, installing the certificate of UEC and installing a personal certificate here , so at that time I only had to install a personal certificate from the card to the computer. Everything went smoothly, and the software received both the reader and the card normally:
As a result, the certificate was successfully delivered ::
By the way, here are its properties:
Immediately after the recording, I was told that while it works only on public services (by the way, this is not quite the way it turned out, the electronic signature can be used offline, I will describe it below), so I immediately went to the portal of public services and chose the cherished method of entry:
After pressing the cherished button, a window immediately popped up, offering to choose a certificate:
And everything went so far without a hitch until that moment, as the tar spoon turned out to be: after pressing the “Ok” button when choosing a certificate and before the appearance of a window with a suggestion to enter a PIN-code that displays CryptoPro, it takes 37.8 seconds. And this is not a one-off event, I sometimes put software from CryptoPro on computers, and almost all the computers on which I put this software, there is exactly the same situation, with a difference of 2-4 seconds. And only on one or two computers, it turned out that the window was displayed immediately, although I had already forgotten what it was, so I can invent it. In addition, the browser plugin is also responsible for this window, so it can only have a problem, but in addition to forty seconds of waiting, Google Chrome displays a window that the plugin is not responding, and you have to kill it. Naturally, the plugin fulfills its own, and a window with a field for entering the PIN-code appears, but the fact remains - extra windows appear. So here it is, the culprit of the forty-second celebration:
And after entering the password (PIN2) in a couple of seconds, we find ourselves in a private office on state services. There are no options within the public services related to the ES, except for the inactive counter of the remaining number of days of the certificate of the ES:
When applying for some services, you can sign the ES:
However, there are no really interesting actions with the ES, except for one service from the Ministry of Communications: it is called “Confirmation of the authenticity of the ES of the certificate”. It is necessary to extract a certificate from IE and upload it to the PGU. From IE 10 it can be pulled out like this: Internet Options-> Content tab -> Certificates block Certificate button -> Personal tab -> select a certificate and click the Export button -> Next-> No, export private key-> “DER-encoded X.509 files (.CER)” -> select the file name and the place where it should be exported. For example, on the desktop-> Next-> Done.
Now we go to the main page of the PGU, we find the "Ministry of Communications and Mass Communications of the Russian Federation and choose" Confirmation of the authenticity of the ES certificate ". And click the "Get" button in the upper right corner. True, it was not without dances, although IE could be the cause: I uploaded the file, it appeared in the list of downloaded files, selected all 3 checkboxes for notifications and clicked “Submit Application”. The page was loaded for a long time, and then just the download stopped and I stayedat the broken trough on the same page. But with this, opening in the neighboring tab of the PGU, I went to “My applications” and this statement appeared there with the status “Sent to the Office”. And after about a minute, the answer came that everything was ready.
Now, as for the license for CryptoPro. He is in the usual case - paid. I also wrote a request in advance technical support, and the general meaning is as follows:
State services are certainly good, but a much more practically applicable option for using UEC is the ability to sign MS Office documents as well as pdf-files.
In order to sign MS Office files, you need to download CryptoPro Office Signature (trial for 90 days), and now you can sign MS Office files as well. How to use it is written in the instructions.
It looks like this in Office:
When you click on the button "Add electronic signature" a window appears where you need to enter the text that will be displayed.
Then, after clicking “Ok”, the CryptoPinsky PIN input window from the card appears, and after entering the PIN code, the following window appears:
Well, viewing the EDS in the Word itself:
Plus, as stated in the instructions, you can insert your own “manual” signature, for convenience of perception, and sign an EDS document. A kind of stamp. It looks like this:
Unfortunately CryptoPro PDF is not set, because requires CryptoPro CSP 3.6. This is despite the fact that I have version 3.6, but it is specifically designed for UEC, although I doubt that there is a big difference between the UEC version of CryptoPro CSP 3.6 and the simple CryptoPro CSP 3.6.
EP is a very interesting thing, but in the absence of a real need to sign documents with its help, it becomes only a pleasant bonus, for which earlier, and even now, people pay Rostelecom (like) money.
Then came an interesting comment about the policy OMS. It is worth thinking.
PS Here they write that from May 23, you can enter the public services on the UEC. In fact, apparently this is the official answer, which is given after everything is completed and nothing breaks. In fact, already on May 13th (it was then that I was recorded as an ES), I was able to log in to state services for UEC. The only change that happened at the end of May was that they updated the login page, added a “UEC” slash and changed the picture, where they added an UEC image to the token.
PPS Here they put in a video, which is already more than a year old - there are no pharmacies in the background for a long time - from December 2011 to March-April 2012 there was the Public Reception Office of Mikhail Prokhorov, and now there is an organization in this room connected with business support. And what's more, the last time I visited this infomat about a month ago, and there in general, it seems like no cards can be inserted. In the week I drop by, I'll try again.
1) Experience in obtaining a universal electronic card. Pink theory versus harsh reality. Part 1
2) How I received a universal electronic card after 3 months of waiting. Part 2
3) Practical application of a universal electronic card (UEC) in the city and the Internet. Part 3
At first, I just wanted to issue a separate comment on my topic, the way I finally wrote down the electronic signature (EP) on the Universal Electronic Card (UEC). However, there is too much information for one comment, but it was still a bit poor before a separate topic. And now, almost a month after I took out Sberbank, and recorded an electronic signature on the UEC, I can say with absolute certainty that the Universal Smart Card with an electronic signature is really something worth it. Without an electronic signature, a piece of beautiful and still rare plastic, albeit more steep than the one used for making ordinary cards. But first things first.
')
Record of the qualified electronic signature on UEK
A list of points where you can both apply for the UEC and write an ES in Moscow is here . Considering previous adventures (there was no certificate from KryptoPro at the Sberbank branch on Bolshaya Gruzinskaya (Belarusian), I had my own troubles with organizational issues at Kropotkinskaya), I decided not to risk it and wait until the May holidays were over and went to st. m. Kropotkinskaya, at the address Moscow, Soymonovsky Prospect, 5, after calling them at +7 (495) 669-07-68 and clarifying whether organizational issues have been resolved and whether they can write to me EP. As a result, having received an affirmative answer, I went there. Fortunately, such as I was a little bit, more precisely with such a question, I was alone, so I was not deprived of attention rays. In the corner there is a separate PC with a reader and a wired device for entering a security code. At first I inserted the reader into the reader, and out of the corner of my eye I saw that they had everything exactly as in this manual (start reading from page 41). Asked to enter PIN1. After that they asked for a passport and transferred all the information to the window (in the manual, page 43). At my request, they also entered the INN and e-mail there. After that entered PIN2. Then they printed one application for creating a qualified certificate of the electronic signature verification key (an example of what it looks like) , I signed it and gave it, and after that they printed 2 copies of the certificate of the electronic signature verification key and I signed for two sheets already, both sheets the head of the department stamped Sberbank and his painting. One sheet was given to me, the second remained in the bank.
Operation check
For the twentieth time, I didn’t want to go to Sberbank because of possible jambs, so immediately after I was released, I sat down at a table, took out a reader, a netbook and tried UEC in action. I already wrote the instructions for installing software from CryptoPro, installing the certificate of UEC and installing a personal certificate here , so at that time I only had to install a personal certificate from the card to the computer. Everything went smoothly, and the software received both the reader and the card normally:
As a result, the certificate was successfully delivered ::
By the way, here are its properties:
Authorization on public services
Immediately after the recording, I was told that while it works only on public services (by the way, this is not quite the way it turned out, the electronic signature can be used offline, I will describe it below), so I immediately went to the portal of public services and chose the cherished method of entry:
After pressing the cherished button, a window immediately popped up, offering to choose a certificate:
And everything went so far without a hitch until that moment, as the tar spoon turned out to be: after pressing the “Ok” button when choosing a certificate and before the appearance of a window with a suggestion to enter a PIN-code that displays CryptoPro, it takes 37.8 seconds. And this is not a one-off event, I sometimes put software from CryptoPro on computers, and almost all the computers on which I put this software, there is exactly the same situation, with a difference of 2-4 seconds. And only on one or two computers, it turned out that the window was displayed immediately, although I had already forgotten what it was, so I can invent it. In addition, the browser plugin is also responsible for this window, so it can only have a problem, but in addition to forty seconds of waiting, Google Chrome displays a window that the plugin is not responding, and you have to kill it. Naturally, the plugin fulfills its own, and a window with a field for entering the PIN-code appears, but the fact remains - extra windows appear. So here it is, the culprit of the forty-second celebration:
And after entering the password (PIN2) in a couple of seconds, we find ourselves in a private office on state services. There are no options within the public services related to the ES, except for the inactive counter of the remaining number of days of the certificate of the ES:
Applying for a service at the PGU using the ES
When applying for some services, you can sign the ES:
However, there are no really interesting actions with the ES, except for one service from the Ministry of Communications: it is called “Confirmation of the authenticity of the ES of the certificate”. It is necessary to extract a certificate from IE and upload it to the PGU. From IE 10 it can be pulled out like this: Internet Options-> Content tab -> Certificates block Certificate button -> Personal tab -> select a certificate and click the Export button -> Next-> No, export private key-> “DER-encoded X.509 files (.CER)” -> select the file name and the place where it should be exported. For example, on the desktop-> Next-> Done.
Now we go to the main page of the PGU, we find the "Ministry of Communications and Mass Communications of the Russian Federation and choose" Confirmation of the authenticity of the ES certificate ". And click the "Get" button in the upper right corner. True, it was not without dances, although IE could be the cause: I uploaded the file, it appeared in the list of downloaded files, selected all 3 checkboxes for notifications and clicked “Submit Application”. The page was loaded for a long time, and then just the download stopped and I stayed
Now, as for the license for CryptoPro. He is in the usual case - paid. I also wrote a request in advance technical support, and the general meaning is as follows:
My letter
The instructions on your website: www.cryptopro.ru/sites/default/files/private/uec/uec-crypto-pro.pdf says that to obtain a license for CryptoPro UEC CSP (Kernel version 3.6.5364641; Product version 3.6 .6511) it is necessary to contact this address, i.e. support@cryptopro.ru
Please tell me how can I get a license for CryptoPro UEC CSP?
Answer 1
The instruction you are studying is intended for PPV Operators.
Individuals usually receive a license embedded in the certificate. But it already depends on the CA in which this certificate is issued.
You can send your certificate and I will tell whether the license is embedded in it or not.
Answer 2
Most CAs issue certificates for UEC, which have a built-in license for CryptoPro UEC CSP. Its validity is limited to the validity of the certificate.
This license is intended only for the operation of this certificate with the corresponding private key.
Answer 3
If the certificate has a license, then as soon as the date in the screenshot:
The ability to work with this certificate and its corresponding private key will still be possible.
Work with electronic signature outside the framework of public services
State services are certainly good, but a much more practically applicable option for using UEC is the ability to sign MS Office documents as well as pdf-files.
MS Office
In order to sign MS Office files, you need to download CryptoPro Office Signature (trial for 90 days), and now you can sign MS Office files as well. How to use it is written in the instructions.
It looks like this in Office:
When you click on the button "Add electronic signature" a window appears where you need to enter the text that will be displayed.
Then, after clicking “Ok”, the CryptoPinsky PIN input window from the card appears, and after entering the PIN code, the following window appears:
Well, viewing the EDS in the Word itself:
Plus, as stated in the instructions, you can insert your own “manual” signature, for convenience of perception, and sign an EDS document. A kind of stamp. It looks like this:
Signed pdf files.
Unfortunately CryptoPro PDF is not set, because requires CryptoPro CSP 3.6. This is despite the fact that I have version 3.6, but it is specifically designed for UEC, although I doubt that there is a big difference between the UEC version of CryptoPro CSP 3.6 and the simple CryptoPro CSP 3.6.
Total
EP is a very interesting thing, but in the absence of a real need to sign documents with its help, it becomes only a pleasant bonus, for which earlier, and even now, people pay Rostelecom (like) money.
Then came an interesting comment about the policy OMS. It is worth thinking.
PS Here they write that from May 23, you can enter the public services on the UEC. In fact, apparently this is the official answer, which is given after everything is completed and nothing breaks. In fact, already on May 13th (it was then that I was recorded as an ES), I was able to log in to state services for UEC. The only change that happened at the end of May was that they updated the login page, added a “UEC” slash and changed the picture, where they added an UEC image to the token.
PPS Here they put in a video, which is already more than a year old - there are no pharmacies in the background for a long time - from December 2011 to March-April 2012 there was the Public Reception Office of Mikhail Prokhorov, and now there is an organization in this room connected with business support. And what's more, the last time I visited this infomat about a month ago, and there in general, it seems like no cards can be inserted. In the week I drop by, I'll try again.
Source: https://habr.com/ru/post/180739/
All Articles