1. What is an electronic signature?
An electronic signature (electronic digital signature) is a requisite of an electronic document that makes it possible to establish the absence of distortion of information in an electronic document from the moment of its signing and to verify that the signature belongs to the owner of the key certificate electronic signature. The value of the attribute is obtained as a result of cryptographic transformation of information using the private signature key. An electronic signature is analogous to a handwritten signature. The use of electronic signatures in Russia is regulated federal law No. 63-FZ dated April 6, 2011
2. How to create an electronic signature?
You can create your own electronic signature using the “Key Management” section of the main menu of the system if you have a code word, which you must indicate in the Client Questionnaire when visiting our office in person or during the process of opening an account online.
To create and use an electronic digital signature in the system, you must also sign an Agreement on the use of documents in electronic form at the company's office or in any other possible way.
3. How to change an electronic signature?
An electronic signature cannot be changed. However, you can create new key electronic signature using the “Key Management” section of the main menu of the system. To do this you will need to enter your code word. After creating a new electronic signature key, your old key is cancelled.
4. How safe is it to use an electronic signature?
An electronic signature is almost impossible to forge. However, you must take some precautions. Keep the electronic signature key in places inaccessible to unauthorized persons! Do not give the key file and access password to anyone! If you have suspicions that your electronic signature key may be used by other persons, immediately notify the Company by phone: +7 812 635 68 65. The Client bears full responsibility for the safety of the electronic signature key and passwords.
5. I forgot my electronic signature key password, what should I do?
The electronic signature key password cannot be recovered. If you have forgotten it, create a new electronic signature using the “Key Management” section of the system’s main menu. To do this, you will need to enter your code word. After creating a new electronic signature key, your old key is canceled.
If you suspect that your electronic signature keys may have been changed by third parties, immediately notify the customer service department by phone. +7 812 635-68-65 to block access to your account and cancel your electronic signature key.
6. I forgot my code word, what should I do?
The code word cannot be recovered. We cannot send it to your email address or tell you over the phone. To change the code word, you need to come to one of our offices in person. Check again how you enter your code word. It must be entered exactly as you wrote it in the Client Questionnaire. Check the letter case (small or capital) and keyboard layout (input language, etc.).
7. Computer requirements for signing documents with an electronic signature
The Java component must be installed and enabled in your browser settings on your computer. Virtual Machine(JVM, Java virtual machine), which is needed to launch and operate applets (downloadable software modules) generation of keys and electronic signatures for documents.
With Microsoft Browser Internet Explorer The Java machine is usually supplied from Microsoft– Microsoft VM. You can also install a similar component from SUN (SUN Java Virtual Machine browser plug-in), which can be downloaded from the SUN website.
After downloading the file, double-click to start installing the component. After the component is installed, you must restart your computer.
The service works correctly with components 3 of Microsoft VM version 5.0 and higher, as well as Sun Java browser plug-in version 1.4.2_03 and higher, 1.5.0 and higher, 1.6.0 and higher.
You can view information about the installed Java VM component (and also enable/disable it) in the browser menu “Tools” -> “Internet Options” on the “Advanced” tab; in the window that opens, look for the section about VM (Microsoft VM or Java (Sun)).
The version of the Microsoft VM component can be viewed in the menu “View” -> “Java language window” (Java console), if the “Java console enabled” option is enabled on the “Advanced” tab.
If you have both Microsoft VM and Sun Java plug-in installed and enabled in your browser, then one of them must be disabled.
If you use a browser other than Microsoft Internet Explorer, we recommend choosing a browser installation package with Java or additionally installing a Java machine from Sun.
For users operating system Linux, we recommend installing a Java machine from Sun version no lower than 1.5.0, which can be downloaded from
When using the taxpayer’s online account, a simplified mechanism for certifying documents using an electronic signature (ES) has been introduced. Innovations recently are associated with the installation of a new electronic signature for users old version account. During the registration procedure, an error often occurs when generating a certificate in the taxpayer’s personal account, which can be resolved in several ways.
Scheme for creating an electronic signature
An electronic signature is a strengthened version of confirmation that a document is recognized as valid and is equivalent to a paper form where written initials are placed. During the process of registering an account on the site tax service It is possible to create an unqualified type of electronic signature with the following properties:
- used in document flow within the Federal Tax Service;
- The encryption system is characterized by a high level of security.
As mentioned above, an electronic signature was available in the old account, but in updated version have to register new certificate. Moreover, it is proposed to store the registered electronic signature at the user’s station or at the Federal Tax Service service. In view of fraudulent activities, it is recommended to use the latter option, since it is mostly safe and can be used on mobile gadgets. When a taxpayer wants to install an electronic signature on his PC, he will need to ensure that the key is protected with special programs. Responsibility rests with the user.
Instructions for obtaining electronic signature
Following the procedure below, the user will quickly register the certificate. To do this you need:
- log in to your personal account (enter login, password or apply data account in State Services);
- open your profile - click on the item where your full name and tax identification number are indicated;
- in your profile, click on the “Get electronic signature” service;
- mark the desired storage option in the list of suggested ones;
- set a password combination to open a certificate;
- Confirm previously entered data by re-typing;
- Click on the “Send request” command.
Attention! When information is sent to the service, “Generation of electronic signature” appears on the page.
Pay attention! The process requires the installation of a program that generates keys. All characteristics are indicated under the “System requirements” item. Versions available for operating systemsWindows AndMacOs.
At the creation stage, there is a function for registering an existing qualified electronic signature. It implies possession of a certificate issued by a certified center, namely: the organization must be accredited by the Ministry of Telecom and Mass Communications of Russia. For successful work In the taxpayer’s account, data should be exchanged in order to subsequently use the electronic document in the electronic document management system of the tax service.
A certificate generation error occurs
During the registration process, the user may receive a message: “Error generating certificate.” An incident happens for various reasons:
- carrying out technical work on the Federal Tax Service website;
- Registration of electronic signature takes a long time in most cases.
Based on reviews from citizens who have been using the electronic signature of the Federal Tax Service for a long time, the conclusion arises that registration of code combinations takes 30 minutes, and in some cases extends to 2 days. Then the question arises, how much is formed? personal account taxpayer.
Pay attention! When starting the service, a message appears about the duration of registration and the ability to exit the account if necessary, which does not interfere with the procedure for generating data.
Situations cannot be excluded when installation is not completed additional programs to generate codes (the user did not use the link when reading the system requirements). As a result, the service will not be able to find a workstation to save information.
Options for solving the problem
If an error problem is identified when generating an electronic signature in the taxpayer’s account, you should resort to one of the methods:
- try to download the certificate again - often a secondary or tertiary attempt ends in success, since the system may be reloaded with applications;
- familiarize yourself with the schedule of technical work on the Federal Tax Service website and reschedule the procedure for another day;
- after sending a request to register an electronic key, exit your account, since notification of the assignment of a certificate will arrive at the next authorization;
- contact the tax office, presenting your TIN and passport.
Important to know! Often, the initial launch of certificate generation does not allow obtaining data. However, when the operation is repeated, everything ends successfully. Moreover, the secondary request is made on the same day or a week later.
Viewing certificate details
When the user manages to obtain an electronic signature from the Federal Tax Service, a message appears about the release of keys. There are two options available:
- viewing;
- review.
If you select View Certificate, you must enter the password you previously set during the registration process. As a result, a window with information opens:
- SNILS;
- owner;
- validity period;
- number;
- publisher;
- email address.
And before sending the documents in the taxpayer’s personal account, they entered password for the electronic signature certificate, or to put it in simple language signed our “tolmuts” with an electronic signature.
Somehow I lost sight of the fact that not everyone knows what it is. The topic is useful both for assistance in creating an electronic signature in your personal taxpayer account and for general education. Considering that many of my readers are pensioners - people of advanced age and not confident enough in communicating with, “I’ll sort everything out.”
First of all, let's figure out why an electronic signature is needed and what the password for the certificate is. Everything is simple here, just like a simple handwritten signature, it is needed to give any document legal force. But the simple one can be checked against the one in the passport and, at worst, a graphological examination of its authenticity can be carried out. But how to verify and check the electronic one? Here everything is much more complicated. But first, about the types and types.
Types and types of electronic signatures
I’ll say right away that there are not a great many species, but only two:
- simple electronic signature;
- reinforced;
Simple - this is a login and password. It confirms that it was sent by their owner. And nothing more. We are interested in the reinforced one. In addition to identifying the sender, it also confirms that the document has not been changed since signing and is equivalent to a piece of paper signed with a pen.
There are also two types of reinforced ones:
- qualified electronic signature;
- unskilled;
The tax office creates an unqualified enhanced electronic signature and it can be used in document flow only within the framework of the Federal Tax Service! But the use of a qualified signature is much wider, but to obtain it you must personally contact a certification center accredited by the Ministry of Telecom and Mass Communications of Russia. And this service is paid.
If you do purchase it, then you will have the opportunity to register with the tax authorities without going through the ordeal. And then log in using this very signature instead of your login and password when choosing this authorization method. By the way, and in too. And of course, sign everything possible for her electronic documents, including the tax office, of course.
This is followed by a general education program. If you are not interested in it, you can skip this section and scroll down. It already describes how to create an electronic signature in a taxpayer’s personal account and also about the password for the certificate. And I ask experts in the field of cryptography not to judge me harshly for some inaccuracies and simplifications in this opus.
Mechanism for sending documents signed with an enhanced electronic signature
It would be more correct to use the word algorithm instead of mechanism. But I will not frighten the main part of our audience - pensermen - with “abstruse” words. And don’t be alarmed, I’ll explain everything. So, how, for example, does Comrade Ivanov hand over signed documents to the Tax Office? Moreover, so that no one can read and replace them. In scientific language something like this:
First, Ivanov and the Tax Office generate public and private encryption keys. Then they exchange open ones among themselves. At the next stage:
- Ivanov encrypts the “message” with his private key and as a result it is signed.
- Next, Ivanov encrypts with the public key, which was previously sent to him by the Tax Service, what happened after completing point 1. Now no one outside will be able to read anything, even if they intercept it.
- After the Tax Service has received Ivanov’s “message”, it first decrypts it with its private key and sees Ivanov’s encrypted document there.
- This is where the Tax Office decrypts it using the public key given to it by Ivanov at the very beginning. As a result, Ivanov’s signature is verified.
And in the “worker-peasant” language of “appearances and passwords” it will be approximately similar to the following event:
First, Ivanov prepares a suitcase with a spare key and a paper with his own signed details, and a tax box also with a spare key. They go to the post office and send parcels to each other. Ivanov puts the key to the suitcase in a parcel post, and a paper with his details in a valuable letter and sends it separately. Tax office - a box by parcel and a parcel with one key, also separately.
Ivanov, having received the parcel and parcel, hides, for example, his signed document in a box and closes it with the key from the received parcel. He puts this secret box in his suitcase and also closes it with his own key. And then he sends this “matryoshka” by parcel to the Tax Office. He keeps the keys to the box and suitcase.
Why it is better to choose to store the key in the Russian Federal Tax Service system, I think you will not have any questions. If you have read the explanations, you will have noticed the undeniable advantages of this particular option.
After sending the request, a waiting window with a spinning circle appears. Sometimes it can linger for quite a long time:
Then a window will appear informing you that the certificate has been successfully issued. Here you can open a window with your certificate by clicking on the “View certificate” link:
in the window that pops up after this, enter the password that you already entered twice at the very beginning and the “Next” button:
And in the next window, admire your certificate, look at these same details that are verified by the tax office when they receive documents from you. It looks something like this:
Error generating ES certificate
In the first time after the launch of the tax website, this was a fairly common occurrence. Then everything seemed to “settle down.” Now such “glitches” have begun to arise again. For example, I find out about this by looking at the traffic statistics of this blog. It is increasing sharply. And all due to the article you are reading now.
In this regard, I can only say that the issue here is most likely not with you or the password, but with the overload of the Federal Tax Service portal. This is especially evident in the last days of submitting corporate tax returns and other tax payments. individuals. The lion's share of them usually occurs in the first quarter, that is, the beginning of the year.
So if the message “Error generating electronic signature certificate” appears on your monitor, don’t be too upset. Be patient and try this operation again. Better yet, come back to this another day. Perhaps the “glitches” will end by this time and you will be lucky.
What to do if you have forgotten the password to access the electronic signature verification key certificate
Don't be upset. There's nothing wrong with that. This is not a password from the taxpayer’s personal account, if lost, you will have to visit the Federal Tax Service again. This is the case if you did not bother to set a code word for its recovery by email.
Everything is much simpler here. Pay attention to the bottom window there is a link “Revoke the current certificate”. Feel free to click on it and then create a new certificate and you will have a new password:
of your time and in terms of cost savings. I'm not even talking about the fact that this is a more progressive stage in managing your affairs. And don’t be upset if you have lost the password to your digital signature certificate, you can always recover it.
Good luck to you! And see you soon on the pages of the PenserMan blog.
BASIC CONCEPTS
KSKPEP
– qualified electronic signature verification key certificate.
CEP– qualified electronic signature.
Crypto provider – a means of protecting cryptographic information security. A program with the help of which the closed part of an electronic signature is generated and which allows you to work with an electronic signature. This checkbox is checked automatically.
Exported key – the ability to copy an electronic signature to another medium. If there is no checkmark, copying an electronic signature will not be possible.
LMB– left mouse button.
RMB – right button mice.
CRM-AGENT– an application developed by CA specialists to simplify the procedure for generating a key pair, creating a request and recording a certificate.
After visiting the certification center and going through the procedure for verifying the identity of the person you indicated in the application email, The CA sent a letter containing a link to generate. If you have not received the letter, contact your manager or the Technical Support Center using the contact number in this guide.
Open the link to generate from the letter in one of the recommended browsers:Google Chrome, Mozilla Firefox, Yandex.Browser. If you are already in one of the above browsers, click on the link LMB or RMB> “Open link in new tab.” The generation page (Fig. 1) will open in a new window.
When you open the link, an initial warning will appear. Familiarize yourself with it if you use media to store CEPsJacarta LT . Read more about media atbelow. If you are using a different media, click the button "Close".
Fig. 1 – Generation page
Click on the link"Download the application" to start downloading. If nothing happens after clicking, click on the link RMB > "Open link in new tab". After downloading the application, run the installation.
It is recommended to disable antivirus software before downloading the program !
During the application installation process « crm - agent » a message requesting access will appear (Fig. 2).
Fig. 2 - Access request
Click the button "Yes".
After installing the application, return to the generation page. A message about “Granting access” will appear (Fig. 3).
Fig.3 - Access to the certificate store
Click "Continue" and, in the window that appears, "Grant access"(Fig.4).
Fig.4 – Access to certificate store 2
If the button does not appear "Continue"
If after installing the application « crm - agent » , the link to download the application has not disappeared, the reason may be that the connection is blocked by your security system.
To resolve the situation you must:
Disable the antivirus installed on your computer;
Open new tab in the browser;
Enter the address into the browser address bar without spaces - 127.0.0.1:90 – and go (pressEnter on the keyboard);
When a browser message appears "Your connection is not secure", add the page to browser exceptions. For example,Chrome: "Additional" - “Go to the site anyway”. For other browsers, use the appropriate developer instructions.
After the error message appears, return to the generation page and repeat Point 2 this instruction.
If you do not have pre-installed crypto providers, after the access stage, links to download CryptoPRO will appear (Fig. 5).
This is important: application « crm - agent » detects any crypto providers on your computer, and if you have a different one installed CryptoPRO CSP program (for example,VipNET CSP ), contact specialists technical support CA for consultation.
Click on the link "CryptoPRO 4.0" on the generation page or a similar link below to download the CryptoPRO installation file to your computer.
CryptoPro CSP 4.0 – version for OS Win 7 / 8 / 10
After downloading is complete, openzip-archive using an appropriate archiver program (for example,Win - RAR ). Inside there will be the CryptoPRO installation file itself. Run it and install with default settings. During the installation process, you may see the following window:
Fig.5 – Installation of CryptoPRO
Skip the window by clicking "Next". The installation of CryptoPRO is complete.
Installing the driver for the token
Signatures can be stored in the computer registry, on regular flash drives and on specialusb-tokens. The list of tokens, pin codes and links to software are presented in the table below (Table 1).
Table 1 - Drivers for secure media
|
USB media type |
Appearance USB storage device |
Driver download link |
PIN code |
|
ruToken |
 |