November 9, 2014 at 17:03Electronic signature. History of appearance and development
In the modern world, when in a few hours you can earn a million, lose a billion, cross two continents while talking with a business partner on the third, in the modern world you just needed a tool that would legally replace paper and a human signature with a ballpoint pen on it.
The Law on Electronic Signatures gives a wonderful definition of electronic signatures - this is information that, when attached to other information, allows you to determine the identity of the person who signed the document.
An electronic signature can be stored on
You can sometimes save the digital signature and the computer as a .cer file. But it is understood that you always carry it with you or keep it out of the reach of strangers. Like a seal.
Essentially, an electronic signature is your electronic seal that fastens and certifies a document.
Electronic signatures are issued by state-accredited certification authorities. By issuing EDS, they verify the identity of the person contacting them, as well as his authority, if the EDS is issued to a legal entity.
The electronic signature that you receive contains the certificate certificate key of the electronic signature. It is this character set that is your identifier that everyone who reads your document sees.
If you have lost an EDS, immediately contact the police. Otherwise, all documents signed by your digital signature will be considered valid!
In addition to the identifying certificate, the electronic signature contains:
They are what are needed to encrypt your document.
Remember, when signing a paper contract, you put a signature on each page or carefully stitch a thick stack of sheets so that the counterparty, no matter how trustworthy it looks now, does not amend the text of your agreement.
In addition to identification, an electronic signature should freeze the structure of the document so that any changes are either impossible or violate the “electronic seal”.
Information protection is the first rule of military commanders, so the origins of encryption technology must be sought in the history of wars.
At all times, it was necessary to send messages protected from enemy spies. At first it was locked chests, and then scrolls containing an incomprehensible set of letters. Humanity has long come up with a huge variety of different encrypted methods. But for every secret message, a key was needed.
In spy movies, usually some book becomes the key, the page, line and letter numbers of which are contained in the message. The reliability of such a cipher is not higher than that of a locked chest - the sender still had to pass the key first.
In 1976, Whitfield Diffie, Martin Hellman, and Ralph Merkle were the first to propose a “one-way trap function,” a theory that allowed an encrypted message to be transmitted without transmitting a key to guess the message.
If quite simple, their method is that it is easy to do a certain mathematical action in one direction only and very difficult in the opposite. For example, if you multiply five by ten you get fifty. It takes incomparably longer time to decompose fifty into five and ten. It’s like if they give you a disassembled mechanical watch, you can hardly get it back.
Suppose you openly agree on a common key and exchange secret data that has been modified in a certain way. Thus, you will have in your hands: a public key, your secret data and an encrypted message. Attackers may have a key and both encrypted messages. But you can decrypt an encrypted message only with your unencrypted information.
The following example illustrates this encryption system wonderfully:
We have two spies named Alice and Bob. They really want to agree on a common secret number, but Eve intercepts their messages, so they just can not send a message to each other.
Alice and Bob agree that the public key will be function 3 modulo 17.
Alice encrypts 15 and sends Bob the received value - 6.
Eve intercepts 6, which means nothing.
Bob encrypts the secret value 13 and sends Alice 12.
Eve intercepts 12, which also will not tell her anything.
Alice and Bob use their secret values to decrypt received messages:
12 to the power of 15 modulo 17 = 10
6 to the power of 13 modulo 17 = 10
Thus, 10 is a shared secret number that can be used as a decryption key for subsequent messages between Alice and Bob.
Whitfield Diffie, Martin Hellman, and Ralph Merkle started a new wave of encryption, but nowadays their system is no longer in use and their patent number 4,200,770 has expired.
The method they invented revealed flaws. Firstly, it takes some time to exchange messages, and secondly, most seriously, if you have many contacts, you need to store many keys. Suppose Alice is a bank, in which case there are thousands of people like Bob. Everyone needs to agree on a secret key.
The next milestone in encryption was the RSA algorithm - Ronald Rivest, Adi Shamir and Leonard Adleman. Invented in 1977, the method can even now be used to create primitive digital signatures.
In fact, the RSA algorithm was invented back in 1973 by Clifford Cox, but his research was instantly encrypted, so the work of Rivest, Shamir and Adleman was offered to the public.
The basis of their work was the theory that it was enough for Alice to send Bob a castle, with which Bob could close the message and return it back to Alice. It turns out that there should be two keys - the encryption key and the decryption key.
The encryption key can be open, because encryption is easier than decryption, then the decryption code must be secret.
All that we talked about above concerns an enhanced qualified electronic signature. The new 2011 Law on Electronic Signatures also introduced the concepts of an unqualified electronic signature and a simple electronic signature.
A qualified one differs from an unqualified one in that a qualified signature is issued by an accredited certification center, while an unqualified one is issued by an accredited certification center.
Now it’s safer and safer to use a qualified electronic signature.
An unqualified signature is now being used, oddly enough in public procurement, which causes certain difficulties, since obtaining both a qualified certificate and an unqualified one is difficult and expensive.
Previously, the need for such a signature was at a transitional stage, when the law was there, but there were no accredited certification centers. Why you need to save this kind of signature now is completely unclear.
A simple electronic signature, as the name implies, is significantly easier to use than a qualified one. A simple signature does not require contacting certification authorities, does not use methods of protection against changes to the document, and the only characteristic is the identification of the person who signed the document.
Examples of a simple electronic signature can be a login and password when logging into an email account, VKontakte or Facebook.
Your documents signed with a simple electronic signature will be legally significant only if you address them to state or municipal authorities, for example, through the public service website.
Recall also this kind of "electronic signature" as an image of a handwritten signature. Often there are applications for mobile platforms, Gmail, but what's there - even in the "View" on Mac OS there is a convenient mode of "signing" a document.
According to the American law on electronic signatures in international and domestic trade relations, such a signature is more than legally significant. They say that Bill Clinton even signed this law with an electronic signature.
Under Russian law, an electronic image of a signature is nothing more than a facsimile, the use of which is permissible only between contractors who have agreed in advance in writing about the possibility of using such a document flow.
Today, more than three million electronic signature certificates have been issued. Anyone can participate in electronic bidding, submit tax reports, register a legal entity, order an extract from the Unified State Register of Legal Entities, register an invention or trademark, publish information about a legal entity and, of course, sign an agreement and invoice - anywhere in the world ... where is the internet, of course.
There is only one problem - to get an electronic signature, you need to come to the certification center, show yourself and documents (employees will carry out the identification procedure) and get a USB key for a period of one year. Next year - all over again.
So it was before. Now you can not go anywhere - you can order and receive an electronic signature without leaving your office. But this is a topic for a slightly different article ...
The Law on Electronic Signatures gives a wonderful definition of electronic signatures - this is information that, when attached to other information, allows you to determine the identity of the person who signed the document.
What?
An electronic signature can be stored on
- Floppy disk
- Smart card
- USB stick
- Touch-Memory Tablet
You can sometimes save the digital signature and the computer as a .cer file. But it is understood that you always carry it with you or keep it out of the reach of strangers. Like a seal.
Essentially, an electronic signature is your electronic seal that fastens and certifies a document.
Electronic signatures are issued by state-accredited certification authorities. By issuing EDS, they verify the identity of the person contacting them, as well as his authority, if the EDS is issued to a legal entity.
The electronic signature that you receive contains the certificate certificate key of the electronic signature. It is this character set that is your identifier that everyone who reads your document sees.
If you have lost an EDS, immediately contact the police. Otherwise, all documents signed by your digital signature will be considered valid!
In addition to the identifying certificate, the electronic signature contains:
- Electronic Signature Key - Private Key
- Electronic Signature Verification Key - Public Key
They are what are needed to encrypt your document.
Remember, when signing a paper contract, you put a signature on each page or carefully stitch a thick stack of sheets so that the counterparty, no matter how trustworthy it looks now, does not amend the text of your agreement.
In addition to identification, an electronic signature should freeze the structure of the document so that any changes are either impossible or violate the “electronic seal”.
Information protection is the first rule of military commanders, so the origins of encryption technology must be sought in the history of wars.
Istria of Wars
At all times, it was necessary to send messages protected from enemy spies. At first it was locked chests, and then scrolls containing an incomprehensible set of letters. Humanity has long come up with a huge variety of different encrypted methods. But for every secret message, a key was needed.
In spy movies, usually some book becomes the key, the page, line and letter numbers of which are contained in the message. The reliability of such a cipher is not higher than that of a locked chest - the sender still had to pass the key first.
In 1976, Whitfield Diffie, Martin Hellman, and Ralph Merkle were the first to propose a “one-way trap function,” a theory that allowed an encrypted message to be transmitted without transmitting a key to guess the message.
If quite simple, their method is that it is easy to do a certain mathematical action in one direction only and very difficult in the opposite. For example, if you multiply five by ten you get fifty. It takes incomparably longer time to decompose fifty into five and ten. It’s like if they give you a disassembled mechanical watch, you can hardly get it back.
Suppose you openly agree on a common key and exchange secret data that has been modified in a certain way. Thus, you will have in your hands: a public key, your secret data and an encrypted message. Attackers may have a key and both encrypted messages. But you can decrypt an encrypted message only with your unencrypted information.
The following example illustrates this encryption system wonderfully:
We have two spies named Alice and Bob. They really want to agree on a common secret number, but Eve intercepts their messages, so they just can not send a message to each other.
Alice and Bob agree that the public key will be function 3 modulo 17.
Alice encrypts 15 and sends Bob the received value - 6.
Eve intercepts 6, which means nothing.
Bob encrypts the secret value 13 and sends Alice 12.
Eve intercepts 12, which also will not tell her anything.
Alice and Bob use their secret values to decrypt received messages:
12 to the power of 15 modulo 17 = 10
6 to the power of 13 modulo 17 = 10
Thus, 10 is a shared secret number that can be used as a decryption key for subsequent messages between Alice and Bob.
Whitfield Diffie, Martin Hellman, and Ralph Merkle started a new wave of encryption, but nowadays their system is no longer in use and their patent number 4,200,770 has expired.
The method they invented revealed flaws. Firstly, it takes some time to exchange messages, and secondly, most seriously, if you have many contacts, you need to store many keys. Suppose Alice is a bank, in which case there are thousands of people like Bob. Everyone needs to agree on a secret key.
The next milestone in encryption was the RSA algorithm - Ronald Rivest, Adi Shamir and Leonard Adleman. Invented in 1977, the method can even now be used to create primitive digital signatures.
In fact, the RSA algorithm was invented back in 1973 by Clifford Cox, but his research was instantly encrypted, so the work of Rivest, Shamir and Adleman was offered to the public.
The basis of their work was the theory that it was enough for Alice to send Bob a castle, with which Bob could close the message and return it back to Alice. It turns out that there should be two keys - the encryption key and the decryption key.
The encryption key can be open, because encryption is easier than decryption, then the decryption code must be secret.
Simple and difficult signatures
All that we talked about above concerns an enhanced qualified electronic signature. The new 2011 Law on Electronic Signatures also introduced the concepts of an unqualified electronic signature and a simple electronic signature.
A qualified one differs from an unqualified one in that a qualified signature is issued by an accredited certification center, while an unqualified one is issued by an accredited certification center.
Now it’s safer and safer to use a qualified electronic signature.
An unqualified signature is now being used, oddly enough in public procurement, which causes certain difficulties, since obtaining both a qualified certificate and an unqualified one is difficult and expensive.
Previously, the need for such a signature was at a transitional stage, when the law was there, but there were no accredited certification centers. Why you need to save this kind of signature now is completely unclear.
A simple electronic signature, as the name implies, is significantly easier to use than a qualified one. A simple signature does not require contacting certification authorities, does not use methods of protection against changes to the document, and the only characteristic is the identification of the person who signed the document.
Examples of a simple electronic signature can be a login and password when logging into an email account, VKontakte or Facebook.
Your documents signed with a simple electronic signature will be legally significant only if you address them to state or municipal authorities, for example, through the public service website.
Recall also this kind of "electronic signature" as an image of a handwritten signature. Often there are applications for mobile platforms, Gmail, but what's there - even in the "View" on Mac OS there is a convenient mode of "signing" a document.
According to the American law on electronic signatures in international and domestic trade relations, such a signature is more than legally significant. They say that Bill Clinton even signed this law with an electronic signature.
Under Russian law, an electronic image of a signature is nothing more than a facsimile, the use of which is permissible only between contractors who have agreed in advance in writing about the possibility of using such a document flow.
Development
Today, more than three million electronic signature certificates have been issued. Anyone can participate in electronic bidding, submit tax reports, register a legal entity, order an extract from the Unified State Register of Legal Entities, register an invention or trademark, publish information about a legal entity and, of course, sign an agreement and invoice - anywhere in the world ... where is the internet, of course.
There is only one problem - to get an electronic signature, you need to come to the certification center, show yourself and documents (employees will carry out the identification procedure) and get a USB key for a period of one year. Next year - all over again.
So it was before. Now you can not go anywhere - you can order and receive an electronic signature without leaving your office. But this is a topic for a slightly different article ...