July 2, 2013 at 11:41Using EDS in EOS for SharePoint
- Tutorial
Recently, electronic signature means (EDS) are becoming increasingly popular both in state-owned companies and in private organizations. The use of electronic digital signature in document management systems allows for verification of authorship and guarantee the invariability of the document. In this article, we will take a look at configuring the use of digital signatures in conjunction with the EOS for SharePoint solution.
In this article, we will not consider the theoretical issues of the functioning of EDS, as well as the legal aspects of organizing a legally significant document flow, but dwell on the practical implementation of this technology in the above solution from EOS.
To realize the digital signature capabilities in the EOS for SharePoint solution the following are used:
We also need a certification authority for certificate generation, which we will implement on the basis of Microsoft Windows Server 2008 R2.
After installing Microsoft Windows Server 2008 R2 on a server with the name MSCertSrv, we will go on to configure the certification authority directly. To do this, install Signal-COM CSP + TLS on this computer. This is one of the most popular crypto providers in Russia at the moment. After installation, the Administrator program located in the Start menu will be available for launch.
Now you can proceed to configure the certification authority directly. To do this, we need to install the Active Directory Certificate Services role.
During the installation process, you will need to add the Registration Service to the certification authority via the Internet. We will not associate a certification authority with a domain controller, so we make it standalone. Since this is our first certification authority, we make it the root and create a new private key with the CSP type corresponding to our cryptographic provider, namely the Signal-COM Enhanced Cryptographic Provider.
Then set the name of our certification authority.
The remaining parameters are left unchanged
. This completes the installation of the certification authority.
After installation, the console for working with a certification authority will appear in the Start menu. The administrator responsible for issuing keys uses this console to issue and revoke user keys.
On the client computer, we need to install a driver for working with eToken media, an eToken support module for a cryptographic provider, as well as Karma software.
Now you can proceed to the key request procedure in our certification authority. To do this, you must first add the MSCertSrv / CertSrv site to trusted sites and lower the level of protection to a minimum. You can do this in Internet Explorer Properties.
First, we need to install an open certificate of a certification authority in the local storage of a user computer. To do this, select "Download CA certificate" as the desired action.
Now you can proceed to the procedure for obtaining a certificate for the user. To do this, select "Certificate Request" as the desired action. At the next step, we indicate that we need an extended request to this CA, specify the requested parameters and go through the initialization process of the key container on our eToken.
After that, the administrator responsible for issuing the keys encourages our request, and we go to the same site from the client computer and use the required action “View the status of the expected certificate request” and install the issued certificate.
Now the issued certificate is available in the Local storage of the user in the Personal section, as well as in the Administrator program of our cryptographic provider.
Using the EDS option and encryption is a separately supplied option of the EOS for SharePoint solution. To enable this feature, the client must purchase the appropriate license from the EOS company, and also activate the corresponding opportunity of the site family in which our document management system is located.
After that, it is necessary to fill in the appropriate field provided for the certificate of the public key of the user in the directory of Units and employees.
After the described actions, we will be able to use digital signature and encryption.
The decision setup process is described in more detail in the EOS for SharePoint EDS Option Guide for EDS, which you will receive when you purchase this option.
The procedure I described can be improved by automating the issuance of certificates, as well as by regularly updating review lists. But this topic is already other articles ...
In this article, we will not consider the theoretical issues of the functioning of EDS, as well as the legal aspects of organizing a legally significant document flow, but dwell on the practical implementation of this technology in the above solution from EOS.
To realize the digital signature capabilities in the EOS for SharePoint solution the following are used:
- Software of a cryptographic provider using CryptoAPI (in our article it will be Signal-COM CSP);
- key carrier (in our article it will be eToken);
- Cryptographic service support software (Karma software developed by EOS company).
We also need a certification authority for certificate generation, which we will implement on the basis of Microsoft Windows Server 2008 R2.
Configuring a Certification Authority
After installing Microsoft Windows Server 2008 R2 on a server with the name MSCertSrv, we will go on to configure the certification authority directly. To do this, install Signal-COM CSP + TLS on this computer. This is one of the most popular crypto providers in Russia at the moment. After installation, the Administrator program located in the Start menu will be available for launch.
Now you can proceed to configure the certification authority directly. To do this, we need to install the Active Directory Certificate Services role.
During the installation process, you will need to add the Registration Service to the certification authority via the Internet. We will not associate a certification authority with a domain controller, so we make it standalone. Since this is our first certification authority, we make it the root and create a new private key with the CSP type corresponding to our cryptographic provider, namely the Signal-COM Enhanced Cryptographic Provider.
Then set the name of our certification authority.
The remaining parameters are left unchanged
. This completes the installation of the certification authority.
After installation, the console for working with a certification authority will appear in the Start menu. The administrator responsible for issuing keys uses this console to issue and revoke user keys.
Client Place Setting
On the client computer, we need to install a driver for working with eToken media, an eToken support module for a cryptographic provider, as well as Karma software.
Now you can proceed to the key request procedure in our certification authority. To do this, you must first add the MSCertSrv / CertSrv site to trusted sites and lower the level of protection to a minimum. You can do this in Internet Explorer Properties.
First, we need to install an open certificate of a certification authority in the local storage of a user computer. To do this, select "Download CA certificate" as the desired action.
Now you can proceed to the procedure for obtaining a certificate for the user. To do this, select "Certificate Request" as the desired action. At the next step, we indicate that we need an extended request to this CA, specify the requested parameters and go through the initialization process of the key container on our eToken.
After that, the administrator responsible for issuing the keys encourages our request, and we go to the same site from the client computer and use the required action “View the status of the expected certificate request” and install the issued certificate.
Now the issued certificate is available in the Local storage of the user in the Personal section, as well as in the Administrator program of our cryptographic provider.
Configure EOS for SharePoint
Using the EDS option and encryption is a separately supplied option of the EOS for SharePoint solution. To enable this feature, the client must purchase the appropriate license from the EOS company, and also activate the corresponding opportunity of the site family in which our document management system is located.
After that, it is necessary to fill in the appropriate field provided for the certificate of the public key of the user in the directory of Units and employees.
After the described actions, we will be able to use digital signature and encryption.
The decision setup process is described in more detail in the EOS for SharePoint EDS Option Guide for EDS, which you will receive when you purchase this option.
The procedure I described can be improved by automating the issuance of certificates, as well as by regularly updating review lists. But this topic is already other articles ...