An electronic signature on UEC, what gives and is it needed at all? Part 4

    This is the 4th post, which is devoted to describing the capabilities of UEC. Previous parts:
    1) Experience in obtaining a universal electronic card. The pink theory versus harsh reality. Part 1
    2) How I received a universal electronic card after 3 months of waiting. Part 2
    3) The practical application of the universal electronic card (UEC) in the city and on the Internet. Part 3

    At first, I just wanted to draw up a separate commentary on my topic of how I finally wrote down the electronic signature (EP) on the Universal Electronic Card (UEC). However, there is too much information for one comment, and before a separate topic it was still poor. And now, almost a month after I took out Sberbank and recorded the electronic signature on the UEC, I can say with full confidence that the UEC with the electronic sign is really worth it. Without EP, it’s a piece of beautiful and still rare plastic, albeit cooler than the one used to make ordinary cards. But first things first.

    Record qualified electronic signature on UEC

    The list of points where you can both apply for UEC and record electronic signature in Moscow is here. Given the previous adventures (in the Sberbank branch on Bolshaya Gruzinskaya (Belorusskaya) there was no certificate from CryptoPro, on Kropotkinskaya there were no problems with organizational issues), I decided not to risk it and wait until the May holidays ended and went to st. Kropotkinskaya metro station, Moscow, Soymonovsky pr-d, 5, having previously called them at +7 (495) 669-07-68 and clarified whether organizational issues have been resolved and whether they can write down an electronic signature for me. As a result, having received an affirmative answer, I went there. Fortunately, there were few people like me, or rather, I was alone with such a question, so I was not deprived of the rays of attention. In the corner there is a separate PC with a reader and a wired device for entering a security code. First I inserted the UEC into the reader, and from the corner of my eye I saw that they had everything exactly as in thisinstructions (start reading from page 41). Asked for PIN1. After that they asked for a passport and from it transferred all the information to the window (in the manual p. 43). At my request, they also entered the TIN and e-mail. After that I entered PIN2. Then they printed one application for the creation of a qualified certificate of an electronic signature verification key (an example of how it looks) , I signed it and gave it, and after that they printed 2 copies of the electronic signature verification key certificate and I signed on two sheets, on both sheets, the head of the department put the stamp of Sberbank and his painting. One sheet was given to me, the second remained in the bank.

    Work check

    For the twentieth time, I did not want to go to Sberbank because of possible jambs, so immediately after I was released, I sat down at the table, pulled out a reader, a netbook and tried UEC in action. I already wrote instructions on installing software from CryptoPro, installing a UEC UEC certificate and installing a personal certificate here , so I only needed to install a personal certificate from the card on the computer at that time. Everything went without problems, and the software normally accepted both the reader and the card:

    As a result, the certificate was successfully delivered ::

    By the way, here are its properties:

    Authorization on public services

    Right after recording, they told me that it only works on public services (by the way, it’s not quite the same as it turned out later, you can also use electronic signature offline, I will describe it below), so I immediately went to the public services portal and chose the cherished way to enter:

    After pressing the treasured button, a Window window popped up immediately, offering to select a certificate:

    And so up to this point everything went without a hitch, as here the fly in the ointment turned out: after pressing the “OK” button when choosing a certificate and until the window with the offer to enter the PIN code that CryptoPro displays appears, it takes 37.8 seconds. And this is not a one-time case, at times I put the software from CryptoPro on computers, and on almost all the computers on which I installed this software, the exact same situation is observed, with a difference of 2-4 seconds. And only on one or two computers, it turned out that the window was displayed immediately, although I already forgot what it was, so I can make it up. In addition, the browser plugin is also responsible for this window, so it can only be a problem, but besides forty seconds of waiting, Google Chrome displays a window saying that the plugin is not responding, and you need to kill it. Naturally, the plugin fulfills its own, and a window with a PIN code water field appears, but the fact remains - extra windows appear. So here he is, the culprit of the forty-second celebration:

    And after entering the password (PIN2), in a couple of seconds we find ourselves in the personal account on public services. There are no options within public services related to ES, except for a non-working counter of the remaining number of days of validity of the ES certificate:

    Submission of an application for a service at PSU using electronic signature

    When applying for certain services, they can be signed with an electronic signature:

    However, there are no really interesting actions with an electronic signature , except for one service from the Ministry of Communications: it is called “Confirmation of the authenticity of an electronic certificate”. It is necessary to pull out a certificate from IE and fill in the CCGT. From IE 10 it can be pulled out like this: Internet Options-> Content tab -> Certificates block Certificates button -> Personal tab -> select a certificate and click the Export button -> Next-> No, export private key-> "X.509 files (.CER) encoded by DER" -> select the file name and the place where it should be exported. For example, on the desktop-> Next-> Finish.

    Now we go to the main page of PSU, find the “Ministry of Communications and Mass Media of the Russian Federation and select“ “Confirmation of the authenticity of the ES certificate”. And click the "Get" button in the upper right corner. The truth here was not without dancing, although IE may be the fault - I uploaded the file, it appeared in the list of downloaded files, selected all 3 daws for notifications and clicked "Submit Application". The page was loading for a long time, and then just loading stopped and I stayed with nothing but the same page. But at the same time, having opened PSU in a neighboring tab, I went to “My applications” and there appeared this statement with the status “Sent to the Office”. And after about a minute the answer came that everything was ready.

    Now, regarding the license for CryptoPro. Indeed, in the usual case, it is paid. I wrote a request to tech support in advance, and the general meaning is this:

    My letter
    In the instructions on your website: it is said that to obtain a license for CryptoPro UEC CSP (SKZI kernel version 3.6.5364KS1; Version product 3.6.6511) you must contact this address, i.e.
    Please tell me how can I get a license for CryptoPro UEC CSP?

    Answer 1 The
    instruction you are studying is intended for PPV Operators.
    Individuals, as a rule, receive a license built into the certificate. But it already depends on the CA in which this certificate is issued.
    You can send your certificate and I will tell you whether the license is built into it or not.

    Answer 2
    In most CAs, certificates for UEC are issued, in which a license for CryptoPro UEC CSP is built-in. Its validity is limited by the duration of the certificate.
    This license is intended only for the operation of this certificate with its corresponding private key.

    Answer 3
    If the certificate has a license, then on the date on the screenshot: The

    ability to work with this certificate and the corresponding private key will still be possible.

    Work with EP outside the scope of public services

    Government services are of course good, but a much more practical option for using UEC is the ability to sign MS Office documents as well as pdf files with your electronic signature.

    MS Office

    In order to sign MS Office files, you need to download CryptoPro Office Signature (trial for 90 days), and now you can sign MS Office files as well. How to use it is written in the instructions.

    It looks like this in Office in the following way:

    When you click on the “Add electronic signature” button, a window appears where you need to enter the text that will be displayed.

    Then, after clicking “OK”, the Crypto-Request window for entering the PIN code from the card appears, and after entering the PIN code the following window appears:

    Well, viewing the ES in the Word itself:

    Plus, as stated in the instructions, you can insert your “manual” signature , for ease of perception, and sign the electronic document. A kind of stamp. It looks like this:

    Signature pdf files.

    Unfortunately, CryptoPro PDF is not installed, because Requires CryptoPro CSP 3.6. This is despite the fact that I have version 3.6, but it is specifically designed for UEC, although I doubt that there is a big difference between the UEC version of CryptoPro CSP 3.6 and the simple CryptoPro CSP 3.6.


    EP is a very interesting thing, but in the absence of a real need to sign documents with its help, it becomes only a pleasant bonus, for which earlier, and now, people pay money to Rostelecom (seemingly).

    Then there was an interesting comment about the MHI policy. It’s worth considering.

    PS Here they write that from May 23 you can enter public services for UEC. In fact, apparently this is the official answer, which is given after everything is completed and nothing breaks. In fact, as early as May 13th (it was then that they wrote me the electronic signature), I was able to log in to public services under the UEC. The only change that occurred at the end of May was the authorization page was updated, the UEC was added via a slash, and the picture was changed, where the UEC image was added to the token.

    PPS right hereThey put in a video that is already over a year old - there are no pharmacies in the background for a long time already - from December 2011 to March-April 2012 there was Mikhail Prokhorov's Public Reception Center, and now there is some kind of organization in that room that is related to supporting entrepreneurship. And moreover, the last time I visited this infomat was about a month ago, and there generally it seems like you can’t insert any cards. I’ll drop in a week, try again.

    Also popular now: