March 18, 2011 at 13:32Digital Signature and Electronic Procurement
It just so happened that last year, by the will of fate, I joined the state structure. And he immediately received the task to establish electronic digital signatures in the administration of the municipal order to participate in electronic bidding. Prior to this, I have never encountered a digital signature in practice. And more recently, from January 1, the portal zakupki.gov.ru was launched , through which all government purchases should go.
In this article I will describe what problems I encountered during the configuration steps and how I overcame them. I will try to write simply about the complex - EDS, cryptography, public and private keys. To some extent, this applies to work on all authorized electronic sites.
Using an example of a real situation, we will consider all the stages of installing EDS and setting up a workplace. I hope my material will help those who are just starting to work with EDS, and in particular with electronic procurement.
So, from January 1, 2011 all government orders go through zakupki.gov.ru.
Quote: “Article 16 of Law No. 94-ФЗ from 01.01.2011 provides for the commissioning of a single information resource on state and municipal procurements - the official website of the Russian Federation (www.zakupki.gov.ru) on the Internet to place information on placing orders for the supply of goods, the performance of work, the provision of services for federal needs, the needs of the constituent entities of the Russian Federation and municipal needs. ”
In words, as usual, everything is fine. But in fact, the opposite is true. Users are afraid of new technologies, so for them, the transition to digital signature should be as painless as possible. All work with the digital signature on the part of the user should look like this - I inserted an electronic key and started working with the portal.
In my practice, there was a very interesting moment when one familiar megawack claimed that an electronic signature is just a scanned personal signature that must be attached to the document as an attachment through any email client when sending an email.
Also, users should not have the impression that the medium, whether it be a Token, a diskette or a flash drive, is a complete digital signature. Without the private key inside and the keychain settings, these are just useless things that look like a flash drive.
So, now there will be a little terminology.
A certification authority is a place to go to get an EDS. The receipt procedure is associated with the generation of applications and paperwork. It is also necessary to determine the rights that you need in the system. I won’t focus on obtaining an EDS in detail, in each center my own nuances and my AWP for generating applications.
Let's move on to what should be on hand after you have completed the process of obtaining an electronic digital signature in a certification authority:
Root certificates are the .cer file (s), nothing will work without them, since they allow the system to identify the certification authority. Be sure to request them from your center, although they are usually publicly available and can be downloaded from official sites.
Public key- file format .cer, usually nominal. It can be sent to anyone and as you like. This is public information that will help identify the owner of the electronic key.
Private key - a set of files that must be stored on electronic media. They look like adacadabra, however, with the loss of these files, serious consequences are possible. Suddenly, the attacker wants to use them, but there is no particular hope for pin codes and built-in protection. In any case, at the slightest suspicion of a lost key, you must write an application to the certification authority for certificate revocation. And go through the receiving procedure again. So you can avoid unnecessary “headache”.
Cryptographic Service Provider- vital for working with e-signatures. We have Crypto-Pro, and I did not use others. An important nuance, the version of Crypto-Pro 3.0 does not work with Win7, version 3.6 is required. WinXP works with all versions.
Everything is done with the terms, we now turn specifically to the process of setting up the user's workplace, on whose face a puzzled expression with a dumb question “Well, why do I need this digital signature?” You imagine, even kindergartens and schools are required to conduct procurement in electronic form. To buy, for example, yogurt, you need to create a quote on the procurement portal.
So, let's go:
1. Install the cryptographic provider. We launch the Crypto-pro CSP installer, configure the readers (i.e. if you have the private key on a diskette, then the floppy will be the reader), enter the license, then, further, further, it is ready. Offsite .
2. Download and install the Capicom object version 2.1.0.2. It is necessary for correct work with sites. It lies on the Microsoft site - here .
3. If necessary, install drivers for the correct operation of media (Tokens, smart cards). They can be found on official sites. We use RuToken's.
4. Install root certificates . We put them in the storage of root certification authorities.
5. Create a keychainthrough crypto pro. This is done quite simply. We launch the crypto-pro, select “Service -> install a personal certificate”. We indicate the public key, indicate the carrier of the private key, enter the pin code, put the certificate in a personal store.
That's all, the digital signature is configured. Congratulations! But ... it remains to do some manipulations with the browser. By the way, the browser for working with trading floors is Internet Explorer only .
Firstly, we enter the electronic site in safe sites, exactly as on the screen.
Secondly, for secure sites we allow the use of all ActiveX components. Yes, and do not add dangerous nodes to safe sites!
Thirdly, allow all the flying add-ons on the sites, otherwise there will be various problems.
How to check the operation of the digital signature? On the MICEX electronic site there is a test page on which you can check the performance of the digital signature and understand what is missing for a full-fledged work.
Now I will describe one nuance that relates to the portal zakupki.gov.ru. There is a component of Lanit signature generation, without which it is not possible to sign anything on the portal. It pops up as an unknown add-on on the site, and when downloading is called sign.cab. It is installed simply, unpack the cab-file and run the installer. Simply! However, this nuance is very easy to miss. Download from here .
I would also like to note that the work of the portal so far leaves much to be desired, various system errors pop up, it is very difficult to contact tech support. However, you can and should work with it, and I hope all problems will be fixed soon.
That's all for today. I hope this article will help you understand some aspects of working with electronic platforms and digital signatures. Thanks to everyone who mastered.
In this article I will describe what problems I encountered during the configuration steps and how I overcame them. I will try to write simply about the complex - EDS, cryptography, public and private keys. To some extent, this applies to work on all authorized electronic sites.
Using an example of a real situation, we will consider all the stages of installing EDS and setting up a workplace. I hope my material will help those who are just starting to work with EDS, and in particular with electronic procurement.
So, from January 1, 2011 all government orders go through zakupki.gov.ru.
Quote: “Article 16 of Law No. 94-ФЗ from 01.01.2011 provides for the commissioning of a single information resource on state and municipal procurements - the official website of the Russian Federation (www.zakupki.gov.ru) on the Internet to place information on placing orders for the supply of goods, the performance of work, the provision of services for federal needs, the needs of the constituent entities of the Russian Federation and municipal needs. ”
In words, as usual, everything is fine. But in fact, the opposite is true. Users are afraid of new technologies, so for them, the transition to digital signature should be as painless as possible. All work with the digital signature on the part of the user should look like this - I inserted an electronic key and started working with the portal.
In my practice, there was a very interesting moment when one familiar megawack claimed that an electronic signature is just a scanned personal signature that must be attached to the document as an attachment through any email client when sending an email.
Also, users should not have the impression that the medium, whether it be a Token, a diskette or a flash drive, is a complete digital signature. Without the private key inside and the keychain settings, these are just useless things that look like a flash drive.
So, now there will be a little terminology.
A certification authority is a place to go to get an EDS. The receipt procedure is associated with the generation of applications and paperwork. It is also necessary to determine the rights that you need in the system. I won’t focus on obtaining an EDS in detail, in each center my own nuances and my AWP for generating applications.
Let's move on to what should be on hand after you have completed the process of obtaining an electronic digital signature in a certification authority:
Root certificates are the .cer file (s), nothing will work without them, since they allow the system to identify the certification authority. Be sure to request them from your center, although they are usually publicly available and can be downloaded from official sites.
Public key- file format .cer, usually nominal. It can be sent to anyone and as you like. This is public information that will help identify the owner of the electronic key.
Private key - a set of files that must be stored on electronic media. They look like adacadabra, however, with the loss of these files, serious consequences are possible. Suddenly, the attacker wants to use them, but there is no particular hope for pin codes and built-in protection. In any case, at the slightest suspicion of a lost key, you must write an application to the certification authority for certificate revocation. And go through the receiving procedure again. So you can avoid unnecessary “headache”.
Cryptographic Service Provider- vital for working with e-signatures. We have Crypto-Pro, and I did not use others. An important nuance, the version of Crypto-Pro 3.0 does not work with Win7, version 3.6 is required. WinXP works with all versions.
Everything is done with the terms, we now turn specifically to the process of setting up the user's workplace, on whose face a puzzled expression with a dumb question “Well, why do I need this digital signature?” You imagine, even kindergartens and schools are required to conduct procurement in electronic form. To buy, for example, yogurt, you need to create a quote on the procurement portal.
So, let's go:
1. Install the cryptographic provider. We launch the Crypto-pro CSP installer, configure the readers (i.e. if you have the private key on a diskette, then the floppy will be the reader), enter the license, then, further, further, it is ready. Offsite .
2. Download and install the Capicom object version 2.1.0.2. It is necessary for correct work with sites. It lies on the Microsoft site - here .
3. If necessary, install drivers for the correct operation of media (Tokens, smart cards). They can be found on official sites. We use RuToken's.
4. Install root certificates . We put them in the storage of root certification authorities.
5. Create a keychainthrough crypto pro. This is done quite simply. We launch the crypto-pro, select “Service -> install a personal certificate”. We indicate the public key, indicate the carrier of the private key, enter the pin code, put the certificate in a personal store.
That's all, the digital signature is configured. Congratulations! But ... it remains to do some manipulations with the browser. By the way, the browser for working with trading floors is Internet Explorer only .
Firstly, we enter the electronic site in safe sites, exactly as on the screen.
Secondly, for secure sites we allow the use of all ActiveX components. Yes, and do not add dangerous nodes to safe sites!
Thirdly, allow all the flying add-ons on the sites, otherwise there will be various problems.
How to check the operation of the digital signature? On the MICEX electronic site there is a test page on which you can check the performance of the digital signature and understand what is missing for a full-fledged work.
Now I will describe one nuance that relates to the portal zakupki.gov.ru. There is a component of Lanit signature generation, without which it is not possible to sign anything on the portal. It pops up as an unknown add-on on the site, and when downloading is called sign.cab. It is installed simply, unpack the cab-file and run the installer. Simply! However, this nuance is very easy to miss. Download from here .
I would also like to note that the work of the portal so far leaves much to be desired, various system errors pop up, it is very difficult to contact tech support. However, you can and should work with it, and I hope all problems will be fixed soon.
That's all for today. I hope this article will help you understand some aspects of working with electronic platforms and digital signatures. Thanks to everyone who mastered.