R
R
RedQuark2021-09-12 16:44:18
Electronic digital signature
RedQuark, 2021-09-12 16:44:18

How should the process of signing documents with a qualified electronic signature look like?

The bottom line is this: technokad(technokad.ru) issued an EDS, I still have a fig leaf - information about a certificate with a public key code. There is no flash drive, I was not allowed to release the private key on my computer. One sheet that technokad left with the title "Manufacture Request Details" had a "Signature:" field and hexadecimal characters. I hope this was not the same private part of the key that no one was supposed to see. In total, I have nothing but a phone to which they send SMS. Now the strangest thing is that the peak is just going to send me a text with a code and what I would say to him, thereby signing something there. To a reasonable question whether there will be an md5 hash code or an analogue and a document by mail, I was told that nothing would happen. They offer me air to sign.

Tell us how the signing should take place? It is not at all clear why I do not have control over the private key and where is the control over the document that they slip me to sign.

PS here is a technical vision on what creates the peak: https://lefortovopark.ru/threads/ehlektronnaja-reg... - in short, yes, you are blatantly deprived of control over the private part of the key and what is the secret covered with it in the darkness, either at the peak, or the key at the technocade, but at the same time, the peak goes there as if it were his own home and throws documents for signing. Of the interesting things, it is also mentioned that one SMS can bang a package of documents.

Answer the question

In order to leave comments, you need to log in

2 answer(s)
E
Eugene, 2021-09-12
@udjin123

Why not ask this question to the technocad, according to the procedure itself, etc., etc.?
In general, you should have the private part of the key, with the help of which a signature is formed (when the document is signed, its hash is formed and it is already signed, if changes are made to the document, the hash will already be new and the signature is not valid), transferring the CEP to third parties immediately compromises.
Of course, there is also the option of cloud storage of EDS, solutions such as CryptoPro DSS (For example, the Kontur Elba service uses this for IP reporting), but I doubt that it is worth it ...

M
Maxim Korneev, 2021-10-23
@MaxLK

read about EDS FZ 152 - it says where and how it should be stored

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question