» »

Not brought to wep sufd what to do. wep scandal

Figure 97. Toolbar. Reject button

30 days before the validation key certificate expires electronic signature, a window appears with the corresponding informational message when the user is authorized in the SUFD. This window is closed by pressing the OK button (Fig. 98, 99).

Figure 98. Information box "Certificate is expiring" for multiple certificates

Figure 99. Information box "Certificate is expiring" for a single certificate

An informational message is also displayed for each user authorization in the SUFD in the case when the certificate of the electronic signature verification key has expired (Fig. 100, 101).

Figure 100. Information window "Certificate has expired" for several certificates

Figure 101. Information window "Certificate has expired" for a single certificate

6.7.3. Removing a signature

To remove the signature of a document (if the document has not yet been sent), it is necessary to select the document whose signature is being deleted in the list of documents and click the button (“Remove signature”) on the toolbar (Fig. 102).

Figure 102. Toolbar. Delete signature button

6.8. Sending a Document

Before sending the document, signatures are checked for bringing to the UES, as well as checking for the completeness of the set of signatures. If the signatures of the document do not meet the requirements, then the document will not be sent (the transfer status will not change). The user is presented with a message stating that "The signature was not brought to the UES" or "The document is not signed with a full set of signatures."


To send the selected document, click the button ("Send") on the toolbar (Fig. 103).

Figure 103. Toolbar. Submit button

An information window will appear on the screen (Fig. 104).

Figure 104. Information window "Sending a document"

In case of successful completion of the operation to send the document, an information window with information about the completion of the operation will appear on the screen (Fig. 105).

Figure 105. Information window

The result of the operation can be viewed using the "Task Manager" (see Fig. 5). After calling the task manager, a window will open, as in Figure 106.

Figure 106. Task Manager window

For more information on the send operation, double-click the left mouse button on the corresponding line in the list of operations in the "Task Manager" window. After that, a window with information on the operation will open (Fig. 107). If the status scheme of the document does not involve sending the document with its current status, then a message about this is displayed in the "Result" field.

Figure 107 Operation details

If, when sending a document, the recipient's address was not determined by the system, then the status of the document changes to "Addressing error". In this case, you can re-search for the addressee by clicking the button ("Repeat search for the addressee"), or refuse the document by clicking the button https://pandia.ru/text/80/135/images/image215_0.jpg" width="19 " height="22"> ("Send"), after which the selected document is sent. If the document is successfully sent, its transfer status is set to "Sent". Further, the status of the document changes in accordance with the statuses assigned to the document on the recipient's workstation .

If an error occurred while sending, the status of the document is set to "Send error". In this case, it is necessary to roll back the document status (see section 5.10.2) and resend the document.

6.9. Import/Export Document

6.9.1. Manual document import

To import a document, you must perform the following sequence of actions:

1. On the navigation panel, go to the section corresponding to the type of document being imported.

2..jpg" width="642" height="450">

Figure 108. Toolbar. Import button

Note. If you need to explicitly specify the format of the imported file, you need to click on the select button located to the right of the import button. A list of available import formats will open (Fig. 109).

Figure 109. Selecting the format of the imported file

3. In the opened window "Download file" find and specify the file to be imported. Press the "Open" button.

To automatically carry out documentary control of the imported file, you must select one of the menu items containing the words “+Doc. the control". In this case, immediately after importing the file, its documentary control will be carried out. In case of successful passing of documentary control, the document will be transferred to the status "Introduced" / "Introduced". If errors occur during documentary control, they will be displayed in the task manager window, as well as during manual documentary control (see clause 5.6).


As a result of the import operation, a new document (s) from the file (s) will be loaded into the SUFD database, in the general and selected scrollers, the documents will be automatically sorted in accordance with the user's sorting settings.

6.9.2. Manual document export

To export a document, follow these steps:

1. On the navigation panel, go to the section corresponding to the type of document being exported.

2. Specify the exported file (or several files) in the list of documents.

3..jpg" width="642" height="450">

Figure 110. Toolbar. Export button

Note. If you need to explicitly specify the format of the exported file, click on the button located to the right of the export button. A list of available export formats will open (Fig. 111, 112).

Figure 111. Selecting the format of the exported file

April 30, 2013 1:40 pm

Ivan Agapov, business analyst at Synerdocs

Let's try to figure out what is happening in Russia today in the field of long-term storage electronic documents using an electronic signature. What can business representatives expect in connection with the new standard, and is there a solid legislative basis for electronic archiving.

Today, more and more often there is a need to convert documents into electronic form, not only for temporary use, but also for a long or even permanent storage period. The fact is that electronic document management allows you to work with documents without duplicating them on paper. Therefore, the number of such electronic documents is constantly growing. It is especially important to keep the so-called legal significant documents- invoices, contracts, acts, waybills, etc.

When organizing the storage of legally significant electronic documents, a number of problems occur. First of all, the question arises about the physical location of the documents storage.. When choosing storage media (removable or local), it should be taken into account that their shelf life is limited. The operating conditions are also very important. For example, factors such as room temperature, humidity, UV rays, etc. And for organizing the storage of a large corporate amount of information, servers are required. It is logical that the requirements put forward to server rooms will be even more serious than to the ubiquitous local storage media. This is not only the lack of windows in the room and the presence of a raised floor, but also a number of other significant limitations. Based on this, the stored information must be periodically backed up, overwritten, replaced media, etc.

Specialized electronic archives can become a way out of this situation. For example, in March 2002, the federal target program "Electronic Russia (2002-2010)" was launched in the Russian Federation, within the framework of which the project "Electronic Archive of the President of the Russian Federation" was implemented. The total volume of the archive amounted to approximately 15 million documents. However, at the end of 2010, the effectiveness of the program was assessed as low: electronic document management between government agencies, as well as electronic communications between government bodies and citizens never functioned. The effectiveness of public administration in Russia, according to the World Bank, has not changed much over the years. It is unfortunate that today this project has been suspended, and there is no need to talk about the widespread and wide distribution of such programs. In particular, this was facilitated by the lack of a regulatory framework in the Russian Federation that could regulate relations in the field of electronic archiving, but the start target program still gives hope for the development of this direction.

The second and, perhaps, the most important problem with long-term storage of electronic documents is ensuring their legal significance. The latter is achieved by using an electronic signature (ES). To date, relations in this area are regulated by: Federal Law of January 10, 2002 No. 1-FZ “On Electronic digital signature”and the Federal Law of 06.04.11 No. 63-FZ “On Electronic Signature”. According to Federal Law No. 63, two types of EP are distinguished: simple and reinforced.

All signatures differ from each other in their characteristic features, which are clearly reflected in the indicated federal laws. But, unfortunately, there are some limitations in the use of each of the types of signatures while providing legal significance. The fact is that the certificate of the electronic signature verification key, as a rule, is issued for one year, and the signed document, following the requirements of the law, must be stored for at least five years. The question arises, how in three years to prove the validity of the ES, which was confirmed by this certificate? This means that we are faced with the task of determining the validity of the electronic signature and certificate at the time of signing the document.

This issue is resolved by using advanced electronic signature (UEP). Signs of evidence of authenticity have been added to its format, such as a time stamp, certificate revocation data, etc.

UEP allows you to provide:

● evidentiary confirmation of the moment of creation of the signature;

● evidentiary confirmation of the validity of the electronic signature key certificate at the time of its creation;

● archival storage of legally significant electronic documents.

As you can see, modern developments and technologies make it possible to ensure the storage of legally significant electronic documents.

Another important aspect in the issue of archival storage of the SWED is the rapid development of equipment and technology. Rapid progress does not allow us to look into the future more than 10-15 years. To understand what we are talking about, let's go back a few years and what will we see? To store information, 3½-inch floppy disks are actively used. But already in March 2011, Sony put an end to the history of floppy disks by officially ceasing their production and sale. And now PCs simply do not assume the presence of a floppy drive. Modern manufacturers optical discs guarantee the operation of drives no more than 10 years. The service life of flash drives depends on the number of data overwriting processes. All this suggests that after some time we are simply forced to overwrite information on more and more modern drives. Thus, we must have guarantees that in 10-15 years we will be able to check the ES of stored documents without any problems, and, of course, “read” the format text editor, in which an electronic document was created 10 years ago (for example, the Lexicon format). To do this, we need a playback device, an operating system and tools for working with ES that will support the format of the stored electronic document.

Is all this supposed to be possible?

Yes. To date, we have all the necessary tools for organizing the archival storage of the SWED. Using the advanced signature format ensures that your documents are legally valid. Organize workplace, allowing you to check the ES after 10-15 years, with the appropriate organization of processes, also does not cause serious difficulties. The creation of electronic archives will not keep you waiting with an increase in demand for them.

A little more difficult is the case with legislative framework RF in the field of electronic archiving, but maybe than faster business refuses paper, the sooner detailed information about electronic documents will appear in our country in the law "On Electronic Archives"? The appearance of the first precedents in an area so far little studied will simply force the state to come to grips with this issue.

Everything is interconnected and in most cases depends on us. Empty expectations will not lead to results - it's time to start acting!

To implement the revision into commercial operation, it is required to ensure the following organizational measures:

  1. Setting up the directory "Workstation Offline distributions" of the software "ASFC (SUFD)" for routing documents of clients of the "Offline - client FK" workstation and data upload catalogs.

  2. Activities to train new customers in the basic principles of working in the system.

  3. Events to train OrFC employees on the principles of interaction with offline clients and control over document flow.

2.3.Changed documentation

Changes have been made to SUFD_RAS_System settings.doc - clause 7.1.4 has been updated, 7.1.11 has been added.

2.4 Changes to the user interface

2.4.1 System constant GroupOutgoingPacket

The system constant GroupOutgoingPacket (Group of outgoing packets sent between AWS Offline and SUFD) has been developed (Fig. 1).

The constant takes the value:


  • 1 and any value other than 0 - group packets;

  • 0 - do not group (default).
The system constant has the ability to be redefined for an arbitrary organization, i.e. it is an organization level constant.

  1. 1. EF of the GroupOutgoingPacket system constant

2.5 Changes in directories

2.5.1. Directory of the "Reference book of bundles for OrFC"

In SUFD and Offline workstation, a new field "Offline organization code" has been added to the on-screen form of the record of the Directory of bundles for OrFC, which stores the code of the organization served on the Offline workstation (Fig. 2).


  1. 2. EF entries of the directory of links for ORFC

2.5.2. Handbook "Workstation Offline Distributions"

A new reference book "Workstation Offline Distributions" has been developed in the menu item "References - System - Settings of Workstation Offline" (Fig. 3, 4).


  1. 3. EF of the directory "Workstation Offline Distributions"


  1. 4. EF records of the directory "Workstation Offline Distributions"

3.SUFD-56709. Refinement of advanced electronic signature verification

3.1. Brief description of the revision

According to the letter Federal Treasury dated July 17, 2014 No. 42-11.0-13 / 226 in the PPO "ASFC (SUFD)":

  1. The function of the Cryptoserver to strengthen the electronic signature has been improved in terms of adding the expiration date of the trusted time service certificate from an external timestamp.

  2. The function of the Cryptoserver for checking an enhanced electronic signature has been improved in terms of improving the algorithm for checking timestamps.

  3. The function of extracting the validity period of a trusted time service certificate from an external timestamp has been developed in the Cryptoserver.

  4. The function "Bringing the electronic signature to the archive format" has been developed in the Cryptoserver.

  5. A function for registering events to bring electronic signatures to an archive format has been developed

  6. The function of generating a request to the trusted time service for generating an archive time stamp has been developed in the Cryptoserver.

  7. The function of forming an archive timestamp has been developed in the Cryptoserver.

  8. The function of adding an archive time stamp to an electronic signature has been developed in the Cryptoserver.

  9. A function has been developed in the MQ server to obtain the expiration date of the trusted time service certificate, which was used to generate the last time stamp, from an electronic signature.

  10. The function "Bringing an electronic signature to an archive format" has been developed in the MQ server.

  11. The function of strengthening the electronic signature in the MQ server has been improved in terms of adding the parameter expiration date of the trusted time service certificate from an external timestamp.

  12. The function of storing an electronic signature has been improved in terms of adding a new field "Expiration date of the trusted time service certificate".

  13. The function "Strengthening the electronic signature" has been improved in terms of saving information about the expiration date of the trusted time service certificate from an external timestamp.

  14. The function of checking the electronic signature has been improved in terms of determining the sign of checking the electronic signature of the trusted time service certificate.

  15. The function "Bringing electronic signatures to the archive format" for electronic signatures stored in the PPO "ASFC (SUFD)" has been developed.

As part of this revision, the following work was carried out:

3.1.1.Development of the configuration parameter "Renewal period for the archive timestamp" (SUFDCORE-14146)

A new parameter "Archive timestamp update period" (sufd.crypto.dateForUpdateArchiveTimestamp) has been added to the sufd.properties configuration file.

The parameter is intended for specifying the period in days, at the approach of which the archive time stamp of the signature is updated. Default value = 30 days.

3.1.2 Development of the program "Determining the validity period of a trusted time service certificate" (SUFDCORE-13990)

A program "Determining the validity period of a trusted time service certificate" has been developed for electronic signatures already stored in the PPO "ASFC (SUFD)".

The algorithm of the program is as follows:


  1. The field “Trusted time service certificate expiration date” is filled in for electronic signatures already stored in the ASFC (SUFD) software by extracting the expiration date of the trusted time service certificate from an external timestamp.

  2. The program is executed once for each electronic signature that has an empty field "Trusted time service certificate expiration date".
The program is launched according to the schedule and is executed outside the time of the operational day of the Pacific Fleet (job at night).

3.1.3. Development of the function "Bringing electronic signatures to archive format" (SUFDCORE-13989)

The function "Bringing electronic signatures to archive format" has been developed.

The algorithm of the function is as follows:


  1. The input parameter is the overlap period between the current and new trusted time service certificates (SUFDCORE-14146 new configuration parameter).

  2. Electronic signatures are selected for which the difference between the validity period of the trusted time service certificate from the last timestamp (external timestamp or the last time stamp in the chain of archive timestamps) and the current system date is less than the value of the program input parameter, but greater than zero. Each electronic signature is processed according to the following scenario:

  • if the program is launched on the AWP SUFD-Portal or AWP OrFK, then:

  • the electronic signature through the call to the function "Function of bringing the electronic signature to the archive format" of the Cryptoserver is brought to the archive format,

  • brought to the archive format, the electronic signature and the expiration date of the trusted time service certificate are stored in the database of the AWP SUFD-portal / AWP OrFC.

  • if the program is launched on the OFK-offline workstation, then:

  • on the basis of the electronic signature, through the call to the function "Function of creating a request to the trusted time service" of the Cryptoserver, a request is created to the trusted time service to form an archive timestamp;

  • to deliver the request to the trusted time service, a carrier service document is created, in which the request is added. The carrier document is sent to the SUFD logistics workstation;

  • when a carrier document is received in the SUFD-logistics workstation, a request is extracted from the document, on the basis of which, through calls to the function “The function of creating an archive label based on the transmitted request”, an archive timestamp is formed;

  • To deliver the generated timestamp, a carrier service document is created, to which an archive stamp is added. The carrier document is sent to the OFC-offline workstation, from which the service document came for the formation of an archive label;

  • when a carrier document is received at the OFC-offline workstation, an archive stamp is extracted from the document and, through a call to the “Function of adding an archive time stamp to the electronic signature” function of the Cryptoserver, is added to the electronic signature. Once added, the archive timestamp chain is checked; the electronic signature, brought to the archive format, and the expiration date of the trusted time service certificate from the archive label are stored in the OFC-offline AWS database.
The system document of the UEP Carrier type has been improved:

  1. Added a sign of the request: either the strengthening of the ES, or the formation of an archive label.

  2. A field of type Date has been added that transports the expiration date of the TSP service certificate from the last timestamp.

3.1.4. Refinement of storage, WF of ES data (SUFDCORE-13988)

The ES data storage structure has been improved: an additional field "Expiration date of the trusted time service certificate" has been added to the table (next to the "Last verified" field).

3.1.5. Refinement of the Cryptoserver/MQ server (SUFDCORE-13980)

Improved Cryptoserver/MQ server in terms of:

  1. Improvement in terms of archive signature support (using the example of CAdES-A with the use of the archive-time-stamp attribute, which is an archive time stamp).

    1. The signature is:
(((CAdES-BES used in FK + archive-time-stamp1) + archive-time-stamp2) .. archive-time-stampN)

    1. Formation:

  • the cryptoserver, based on the hash of the signature of the second timestamp, generates a request in the SDV;


  • SDV signs with its key;


    1. Subsequent imposition of archival marks:

  • the cryptoserver, based on the signature hash of the last archived timestamp, generates a request in SDV;

  • ADD pulls out the hash and applies the exact time;

  • SDV signs with its key;

  • the received response is returned to the cryptoserver.

    1. Examination:
When checking, the archive-time-stampN label is checked (if there are several timestamps, then the last timestamp is checked) - the certificate is checked for validity at the current moment.

If the check was successful, then the chain of the previous label is checked in the same way (and so on up to the very first one) - the certificate is checked for validity at the time specified in the next label.


    1. Explanation of the current implementation:

  • document (first 20 kb);

  • signature on the document;

  • 1st label (internal) is overlaid on the signature hash;

  • OCSP response;

  • The 2nd label (outer) is superimposed on the hash (first label signature + OCSP response signature).

    1. The following object identifier (OID) defines the archive-time-stamp attribute: 1.2.840.113549.1.9.16.2.48.

  1. Refinement of the function "Bringing to UEP" in terms of an additional return parameter - "Expiry date of the last time stamp".

  2. Implementation of the function "Get by ES the expiration date of the certificate of the last timestamp".
The method returns the expiration date of the external timestamp certificate if the extra timestamps attribute is missing, or the last timestamp from the extra timestamps attribute if it is present.

3.1.6. Refinement of interaction with the Cryptoserver "Strengthening the electronic signature" (SUFDCORE-13975)

A new type of interaction with the Cryptoserver has been implemented - "Electronic Signature Strengthening":

  1. EP is given as an input.

  2. The output is UES with an additional timestamp (archive-time-stamp), and separately the expiration date of the certificate and the additional stamp (last timestamp).

  3. Saving the returned parameter "Expiration date of the last timestamp" (when "bringing to UES" or "Improving the ES to the archival storage format") in the corresponding field of the ES storage table (SUFDCORE-13988 - the field "Expiration date of the trusted time service certificate" .

3.1.7 Improvement of the signature verification function (SUFDCORE-13969)

The function of checking the enhanced electronic signature (SES) has been improved in terms of refining the algorithm for checking timestamps.

The algorithm for checking timestamps is as follows:


  1. In the parameters of the "Enhanced Electronic Signature Verification" function, the sign of verification according to the current algorithm is specified. In this case, the external timestamp is checked for the date of its creation, the internal timestamp is checked for the date the external timestamp was created.

  2. In the parameters of the function "Verification of enhanced electronic signature" there is a sign of verification according to the new algorithm, then in this case:

  • The electronic signature contains a chain of archival marks, in which case the Nth timestamp in the chain is checked for the current system date, the (N-1)th timestamp is checked for the date the Nth timestamp was generated. The external timestamp is checked for the date of formation of the 1st archive timestamp;

  • the electronic signature does not contain a chain of archival timestamps, in this case the external timestamp is checked against the current system date, the internal timestamp is checked against the date the external timestamp was created.