Features of archival storage of legally significant electronic documents. Scandal in UEP Manual document import

Figure 97. Toolbar. "Refuse" button

30 days before the expiration of the electronic signature verification key certificate, a window with a corresponding information message appears when the user is authorized in the SUFD. This window closes when you click the “OK” button (Fig. 98, 99).

Figure 98. “Certificate Expiring” information window for multiple certificates

Figure 99. Information window “Certificate is about to expire” for one certificate

An information message is also displayed for each user authorization in the SUFD in the case when the electronic signature verification key certificate has expired (Fig. 100, 101).

Figure 100. “Certificate Expired” information window for multiple certificates

Figure 101. Information window “Certificate has expired” for one certificate

6.7.3. Removing a signature

To delete a signature on a document (if the document has not yet been sent), you need to select in the list of documents the document whose signature is being deleted and click the button (“Delete signature”) on the toolbar (Fig. 102).

Figure 102. Toolbar. "Delete signature" button

6.8. Sending a document

Before sending a document, signatures are checked to ensure they have been submitted to the UEP, as well as a check to ensure that the set of signatures is complete. If the document signatures do not meet the requirements, the document will not be sent (the transmission status does not change). The user receives a message stating that “The signature has not been submitted to the UEP” or “The document is not signed with a full set of signatures.”


To send the selected document, click the (“Send”) button on the toolbar (Fig. 103).

Figure 103. Toolbar. Submit button

An information window will appear on the screen (Fig. 104).

Figure 104. Information window “Sending a document”

If the operation of sending a document is successful, an information window will appear on the screen with information about the completion of the operation (Fig. 105).

Figure 105. Information window

The result of the operation can be viewed using the “Task Manager” (see Fig. 5). After calling the task manager, a window will open as in Figure 106.

Figure 106. Task manager window

To obtain additional information on the sending operation, you must double-click with the left mouse button on the corresponding line in the list of operations in the “Task Manager” window. After which a window with information on the operation will open (Fig. 107). If the status scheme of a document does not imply sending the document with its current status, then a message about this is displayed in the “Result” field.

Figure 107. Operation details

If, when sending a document, the recipient's address was not determined by the system, then the status of the document changes to “Addressing error.” In this case, you can search for the recipient again by clicking the button (“Repeat search for recipient”), or abandon the document by clicking the button https://pandia.ru/text/80/135/images/image215_0.jpg" width="19 " height="22"> (“Send”), after which the selected document is sent. If the document is successfully sent, its transmission status is set to “Sending”. Then the document status changes in accordance with the statuses assigned to the document on the recipient workstation .

If an error occurs during sending, the document status is set to “Sending error”. In this case, it is necessary to perform the operation of rolling back the document status (see clause 5.10.2) and resend the document.

6.9. Import/export document

6.9.1. Manual document import

To import a document, you must perform the following sequence of actions:

1. On the navigation panel, go to the section corresponding to the type of document being imported.

2..jpg" width="642" height="450">

Figure 108. Toolbar. Import button

Note. If you need to explicitly specify the format of the imported file, you need to click on the selection button located to the right of the import button. A list of available import formats will open (Fig. 109).

Figure 109. Selecting the format of the imported file

3. In the “File Upload” window that opens, find and specify the file to import. Click the “Open” button.

To automatically carry out documentary control of the imported file, you must select one of the menu items containing the words “+Doc. control". In this case, immediately after importing the file, its documentary control will be carried out. If the document control is successfully passed, the document will move to the “Entered”/ “Entered” status. If errors occur during documentary control, they will be displayed in the task manager window, as with manual documentary control (see clause 5.6).


As a result of the import operation, a new document(s) will be loaded from the file(s) into the SUFD database; in the general and dedicated scrollers, documents will be automatically sorted in accordance with the user's sorting settings.

6.9.2. Manual document export

To export a document, you must perform the following sequence of actions:

1. Go to the section corresponding to the type of document being exported on the navigation panel.

2. In the list of documents, indicate the file (or several files) to be exported.

3..jpg" width="642" height="450">

Figure 110. Toolbar. Export button

Note. If you need to explicitly specify the format of the exported file, you need to click on the button located to the right of the export button. A list of available export formats will open (Fig. 111, 112).

Figure 111. Selecting the exported file format

April 30, 2013 1:40 p.m.

Ivan Agapov, business analyst at Synerdocs

Let's try to figure out what is happening in Russia today in the field of long-term storage of electronic documents using an electronic signature. What should business representatives expect in connection with the new standard, and is there a solid legislative basis on electronic archiving issues?

Today, there is increasingly a need to convert documents into electronic form not only for temporary use, but also for long-term or even permanent storage. The fact is that electronic document management allows you to work with documents without duplicating them on paper. Therefore, the number of such electronic documents is constantly growing. It is especially important to store the so-called legally significant documents - invoices, contracts, acts, invoices, etc.

When organizing the storage of legally significant electronic documents, you encounter a number of problems. First of all, the question arises about the physical storage location of documents.. When choosing storage media (removable or local), you should take into account that their shelf life is limited. Operating conditions are also very important. For example, factors such as room temperature, humidity, UV rays, etc. And to organize the storage of a large corporate volume of information, servers are required. It is logical that the requirements put forward for server premises will be even more serious than for commonly used local storage media. This is not only the lack of windows in the room and the presence of a false floor, but also a number of other significant restrictions. Based on this, stored information must be periodically backed up, rewritten, media replaced, etc.

A way out of this situation may be specialized electronic archives. For example, in March 2002, the federal target program “Electronic Russia (2002-2010)” was launched in the Russian Federation, within the framework of which the project “Electronic Archive of the President of the Russian Federation” was implemented. The total volume of the archive was approximately 15 million documents. However, at the end of 2010, the effectiveness of the program was assessed as low: electronic document flow between government bodies, as well as electronic communications between government bodies and citizens, did not function fully. The effectiveness of public administration in Russia, according to the World Bank, has remained virtually unchanged over the years. It is a pity that today this project has been suspended, and it is impossible to talk about the widespread and widespread dissemination of such programs. In particular, this was facilitated by the lack of a regulatory framework in the Russian Federation that could regulate relations in the field of electronic archiving, but the launch of a targeted program still gives hope for the development of this area.

The second and, perhaps, the most important problem with long-term storage of electronic documents is ensuring their legal significance. The latter is achieved using an electronic signature (ES). Today, relations in this area are regulated by: Federal Law dated January 10, 2002 No. 1-FZ “On Electronic Digital Signature” and Federal Law dated April 6, 2011 No. 63-FZ “On Electronic Signature”. According to Federal Law No. 63, two types of ES are distinguished: simple and reinforced.

All signatures differ from each other by their characteristic features, which are clearly reflected in the specified Federal laws. But, unfortunately, there are some restrictions on the use of each type of signature to ensure legal significance. The fact is that the electronic signature verification key certificate is usually issued for one year, and the signed document, following the requirements of the law, must be stored for at least five years. The question arises: how to prove the validity of the electronic signature, which was confirmed by this certificate, after three years? This means that we are faced with the task of determining the validity of the electronic signature and certificate at the time of signing the document.

This issue can be resolved by using advanced electronic signature (UEP). Signs of evidence of authenticity have been added to its format, such as a time stamp, certificate revocation data, etc.

UEP allows you to provide:

● evidentiary confirmation of the moment of creation of the signature;

● evidential confirmation of the validity of the electronic signature key certificate at the time of its creation;

● archival storage of legally significant electronic documents.

As we can see, modern developments and technologies make it possible to ensure the storage of legally significant electronic documents.

Another important aspect in the issue of archival storage of USED is the rapid development of equipment and technology. Rapid progress does not allow us to look into the future more than 10-15 years. To understand what we are talking about, let's go back in time a few years and what will we see? 3½-inch floppy disks are actively used to store information. But already in March 2011, Sony put an end to the history of floppy disks by officially ceasing their production and sale. And now PCs simply do not require a floppy drive. Modern manufacturers of optical disks guarantee the operation of drives for no more than 10 years. The service life of flash drives depends on the number of data rewrite processes. All this suggests that after some time we are simply forced to rewrite information on more and more modern drives. Thus, we must have certain guarantees that in 10-15 years, we will be able to easily check the electronic signature of stored documents, and, of course, “read” the format of the text editor in which the electronic document was created 10 years ago ( for example, Lexicon format). To do this, we need a reproducing device, an operating system and tools for working with digital signatures that will support the format of the stored electronic document.

Is all this supposed to be possible?

Yes. Today we have all the necessary tools for organizing archival storage of the USED. Using an advanced signature format ensures that your documents are legally binding. Organizing a workplace that allows you to check the electronic signature after 10-15 years, with the appropriate organization of processes, also does not cause serious difficulties. The creation of electronic archives will not be long in coming as the demand for them increases.

The situation is a little more complicated with the legislative framework of the Russian Federation in the field of electronic archiving, but perhaps the sooner business abandons paper, the sooner in our country detailed information about electronic documents will appear in the law “On Electronic Archives”? The appearance of the first precedents in an area that is still little studied will simply force the state to take a closer look at this issue.

Everything is interconnected and in most cases depends on ourselves. Empty expectations will not lead to results - it's time to start acting!


UEP took credit for solving two thousand crimes
The Moscow prosecutor's office has completed an inspection of the work of the Department for Economic Crimes of the capital's Central Internal Affairs Directorate. It was revealed that the police are making additions and distorting reports, while no one is looking for many dangerous criminals at all. The UEP itself categorically disagrees with this. Its management accuses the inspectors of unprofessionalism and unwillingness to thoroughly study the situation. Kommersant correspondent VLADIMIR SYUN tried to do this.

From the very beginning of the inspection, it became clear to prosecutors that instead of real work, the UEP was strenuously creating its appearance. And in order not to lose face in front of the Ministry of Internal Affairs, the capital’s police officers have learned to engage in postscripts no worse than the people with whom they must fight as part of their duty. According to the head of the prosecutor's office for supervision over the implementation of laws in the internal affairs bodies, Igor Bobrovsky, in the UEP, “so-called continuing crimes are registered in the hundreds.” “Take, for example, illegal business,” Bobrovsky is indignant. “A criminal case was opened against a businessman, but his enterprise continues to operate. Let’s say, for seven days. In this case, UEP officers count and register seven crimes, not one. Or this example “If someone illegally imported 100 tires, then there are not one, but a hundred crimes of smuggling.” As a result, the city prosecutor’s office removed from the register just last year more than a thousand cases of fraud, more than a hundred cases of smuggling and 113 episodes of bribery. In total, there are more than two thousand crimes, the detection of which the UEP attributed to itself.
In addition, according to the prosecutor's office, the UEP people deceived the ministry, claiming that there was practically no red tape in their department and cases were considered literally in a matter of days. For example, 147 crimes were solved in three days. During the same period, 173 cases were refused.
However, prosecutors found that only two materials out of 147 were considered within three days, 13 within 10 days, in 58 cases decisions took more than three months, and 26 cases were considered for more than six months. In many cases, all records were broken (about two years). But, as a rule, during lengthy investigations, evidence loses its validity, documents and material assets disappear, and the criminals manage to escape.
For example, in 1996, the UEP received a statement about the fraudulent actions of the general director of JSC "Third Rome" Mysyagin. He was alleged to have embezzled 90 million rubles. The fact was verified for more than a year and a half. Then the ninth department of the UEP issued a decision to refuse to initiate a criminal case. The prosecutor's office, in turn, considered this decision unfounded and resumed the investigation.
The same thing happened with the materials of the Federal Compulsory Health Insurance Fund. Information about financial fraud in this structure was received in January 1997, and the police began checking it only a month later. And six months later, the UEP sent the materials to the GUEP of the Ministry of Internal Affairs. From there, at the end of 1997, they were again transferred to the city police, who ultimately refused to initiate criminal proceedings. It took prosecutors less than a month to understand the situation and open a case.
In total, out of 190 materials studied by the city prosecutor's office on the refusal to initiate criminal cases, 38 decisions were cancelled. Based on 15 materials, the prosecutor's office itself opened criminal cases, and on 23, the UEP was asked to investigate more thoroughly.
Such carelessness has led to the fact that since 1994, in many cases, fraudsters are not looked for at all. Even the so-called operational search cases have not been opened against them.
The city prosecutor's office particularly complained that the UEP often neglects its obligation to share information about commercial structures with the tax authorities. In this regard, prosecutors say that the crime recording system from the Ministry of Internal Affairs must be transferred to independent structures. For example, the Ministry of Justice, which is not a crime-fighting agency and is not interested in attributions. Apparently, Boris Yeltsin, who recently signed a decree “On ensuring interaction between state bodies in the fight against offenses in the economic sphere,” shares the same opinion. With this document, he obliged the government to develop a unified system for recording identified crimes in the economic sphere within three months.
The opinion of the UEP leadership about the results of the prosecutor's audit is completely opposite. The head of the department, Colonel Anatoly Filatov, believes that postscripts in his department are, in principle, impossible: “Prosecutors confuse the crime of the times of stagnation and today. Now criminal cases are multi-episode in nature. And we investigate each episode separately. The prosecutor’s office, with its inspections, stimulates a partial investigation of crimes. What’s wrong with them, they don’t delve into the case, they take materials from the zonal information center, they see that there are many episodes in the case—here are your postscripts.”
Filatov also doubts that the prosecutor’s office will be able to bring criminal cases closed by the UEP to court. “In 20 years of service, I don’t remember that prosecutors have ever imprisoned anyone based on rejected materials. They then close them themselves, without finding evidence of a crime,” the colonel claims.
It should be said that such conflicts are typical for law enforcement agencies. Attributions of disclosures, and with them the concealment of real crimes, are revealed by the prosecutor's office in all police units inspected. Ever since the stagnant times, they have been given rather strict plans to combat crime from above. Now the Ministry of Internal Affairs claims that there are no such plans. But there are indicators of the fight against crime, and they are the main criterion when distributing bonuses, assigning titles and appointing a new position. The same system operates in the prosecutor's office: the more its employees find violations in the work of the police, the more incentives they will receive from their management. In a word, it turns out to be a vicious circle - it is beneficial for everyone to do postscripts.

To implement the modification into commercial operation, it is necessary to ensure the following organizational measures:

  1. Configuring the directory “Workstation Offline Distributions” of the software “ASFK (SUFD)” for routing documents of AWS clients “Offline – FC Client” and data upload directories.

  2. Activities to train new clients on the basic principles of working in the system.

  3. Activities to train OrFC employees in the principles of interaction with offline clients and control of document flow.

2.3.Changed documentation

Changes have been made to SUFD_RAS_System Settings.doc - clause 7.1.4 has been updated, 7.1.11 has been added.

2.4.User interface changes

2.4.1 System constant GroupOutgoingPacket

The system constant GroupOutgoingPacket (Grouping of outgoing packets sent between the Offline workstation and the SUFD) has been developed (Fig. 1).

The constant takes the value:


  • 1 and any other value except 0 – group packets;

  • 0 – do not group (default).
A system constant can be redefined for any organization, i.e. it is an organization-level constant.

  1. 1. EF of the system constant GroupOutgoingPacket

2.5.Changes to directories

2.5.1.Directory of the “Directory of ligaments for OrPC”

In SUFD and Offline AWS, a new field “Offline organization code” has been added to the on-screen entry form of the Link Directory for OrFC, which stores the code of the organization serviced on the Offline AWS (Fig. 2).


  1. 2. EF records of the directory of connectives for ORFK

2.5.2.Directory "Workstation Offline Distributions"

A new reference book “Workstation Offline Distributions” has been developed in the menu item “Directories – System – Setting up AWS Offline” (Fig. 3, 4).


  1. 3. EF of the reference book "Workstation Offline Distributions"


  1. 4. EF entries from the directory “Workstation Offline Distributions”

3.SUFD-56709. Improved electronic signature verification

3.1. Brief description of the improvement

In accordance with the letter of the Federal Treasury dated July 17, 2014 No. 42-11.0-13/226 to the PPO “ASFK (SUFD)”:

  1. The Cryptoserver function for strengthening the electronic signature has been improved in terms of adding the expiration date for the trusted time service certificate from an external timestamp.

  2. The Cryptoserver function for verifying an enhanced electronic signature has been improved in terms of improving the algorithm for checking timestamps.

  3. A function has been developed in Cryptoserver to extract the validity period of a trusted time service certificate from an external timestamp.

  4. The function “Bringing an electronic signature to an archive format” has been developed in Cryptoserver.

  5. An event registration function has been developed to bring electronic signatures to an archival format

  6. A function has been developed in Cryptoserver for generating a request to the trusted time service to generate an archived timestamp.

  7. A function for generating an archive timestamp has been developed in Cryptoserver.

  8. A function for adding an archived timestamp to an electronic signature has been developed in Cryptoserver.

  9. A function has been developed in the MQ server for obtaining the expiration date of the trusted time service certificate, which was used to generate the last timestamp, from an electronic signature.

  10. The function “Bringing an electronic signature to an archive format” has been developed in the MQ server.

  11. The function of strengthening the electronic signature in the MQ server has been improved in terms of adding the expiration date parameter for the trusted time service certificate from an external timestamp.

  12. The electronic signature storage function has been improved in terms of adding a new field “Expiration date of the trusted time service certificate”.

  13. The “Strengthen electronic signature” function has been improved in terms of saving information about the expiration date of the trusted time service certificate from an external timestamp.

  14. The electronic signature verification function has been improved in terms of determining the sign for verifying the electronic signature of a trusted time service certificate.

  15. The function “Bringing electronic signatures to an archival format” has been developed for electronic signatures stored in the software “ASFK (SUFD)”.

As part of this revision, the following work was performed:

3.1.1.Development of the configuration parameter “Archive timestamp update period” (SUFDCORE-14146)

A new parameter “Archive timestamp update period” (sufd.crypto.dateForUpdateArchiveTimestamp) has been added to the sufd.properties configuration file.

The parameter is intended to specify the period in days, when approaching it, the archived timestamp of the signature is updated. Default = 30 days.

3.1.2.Development of the program “Determining the validity period of a trusted time service certificate” (SUFDCORE-13990)

The program “Determining the validity period of a trusted time service certificate” has been developed for electronic signatures already stored in the software “ASFK (SUFD)”.

The algorithm of the program is as follows:


  1. The field “Expiration date of the trusted time service certificate” is filled in for electronic signatures already stored in the ASFK (SUFD) software by extracting the expiration date of the trusted time service certificate from the external timestamp.

  2. The program is executed once for each electronic signature that has an empty field “Expiration date of the trusted time service certificate”.
The program is launched according to a schedule and is executed outside the TOFK operating day (job at night).

3.1.3.Development of the function “Bringing electronic signatures to an archive format” (SUFDCORE-13989)

The function “Bringing electronic signatures to an archive format” has been developed.

The function algorithm is as follows:


  1. Input parameter – the period of intersection of the validity periods of the current and new trusted time service certificates (SUFDCORE-14146 new configuration parameter).

  2. Electronic signatures are selected for which the difference between the validity period of the trusted time service certificate from the last timestamp (external timestamp or the last stamp in the chain of archived timestamps) and the current system date is less than the value of the program input parameter, but greater than zero. Each electronic signature is processed according to the following scenario:

  • if the program is launched on an automated workplace SUFD-Portal or an automated workplace OrFK, then:

  • the electronic signature by accessing the function “Function for bringing the electronic signature to an archive format” of the Cryptoserver is brought to an archive format,

  • brought to an archival format, the electronic signature and the expiration date of the trusted time service certificate are stored in the database of the automated workplace SUFD-portal / automated workplace OrFC.

  • if the program is launched on the OFK-offline workstation, then:

  • based on an electronic signature, by accessing the function “Function for creating a request to the trusted time service” of the Cryptoserver, a request is created to the trusted time service to generate an archived timestamp;

  • To deliver the request to the trusted time service, a service carrier document is created and the request is added to it. The carrier document is sent to the automated workplace SUFD-logistics;

  • when a carrier document is accepted into the automated workplace SUFD-logistics, a request is extracted from the document, on the basis of which, through calls to the function “Function for creating an archive label based on a transmitted request,” an archive timestamp is generated;

  • To deliver the generated time stamp, a carrier service document is created, to which an archive tag is added. The carrier document is sent to the OFK-offline automated workplace, from which the official document for the formation of the archive tag came;

  • When a carrier document is accepted at the OFK-offline workstation, an archive tag is extracted from the document and, by accessing the function “Function for adding an archive timestamp to an electronic signature” of the Cryptoserver, is added to the electronic signature. After adding, the chain of archived timestamps is verified; the electronic signature, brought to an archival format, and the expiration date of the trusted time service certificate from the archive tag are stored in the OFK-offline automated workplace database.
The system document of the “UEP Carrier” type has been improved:

  1. Added request feature: either strengthening the electronic signature or generating an archive tag.

  2. Added a Date field that carries the TSP service certificate expiration date from the last timestamp.

3.1.4.Refinement of storage, VF of ES data (SUFDCORE-13988)

The structure of electronic signature data storage has been improved: an additional field “Expiration date of the trusted time service certificate” has been added to the table (next to the “Last verified person” field).

3.1.5.Refinement of the Cryptoserver/MQ server (SUFDCORE-13980)

The Cryptoserver/MQ server has been improved in terms of:

  1. Improvement in terms of archival signature support (using the example of CAdES-A using the archive-time-stamp attribute, which is an archive time stamp).

    1. The signature is:
(((CAdES-BES used in FC + archive-time-stamp1) + archive-time-stamp2) .. archive-time-stampN)

    1. Formation:

  • the cryptoserver, based on the hash signature of the second timestamp, generates a request to the SDV;


  • The SDV signs with his key;


    1. Subsequent application of archive marks:

  • the cryptoserver, based on the hash signature of the last archived timestamp, generates a request to the ADS;

  • SDV pulls out the hash and applies the exact time;

  • The SDV signs with his key;

  • the received response is returned to the cryptoserver.

    1. Examination:
During verification, the archive-time-stampN label is checked (if there are several timestamps, then the last time stamp is checked) - the certificate is checked for validity at the current moment.

If the verification was successful, then the chain of the previous label is checked in the same way (and so on up to the very first one) - the certificate is checked for validity at the point in time specified in the next label.


    1. Explanation of current implementation:

  • document (first 20 kb);

  • signature on the document;

  • The 1st label (internal) is superimposed on the signature hash;

  • OCSP response;

  • The 2nd label (external) is superimposed on the hash (signature of the first label + signature of the OCSP response).

    1. The following object identifier (OID) defines the archive-time-stamp attribute: 1.2.840.113549.1.9.16.2.48.

  1. Improvement of the “Bringing to UEP” function in terms of the additional returned parameter – “Expiration date of the last timestamp”.

  2. Implementation of the function “Get the expiration date of the certificate of the last timestamp from the electronic signature.”
The method returns the expiration date of the external timestamp certificate if the additional timestamps attribute is absent, or the last stamp from the additional timestamps attribute if present.

3.1.6. Improvement of interaction with the Cryptoserver “Strengthening the electronic signature” (SUFDCORE-13975)

A new type of interaction with the Cryptoserver has been implemented - “Strengthening electronic signature”:

  1. The electronic signature is submitted to the input.

  2. The output is a UES with an additional time stamp (archive-time-stamp), and separately the expiration date of the certificate and the additional stamp (last time stamp).

  3. Saving the returned parameter “Expiration date of the last timestamp” (when “bringing to UEP” or “Improving the ES to the archival storage format”) in the corresponding field of the ES storage table (SUFDCORE-13988 – field “Expiration date of the trusted time service certificate” .

3.1.7.Implementation of the signature verification function (SUFDCORE-13969)

The function for checking an enhanced electronic signature (ESS) has been improved in terms of refining the algorithm for checking time stamps.

The algorithm for checking timestamps is as follows:


  1. In the parameters of the “Verification of enhanced electronic signature” function, the sign of verification according to the current algorithm is indicated. In this case, the external timestamp is checked on the date it was created, the internal timestamp is checked on the date the external timestamp was created.

  2. In the parameters of the “Verification of enhanced electronic signature” function, the sign of verification using the new algorithm is indicated, then in this case:

  • the electronic signature contains a chain of archive marks, in this case the N-th time stamp in the chain is checked against the current system date, the (N-1)-th time stamp is checked against the date of formation of the N-th time stamp. The external timestamp is checked against the date of formation of the 1st archived timestamp;

  • the electronic signature does not contain a chain of archived timestamps, in which case the external timestamp is checked against the current system date, the internal timestamp is checked against the date of creation of the external timestamp.


Similar articles