Menu
homeBrowsers

Electronic signature of documents. How to independently sign a document with an electronic signature

Post Views: 2,796

Android Studio provides ample opportunities both for developing applications and for increasing automation and comfort in programming.

If you are using a build system Gradle to create your applications, you can also configure several options to create signatures for your applications.

You probably don't want to publish your signing keys, passwords, and usernames to a public (or even private) repository. Therefore you can define key, password and username as properties in a separate file.

Before you start signing your application, you need to create a new property in your gradle.properties file. Let's call him Keys.repo and, as a value, specify the path to the folder where the key store and the file with properties will subsequently be located (for example, C:/Users/UserName/.signing).

Keys.repo=C:/Users/UserName/.signing

Then you need to create this folder or, if you specified an existing one, open it. You need to create a file in it YourProjectName.properties, inside of which the path to the key store, the key alias and the password will be written as properties in the following form.

RELEASE_STORE_FILE=/YourProjectName/KeyStoreName.jks RELEASE_STORE_PASS=****** RELEASE_ALIAS=KeyAlias ​​RELEASE_KEY_PASS=******

How to create a key vault?

If you don't have a keystore, you can easily create one using Android Studio. To do this, select the menu item Build -> Generate Signed APK.

In the window that appears, you need to click Create new… As a result, a window will open in which you can specify where the key storage will be located (for this lesson, it is better to immediately select the path that you specified in YourProjectName.properties in property RELEASE_STORE_FILE), as well as key information.

Then you need to create a folder YourProjectName and transfer the required keystore file there.

Now you can proceed directly to the signing process. To do this, you need to open the file in your project build.gradle(located in the app folder). Inside it in the block android you need to add the following code.

SigningConfigs ( debug ( /* no changes here */ ) release ( if (project.hasProperty("Keys.repo")) ( def projectPropsFile = file(project.property("Keys.repo") + "/YourProjectName.properties ") if (projectPropsFile.exists()) ( Properties props = new Properties() props.load(new FileInputStream(projectPropsFile)) storeFile file(file(project.property("Keys.repo") + props["RELEASE_STORE_FILE"] )) storePassword props["RELEASE_STORE_PASS"] keyAlias ​​props["RELEASE_ALIAS"] keyPassword props["RELEASE_KEY_PASS"] ) ) else ( println "===================== ====================================" println " - Please configure release-compilation environment - e.g. in ~/. signing directory" println "============================================================ ==========" ) ) )

What are the different schemes for obtaining a signature?

There are two schemes for obtaining an APK signature: v1 JAR And v2 Full APK.

In the first case it is signed JAR-file, which is the traditional way of signing. Signing v1 does not protect some parts of the APK, such as ZIP metadata. The APK verifier must handle a lot of untrusted (not yet verified) data structures and then discard data that is not signed, leaving a lot of attack surface. Additionally, the APK verifier must decompress all compressed entries, which wastes a lot of time and memory. To solve these problems, the second scheme v2 Full APK has been developed.

Scheme v2 was presented in Android 7.0 Nougat (API 25) and works starting from version Android Studio 2.2 And Android Gradle plugin 2.2. This scheme provides faster application installation and good protection against unauthorized changes to the APK. The APK content is hashed and signed, then the resulting APK signature block inserted into the APK.

During verification, the v2 scheme treats the APK as a blob and performs signature verification on the entire file. Any modification to the APK, including modifications to the ZIP metadata, invalidates the signature. This form of verification is much faster and can detect more unauthorized modifications.

The new format is backwards compatible, so APKs signed with the new scheme can be installed on older devices (which will simply ignore the new signature) as long as those APKs are also signed with the v1 scheme.

By default, signing uses both schemes so that apps can be installed on any device. However, if there is such a need, you can disable the v1 or v2 signature. To do this, in the above code in the block release It is enough to add the following lines.

V1SigningEnabled false

V2SigningEnabled false

It is also important to note that you need to sign with scheme v1 before signing with scheme v2, since the APK will not pass verification under scheme v2 if it is signed with additional certificates after signing with scheme v2.

Once the code is added, include this code in a block buildTypes inside release. For example:

BuildTypes ( release ( minifyEnabled true shrinkResources true proguardFiles getDefaultProguardFile("proguard-android.txt"), "proguard-rules.pro" signingConfig signingConfigs.release ) )

Now you can safely in the menu item Build choose Build APK, having previously changed the assembly type from debug on release. As you can see, this method is convenient because it is automatic, you only need to configure it once and your key storages can be safe.

If you have never used an electronic signature before, then it will be useful for you to read this article and become familiar with the options for how to sign a document with an electronic signature in various formats.

First of all, before creating a document, you need to install special software, which includes:

    Crypto-PRO CSP;

    Root certificate;

    Personal certificate;

    Capicom Library.

These components are installed one by one on the computer, after which you can begin to create and digitally sign a document.

Before you put your digital signature, you need to make sure that you have installed and are using the latest version of Crypto-PRO

Online signing of documents with digital signature

Our company has developed a service that allows you to sign any document with an electronic digital signature. To do this, you need to go to the online digital signature signature page, then upload the file that you want to sign. You must already have an electronic digital signature certificate installed; after selecting it, click the “Sign” button.

After these steps, a separate file will be created - a detached signature with the extension .sig, which will be saved to your browser's downloads folder.

Important: To sign online, you must have the CryptoPro plugin installed in your browser. If you have previously used digital signature for signing on this computer, then this plugin should already be installed and no additional settings will be required.

Our specialists will help you obtain an electronic signature quickly and completely free of charge.

How to sign a digital signature document in Word MS Office

For the latest versions of Microsoft Word, click “File” and in the window that opens, move the cursor to the “Information” tab and select “Add a digital signature (CRYPTO-PRO)”. If you do not see this option, then you do not have Crypto Pro and CryptoPro Office Signature software installed, or one of them.

After the manipulations have been completed, updated information about this file appears in the “Information” tab, it is noted that it has already been certified by digital signature and is final for editing.

A very important point in filling out is that after the electronic signature is placed, no changes can be made to the file. If the data is corrected after these steps, the document with digital signature becomes invalid.

Advice: If you still need to make changes, first remove the signature and only then change the file. After finishing the work, install it again.

How to sign a PDF document electronically

Special software has also been developed for programs that work with PDF files. It is called “Crypto-PRO PDF” and is a module that interacts with Adobe Reader and Adobe Acrobat. After installing it, you can sign a PDF file with digital signature in any of the above programs. This is done just as easily as in Word Microsoft Office.

If during the above steps you have any difficulties and questions about how to sign a document with an electronic signature for posting it on the site, you can always contact our specialists. They will help you with any complex issue and help solve the problem with electronic signature of documents.

LLC MKK "RusTender"

The material is the property of the site. Any use of the article without indicating the source - the site is prohibited in accordance with Article 1259 of the Civil Code of the Russian Federation

Since I googled the question myself " how to sign an apk file?", I know that finding truly working and completely understandable instructions is not so easy. That’s why I decided to write material myself about how to correctly sign your program or game on Android.

As we now know, without a digital signature, your creation cannot be placed in the Market, and this is already serious. I have noticed many young Android developers, so to speak, beginners completely forget to sign their application and then try to do something with it and that’s it wondering why they are unable to perform this or that action with their APK file.

So, let’s not drag our feet and start right away with how you can sign your APK file and what you actually need to use to achieve the desired result.

This method is the most correct of all those listed, so we will describe it in this material. We will make our own keys with our own data and certificates and use them to sign the application you create.

To work we will need: OpenSSL and SignApk.

First, let's create a certificate and a signing key. Install OpenSSL. During installation, the installer will prompt you to copy the components to the Windows folder, select the Bin folder, which will be in the place where you will install all OpenSSL.

Now open a command prompt as a system administrator (this is very important!). Then go to the command line to the bin folder, which is located in the folder where you installed OpenSSL (For example, C:\OpenSSL\Bin\ or C:\Program Files\OpenSSL\Bin\). If you don't know, changing to another folder is done with the command CD. That is, in order to go to the desired folder you should run the following command:

cd C:\OpenSSL\Bin\

Once you are in the Bin folder, you can proceed directly to creating the certificate and key.

Step 1(We generate a key 1024 bits long)

Run the command:

openssl genrsa -out key.pem 1024

Step 2(We create a certificate request based on the key)

Run the command:

openssl req -new -key key.pem -out request.pem

At this stage, you will need to enter your data, which will identify you in the certificate.

Step 3 (We generate a private key from a certificate)

Run the command:

openssl x509 -req -days 9999 -in request.pem -signkey key.pem -out certificate.pem

Step 4(We generate a public key)

Run the command:

openssl pkcs8 -topk8 -outform DER -in key.pem -inform PEM -out key.pk8 -nocrypt

At this stage, the creation of the files we need to sign your games and applications is complete. Using the created key and certificate, you can sign as many games and applications on Android as you like.

Now let’s actually start signing the application. Unpack the SingApk archive downloaded from the link above. Move 2 files from the Bin folder where we created the certificate and key: certificate.pem And key.pk8 to the folder where you extracted SingApk. Windows should display a file replacement dialog - replace.

Now, in order to sign an apk file with a unique digital signature that you made yourself, just drag your apk file to sign_APK.bat. In order not to drag a file from one window to another (this is not convenient), move your apk file to the folder with SingApk. After execution, a file will appear in the folder with SingApk apk_signed.apk, which will be your signed application or game.

Although electronic document management cannot completely replace paper documents, its relevance is increasing every year. Documents transmitted electronically, just like paper ones, require visa approval. This is done using an electronic digital signature. It is important to sign the document correctly so that it has legal force and the necessary operations can be carried out with its help. Let's look at how documents of various formats are signed in order.

So, you need to sign the PDF file with an electronic signature. In order to sign any document, you need to install the CryptoPro plugin on your PC. After this, the document must be edited in Adobe Acrobat and saved in Adobe Reader format.

Next in the menu, select the item “ Work with ", then " Signing" and look for the required signature. Before signing a pdf file using an electronic digital signature, you need to determine where on the document the signature will be located; use the mouse to create the required line. In the window that appears, information will appear where you can find the certificate. The signing of the document is completed.

If you need to sign a Word document with an electronic signature, you will need to perform simple operations in a certain sequence. In the menu we look for “ Service", we are interested " Options" IN " Parameters"find the item " Safety " and select " Digital signatures " In the window that opens, look for the required certificate and select the owner of the signature. Now you will need to enter the EDS password, “Signer” will appear in the window, click on it and the document is ready. It is important to know that after signing the Word file will be read-only.
Signing Word files of versions 2007 and 2010 has some nuances. Before signing a Word 2007–2010 document with an electronic digital signature, you need to understand its differences from the similar format of 2003. Office 2007 documents are saved with the docx extension. To sign a document, it is advisable to use the CryptoPro Office Signature program. For Office 2010, this plugin is generally required.
The question arises of how to check the EDS of an electronically signed document for authenticity. For these purposes, we install CryptoPro CSP on your computer. Using the plugin, we configure functions that allow you to receive only those documents that are signed with certified digital signatures.

Signing scanned documents using digital signature is possible after installing CryptoARM on your computer. The same software, along with CryptoPRO, is suitable for signing RAP archive folders.

Today, when almost all document flow becomes paperless, signing documents with help is commonplace.

In the field of public procurement, submitted applications are signed electronically. This gives customers the guarantee that they are dealing with real participants. Also, contracts that are concluded as a result of government procurement come into force only after approval using an electronic digital signature.

A digital signature is also required in the following situations:

  1. Reporting to regulatory authorities. You can submit it electronically to services such as the Federal Tax Service, Rosstat, Pension Fund and Social Insurance Fund. This greatly simplifies the transfer of information and increases accuracy: most services offer automatic error checking.
  2. Electronic document management (EDF). One of the most common uses, since a letter signed in this way corresponds to a paper letter with a stamp and a visa. Allows you to switch to paperless document flow both within the company and outside it.
  3. Government services. A citizen of the Russian Federation can endorse submitted applications to departments through the government services portal, participate in public initiatives, use a personal account on the Federal Tax Service website, and even apply for a loan.
  4. Invoices, contracts, official letters signed electronically can be used as evidence. According to the Arbitration Procedure Code of the Russian Federation, such a document is analogous to a paper one with a handwritten visa.

What types of electronic signatures are there?

An electronic signature is a “stamp” that allows you to identify its owner, as well as verify the integrity of the signed document. The types of digital signatures and the procedure for their execution have been approved. He established that there are three types of signatures:

  1. Simple. Commonly used for signing letters or specifications, confirmed using passwords, codes and other means, most often used in corporate EDI systems.
  2. Reinforced. It is obtained through the process of cryptographic processing of information and the use of a private key. Allows you to determine who signed the document, as well as the fact that changes were made after signing.
  3. Reinforced. It is similar to an unqualified one, but for its creation and verification, cryptographic protection technologies certified by the FSB of the Russian Federation are used. Such electronic signatures are issued only by accredited

There are several ways to endorse a document. Let's look at the most common ones.

We sign using the CryptoPRO CSP software package

How to electronically sign a Word document(MS Word)

1. Open the required file, click on the menu “File” - “Information” - “Add electronic signature (CRYPTO-PRO)”.

2. Select the desired electronic signature, add a comment if necessary, and click “Sign”.

3. If there are no errors, the system displays a window with successful signing.

If the CryptoPRO Office Signature plugin is installed

1. Open the desired file, select “File”, then “Add digital signature”.

2. Similar to the previous option, select the required electronic signature, add a comment, if necessary, and click “Sign”.

3. If there are no errors, the system displays a message that the document was successfully signed.

How to electronically sign a PDF document(Adobe Acrobat PDF)

1. Open the required PDF file, click on the “Tools” panel and see the “Certificates” label. Let's choose it.

2. Click on “Apply a digital signature” and select the area on the file where the signature mark will be located.

4. A window with a preview of the stamp will open. If everything is correct, then click “Sign”.

5. The system will issue a notification about successful signing. That's all.

Signing with the CryptoARM software package

With this method, it is possible to encrypt all modern formats, as well as archives.

So let's figure it out how to sign a digital signature document using CryptoARM.

1. Open the “CryptoARM” program and select the very first action item - “Sign”.

2. We carefully study the instructions of the ES Creation Master. Click “Next”.

3. Click on “Select file”, go to the desired file, click on it and click “Next”.

4. Select the file to sign and click “Next”.

5. We see the “Output Format” window. If there are no mandatory requirements, then we leave the encoding as is. You can save in ZIP format (for sending by e-mail) or choose a location to save the final result. Click “Next”.

6. In “Parameters” you can select a property, add a comment, and also select an attached electronic signature (attached to the source file) or detached (saved as a separate file), as well as additional parameters if desired. When everything is ready, click “Next”.

7. Now you need to select a certificate; to do this, click “Select”, indicate the required certificate and click “Next”.

8. At the next stage we see the final window with a brief description of the data. If next time the files are signed in the same order, you can save the profile. Click “Finish”.

9. If there are no errors, the system will display a message indicating successful signing.