Electronic digital signature (EDS)
In the system of electronic bidding suppliers and customers in the remote mode execute various operations (supplier’s quotation, procurement invitation), which imply certain commitments from both parts. Relevance in law of such operations is provided with the mechanism of electronic digital signature (EDS).
In fact EDS is a sequence of symbols, which is obtained as the result of a certain conversion of the source document (or any other information) with the usage of special software. EDS is attached to the source document before its transferring. Any alteration of the source document makes EDS invalid. In practice EDS for each document is unique and can’t be transferred to another document; impossibility of EDS forgery is secured by a very large amount of mathematical calculations needed for its fitting. So, having received the document, signed by EDS, the recipient can be assured of its authorship and authenticity of the text of the document.
Today EDS is a legally formalized procedure of protected on-line information exchange. According to the article of the law, which regulates information documenting (Federal Law №149-FZ), the electronic message, signed by electronic digital signature (EDS), is equivalent to the document, signed with one's own hand, unless any other normative act stipulates for an obligatory hard-copy form.
How EDS is used
Electronic digital signature is used for confirmation of the authorship and authenticity of information (of an electronic document). In the system of electronic bidding the supplier who has submitted a quotation or tendered, commits himself to delivery of goods or provision of services, subject to conditions, stated in the proposal. Having been signed by EDS, the proposal gets relevance in law and entails legal liability, according to Russian laws. Thereby a customer in the system of electronic bidding deals with real proposals and their fulfillment is guaranteed by law.
On the other hand, the customer, who has called for bids (in the form of auction, tender or request for quotations), commits himself to conclusion of a contract with that supplier, whose proposal is the best. In this regard the mechanism of EDS, represented in the system of electronic bids, provides suppliers with legal guarantees of a contract conclusion.
Encryption
Confidentiality (secrecy) is also secured by encryption. There are two keys, public and private, which are used both for encoding/decoding and EDS creation. For encoding of the message (probably already signed by EDS) the recipient’s public key is used, while the received codified message can be decoded only by the recipient with the use of his private key. Even the sender, who has just encoded the message, can’t decode it. Thereby for message signing the sender’s private key is used, while for encoding - the recipient’s private key is used. Accordingly the recipient uses his private key for decoding, and the sender’s public key – for EDS verification.
EDS and message encryption can be used either together or separately, at the discretion of the user. For example, company director’s order must be signed to confirm its authenticity, but may not be encoded.
Public key certificate is a secondary protection of the public key (it binds together a public key with an identity). If the private key is compromised, the Certificate is revoked. Expiration date is one year, following which the Certificate becomes invalid, and a new certificate should be received. For the secure of data in the Certificate EDS of the Certification Authority (CA) is used.