File Signing
Files in DiMaker can be signed with a Digital Signature (DS) or, as recently updated, a Qualified Electronic Signature (QES) in accordance with the standards of the Ministry of Digital Development of Russia. This ensures that the created document obtains legal validity and guarantees its integrity from the moment of signing. For more details on application settings and system requirements, see the «Settings» section.
Signing Process
Files are sent for signing immediately after being created, without waiting for the entire task to complete. Therefore, it is recommended to launch the DiMaker Signtool application and prepare the required environment for signing files before the file creation process begins. If an external certificate storage device is used, ensure it is connected to the computer's USB port.
First, the files are created on the server; next, they are signed locally on your computer, and only then are they sent via email from the server. Files prepared for signing but left unsigned cannot be downloaded or sent until they are fully signed.
Security
The signing process occurs exclusively on the computer with the connected digital signature device. The digital signature itself is never sent to DiMaker's server. Furthermore, the DiMaker Signtool application does not access the private keys of certificates, as it utilizes standard file signing mechanisms like CryptoPRO. This design ensures complete security during the signing process.
When signing a file, the DiMaker Signtool application downloads the file from the DiMaker server, signs it using CryptoPRO, and then uploads the signed file back to the server.
Since the signing process occurs on the user's computer, it is essential to ensure uninterrupted operation and a stable internet connection. The speed of the signing process depends on the computer’s internet bandwidth but typically takes no more than 3-5 seconds per file with broadband internet access.
Working with Files in Drive
Files in Drive can have the following status:
Without Digital Signature. If a file was created without a digital signature, it cannot be signed after its creation.
Unsigned. These are files that were intended for digital signature at the creation stage but are not yet signed. Until the file is signed, it cannot be downloaded, modified, or sent via email. It is possible to remove the digital signature information if needed, but this action cannot be undone. If a file was created for signing but not signed immediately, it can later be signed with a different digital signature.
Signed. These are files that have been signed with a digital signature. Each signed file contains signature information and a file checksum, ensuring the file’s integrity and providing details about who signed it. Information about the signature can be viewed in the file properties in «Drive,» while signature validity can be verified through special services (see below).
Digital Signature Stamp
Signed files include a digital signature stamp. This text string contains signature and signer information. The stamp needs to be placed in the editor at the desired location. However, stamps are only applied to files that have been signed. If you download an unsigned file or skip the signing process, the stamp is hidden.
The stamp itself holds no legal validity. However, its presence indicates that the file was signed digitally. To confirm the authenticity of the signature, the file must be verified for signature integrity.
File Verification
To verify a digital signature, special services should be used. One such service is e-trust.gosuslugi.ru. This is the portal of the authorized federal agency for the use of digital signatures. Using this service, you can verify the digital signature of a file (select “Verify Attached Signature”). If the file has been altered after signing, the digital signature is either removed or becomes invalid. If the file passes verification and displays signature details, it ensures the file has remained unchanged since it was signed.