Qualified Electronic Signature (QES) on Website

Our company is engaged in the development, support and maintenance of sites of any complexity. From simple one-page sites to large-scale cluster systems built on micro services. Experience of developers is confirmed by certificates from vendors.

8+Years of workmore info 900+Completed projectsmore info 100+In house employeesmore info 19+Partnersmore info

Development and maintenance of all types of websites:

Informational websites or web applications

Business card websites, landing pages, corporate websites, online catalogs, quizzes, promo websites, blogs, news resources, informational portals, forums, aggregators

E-commerce websites or web applications

Online stores, B2B portals, marketplaces, online exchanges, cashback websites, exchanges, dropshipping platforms, product parsers

Business process management web applications

CRM systems, ERP systems, corporate portals, production management systems, information parsers

Electronic service websites or web applications

Classified ads platforms, online schools, online cinemas, website builders, portals for electronic services, video hosting platforms, thematic portals

These are just some of the technical types of websites we work with, and each of them can have its own specific features and functionality, as well as be customized to meet the specific needs and goals of the client.

Offered services

Showing 1 of 1 servicesAll 2065 services

Qualified Electronic Signature (QES) on Website

Complex

~2-4 weeks

FAQ

Our competencies:

Free consultation

Book a free consultation if you have any questions. A dedicated specialist will advise you.

Cost calculation

If you know what exactly you need to develop, or you already have a ready-made technical task.

Development stages

Latest works

Development of a web application for FEEDME
1161
Development of an online store for the company FURNORO
1041
Development of a web application for Enviok
822
CRM development for Chasseurs
847
Website development for SBH Partners
999
Website development for Red Pear
451

Show more works

Implementation of Qualified Electronic Signature (QES) on Website

Qualified Electronic Signature (QES) is the only type of e-signature equivalent to handwritten signature under Russian law (Federal Law No. 63). It is not a visual signature and not a simple e-signature: QES is created using a qualified certificate (issued by accredited CAs) and cryptographic software (SKZI).

Technical Stack

CryptoPro CSP is the most common SKZI in Russia. Installed on user's computer. For browser usage — CryptoPro ECP Browser Plugin (NPAPI/COM component) or CryptoPro CSP Web.

Alternatives:

Rutoken ECP — token with built-in GOST cryptography, Rutoken Web plugin
VipNet CSP — alternative SKZI
CryptoARM GOST — desktop application with API

For SaaS without SKZI installation requirement — cloud QES via DSS (Directory Services of Signing): user receives SMS confirmation, signature created on server in trusted environment. Providers: CryptoPro DSS, Kontur.Krypto, Trusted Environment.

Architecture for Signing via CryptoPro Browser Plugin

// Check for plugin presence
async function checkCryptoProPlugin() {
  try {
    const plugin = await cadesplugin;  // cadesplugin - global object after plugin load
    return true;
  } catch (e) {
    return false;
  }
}

// Get user certificates list
async function getUserCertificates() {
  const plugin = await cadesplugin;
  const store = await plugin.CreateObjectAsync('CAdESCOM.Store');
  await store.Open(
    plugin.CADESCOM_CONTAINER_STORE,  // From container storage
    plugin.CAPICOM_MY_STORE,          // "Personal" certificates
    plugin.CAPICOM_STORE_OPEN_MAXIMUM_ALLOWED
  );

  const certs = await store.Certificates;
  const validCerts = await certs.Find(plugin.CAPICOM_CERTIFICATE_FIND_TIME_VALID);
  const result = [];

  for (let i = 1; i <= await validCerts.Count; i++) {
    const cert = await validCerts.Item(i);
    const subjectName = await cert.SubjectName;
    const validTo = await cert.ValidToDate;
    result.push({ index: i, subjectName, validTo, cert });
  }

  await store.Close();
  return result;
}

// Create CAdES-BES signature (attached)
async function signDocumentCAdES(documentBase64, certificateItem) {
  const plugin = await cadesplugin;
  const signer = await plugin.CreateObjectAsync('CAdESCOM.CPSigner');
  await signer.propset_Certificate(certificateItem.cert);
  await signer.propset_CheckCertificate(true);

  const signedData = await plugin.CreateObjectAsync('CAdESCOM.CadesSignedData');
  await signedData.propset_ContentEncoding(plugin.CADESCOM_BASE64_TO_BINARY);
  await signedData.propset_Content(documentBase64);

  const signature = await signedData.SignCades(
    signer,
    plugin.CADESCOM_CADES_BES,  // BES = without timestamp
    true  // detached = detached signature
  );

  return signature;
}

Signature Formats

Format	Description	Application
CAdES-BES	Basic, without timestamp	Most documents
CAdES-T	+ timestamp	When time fixing needed
CAdES-XL	+ certificate revocation check	Archive storage
XAdES	XML documents	EDI, tax
PAdES	PDF	PDF signing per ETSI

Cloud QES via CryptoPro DSS

No SKZI installation on user's computer required:

// Initialize signing via DSS API
async function initDssSignature(documentHash, userPhone) {
  const response = await fetch('https://dss.cryptopro.ru/SignServer/rest/api/CreateTransactionHash', {
    method: 'POST',
    headers: {
      'Authorization': `Bearer ${process.env.DSS_ACCESS_TOKEN}`,
      'Content-Type': 'application/json',
    },
    body: JSON.stringify({
      Signature: {
        Parameters: {
          CadesType: 1,  // CAdES-BES
          HashAlgorithm: 'GOST3411-2012-256',
        },
        Content: { IsDetached: true, HashValue: documentHash },
      },
      OperationID: crypto.randomUUID(),
    }),
  });

  const { TransactionID } = await response.json();

  // Send SMS with confirmation code
  await sendConfirmationSms(userPhone, TransactionID);

  return TransactionID;
}

// Confirm with SMS code
async function confirmDssSignature(transactionId, smsCode) {
  const response = await fetch('https://dss.cryptopro.ru/SignServer/rest/api/ConfirmSignature', {
    method: 'POST',
    body: JSON.stringify({ TransactionID: transactionId, ConfirmationCode: smsCode }),
  });

  const { Signature } = await response.json();
  return Signature; // base64 signature
}

Signature Verification

// Verification via CryptoPro WebService
async function verifySignature(documentBytes, signatureBase64) {
  const plugin = await cadesplugin;
  const signedData = await plugin.CreateObjectAsync('CAdESCOM.CadesSignedData');
  await signedData.propset_ContentEncoding(plugin.CADESCOM_BASE64_TO_BINARY);
  await signedData.propset_Content(Buffer.from(documentBytes).toString('base64'));

  await signedData.VerifyCades(signatureBase64, plugin.CADESCOM_CADES_BES, true);

  const signers = await signedData.Signers;
  const signer = await signers.Item(1);
  const cert = await signer.Certificate;
  const certInfo = await cert.SubjectName;

  return {
    valid: true,
    signerName: certInfo,
    signedAt: await signer.SigningTime,
  };
}

Legal Requirements

Certificate must be issued by accredited CA (registry on Ministry of Digital Development site)
SKZI must be certified by FSB
For real estate transactions, notarial actions — additional requirements
Document storage with QES — minimum period of statute of limitations (3–10 years)

Timeline

Integration with CryptoPro Browser Plugin: UI, certificate list, CAdES-BES signing — 7–10 days. Cloud QES via CryptoPro DSS with SMS confirmation — 7–10 days. Signature verification with certificate check — 3–5 days.