A digital signature is an electronic form of a signature that can be used to authenticate the identity of the sender of a message or the signer of a document, and also ensure that the original content of the message or document that has been sent is unchanged. Digital signatures are easily transportable and cannot be imitated by someone else. The ability to ensure that the original signed message arrived means that the sender cannot easily disclaim it later.
Digital Signature Certificates (DSC) is the electronic format of physical or paper certificate like a driving License, passport etc. Certificates serve as proof of identity of an individual for a certain purpose; for example, a Passport identifies someone as a citizen of that country; who can legally travel to any country. Likewise, a Digital Signature Certificate can be presented electronically to prove your identity, to access information or services on the Internet or to sign certain documents digitally.
A Digital Signature Certificate authenticates your identity electronically. It also provides you with a high level of security for your online transactions by ensuring absolute privacy of the information exchanged using a Digital Signature Certificate. You can use certificates to encrypt information such that only the intended recipient can read it. You can digitally sign information to assure the recipient that it has not been changed in transit, and also verify your identity as the sender of the message.
Legally valid Digital Signature Certificates are issued only through a Controller of Certifying Authorities (CCA), Govt. of India,licensed Certifying Authorities (CA), such as eMudhra.
eMudhra, a Certifying Authority (CA) licensed by CCA, offers secure digital signatures through various options tailored to suit individual as well as organizational needs.
You can use Digital Signature Certificates for the following:
- For sending and receiving digitally signed and encrypted emails.
- For carrying out secure web-based transactions, or to identify other participants of web-based transactions.
- In eTendering, eProcurement, MCA [for Registrar of Companies efiling], Income Tax [for efiling income tax returns] Applications and also in many other applications.
- For signing documents like MSWord, MSExcel and PDFs.
- Plays a pivotal role in creating a paperless office.
A Digital Signature Certificate explicitly associates the identity of an individual/device with a pair of electronic keys - public and private keys - and this association is endorsed by the CA. The certificate contains information about a user's identity (for example, their name, pincode, country, email address, the date the certificate was issued and the name of the Certifying Authority that issued it).
These keys complement each other in that one does not function in the absence of the other. They are used by browsers and servers to encrypt and decrypt information regarding the identity of the certificate user during information exchange processes. The private key is stored on the user's computer hard disk or on an external device such as a token. The user retains control of the private key; it can only be used with the issued password.
The public key is disseminated with the encrypted information. The authentication process fails if either one of these keys in not available or do not match. This means that the encrypted data cannot be decrypted and therefore, is inaccessible to unauthorized parties.
These keys complement each other in that one does not function in the absence of the other. They are used by browsers and servers to encrypt and decrypt information regarding the identity of the certificate user during information exchange processes. The private key is stored on the user's computer hard disk or on an external device such as a token. The user retains control of the private key; it can only be used with the issued password.
The public key is disseminated with the encrypted information. The authentication process fails if either one of these keys in not available or do not match. This means that the encrypted data cannot be decrypted and therefore, is inaccessible to unauthorized parties.
Yes, subsequent to the enactment of Information Technology Act 2000 in India, Digital Signature Certificates are legally valid in India.
Digital Signature Certificates are issued by licensed Certifying Authorities under the Ministry of Information Technology, Government of India as per the Information Technology Act.
Digital Signature Certificates are issued by licensed Certifying Authorities under the Ministry of Information Technology, Government of India as per the Information Technology Act.
A digital signature is an electronic method of signing an electronic document whereas a Digital Signature Certificate is a computer based record that
- Identifies the Certifying Authority issuing it.
- Has the name and other details that can identify the subscriber.
- Contains the subscriber's public key.
- Is digitally signed by the Certifying Authority issuing it.
- Is valid for either one year or two years.
No, you cannot. A digital signature certificate can have only one email address.
Digital signature certificates in e-tendering systems are allowed, but based on the service provider.
Yes, digital signature certificates can be employed in wireless networks.
A Certifying Authority is a trusted agency whose central responsibility is to issue, revoke, renew and provide directories for Digital Signature Certificates. According to Section 24 of the Information Technology Act 2000, "Certifying Authority" means a person who has been granted a license to issue Digital Signature Certificates.
The IT Act 2000 details the prerequisites of a CA. Accordingly, a prospective CA has to establish the required infrastructure, get it audited by the auditors appointed by the office of Controller of Certifying Authorities. Subsequent to complete compliance of all requirements, a license to operate as a Certifying Authority can be obtained. The license is issued by the Controller of Certifying Authorities, Ministry of Information Technology, Government of India.
A RA (Registration Authority) is an agent of the Certifying Authority who collects the application forms and related documents for Digital Signature Certificates, verifies the information submitted and approves or rejects the application based on the results of the verification process.
There are three classes of digital signature certificate and their functions are as follows:
- Class 1: The name and email address of individuals can be verified. This is not to be used by companies.
- Class 2: A Class 2 digital signature certificate verifies the identity of a person against a pre-verified, trusted database. This is the one needed for companies or trusts to file their tax returns.
- Class 3: This is the highest and most secure digital signature certificate available in India. To get this a person needs to present himself or herself in front of a registration authority to prove his or her identity. This category is needed for those who want to participate in online auctions or tenders.