What is it?
A digital signature authenticates electronic documents in a similar manner a handwritten signature authenticates printed documents. This signature cannot be forged and it asserts that a named person wrote or otherwise agreed to the document to which the signature is attached. The recipient of a digitally signed message can verify that the message originated from the person whose signature is attached to the document and that the message has not been altered either intentionally or accidentally since it was signed.
Also, the signer of a document cannot later disown it by claiming that the signature was forged. In other words, digital signatures enable the "authentication" and "non-repudiation" of digital messages, assuring the recipient of a digital message of both the identity of the sender and the integrity of the message.
How legal is it?
India has the Digital Signature Legislation in place. This Act grants digital signatures that have been issued by a licensed Certifying Authority in India the same status as a physical signature.
The Information Technology Act, 2000 provides for use of digital signatures on the documents submitted in electronic form in order to ensure the security and authenticity of the documents filed electronically.
How does it work?
Digital signatures deploy the Public Key Infrastructure (PKI) technology. A digital signature is issued by a Certification Authority (CA) and signed with the CA's private key. A digital signature typically contains:
Owner's public key
Expiration date of the public key
Name of the issuer (the CA that issued the Digital ID)
Serial number of the digital signature
Digital signature of the issuer
How do I get a Digital Signature Certificate (DSC)?
The Office of Controller of Certifying Authorities (CCA), issues such certificates only to certifying authorities and the latter issues Digital Signature Certificates to the end user.
Who is authorized to give a DSC?
CA's are appointed by the office of the CCA. There are 7 such agencies authorized by the CCA to issue DSCs.
What types of measures are executed by CCA for licensing a CA?
- Detailed information; financial, technical and procedural, is obtained from the CA as part of the application for license
- The information is examined and audited
- Supervision of activities of CAs
- Auditing of Certification Practice Statement (CPS)
- Auditing Hardware/Software
- Certifying public key of CA
- Laying down standards to be maintained by CAs to ensure continuous compliance to the requirements of the IT Act 2000
Can a person have two DSCs? Say, one for official use and other one for personal use?
Can DSC be employed in wireless network?
If somebody uses other computers, there any possibility of threat to the security of the owners/users of DSC?
No, there is no threat to the security of the DSC if the private key lies on the smartcard /crypto token and does not leave the SmartCard/cryptotoken.
The information has been taken from the websites of the Controller of Certifying Authorities and the e-filing website of the Income Tax Department.