Electronic Digital Signature

August 27, 2024

Electronic Digital Signature:

Provisions relating to Electronic/Digital signature certificates are covered in Chapter VII i.e. Secs.35 to 39 of the IT Act, 2000 and Rules 23 to 30 of the IT (Certifying Authorities) Rules, 2000 and IT (Certifying Authority) Regulations,

2001.

A Digital Signature Certificate is an electronic document which uses a digital signature to bind together a public key with an identity — information such as the name of a person or an organisation, their address, and so forth. The certificate can be used to verify that a public key belongs to the individual.

Digital certificates are the digital equivalent (i.e. electronic format) of physical or paper certificates. Examples of physical certificates are driver’s licences, passports or membership cards.

Digital Signature Certificates are issued by the Certifying Authority (CA). The CA is responsible for vetting all applications for Digital Signature Certificates, and once satisfied, generates a Digital Certificate by digitally signing the Public key of the individual along with other information using its own Private key.

The CCA has licensed eight Certifying Authorities in India to issue Digital Signature Certificates to the end users. The National Informatics Centre issues Digital Signature Certificates primarily to the Government/ PSUs and Statutory bodies. The Institute for Development of Research in Banking Technology (IDRBT) issues Digital Signature Certificates primarily to the banking and financial sector in India. The remaining CAs – Safescrypt, TCS, MTNL, n(Code) Solutions and eMudhra issue Digital Signature Certificates to all end users across all domains. More than 16 lakh Digital Signature Certificates have been issued by the different CA’s in India.Depending upon the requirement of assurance level and usage of Digital Signature Certificate, the following are the classes of Digital Signature Certificates:-

1) Class -1 Certificate – issued to individuals/private subscribers to secure email messages.

2) Class – 2 Certificates – issued as Managed Digital Certificates to employees/ partners/ affiliates/ customers of business and government organizations that are ready to assume the responsibility of verifying the accuracy of the information submitted by their employees/ partners/affiliates/ customers.

3) Class – 3 Certificates – issued to individuals, companies and government organizations. They can be used both for personal and commercial purposes. They are typically used for electronic commerce applications such as electronic banking, electronic data interchange (EDI), and membership-based on-line services, where security is a major concern.

Different types of digital signature certificates that are issued:–

1) Individual Digital Signature Certificates (Signing Certificates) – Individual Certificates serve to identify a person. It follows that the contents of this type of certificate include the full name and personal particulars of an individual. These certificates can be used for signing electronic documents and emails and implementing enhanced access control mechanisms for sensitive or valuable information.

2) Server Certificates – Server Certificates identify a server (computer). Hence, instead of a name of a person, server certificates contain the hostname e.g. “https://nsdg.gov.in/” or the IP address. Server certificates are used for 1 way or 2 way SSL to ensure secure communication of data over the network.

3) Encryption Certificates – Encryption Certificates are used to encrypt the message. The Encryption Certificates use the Public Key of the recipient to encrypt the data so as to ensure data confidentiality during transmission of the message. Separate certificates for signatures and for encryption are available from different CAs.

Before the issue of the Digital Signature Certificate, the Certifying Authority should –

i.confirm that the user’s name does not appear in its list of compromised users;

ii.comply with the procedure as defined in his Certification Practice Statement including verification of identification and/or employment; 52

iii. comply with all privacy requirements;

iv. obtain a consent of the person requesting the Digital Signature Certificate, that the details of such Digital Signature Certificate can be published on a directory service.

The generation of the Digital Signature Certificate will involve:

a) receipt of an approved and verified Digital Signature Certificate request;

b) creating a new Digital Signature Certificate;

c) binding the key pair associated with the Digital Signature Certificate to a Digital Signature Certificate owner;

d) issuing the Digital Signature Certificate and the associated public key for operational use;

e) a distinguished name associated with the Digital Signature Certificate owner; and

f) a recognized and relevant policy as defined in Certification Practice Statement. 

To download this note as a PDF and have a handy reference for future use

Attention to all law students!
Are you missing out on internships, job opportunities, and essential law notes?
Don’t worry! Join over 45,000 students who are already part of the largest legal community. Don’t get left behind!
Become a member of our WhatsApp Groups (Click Here) and Telegram Channel (Click Here) for instant update

If you want to add something or just say thank you,