A Digital Signature is a mathematical scheme for demonstrating the authenticity of a digital message or documents. A valid digital signature gives the recipient reason to believe that the message was created by a known sender, that the sender cannot deny having sent the message (authentication and non-repudiation), and that the message was not altered in transit (integrity of the data being transmitted). The paper based concepts of identification, declaration and proof are carried through the use of digital signatures in electronic environment. Digital signatures, a form of electronic signatures, are created and verified using Public Key Cryptography (PKI) that is based on the concept of a key pair generated by a mathematical algorithm, the public and private keys.
A Digital Signature Certificate (DSC) is a secure digital key that certifies the identity of the holder and is issued by a Certifying Authority (CA). It contains a Private Key and a Public key of the applicant (signer) which are used to encrypt the message to be transferred to the receiver and to decrypt the same at the receivers' end (to verify the authenticity and/or integrity of the data transmitted). This certificate is generally downloaded/installed on a usb token or smart card which can be connected to any system and used for authenticating and signing electronic data/documents.
Message authentication process involves, generation of a document hash to produce a 'digest' and encrypting the same with the private key to produce a digital signature. Thereafter anyone can verify this signature by:
- Computing the message hash.
- Decrypting the signature with signer's public key to produce a decrypted digest
- Comparing the message hash with the decrypted digest
The equality between the digest confirms that the message has not been altered/modified since it was signed and that the signer alone has performed the signature operation (considering that his private key has remained secret to the signer).
In India, Controller of Certifying Authority (CCA) under Ministry of Communications & Information Technology is the body responsible to license and regulate the working of Certifying Authorities (CA) and also to ensure that none of the provision of the Information Technology Act, 2000 are violated. The DSC issued by these CA are in par with handwritten signatures on a paper document and have equal legal validity. Currently following seven CAs are licensed by CCA to issue digital signatures.
- Safescrypt CA
- e-Mudhra CA
- Tata Consultancy Services (TCS)
- National Informatics Center (NIC)
- (n)Code Solutions
- iTrust CA (IDRBT)
- Center for Development of Advance Computing (CDAC)
Digital signatures can be of various classes viz. Class 1, Class 2, Class 3 and so on. With the increase in class the credibility of the digital signature is enhanced. For, example you can get a Class 2 DSC by submitting an application with the CA along with attested photocopies of your identity and address proof. However, to get a class 3 DSC you'll need to be physically present before the Registration Authority (agents approved or authorized by respective CAs) to prove his/her identity. While class 2 DSC is sufficient for e-forms filing with MCA21 (ROC) and/or income tax return (ITR) filing, certain activities such as online bidding for tenders/auctions require the use of class 3 DSC.
As per MCA21 guidelines the authorized signatories are required to use at least Class 2 DSC for filing e-forms with the Registrar of Companies (ROC). Class 2 DSC can also be used with incometaxindiaefiling portal as well as with TRACES portal to perform various authentications and file income tax returns. The same class DSC can be used by Chartered Accountants to verify the particulars provided in MGT-14 e-forms and various other e-forms which are required to file by the Company
Now that you've understood the basic about DSC and its various classes, the next query would be: how can one get this DSC?
Digital Signature Certificate can be obtained by approaching any of the above mentioned CA or their agents (known as Registering Authority) along with the photo application form and attested copy each of identity proof and address proof. The attestation for this purpose can be done by any Bank Manager/ Post Master/ Gazzetted Officer with Name, Address and Contact Number or by providing a self-attested copy of Organizational Identity card of the attesting officer. The cost for a DSC ranges from Rs. 750 to Rs. 1300 for a single year validity and from Rs. 1299 to Rs. 1900 for two year validity period. After the expiry of the validity period the same can be renewed with equal or slightly lower charges for the next period.
Further, if you plan to use your DSC through a USB token (which is recommended since it is secured via a PIN), then you'll need to get one either from the CA itself or other providers of e-token such as e-Pass Auto 2003, trustkey token, alladin e-token, etc. and have the DSC downloaded and installed on the token. The cost of these e-token ranges from Rs. 650 to Rs. 1000 plus sales tax as applicable depending upon the providers.
To use a DSC, you need to connect your usb e-token and run the signing application. The signing application will then ask the PIN to verify the ownership details and sign the document (in effect the hash of the message i.e. digest) to produce a digital signature. Please, note that appropriate token drivers are required to be installed on the system on which you're planning to connect the usb e-token so that the token can be recognized by the system and ultimately by the signing application. Generally, the drivers for e-token are provided by the token manufactures/distributors within the token or separately on a compact disk (CD). However, if you're not able to find/install the same, you can download the driver software for respective e-token from the link below.