Professional Documents
Culture Documents
HOME BLOG SUBMIT ARTICLE ACTS CAREERS LAW NOTES WEEKLY COMPETITION
Home Cyber Law All you want to know about Digital Signature
This article has been written by Aparajita Balaji, a student of Vivekananda Institute Of
Professional Studies, affiliated to Guru Gobind Singh Indraprastha University, Delhi, and
Hemal Shah, pursuing a Diploma in Advanced Contract Drafting, Negotiation and Dispute
Resolution from Lawsikho. In this article, she has discussed the entire concept related to
the digital signature in India. The difference between Digital Signature and Electronic
Signature as well as the Digital Signature Certificate.
Table of Contents
Introduction
Electronic signature
Concept of Digital Signature
Basic difference between digital signature and electronic signature- layman’s terms
UNCITRAL Model Law on electronic signatures 2001
Digital Signature and Electronic Signature as defined under the Law
Electronic Signature
Types of electronic signature
Unsecured Signature
Secured Signature
Digital Signature
Usage of Digital Signature
Difference between Electronic Signature and Digital Signature
Features of Digital Signature
Authentication using Digital Signature
Asymmetric Encryption
Symmetric Encryption
Benefits of Digital Signature
Process followed for the creation of digital signature
Verification of Digital Signature
Problems With Digital Signature
Digital Signature Certificate (DSC)
Introduction
Who needs a DSC?
Elements of Digital Certificate
Types of Certificate
Validity
DSC under the Information Technology Act, 2000
Legal Approach and Digital Signature
Conclusion
References
Introduction
The introduction of signatures has provided a definite identity to the individuals and
allowed the corporate sector and other individuals to function in a manner faster, keeping
pace with the ongoing technology. The signatures have by far played a huge role in
individual’s decision making and enabling consent at a much larger value. In olden times,
every individual or the authorised signatory had to go through the document entirely and
then provide his assent. This created enough hurdles amongst the organisations to keep up
with the pace of the signatory and revolve around his/her timeline. Authorised Signatory
may not be at a particular place and still allow his assent. Technology has duly provided his
boon.
In advancement of the growing industrial era, the United Nations in 1998 made an
observation that increasing transactions in cyberspace over the recent years made it
very necessary to have a legal framework dealing with e-signatures. It was the stringent
laws for e-signature and the development of cyber laws were seen as the need of the
hour.
Electronic signature
Electronic Signature provides an electronic representation of the individual’s identity that
provides the proof of consent and assents to the facts of the given signature. In toto, it’s
an approval from the signatory that he assents to the written format of the same
electronically. It is important to ensure that it is coming from the authorised signatory and
has made no modifications to the document.
The European Union Regulation 910/214 defines and regulates electronic signature as “ in
electronic form which is attached to or logically associated with other data in electronic
form and used by the signatory to sign”.[1]
Under the contract law also, signature holds a vital position as it is considered as a sign of
acceptance of an offer. The Conventional form of signatures has evolved a lot due to
technological advancement. With the increased usage of online transactions and e-mails,
the risk of the data being hacked has also increased. Hence, the concept of online
signatures has become relatively important.
Click Here
The definition of electronic signature includes digital signature and other electronic
techniques which may be specified in the second schedule of the Act, thus an electronic
signature means authentication of an electronic record by a subscriber by means of
electronic techniques. The adoption of ‘electronic signature’ has made the Act technological
neutral as it recognizes both the digital signature method based on cryptography technique
Unsecured Signature
Since Electronic Signature is more of an unsecured type of signature, there are affixations
that are marked in the end for reference. However, as stated earlier, they can be easily
tampered and not provide much of the focus on the authenticity of the Identity. Following
are the types of Electronic Signature:
1) Email Signature– Just merely typing one’s name or symbol in the end of an email
or sending a message on letterhead, they can easily be forged by anyone else.
2) Web Based Signature– In many organizations, the Company dons many hats with
regards to activities conducted in the Organizations, this may make the organization fall for
Web-based clickwrap contracts in which the acceptance is made merely by clicking a single
button. Such signatures bind the party even if they were conned fraudulently. [5]
The advancement of growing online transactions has caused variety of cyber crime to take
place right from the deceptiveness to hidden identity. It is for this reason that Digital
Signature is taken as a more stringent form of signature and to protect the identity of the
sender. There are more advanced ways to curb the menace caused in Electronic Signatures
as well.
Secured Signature
This includes the signatures which are digitally secured and also which have more legal
weightage.
Digital Signature
According to section 2(1)(p) of the Information Technology Act, 2000 digital signature
means the authentication of any electronic record by a person who has subscribed for
the digital signature in accordance to the procedure mentioned under section 3 of the
same act.
Section 5 of the Information Technology Act, 2000 gives legal recognition to digital
signatures.
3) Return filing for GST– GST filing and E-filing causes the individuals to compulsory
opt for Digital Signatures.
4) Filing for Income Tax– Some corporations require the business to file the tax all
over India, thus saving the light of the day.
5) For ROC E-filing– Filing with registrar of Companies and filing for various
documents has caused enough leverage for individuals to opt for Digital Signature.
It is easily vulnerable to
9. It is more secure and highly reliable.
tampering.
The person who receives the electronic message or document is able to realise who is the
sender of the message. The digital signature makes it possible to verify the name of the
person signing the message digitally.
The receiver of the electronic message is able to determine whether he/she has received
the original document or whether the document has been altered before the receipt or not.
Non- Repudiation
The sender of the message cannot refute the contents of the electronic message and
cannot deny that he/she had never sent the message.
1. Encryption: The process of transforming the plain message into a cipher text.
2. Decryption: The reversal of Cipher text into the original message.
Asymmetric Encryption
Can only be decrypted using a publicly available key known as the ‘Public Key’ provided
by the sender. The procedure has been under Section 2(1)(f) of the Information
Technology Act, 2000. Under this system, there is a pair of keys, a private key known only
to the sender and a public key known only to the receivers.
The message is encrypted by the private key of the sender, on the contrary, decryption
can be done by anyone who is having the public key. It depicts the authenticity of the
sender. It is also known as the ‘principle of irreversibility’ ie. the public key of the
sender is known to many users, but they do not have access to the private key of the
sender which bars them from forging the digital signature.
Symmetric Encryption
There is only a single key known to both the sender and the receiver. Under this system,
the secret key or the private key is known to the sender and the legitimate user. This
secret key is used for both encryption and decryption of the message.
The only drawback of this symmetric encryption is that as the number of pairs of users
increases, it becomes difficult to keep track of the secret keys used.
Firstly a person needs to get a Digital Signature Certificate from the Certifying Authorities.
After that, the following process is followed:
1. The original message of the sender is demarcated in order to get the message digest,
with the help of the hash function.
2. Then the private key is used to encrypt the message digest.
3. The encrypted message digest becomes the digital signature by using the signature
function.
4. The digital signature is then attached to the original data
5. Two things are transmitted to the recipient:
To sign an electronic record or any other item of information, the signer first applies the
hash function in the signer’s software. A hash function is a function which is used to
map data of arbitrary size onto data of a fixed size. The values returned by a hash
function are called hash values, hash codes, digests, or simply hashes
The hash function computes a hash result of standard length, which is unique to the
electronic record.
The signer’s software transforms the hash result into a Digital Signature using the
signer’s private key.
The resulting Digital Signature is unique to both electronic record and private key which
is used to create it.
The Digital Signature is attached to its electronic record and stored or transmitted with
its electronic record.
A new message digest is recovered from the original message by applying the hash
result.
The signer’s public key is applied to the digital signature received by the recipient and
another message digest is recovered as the outcome of it.
If both the message digests are identical, it means that the message is not altered.
Types of Certificate
1. Only Sign– It could only be used for signing a document. It is widely used in signing
PDF Files for the purpose of filing Tax Returns for usage as an attachment for Ministry
Of Corporate Affairs or other government websites
2. Encrypt– It is used to encrypt a particular document. It is popularly used in tender
portals to help a company encrypt a document before uploading it.
3. Sign along with Encryption– It is used for both signing and encrypting a
particular document.
Validity
The DSC is valid up to a maximum period of three years.
Conclusion
With the advancement in technology, the usage of the digital signature in place of the
conventional signature has widely increased. The Information Technology Act, 2000 talks
widely about the concept of Digital Signature, the authorities who have been given the
power of issuing the digital signature certificate and the circumstances which require
affixation of the digital signature.
References
Law And Technology by Niharika Vij, Universal Law Publication House, Second Edition-
2017
http://www.legalserviceindia.com/article/l212-Digital-Signatures.html
http://www.mca.gov.in/MinistryV2/digitalsignaturecertificate.html
http://corporatelawreporter.com/2014/05/02/digital-signature-work-
relevance- companies-act-2013/
[1]
https://blog.signaturit.com/en/what-is-an-electronic-signature- (2019)
[2]
https://www.approveme.com/e-signature/difference-between-digital-signature-
and- electronic-signature/
[3]
http://www.legalservicesindia.com/article/1827/Electronic-Signature:-Legal-and-
Technical-aspect.html
[4]
http://www.legalservicesindia.com/article/1827/Electronic-Signature:-Legal-and-
Technical-aspect.html
[5]
https://blog.ipleaders.in/digital-electronic-signature/
Students of Lawsikho courses regularly produce writing assignments and work on practical
exercises as a part of their coursework and develop themselves in real-life practical skill.
LawSikho has created a telegram group for exchanging legal knowledge, referrals and
various opportunities. You can click on this link and join:
https://t.me/joinchat/J_0YrBa4IBSHdpuTfQO_sA
Follow us on Instagram and subscribe to our YouTube channel for more amazing legal
content.
Previous article
Next article
More than 90% of the CAs, CS or Cost SHARELike 7
Accountants Miss out on this Lucrative
Subsidies and Countervailing Measures
Opportunity
Did you find this blog post helpful? Subscribe so that you never miss another post! Just complete this form…
Name
Email Address
10-6=?
SUBSCRIBE!
LEAVE A REPLY
Comment:
Name:
Email:
Website:
PDFmyURL.com - convert URLs, web pages or even full websites to PDF online. Easy API for developers!