Professional Documents
Culture Documents
1|Page
INTRODUCTION
The introduction of signatures has provided a definite identity to the individuals and allowed
the corporate sector and other individuals to function in a manner faster, keeping pace with
the ongoing technology. The signatures have by far played a huge role in individual’s
decision making and enabling consent at a much larger value. In olden times, every
individual or the authorised signatory had to go through the document entirely and then
provide his assent. This created enough hurdles amongst the organisations to keep up with the
pace of the signatory and revolve around his/her timeline. Authorised Signatory may not be at
a particular place and still allow his assent.
Digital signature has been defined under Section 2(1)(p) of the Information Technology
Act, 2000.
Digital signature is a special type of electronic signature which involves specific technology
and provides greater assurance of a documents authenticity and integrity than any other form
of electronic signature. It is technology specific and involves use of asymmetric cryptography
to affix signature where private key encrypts the electronic record to convert it into illegible
form which provides greater assurance of a documents authenticity and integrity than any
other form of electronic signature. It can be verified by anyone by using the public key of the
subscriber without the need for proprietary verification software.
Electronic Signature has been defined under Sec 2 (ta) of Information Technology Act
2000 .
Electronic signature is a wider term it includes digital signature also. It is technology neutral.
Verifying an Electronic signature does require same name, number, code, sound, fingerprint
or any other technique used as electronic signature( proprietary verification certificate) by
the sender.
2|Page
UNCITRAL MODEL LAW ON ELECTRONIC
SIGNATURES 2001
The purpose of UNCITRAL Model Law on Electronic Signatures 2001 provides the
following statement which signifies the importance of electronic signature.
A Chartered Accountant
Banks
A Company Secretary
Director of a company
3|Page
TYPES OF CERTIFICATE
Only Sign– It could only be used for signing a document. It is widely used in signing
PDF Files for the purpose of filing Tax Returns for usage as an attachment for
Ministry Of Corporate Affairs or other government websites
Encrypt– It is used to encrypt a particular document. It is popularly used in tender
portals to help a company encrypt a document before uploading it.
Sign along with Encryption– It is used for both signing and encrypting a particular
document.
Generate a key pair in a secure medium and prove the possession of a private key corresponding to the
public key
The Local Registration Authority shall forward the application to licenced Certifying
Authority
DUTIES OF SUBSCRIBER
5|Page
The first important duty of the subscriber is to generate a key pair. It is provided under the
Act that where any Digital Signature Certificate, the public key of which corresponds to the
private key of that subscriber which is to be listed in the Digital Signature Certificate has
been accepted by a subscriber, the subscriber shall generate that key pair by applying the
security procedure.
It is important to note that a digital signature certificate involves a key pair i.e. public key and
private key. The private key is to be used for affixing a digital signature by the subscriber
whereas the public key is for verification of the digital signature. However, it is the duty of
the subscriber, to whom Digital Signature Certificate has been issued to generate this key pair
or it can be generated by the Certifying Authority on a key generation system in the presence
of subscribers. But that key pair must be accepted by the subscriber. However, the key
generation process shall generate statistically random key values which are resistant to known
attacks. Further, it is important to note that single and double key pairs are issued by the CA.
Key change [Rule 19(2) of The Information Technology (certifying authorities) Rules,
2000 and para 21.1 of security guidelines for Certifying Authority]: Regarding key
change, it is provided that:
Certifying authority and subscriber keys shall be changed periodically. A key change shall be
processed as per key generation guidelines. The certifying authority shall provide reasonable
notice to the subscribers, relying on the party, of any change of a new key pair used by the
Certifying Authority to sign Digital Signature Certificate. The certifying authority shall
define its key change process that interlocks such as signing a hash of the new key with the
old key.
The period of keys (Rule 19(2) of The Information Technology (Certifying Authority]
Rules, 2000 and para 21.1 of security guidelines for the Certifying Authority]:
It is important to note that all keys have a period of not more than 5 years. However, the
suggested validity period are
6|Page
In respect of the Electronic Signature Certificate, the subscriber shall perform such duties as
may be prescribed.
This duty of accepting the Digital Signature Certificate is considered to be the most important
duty of the subscriber because unless he has accepted the Digital Signature Certificate, he
cannot digitally sign the E-record. However, a subscriber shall be deemed to have accepted a
Digital Signature Certificate if he publishes or authorizes the publication of Digital Signature
Certificate:
By accepting a Digital Signature Certificate, the subscriber certifies to all who reasonably
rely on the information contained in the Digital Signature Certificate that:
The subscriber holds the private key corresponding to the public key listed in the
Digital Signature Certificate and is entitled to hold the same;
All representations made by the subscriber to the Certifying Authority and all material
relevant to the information contained in the Digital Signature Certificate are true;
All information in the Digital Signature Certificate, which is within the knowledge of
the subscriber, is true.
Another important duty of the subscriber is to have control over his private key. It is provided
under the Act that every subscriber shall exercise reasonable care to retain control of the
private key corresponding to the public key listed in his Digital Signature Certificate and take
all steps to prevent its disclosure. If the private key corresponding to the public key listed in
the Digital Signature Certificate has been compromised, then, the subscriber shall
communicate the same without any delay to the Certifying Authority in such manner as may
be specified by the regulations.
7|Page
TECHNOLOGY (CERTIFYING AUTHORITIES)
RULES,2000
Therefore, the duties of the subscriber under Section 40-42 of Information Technology
Act, 2000 read with Rules and Regulations are the following:
CONCLUSION
8|Page
Subscriber is a person to whom Electronic Signature Certificates/ Digital Signature
Certificate is issued by the Certifying Authority. Subscriber can affix an electronic signature
or digital signature to the electronic record.. Any subscriber who is having Electronic
Signature Certificate/Digital Signature Certificate can digitally sign the electronic record. His
main function is to generate key pairs, accepting key pairs, control the key pair and where his
key is compromised he must follow the procedure mentioned under the law to inform the
Certifying Authority.
9|Page