All You Want to Know about Digital Signature
September 30, 2019
With the opening up of the market, innovation in technology and the creation of a global village, the use of online transactions have widely increased. The transactions which are made via the use of the internet not only help in managing the cost of operation but also help in providing effective services to the customer. As a result of which, there are a large number of electronic documents which are generated, processed, stored and transferred over the networks.
The information which is stored and transferred in the form of electronic documents is always under the risk of being tampered. Therefore the digital signature acts a protective shield and provides authenticity to the information stored.
Concept of Digital Signature
A signature is a symbolic and essential representation of one’s identity. Signature of a person holds a very significant place in the field of law as well as while carrying out transactions. When a person signs a particular document, it means that such a person has read the whole document carefully, has verified the facts and is aware of the contents of the document and therefore is giving his assent to the best of his knowledge.
Under the contract law also, signature holds a vital position as it is considered as a sign of acceptance of an offer. The Conventional form of signatures has evolved a lot due to technological advancement. With the increased usage of online transactions and e-mails, the risk of the data being hacked has also increased. Hence, the concept of online signatures has become relatively important.
Digital Signature and Electronic Signature as defined under the Law
- Electronic Signature has been defined under Section 2(1)(ta) of the Information Technology Act, 2000. Electronic Signature means the authentication of any electronic record by a subscriber by means of the electronic technique as specified under the Second Schedule and also includes a digital signature.
Types of electronic signature
- Email Signature: Just typing one’s name at the end of an email or sending a message on letterhead. They can be easily forged.
- Web Signature: Web-based clickwrap contracts create a lot of difficulties in E-Commerce. The acceptance is made by clicking a single button. Such a signature doesn’t do anything about the identity of the sender.
This includes the signatures which are digitally secured and also which have more legal weightage.
- According to section 2(1)(p) of the Information Technology Act, 2000 digital signature means the authentication of any electronic record by a person who has subscribed for the digital signature in accordance to the procedure mentioned under section 3 of the same act.
- Section 5 of the Information Technology Act, 2000 gives legal recognition to digital signatures.
Difference Between Electronic Signature and Digital Signature
|S.No||Electronic Signature||Digital Signature|
||It has been defined under Section 2(1)(ta) of the Information Technology Act, 2000.||It has been defined under Section 2(1)(p) of the Information Technology Act, 2000.|
|2.||It is technologically neutral, ie. no specific technological process is to be followed to create an electronic signature.||It follows a technology-specific approach such as usage of hash functions etc.|
|3.||It can be created by using various available technologies like attaching a picture of your signature.||It uses public key cryptography system to sign up for a particular message which requires a pair of keys ie. a private key for encryption and a public key for decryption, computed by using a hash function.|
|4.||It can be in the form of a name typed at the end of an email, a digital version of a handwritten signature in the form of an attachment, a code or even a fingerprint.||It involves the usage of Cryptographic system of constructing the signature with a two-way protection system.|
|5.||It is less authentic as compared to the digital signature.||It has more authenticity as compared to the electronic signature.|
|6.||It is verified through the signer’s identity.||It has a certificate-based digital 10 verification.|
|7.||It is used for verifying a document.||It is used as a means for securing a document.|
|8.||It has no expiration or validity period.||It is valid up to a maximum of three years.|
|9.||It is easily vulnerable to tampering.||It is more secure and highly reliable.|
Features of Digital Signature
The authenticity of the sender
The person who receives the electronic message or document is able to realise who is the sender of the message. The digital signature makes it possible to verify the name of the person signing the message digitally.
The integrity of the message
The receiver of the electronic message is able to determine whether he/she has received the original document or whether the document has been altered before the receipt or not.
The sender of the message cannot refute the contents of the electronic message and cannot deny that he/she had never sent the message.
Authentication Using Digital Signature
The authentication of the electronic record is done by creating a digital signature which is a mathematical function of the message content. Such signatures are created and verified by Cryptography, which is a branch of applied mathematics. It is used to secure the confidentiality and authentication of the data by replacing it with a transformed version that can be reconverted to reveal the original data only to someone who has the proper key.
- A key is a sequence of symbols that controls the operation of a cryptographic transformation.
- It involves two processes which are as follows.
- Encryption: The process of transforming the plain message into a cipher text.
- Decryption: The reversal of Cipher text into the original message.
Can only be decrypted using a publicly available key known as the ‘Public Key’ provided by the sender. The procedure has been under Section 2(1)(f) of the Information Technology Act, 2000. Under this system, there is a pair of keys, a private key known only to the sender and a public key known only to the receivers.
The message is encrypted by the private key of the sender, on the contrary, decryption can be done by anyone who is having the public key. It depicts the authenticity of the sender. It is also known as the ‘principle of irreversibility’ ie. the public key of the sender is known to many users, but they do not have access to the private key of the sender which bars them from forging the digital signature.
There is only a single key known to both the sender and the receiver. Under this system, the secret key or the private key is known to the sender and the legitimate user. This secret key is used for both encryption and decryption of the message.
The only drawback of this symmetric encryption is that as the number of pairs of users increases, it becomes difficult to keep track of the secret keys used.
Benefits of Digital Signature
- Message cannot be altered in between the transmission.
The process followed for the creation of digital signature
Firstly a person needs to get a Digital Signature Certificate from the Certifying Authorities. After that, the following process is followed:
- The original message of the sender is demarcated in order to get the message digest, with the help of the hash function.
- Then the private key is used to encrypt the message digest.
- The encrypted message digest becomes the digital signature by using the signature function.
- The digital signature is then attached to the original data
- Two things are transmitted to the recipient:
- The Original message
- The digital signature
Rule 4 of the Information Technology(Certifying Authorities) Rules, 2000, explains the procedure of digital signature as:
- To sign an electronic record or any other item of information, the signer first applies the hash function in the signer’s software. A hash function is a function which is used to map data of arbitrary size onto data of a fixed size. The values returned by a hash function are called hash values, hash codes, digests, or simply hashes
- The hash function computes a hash result of standard length, which is unique to the electronic record.
- The signer’s software transforms the hash result into a Digital Signature using the signer’s private key.
- The resulting Digital Signature is unique to both electronic record and private key which is used to create it.
- The Digital Signature is attached to its electronic record and stored or transmitted with its electronic record.
Verification Of Digital Signature
The recipient receives the original message and the digital signature. After this, there are two steps which need to be followed :
- A new message digest is recovered from the original message by applying the hash result.
- The signer’s public key is applied to the digital signature received by the recipient and another message digest is recovered as the outcome of it.
- If both the message digests are identical, it means that the message is not altered.
Rule 5 of the Information Technology (Certifying Authorities) Rules, 2000, explains the method of verification of digital signature as:
The verification of a Digital Signature shall be accomplished by computing a new hash result of the original electronic record by means of a hash function which is used to create a Digital Signature and by using the public key and the new hash result.
Problems With Digital Signature
- It functions online. Therefore, it has to be either purchased or downloaded
- It lacks trust and authenticity
Digital Signature Certificate (DSC)
- A method to prove the authenticity of an electronic document.
- It can be presented electronically to prove the identity, to access information or sign certain documents digitally.
- The Central Government has appointed a Controller of Certifying Authorities who grants a license to the Certifying Authorities to issue digital signature certificates to the subscriber.
Who needs a DSC?
- A vendor and a bidder
- A Chartered Accountant
- Director of a company
- A Company Secretary
- Other Authorized Signatories
Elements of Digital Certificate
- Owner’s public key.
- Owners name.
- The expiration date of Public Key.
- Name of the issuer.
- Serial Number of the certificate.
- A digital signature of the user.
Types of Certificate
- Only Sign– It could only be used for signing a document. It is widely used in signing PDF Files for the purpose of filing Tax Returns for usage as an attachment for Ministry Of Corporate Affairs or other government websites
- Encrypt– It is used to encrypt a particular document. It is popularly used in tender portals to help a company encrypt a document before uploading it.
- Sign along with Encryption– It is used for both signing and encrypting a particular document.
The DSC is valid up to a maximum period of three years.
DSC under the Information Technology Act, 2000
- Section 35: Any person who wishes to get a Digital Signature Certificate may file an application to the certifying authority for issuance of the Electronic Certificate along with the submission of the required amount of fees not exceeding Rs. 25,000, including a statement of certification practice or stating such particulars as prescribed.
- Section 36: Representations upon issuance of the DSC.
- Section 37: Suspension in public interest, not more than 15 days, unless given the opportunity to present the case.
- Section 38: Revocation on death or request of a subscriber, dissolution of a company or a firm.
Legal Approach And Digital Signature
- The provisions of Information Technology Act, 2000 are based on the UNCITRAL’s Model Law on E-Commerce.
- The Model Law is based on the minimalist neutral approach ie. with the changes in technology the law will remain neutral, as technology is dynamic in nature and comes in the public domain with a lot of advancement with the passage of time, and it will not be feasible for the legislators to keep on changing the laws dealing with the technology.
- According to Article 7 of the UNCITRAL model, there ought to be a signature of a person while contracting using the electronic means, for which any technology can be used. It has to be ensured that the sender can be identified and he has given his consent to the message.
- The same ‘technology neutrality’ approach has also been ratified by the Amendment Act, 2008 of the Information technology Act, 2000, with the insertion of Section 3A.
With the advancement in technology, the usage of the digital signature in place of the conventional signature has widely increased. The Information Technology Act, 2000 talks widely about the concept of Digital Signature, the authorities who have been given the power of issuing the digital signature certificate and the circumstances which require affixation of the digital signature.