A digital signature (standard electronic signature) takes the concept of traditional paper-based signing and turns it into an electronic "fingerprint.” This "fingerprint,” or coded message, is unique to both the document and the signer and binds both of them together. It is essentially required to prove your identity in an electronic transaction.
- What is a digital signature ?
- Why digital signature is required for a electronic transaction ?
- What is the legal validity of a digitally signed document ?
- Who is a CA (Certifying Authority) ?
- Where can i use a digital signature ?
- Where can i apply/procure digital signature ?
- What are different types of certificate ?
- What is revocation of a certificate ?
- How do i ensure security of my digital signature ?
- What should i do if i lose my digital signature ?
- What is a crypto token ?
- Why do i require a USB crypto token ?
In case of Hard copy signing, the message binds the owner of the message, but not so in case of digital world. E mails can the spoofed or manual signature on scanned copies can be duplicated, so a digital signature is used to achieve the properties of a manual signature. It establishes Authenticity (Establishing the identity of the Person who has signed it), Integrity (That the documents is unchanged after Signing it), Non repudiation (That the person who has signed cannot deny it later).
The Information Technology act has accorded authentication of electronic document by the means of digital signature issued by a licensed Certifying Authority under the Controller of Certifying Authority, Ministry of IT, India.
A certifying authority is a body entrusted to issue, revoke, and renew Digital Signature Certificate. The digital signature certificate of the applicant is signed by the CA. Under Sec 24, of the Information Technology Act 2000 a Certifying Authority means a Person who has been granted license to issue Digital Signature Certificates. A list of Valid CA in India can be traced at https://cca.gov.in/cca/?q=licensed_ca.html
A digital Signature Can be used for - Securing mail by signing and Encrypting the Same - Signing PDF, Word, Excel Files - Filing Income Tax Return - Filing E Forms with the Ministry of Corporate affairs - Submit of E Tenders , Bids.
A digital signature can be procured from any CA (Certifying authority) in India. A list of Valid CA in India can be traced at https://cca.gov.in/cca/?q=licensed_ca.html. In India, CA's generally appoints RA/LRA (Licensed Registration Authority) who under take the verification of the digital signaure subscriber on behalf of the CA. Digital signature can also be procured though such RA/LRA
Following Class of Signature are legally valid and used generally - Class 2 Digital Signature: Here the identity of the person is verified against a trusted and pre verified database. - Class 3 Digital Signature: This provides highest level of assurance as the certificate applicant has to prove his identity in front of the Registration Authority.
A digital Signature can be revoked if the Digital Signature private key has been compromised, the subscriber details are changed, or change in relationship with the employer. For details on revocation you can contact the CA (Certifying Authority) or RA/LRA (Licensed Registration Authority) from whom you have validated and purchased you certification
A digital signature private has to be stored securely; you can do the same by - Protecting the private key with good password - Storing the digital signature in Crypto Tokens/USB Based Smart Cards or Tokens - Protect computer from unauthorized access
You should immediately apply for revocation of the certificate and apply for new one
A crypto Token is a smart card based USB device which is used for the storage of your digital signature. A crypto token is called by other name like dongles, USB etc. It has a USB interface which can be easily connected to he computer USB port for easy usage.
A USB Crypto token securely stores your DSC with Strong passwords. Further it provides mobility to your DSC when you have to perform signing on multiple computers. Your digital signature is vulnerable to key compromise if many users access the same machine on which you sign the documents with you DSC. However the same can be avoided with the help of a token. CCA (Controller of Certifying Authorities) vide its office order dated 25th Oct 2013 has mandated issuance of class 2 and class 3 digital signatures on a FIPS level 2 cerified token