Digital Signature
A digital signature is basically a way to ensure that an electronic document is authentic. By authentic we mean to say that the receiver knows who has created this document and it has not been altered in any way since that person created it.
There are certain types of encryptions which are used to ensure the authentication. The authentication is done via a password, a Checksum, a Cyclic Redundancy Check (CRC) which is similar to Checksum but little advanced, Private key encryption, which means that the computer has a secret key (code) that it can use to encrypt a packet of information before it is sent over the network to the other computer, a Public key encryption, which is given by a sender’s computer to any computer that wants to communicate securely with it. The key is based on a hash value. In simple language, the digital signature is an authentication of an electronic record by tying it uniquely to a key only a sender knows. This implies that the sender must not be able to deny sending a message that he sent (This is called Nonrepudiation) Thus, digital signatures can be used to:
- To tie an electronic message to the sender’s identity
- For non repudiation of communication by a sender
- To prove that a message was sent by the sender in a court of law
How it works?
Digital signatures rely on a secret, either a secret passphrase, or, more commonly, a secret file. Anyone (without needing to know the secret) can check that two documents were signed by the same secret, and thus presumably by the same person, and that neither document has been changed since it was signed. A digital signature is a seemingly random pattern of characters, which typically looks something like this: — this is a signed document — James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG WZpbVqsJAyyv5lIJFe1xAnTgNcPuYuhMEASCN82V 42n66jGGAXQ6R2kNeMUedQsobPjpV9UNZzALxAC1q Those seemingly random characters depend both on the secret, and on the document being signed. Thus any small change in the document after it was signed will cause the document to fail to match the signature. Thus if I add a full stop, the signed document looks like this. — this is a signed document. –digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG CsMYRG969XQ7CJhkpHmPcigu8yG+YhFGW1+QrgtC 4f5YXFqLPhvouhqn1OHNTWpDNc4UsqRjw4xnGJMT8 The second and third lines depend on the document, and so look completely different, but the program can tell that the two documents have matching signatures.
Difference between the Physical Signature and Digital Signature
- A conventional signature is included in the document; it is part of the document. But when we sign a document digitally, we send the signature as a separate document.
- For a conventional signature, when the recipient receives a document, he/ she compares the signature on the document with the signature on file. For a digital signature, the recipient receives the message and the signature. The recipient needs to apply a verification technique to the combination of the message and the signature to verify the authenticity.
- For a conventional signature, there is normally a one-to-many relationship between a signature and documents. For a digital signature, there is a one-to-one relationship between a signature and a message.
- In conventional signature, a copy of the signed document can be distinguished from the original one on file. In digital signature, there is no such distinction unless there is a factor of time on the document.
- Please note that a digital signature does not provide confidentially / privacy. If there is a need for privacy, another layer of encryption / decryption must be applied.
Digital Signature Certificates (DSC)
Digital Signature Certificates (DSC) are the digital equivalent of physical or paper certificates such as drivers’ licenses, passports or membership cards. Certificates serve as proof of identity of an individual for a certain purpose; for example, a driver’s license identifies someone who can legally drive in a particular country. Likewise, a digital certificate can be presented electronically to prove a person’s identity, to access information or services on the Internet or to sign certain documents digitally. A licensed Certifying Authority (CA) issues the digital signature. In India, a Certifying Authority (CA) means a person who has been granted a license to issue a digital signature certificate under Section 24 of the Indian IT-Act 2000.
Types of Digital Signatures
There are basically 3 types of Digital Signature Certificates viz. Class-1, Class-2 & Class-3 having increased level of level of security from 1 to 3. The MCA21 program, which has been launched for easy and secure access to MCA services in a manner that best suits the businesses and citizens, the class 2 and class 3 digital certificates are needed. In Class 2, identity of a person is verified against a trusted, pre-verified database. In Class 3, which is the highest level, the person needs to present himself or herself in front of a Registration Authority (RA) and prove his/ her identity. DSC of Class 2 and Class 3 category issued by a licensed Certifying Authority (CA) needs to be obtained for efiling on the MCA Portal. Please note that there is a cost of getting digital signatures. Then, in India, the Digital Signatures are legally admissible in a Court of Law, as provided under the provisions of IT Act 2000.
Rajeevraj
February 27, 2016 at 2:15 pmAwasome blog.
thanks for sharing your view