An Overview of Digital Signature

An Overview of Digital Signature

The Central Board of Direct taxes announced on 1st July 2011, that all Individuals, HUFs and Partnership Firms who are liable to get their accounts audited under the Income Act 1961 will have to file their Income-Tax return online compulsorily using Digital signature for the financial year 2010-11.

Many people confuse a Digital Signature with an e-signature. An e-signature is a scanned image of your phys¬ical signature while Digital Signature is not a facsimile of a person's physical signature. A document with a Digital Signature will not contain any traditional signature but it will simply state that it has been digitally signed by (name of the person signing it). To know about Digital Signatures we will first have to understand what Digital Signature Certificates are.

What is a Digital Signature Certificate?

A Digital Signature Certificate, like hand written signature, establishes the identity of the sender filing the documents through internet which sender can not revoke or deny. Digital Signature Certificates (DSC) are the digital equivalent (that is electronic format) of physical or paper certificates. Examples of physical certificates are drivers' licenses, passports or membership cards. A digital certificate can be presented electronically to prove your identity, to access information or services on the Internet or to sign certain documents digitally. In simple words, a document can be Digitally Signed using a Digital Signature Certificate.

Why is Digital Signature Certificate (DSC) required?

Like physical documents are signed manually, electronic documents, for example e-forms are required to be signed digitally using a Digital Signature Certificate. The Information Technology Act, 2000 provides for use of Digital Signatures on the documents submitted in electronic form in order to ensure the security and authenticity of the documents filed electronically. This is the only secure and authentic way that a document can be submitted electronically. Moreover a Digital Signature is the on¬ly way one can authenticate electronic or online transac¬tions “legally”. The potential for Digital Signatures is huge in services like e-procurement, filing of returns, filing of export-import licenses, financial transactions, digitization of land records, while using e-commerce web-sites and other transactional portals and other online trans¬actions like internet banking. You can even encrypt information in your e-mail using a private key of a Digital Signature.

Types of Digital Signature Certificates:

There are basically 3 types (or classes) of Digital Signature Certificates Class-1, Class-2 & Class-3, each having different level of security.

Class 1 signatures are used for identification of username/email ID. However it cannot be used to sign any Statutory / Business Documents whereas Class 2 & Class-3 -DSCs are issued to the Individuals and can be used for either Personal or Business Purposes.

Class 2 signatures can be availed from Dealers / Resellers of Certifying Authority, by submitting the prescribed documents. Here, the identity of a person is verified against a trusted, pre-verified database.

Class 3 signature is the highest level where the person needs to present himself or herself in front of a Registration Authority (RA) and prove his/ her identity by submitting the documents.

How does it work!!

TECHNICAL ASPECTS:

Digital signatures are an application of asymmetric key cryptography. Cryptography is primarily used as a tool to protect national secrets and strategies. It is extensively used by the military, the diplomatic services and the banking sector.

CRYPTOGRAPHY:

Cryptography is the science of using mathematics to encrypt and decrypt data. It enables a person to store sensitive information or transmit it across insecure networks (like the Internet) so that it cannot be read by anyone except the intended recipient

Data that can be read and understood without any special measures is called plaintext or clear text. Data which requires some special function to be performed on it before it can be read and understood, is called cipher text. The same plaintext, encrypted by using different keys, will result in different cipher text. The security of encrypted data is entirely dependent on two things: the strength of the cryptographic algorithm and the secrecy of the key.

Encryption is used to ensure that information is hidden from anyone for whom it is not intended, even those who can see the encrypted data. The process of reverting cipher text to its original plaintext is called decryption.

A cryptographic algorithm, or cipher, is a mathematical function (known as hash function) used in the encryption and decryption process. This hash function works in combination with a key (private key) to encrypt the plaintext (the original message).

The hash function software produces a fixed length of alphabets, numbers and symbols for any document. This is known as the hash result. However, the contents of this fixed length are never the same for two different documents. If even one letter in the document is altered, an entirely different hash result will be generated. The hash function software will always produce the same hash result for a particular message & it is practically impossible to reconstruct the original message from the hash result.

Customers are given two codes for verification —private and public keys. The public key and private key are nothing but extremely large numbers. Although the keys are mathematically related, it is almost impossible to obtain the private key by using the public key. If a particular private key was used to “sign” a message, then only the corresponding public key will be able to verify the “signature”. A Digital Signature usually contains owners name, company name and address, public key, certificate serial number, expiry date of the public key, certifying company ID, and Certifying Company’s Digital Signature.