Digital Signature Certificates

A digital signature is an electronic signature used to authenticate the identity of the sender of a message or the signer of a document, and possibly to ensure that the original content of the message or document that has been sent is unchanged. It can be used with any kind of message, whether it is encrypted or not, simply so that the receiver can be sure of the sender’s identity and that the message arrived intact. Digital Signature Certificates can be used for eFiling of Income Tax Returns, eTendering in India on Government Websites such as Indian Railway Catering and Tourism Corporation, and also Director General of Foreign Trade, Ministry of Corporate Affairs and Registrar of Companies Applications.

Digital Signatures and Certificates

What is a Digital Signature?A digital signature mimics in the virtual environment the function of a hand-written signature in printed documents. Information related to a unique user is encrypted in a private key that is appended to any message sent by this user. It authenticates the identity of the user and guarantees the integrity of the message.

What is a Digital Signature Certificate (DSC)?A digital certificate is an electronic equivalent of an identification card such as a passport or driving license. It unequivocally establishes the identity of the user when exchanging information over the internet.

Why do I need a digital certificate?A Digital Certificate authenticates your identity electronically. It also provides you with a high level of security for your online transactions by ensuring absolute privacy of the information exchanged using a digital certificate. You can use certificates to encrypt information such that only the intended recipient can read it. You can digitally sign information to assure the recipient that it has not been changed in transit, and also verify your identity as the sender of the message.

Where can I purchase a digital certificate?Digital Certificates are issued only through a valid Certification Authority (CA), such as e-Mudhra. A digital certificate explicity associates the identity of an individual/device with a pair of electronic keys - public and private keys - and this association is endorsed by the CA. These keys complement each other in that one does not function in the absence of the other. They are used by browsers and servers to encrypt and decrypt information regarding the identity of the certificate user during information exchange processes.

The private key of the CA is integral to the certificate and is kept secret, while the public key is disseminated with the encrypted information. The authentication process fails if either one of these keys in not available or do not match. This means that the encrypted data cannot be decrypted and therefore, is inaccessible to unauthorized parties.

Digital certificates can be used for signing email, encrypting messages, executing electronic financial transactions, e-commerce, securing web servers and much more.

e-Mudhra, a Certification Authority (CA), offers secure digital signatures through various options tailored to suit individual as well as organizational needs.

Where can I use digital certificates?You can use Digital Certificates for the following:

1.For secure email and web-based transactions, or to identify other participants of web-based transactions.
2.To prove ownership of a domain name and establish SSL / TLS encrypted secured sessions between your website and the user for web based transactions.
3.As a developer, for proving authorship of a code and retaining integrity of the distributed software programs.
For signing web forms, e-tendering documents, filing income tax returns, to access membership-based websites automatically without entering a user name and password etc.

How does a Digital Signature work?A digital certificate explicitly associates the identity of an individual/device with a pair of electronic keys - public and private keys - and this association is endorsed by the CA. The certificate contains information about a user's identity (for example, their name, email address, the date the certificate was issued and the name of the Certifying Authority that issued it.).

These keys complement each other in that one does not function in the absence of the other. They are used by browsers and servers to encrypt and decrypt information regarding the identity of the certificate user during information exchange processes. The private key is stored on the user's computer hard disk or on an external device such as a smart card. The user retains control of the private key; it can only be used with the issued password.

The public key is disseminated with the encrypted information. The authentication process fails if either one of these keys in not available or do not match. This means that the encrypted data cannot be decrypted and therefore, is inaccessible to unauthorized parties.

Are Digital Signatures legally valid in India?Yes, subsequent to the enactment of Information Technology Act 2000 in India, Digital Signatures are legally valid in India.

What is the difference between a Digital Signature and a Digital Signature Certificate?A digital signature is an electronic method of signing an electronic document whereas a Digital Certificate is a computer based record that

1.Identifies the Certifying Authority issuing it
2.Has the name or the identity of its subscriber
3.Contains the subscriber's public key
4.Is digitally signed by the Certifying Authority issuing it

What are personal certificates?Personal certificates serve to identify a person. They can be used to secure e-mail correspondence or provide enhanced access control to sensitive or valuable information.

What is the difference between signing and encrypting an e-mail?Signing an e-mail message means that you attach your Digital Certificate to it so that the recipient knows it came from you and was not tampered with en-route to their inbox. Signing authenticates a message, but it does not provide protection against third party monitoring.

Encrypting a message means scrambling it in such a way that only the designated recipients can unscramble it. This safeguards messages against monitoring or interception. In order to send a signed message, you must have a Digital Certificate. Since message encryption is done using specific keys available in the certificate, you cannot encrypt a message unless you possess the recipient's Digital Certificate.

Can I send a secure e-mail to someone who does not have a Digital Certificate?You can digitally sign any e-mail as long as the recipient has an e-mail application, which supports S/MIME. However, you cannot encrypt a message, unless you have the recipient's Digital Certificate.

How do I know if the e-mail I have received is digitally signed or encrypted?Microsoft Internet Explorer Users: Signed messages will be shown in the inbox (or any other folder) with a red ribbon on the envelope icon. Encrypted messages will show a padlock on the envelope icon.

Netscape Communicator Users: Any signed e-mail you receive will have a prominent icon in the upper-right corner of the message saying "signed" or "encrypted" or both. If you want more information about the security of a message, click on the Security button (padlock icon) above the message.